The enactment of the Active Cyber Defense Act in May 2025 and the subsequent establishment of the National Cybersecurity Office (NCO) represent a historic turning point in Japan’s approach to cybersecurity. Together, these measures move Japan from a traditionally passive posture to an active cyber defense framework, emphasizing early threat detection, preemptive neutralization, and centralized command authority.

GR Japan provides a detailed analysis of the legislative background, institutional reforms, and political dynamics shaping these changes. It further examines the challenges Japan faces, including privacy protection, risks of false positives, workforce shortages, and the operational burden on smaller entities, while also assessing the opportunities for enhanced public-private collaboration and international partnerships.

Read the full report  to explore the implications of Japan’s new cybersecurity framework.