Japan Shatters Pacifist Cyber Stance: Offensive Digital Warfare Now Legal

In a historic shift away from its traditionally pacifist stance, Japan has enacted a new law allowing offensive cyber operations. The legislation, passed on May 16, 2025, represents a major change in how Japan interprets Article 9 of its constitution, which has limited military action since World War II.

The new law lets Japanese authorities take preemptive action against potential cyber threats. This means they can infiltrate and neutralize hostile servers before attacks occur. It’s a big departure from Japan’s previous defense-only approach to national security.

Japan’s shift to offensive cyber operations upends decades of defense-only policy, enabling preemptive strikes against hostile servers.

Under the law, Japan can monitor international communications that pass through the country, focusing on IP addresses rather than message content. The government won’t be allowed to monitor domestic communications, maintaining constitutional privacy protections for Japanese citizens.

Japan’s Self-Defence Forces will handle sophisticated cyber incidents, while law enforcement agencies will conduct standard offensive operations. The recent unauthorized stock trades valued at $2 billion attributed to hackers highlight the urgency of this new approach. An independent review panel will oversee these activities, authorizing data collection and offensive measures.

The Chief Cabinet Secretary explained that the law will help Japan identify and respond to cyber attacks more quickly. It aims to put Japan’s cyber capabilities on par with those of the United States and European countries by 2027, when the law is expected to be fully operational.

The legislation was first proposed in 2022 but took three years to gain final approval. It creates a new national cybersecurity office to coordinate responses among different government agencies.

Japan’s move mirrors similar capabilities already established in major Western powers. It also extends Japan’s ability to support allies in cybersecurity matters, positioning the country as a more active participant in international cybersecurity efforts.

The law comes amid growing cyber threats targeting Japanese infrastructure and institutions. The legislation specifically addresses threats from advanced groups like MirrorFace, which has been linked to Chinese state-sponsored cyber espionage. With this legislation, Japan is creating a framework to neutralize threats before significant damage occurs, responding to broader regional security concerns in the cyber domain.