On May 16, the Japanese National Assembly passed the active network defense law, allowing the Government to take the initiative in implementing measures to prevent serious cyber attacks before they occur. The bill was approved by the Senate with the support of the ruling alliance and the great opposition party, the Japanese Constitutional Democratic Party.
The new law will take effect in 2027, in line with the government's 2022 national security strategy, which aims to improve Japan's cyber defense capabilities to match or surpass major Western countries.
According to the law, the government will collect and analyze communication information between countries through Japan, as well as between Japan and other countries. When detecting signs of cyber attacks, the police and the Department of Defense (SDF) will be able to take measures to disable the threats.
To support the deployment, coordination bases between the police and the SDF will be established. The law also encourages public-private cooperation, especially in sharing sensitive information to improve cyber defense capacity for units operating critical infrastructure. Businesses will be obliged to report to the government about the installation of communication devices as well as the cyber attacks they encounter.
In order to minimize the limit related to the security right security rights guaranteed by the Constitution, the law stipulates that only analyzing technical information such as IP address or attack command, and the main content of contacts such as email documents will not be tested. The collection of information and implementation of defensive measures will have to be approved in advance and the number of approval will be reported to the National Assembly.
An independent organization will be established under the Office of the Government to supervise the implementation of the law. Officials who misuse or leak the collected information will face a penalty of up to 4 years in prison or a maximum fine of 2 million yen (about 13,760 USD).
