Do Son 
Japan has officially abandoned its longstanding restraint in cyberspace. On May 16, a landmark law was enacted, authorizing the nation’s authorities to launch preemptive cyberstrikes against hostile targets — even before any actual harm is inflicted. This decision marks a turning point in Japan’s cyber doctrine, long guided by the pacifist principle enshrined in Article 9 of its Constitution.
The Active Cyber Defense Law, initially proposed in 2022, grants Japanese law enforcement agencies the authority to infiltrate and neutralize adversarial servers, even in the absence of an imminent attack. Notably, such operations may proceed without clear evidence of a direct military assault on Japan. The most sophisticated incidents will fall under the jurisdiction of the Japan Self-Defense Forces.
According to officials, this legislative shift will enable Tokyo to respond more swiftly and decisively in cyberspace, allowing it to match — or even surpass — leading powers such as the United States and European nations. The law is also positioned as a tool to “elevate national security to the standards of Western countries.”
Beyond its offensive provisions, the law also outlines the state’s ability to analyze internet traffic passing through Japanese territory. The government insists that the content of data packets will not be inspected and that domestic traffic will remain unaffected. The emphasis, officials claim, is justified by the overwhelming majority of cyberattacks originating from abroad.
Yet, not all within Japan have embraced the new legislation. Human rights advocates have voiced concerns over potential violations of Article 21 of the Constitution, which guarantees the confidentiality of communications and freedom of expression. In response, the government established an independent oversight commission tasked with approving each instance of data interception or offensive cyber action before its execution.
Japan’s pivot to active cyber defense is largely a reaction to a series of high-profile incidents in recent years. In 2023, Chinese hackers reportedly maintained covert access to the internal networks of Japan’s cyber agency for nine months. Earlier, in 2020, the U.S. National Security Agency disclosed the compromise of Japan’s defense infrastructure by Chinese military hackers — a breach considered among the most devastating in the nation’s history.
More recently, Japan’s financial regulator reported a cyberattack involving unauthorized securities transactions totaling $2 billion via online platforms. In the face of escalating threats — both state-sponsored and financially motivated — the government opted to overhaul its cyber posture, abandoning the previously reactive approach.
The newly adopted law makes one thing unequivocally clear: Japan is no longer willing to wait for an adversary to strike first. The nation now reserves the right to act — preemptively and unilaterally — in cyberspace.
Donate