01 January 2020 00:00 by Yuki Kuroda, Takahiro Nakayama, Takuya Uehara

Organisations’ critical infrastructure systems are essential to their bottom line, ability to innovate and daily operations. It is an important part of an organisation’s overall risk management framework. The Japan Cybersecurity module offers guidance on how to handle your Cybersecurity obligations. The module covers areas of law such as the 'Act on Prohibition of Unauthorized Computer Access', 'The Basic Act on Cybersecurity', 'Act on Electronic Signatures and Certification Business' and over 47 other compliance sources.

Module Scope:

Core Obligations

  • Overview
  • Cybersecurity Governance and Principles
  • Policy Making
  • Cybersecurity Risk Management
  • Budget and Resources
  • Risk Assessment
  • Risk Response Development
  • PDCA Framework for Implementing Cybersecurity Measures
  • Safety Principles and Detailed PDCA Guidelines for Critical Infrastructures
  • Emergency Response
  • Supply Chain Risk Management and IT Systems Management Outsourcing
  • Communication

Legal Landscape

  • Act on Prohibition of Unauthorized Computer Access
  • The Basic Act on Cybersecurity
  • Unfair Competition Prevention Act
  • Penal Code
  • Act on the Protection of Personal Information
  • Act on the Use of Numbers to Identify a Specific Individual in Administrative Procedures
  • Financial Instruments and Exchange Act
  • and 47 other compliance sources


  • Ministry of Economy, Trade and Industry
  • National Center of Incident Readiness and Strategy for Cybersecurity
  • Information-Technology Promotion Agency
  • and 7 other regulators