Japan Enacts Landmark Cyber Defence Legislation

Uploaded on 2025-06-05 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Law

Japan has introduced a historic new law aimed at strengthening its cybersecurity capabilities amid rising digital threats. The Active Cyberdefence Law (ACD) marks a significant shift in the country's national security strategy, granting the government new powers to monitor and respond to cyber attacks more proactively.

The ACD significantly expands Japan’s ability to counter cyber threats by legally permitting government agencies to monitor communications data during peacetime and to neutralise hostile servers when necessary.

This legislation represents a major departure from Japan’s traditional approach to cyber security, which has been constrained by its postwar pacifist constitution and privacy protections.

The law was enacted in response to a surge of cyber attacks from criminal gangs and state-sponsored hackers, which have caused disruptions to airlines, banks, and critical infrastructure. The government aims to have all measures fully operational by 2027.

Key Provisions of the Active Cyberdefence Law

The legislation allows the Japanese government to:

Monitor communications data during peacetime.

Take offensive actions such as neutralising enemy servers.

Establish an independent oversight panel that authorises data collection, analysis, and offensive operations.

Require businesses to report cyber breaches and the implementation of communication devices.

Promote cooperation between the public and private sectors, especially in sharing sensitive information to bolster infrastructure defence.

However, the law explicitly prohibits the government from analysing domestic internet traffic, as most cyber attacks are believed to originate from abroad.

Balancing Security With Privacy Safeguards

Tokyo’s efforts to enhance digital resilience have been historically restrained by constitutional limitations. Article 21 of Japan’s constitution states that “the secrecy of any means of communication” must be protected, necessitating warrants for wiretapping and restricting the scope of surveillance.

The new law introduces oversight measures, including a panel that must give prior approval for data collection and offensive operations, aiming to safeguard civil liberties while improving security.

Urgent Strategic Necessity

When the legislation was first approved earlier this year, Itsunori Onodera, the chair of the government’s policy research council, warned that failure to upgrade cybersecurity would put Japanese lives at risk. The law empowers Japan’s police and Self-Defense Forces to conduct offensive cyber operations to protect critical infrastructure against foreign and domestic threats.

Security Workforce Shortages

The Ministry of Economy, Trade and Industry highlighted that Japan faces an estimated shortfall of 110,000 qualified cybersecurity professionals, hindering its ability to defend against evolving threats.

Penalties for Misuse

Officials who illegally use or leak information acquired through these new powers face penalties of up to four years in prison or fines of up to ¥2 million ($13,760). The legislation signals Japan’s move toward a more assertive and independent cyber defence stance in the region amid escalating geopolitical tensions.

A New Era of Digital Defence

The enactment of the Active Cyberdefence Law represents Japan’s efforts to foster a robust national security framework capable of pre-empting and responding to complex cyber threats.

As regional tensions rise, the country aims to bolster its cyber resilience through proactive measures, even as it balances civil liberties and international cooperation.

Image: Ideogram

You Might Also Read:

Preparing For A South China Sea Cyber Storm:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.