Japan Enacts Landmark Cyber Defence Legislation

Japan has introduced a historic new law aimed at strengthening its cybersecurity capabilities amid rising digital threats. The Active Cyberdefence Law (ACD) marks a significant shift in the country's national security strategy, granting the government new powers to monitor and respond to cyber attacks more proactively.

The ACD significantly expands Japan’s ability to counter cyber threats by legally permitting government agencies to monitor communications data during peacetime and to neutralise hostile servers when necessary.

This legislation represents a major departure from Japan’s traditional approach to cyber security, which has been constrained by its postwar pacifist constitution and privacy protections.

The law was enacted in response to a surge of cyber attacks from criminal gangs and state-sponsored hackers, which have caused disruptions to airlines, banks, and critical infrastructure. The government aims to have all measures fully operational by 2027.

Key Provisions of the Active Cyberdefence Law

The legislation allows the Japanese government to:

  • Monitor communications data during peacetime.
  • Take offensive actions such as neutralising enemy servers.
  • Establish an independent oversight panel that authorises data collection, analysis, and offensive operations.
  • Require businesses to report cyber breaches and the implementation of communication devices.
  • Promote cooperation between the public and private sectors, especially in sharing sensitive information to bolster infrastructure defence.

However, the law explicitly prohibits the government from analysing domestic internet traffic, as most cyber attacks are believed to originate from abroad.

Balancing Security With Privacy  Safeguards

Tokyo’s efforts to enhance digital resilience have been historically restrained by constitutional limitations. Article 21 of Japan’s constitution states that “the secrecy of any means of communication” must be protected, necessitating warrants for wiretapping and restricting the scope of surveillance.

The new law introduces oversight measures, including a panel that must give prior approval for data collection and offensive operations, aiming to safeguard civil liberties while improving security.

Urgent Strategic Necessity

When the legislation was first approved earlier this year, Itsunori Onodera, the chair of the government’s policy research council, warned that failure to upgrade cybersecurity would put Japanese lives at risk. The law empowers Japan’s police and Self-Defense Forces to conduct offensive cyber operations to protect critical infrastructure against foreign and domestic threats.

Security Workforce Shortages

The Ministry of Economy, Trade and Industry highlighted that Japan faces an estimated shortfall of 110,000 qualified cybersecurity professionals, hindering its ability to defend against evolving threats.

Penalties for Misuse

Officials who illegally use or leak information acquired through these new powers face penalties of up to four years in prison or fines of up to ¥2 million ($13,760). The legislation signals Japan’s move toward a more assertive and independent cyber defence stance in the region amid escalating geopolitical tensions.

A New Era of Digital Defence

The enactment of the Active Cyberdefence Law represents Japan’s efforts to foster a robust national security framework capable of pre-empting and responding to complex cyber threats.

As regional tensions rise, the country aims to bolster its cyber resilience through proactive measures, even as it balances civil liberties and international cooperation.

Kyodo News  |   Japan Times  |   FT  |   The Record  |   SL Guardian  |  Japan News 

Image: Ideogram

You Might Also Read: 

Preparing For A South China Sea Cyber Storm:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« IAM Failures: Lessons From 2025’s Biggest Breaches
US Confirms Pause In Cyber Operations Against Russia »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

Security Brokers

Security Brokers

Security Brokers focus services and solutions with a focus on strategic ICT Security and Cyber Defense issues.

DomainTools

DomainTools

DomainTools is the global leader for internet intelligence and the first place security practitioners go when they need to know.

Solana Networks

Solana Networks

Solana Networks is a specialist in IT networking and security.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

AVL Mobile Security

AVL Mobile Security

AVL Mobile Security is a market-leading mobile security company for anti-virus and threat intelligence in the mobile Internet.

OGiTiX

OGiTiX

OGiTiX Software AG is a German software manufacturer specializing in Identity and Access Management.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Purism

Purism

Purism works with hardware component manufactures and the free software community to build high quality hardware that respects your digital life.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Unciphered

Unciphered

Unciphered was created as the first company providing services for opening locked hardware cryptocurrency wallets.

Cyber Proud

Cyber Proud

Cyber proud is leading a talent revolution to promote and create an inclusive skilled cyber workforce.

Aberrant

Aberrant

A radically new approach to managing information security. Aberrant is the single pane of glass through which a security program can be viewed.

Obviam

Obviam

Obviam specialize in providing security solutions tailored to meet the unique needs of each of our clients, no matter where they are in their security journey.

BugDazz

BugDazz

BugDazz pentest as a service (PTaaS) platform helps bringing in real-time results, detail coverage, & easy remediation workflows with compliance-ready reports.