The Japanese government has passed a landmark cybersecurity law that authorizes local agencies to conduct preemptive cyber operations aimed at thwarting or suppressing future attacks on the country’s digital infrastructure, Japanese news outlet Kyodo News reported.
Formally titled the Active Cyberdefense Law, the legislation was approved last week and is scheduled to come into full effect by 2027. While its name emphasizes proactive defense, the law goes much further—introducing broad reforms to modernize Japan’s cybersecurity framework.
Under the new law, operators of critical infrastructure such as power grids and railway systems will be legally required to report cyber breaches.
The law also grants authorities the ability to monitor certain international internet traffic passing through Japanese infrastructure, though it explicitly prohibits surveillance of domestic communications or message contents.
Responsibility for neutralizing threats will be divided: local police will handle most attacks, while Japan’s Self-Defense Forces will intervene in more complex, organized threats.
A key component of the law is the creation of “cyber harm prevention officers” within the national police. The officers will be empowered to disable attacker infrastructure, including foreign-based servers, in real time. A newly established independent panel will oversee operations, approving data collection and ensuring that surveillance measures remain within legal bounds.
