Cybersecurity 2025

JAPAN Trends and Developments Contributed by: Yasushi Kudo, Yukiko Konno and Takayuki Inukai, Nagashima Ohno & Tsunematsu

• the surcharge be such amount as is obtained by multiplying (x) the amount of sales gener - ated by the business activities of the busi - ness operator in violation of the obligation to take security control measures during the period of the relevant violation by (y) a certain “calculation rate” – this proposal is based on the viewpoint of speediness and efficiency of administrative penalties, and it is believed that the proposal considers the ease of calcu - lation. In addition, there are proposals to establish a provision for reducing penalties for violators who voluntarily report violations, and an additional provision to impose a surcharge of 1.5 times the normal surcharge on repeat violators. From the viewpoint of civil law, with regard to the system for demanding an injunction, there is a proposal to grant qualified consumer organisa - tions the right to demand an injunction under the APPI as their own right, targeting violations that are highly likely to infringe on the rights and interests of individuals. Although the report of the expert panel is still in the process of being put forward for consid - eration, if these systems are introduced, both the administrative law and civil law risks from an enforcement perspective may increase in Japan in the future. Trends in legal reforms in the national security sector In 2024, the Act on the Protection and Use of Critical Economic Security Information came into effect. This Law stipulates: • the designation of critical economic security information;

• he provision of critical economic security information; and • restrictions on who can handle critical eco - nomic security information (so-called “secu - rity clearance”), among other matters. It is important for businesses that handle critical infrastructure, such as information and commu - nications, to comply with this Law. In addition, recently the government has been preparing Active Cyber Defense legislation, and the bill was submitted to the Diet in February 2025. This bill aims to enhance Japan’s cyber - security response capabilities to a level equal to or higher than that of major Western countries. Among other things, it stipulates provisions for: • strengthening public-private sector co-opera - tion, such as imposing reporting requirements on critical infrastructure operators when they notice certain types of cyber-attacks; • the government’s use of communication information to understand the actual situation of cyber-attacks on Japan; and • allowing the National Police Agency and the Self-Defense Forces to intrude into and neutralise servers possessed by attackers to prevent serious harm from cyber-attacks under certain conditions. It will be necessary to keep a close eye on the deliberations on the bill in the Diet.

182 CHAMBERS.COM

Powered by