Japan will begin implementing new cyber defence powers on October 1 that allow authorities to disrupt and disable hostile systems, according to statements from government officials during a recent press briefing. The measures form part of the country’s “Active Cyber Defense” framework, which expands the role of state agencies in responding to cyber threats.
Chief Cabinet Secretary Minoru Kihara said the decision reflects changes in the security environment and the increasing impact of cyberattacks on daily life and national infrastructure. He stated that the government intends to allow authorities to identify and act against malicious systems before attacks are carried out.
Under the new rules, authorities will be able to access and disable servers used by attackers in certain cases. The framework also introduces requirements for operators of critical infrastructure to report incidents and enables coordination between law enforcement, intelligence agencies, and the Self-Defense Forces.
The law was passed in 2025 and is being introduced in stages through 2027. It represents a change in how Japan handles cyber threats, allowing preemptive action against infrastructure linked to potential attacks rather than responding after incidents occur.
Government officials said safeguards will apply to the use of these powers. Kihara stated that specific procedures will govern how information is collected and how operations are approved, with oversight by a designated review body. He added that the government intends to respect privacy while carrying out cyber defence measures.
The framework also allows authorities to analyse data related to cyber threats and identify patterns linked to malicious activity. In some cases, this may include examining international network traffic connected to potential attacks, within legal limits.
Officials have said the measures are intended to improve the country’s ability to respond to cyber incidents affecting sectors such as finance, telecommunications, and energy. The new powers will allow agencies to act earlier in the attack cycle by targeting systems used to prepare or launch cyber operations.
The rollout is part of a broader effort to strengthen coordination between government bodies and critical industries, including mandatory reporting requirements and structured information sharing. Implementation will continue over the next several years as the legal and operational framework is expanded.