Japan Enacts Landmark Cyber Defence Legislation

Japan has introduced a historic new law aimed at strengthening its cybersecurity capabilities amid rising digital threats. The Active Cyberdefence Law (ACD) marks a significant shift in the country's national security strategy, granting the government new powers to monitor and respond to cyber attacks more proactively.

The ACD significantly expands Japan’s ability to counter cyber threats by legally permitting government agencies to monitor communications data during peacetime and to neutralise hostile servers when necessary.

This legislation represents a major departure from Japan’s traditional approach to cyber security, which has been constrained by its postwar pacifist constitution and privacy protections.

The law was enacted in response to a surge of cyber attacks from criminal gangs and state-sponsored hackers, which have caused disruptions to airlines, banks, and critical infrastructure. The government aims to have all measures fully operational by 2027.

Key Provisions of the Active Cyberdefence Law

The legislation allows the Japanese government to:

  • Monitor communications data during peacetime.
  • Take offensive actions such as neutralising enemy servers.
  • Establish an independent oversight panel that authorises data collection, analysis, and offensive operations.
  • Require businesses to report cyber breaches and the implementation of communication devices.
  • Promote cooperation between the public and private sectors, especially in sharing sensitive information to bolster infrastructure defence.

However, the law explicitly prohibits the government from analysing domestic internet traffic, as most cyber attacks are believed to originate from abroad.

Balancing Security With Privacy  Safeguards

Tokyo’s efforts to enhance digital resilience have been historically restrained by constitutional limitations. Article 21 of Japan’s constitution states that “the secrecy of any means of communication” must be protected, necessitating warrants for wiretapping and restricting the scope of surveillance.

The new law introduces oversight measures, including a panel that must give prior approval for data collection and offensive operations, aiming to safeguard civil liberties while improving security.

Urgent Strategic Necessity

When the legislation was first approved earlier this year, Itsunori Onodera, the chair of the government’s policy research council, warned that failure to upgrade cybersecurity would put Japanese lives at risk. The law empowers Japan’s police and Self-Defense Forces to conduct offensive cyber operations to protect critical infrastructure against foreign and domestic threats.

Security Workforce Shortages

The Ministry of Economy, Trade and Industry highlighted that Japan faces an estimated shortfall of 110,000 qualified cybersecurity professionals, hindering its ability to defend against evolving threats.

Penalties for Misuse

Officials who illegally use or leak information acquired through these new powers face penalties of up to four years in prison or fines of up to ¥2 million ($13,760). The legislation signals Japan’s move toward a more assertive and independent cyber defence stance in the region amid escalating geopolitical tensions.

A New Era of Digital Defence

The enactment of the Active Cyberdefence Law represents Japan’s efforts to foster a robust national security framework capable of pre-empting and responding to complex cyber threats.

As regional tensions rise, the country aims to bolster its cyber resilience through proactive measures, even as it balances civil liberties and international cooperation.

Kyodo News  |   Japan Times  |   FT  |   The Record  |   SL Guardian  |  Japan News 

Image: Ideogram

You Might Also Read: 

Preparing For A South China Sea Cyber Storm:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« FBI Warns Of Surging Use Of Vishing
US Confirms Pause In Cyber Operations Against Russia »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Gigasoft

Gigasoft

Gigasoft provide secure online data backup & cloud backup services for the education sector and businesses.

Security Industry Association (SIA)

Security Industry Association (SIA)

The SIA's mission is to be a catalyst for success​ within the global security industry through information, insight and influence.

KoolSpan

KoolSpan

KoolSpan’s security and privacy solutions address the growing threat of loss or theft of intellectual property, information, and proprietary assets.

CyberOwl

CyberOwl

CyberOwl builds on cutting-edge research and combines decades of experience in developing, securing and operating large distributed systems.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Circadence

Circadence

Circadence offer the only fully immersive, AI-powered, patent-pending, proprietary cybersecurity training platform in the market today.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Netacea

Netacea

Netacea provides a revolutionary bot management solution that protects websites, mobile apps and APIs from malicious attacks such as scraping, credential stuffing and account takeover.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

Tier One Technology Partners

Tier One Technology Partners

Tier One Technology Partners is an IT managed services provider that focuses on cybersecurity, cloud services, IT consulting, and infrastructure.

AML Global Solutions (AMLGS)

AML Global Solutions (AMLGS)

AMLGS delivers Financial Crime prevention training programmes and consultancy services encompassing Anti-Money Laundering (AML), Counter Terrorism Financing (CTF), Bribery & Corruption and Fraud.

Bittnet Training

Bittnet Training

Bittnet Training is the leader in the IT Training market in Romania. We develop the IT skills of IT professionals as well as those who wish to start a career in IT.

TuxCare

TuxCare

TuxCare make Linux more secure. We take care of Linux so that organizations can use Linux to support environments that require high levels of Cybersecurity, stability, and availability.

ThreatDown

ThreatDown

ThreatDown, powered by Malwarebytes, is on a mission to overpower threats and empower IT by removing the complexity of detecting and stopping today’s most advanced threats.

Deepware

Deepware

Deepware is an emerging AI research company dedicated to exploring the potential of GenAI in both generation and detection.