JAPAN Law and Practice Contributed by: Yoshifumi Onodera, Hiroyuki Tanaka, Naoto Shimamura and Rio Ichii, Mori Hamada & Matsumoto
6. Cybersecurity in Other Regulations
nised international framework on the handling of personal data. 3.6 Threat-Led Penetration Testing The Guidelines for CSFS require that threat-led penetration testing (TLPT) be carried out on a regular basis.
6.1 Cybersecurity and Data Protection Handling operators have to establish appropri - ate safeguards to protect personal data (Article 23 of the APPI) and have to report data breaches to the PPC and notify affected data subjects in cases where their rights and interests are likely to have been infringed (Article 26 of the APPI). 6.2 Cybersecurity and AI The MIC and METI published the AI Business Guidelines for AI developers, AI service provid - ers and AI users on 19 April 2024. These Guide - lines urge businesses to invest in and implement robust security management throughout the entire AI lifecycle, including cybersecurity. They also suggest considering appropriate cyber- access controls. 6.3 Cybersecurity in the Healthcare Sector The MHLW has issued the Guidelines on the Safety Management of Medical Information Systems (last amended in May 2023). While the MHLW Guidelines and an announcement issued by the MHLW on 29 October 2018 state that medical service providers should report a cyber - security incident to the authority, no special rule has been issued for statutory data breach reporting and notifications in this regard. The MIC and METI have jointly issued the Guide - lines for Safety Management of Medical Infor - mation by Providers of Information Systems and Services Handling Medical Information (last amended in July 2023).
4. Cyber-Resilience 4.1 Cyber-Resilience Legislation
There is no uniform legislation on cyber-resil - ience. Specific aspects of cyber-resilience are stipulated in each of the individual regulations. 4.2 Key Obligations Under Legislation Specific aspects of cyber-resilience are stipu - lated in each of the individual regulations. 5. Security Certification for ICT Products, Services and Processes 5.1 Key Cybersecurity Certification Legislation The Labeling Scheme based on Japan Cyber- Security Technical Assessment Requirements provides an evaluation index for the security functions of IoT products. This system will be provided by the IPA, and applications are sched - uled to begin in March 2025.
173 CHAMBERS.COM
Powered by FlippingBook