Artboard 1 copy 11

Nihon Cyber Defence

Menu
get in touch
/ Cyber Security Leadership / By

What New Expectations Does ACD Place on My Organisation — and on Me as a Business Leader?

The ACD Law makes cyber risk a board-level responsibility. Here is what Japan’s business leaders and executives must now prioritise to ensure compliance and resilience.

Japanese train conductor on platform, preparing for departure highlighting metro rail as part of Japan’s critical infrastructure.
Japan’s cyber law raises the bar for CNI board-level risk and governance.

A New Era of Proactive Cyber Security Leadership

Japan’s new Active Cyber Defense (ACD) Law represents a national shift toward proactive cyber security.

For business leaders, this law introduces clear expectations that go beyond IT operations.

Executives are now directly responsible for ensuring their organisations can detect and respond to cyber threats before they escalate.

Key Expectations for Business Leaders Under ACD

  1. Executive Risk Ownership: The ACD Law reinforces that cyber security is no longer solely a technical issue. Boards and senior management must treat cyber resilience as a core business risk.

  2. Timely Incident Reporting: Designated critical infrastructure operators must report cyber incidents within 24 hours. Executive teams must ensure governance structures support this rapid escalation and response.

  3. Proactive Risk Management: Organisations are expected to shift from reactive security postures to proactive defence. This includes pre-notification before deploying critical systems and sharing metadata with national detection centres.

  4. Supply Chain Oversight: Business leaders must verify that contractors and suppliers meet new ACD-aligned cyber standards, extending risk management beyond internal operations.
ACD Compliance FAQ

Frequently Asked Questions (FAQ)

Deep Dive for Business Leaders Navigating ACD Compliance

Q: Am I personally accountable under the ACD Law?
While the law does not impose personal liability, it elevates board-level accountability for cyber risk management. Directors and executives must ensure appropriate oversight and resourcing.
Q: Does ACD only apply to IT systems?
No — ACD requirements impact operational technology (OT), critical business processes, and extended supply chains. Business leaders must take a holistic, enterprise-wide approach.
Q: How fast must we report incidents?
ACD requires notification within 24 hours of identifying a significant cyber incident. This demands clearly defined escalation paths and leadership involvement in incident management.
Q: What is expected of us around proactive defence?
Leaders must support investment in early detection, continuous monitoring, and sharing relevant data with national defence centres, moving beyond traditional perimeter defences.
toshio-nawa
Toshio Nawa

Chief Technology Officer (CTO)

After military and JPCERT/CC experience, Nawa joined Nihon Cyber Defence in 2018, specializing in CSIRT and threat intelligence advisory.

Edit Template

Cyber Maturity Assessment

Nihon Cyber Defence (NCD) offers comprehensive Cyber Maturity Assessments designed to evaluate an organisations current cyber security capabilities, identify areas for improvement, and develop a strategic roadmap to enhance overall security posture.

Cyber Security Framework (NIST)

National Institute of Standards and Technology

NIST Framework Graphic

Cyber Assessment Framework (CAF)

National Cyber Security Centre

CAF Framework Graphic

Explore more of the NCD suite: Cyber Security Consultancy, Protective Services, Network Monitoring & Security Operations, SIEM, Incident Management

Edit Template

More from NCD​

Chinese flag overlays a computer keyboard and economic graph, with Japan highlighted — symbolising cyber and financial influence targeting Japanese infrastructure.

China’s APT Threats to Japan’s Critical Infrastructure

May 21, 2025 Threat Intelligence
China-linked APT groups—Salt, Volt, and Silk Typhoon—are reshaping cyber warfare. Learn how these threats target Japan’s critical infrastructure and how to respond effectively...
Read More
Empowering the Next Generation of Cyber Security Talent

Empowering the Next Generation of Cyber Security Talent

May 16, 2025 Cyber Security Leadership
NCD joined the Empower Girls event in Belfast, inspiring 600 young girls to explore careers in cyber security through hands-on learning and role models...
Read More
Netcraft and Nihon Cyber Defence logos representing strategic partnership on phishing defence in Japan

Nihon Cyber Defence and Netcraft Strategic Partnership

May 12, 2025 Cyber Resilience
NCD and Netcraft are teaming up to deliver real-time phishing detection and takedown in Japan. Learn how this partnership boosts national cyber resilience...
Read More
Toshio Nawa Appointed as CTO of Nihon Cyber Defence

Toshio Nawa Appointed as CTO of Nihon Cyber Defence

May 8, 2025 Press Release
The collaboration combines Fivecast’s advanced AI-powered OSINT technology with NCD’s expertise in cyber threat intelligence and Japanese cyber security needs, delivering actionable intelligence...
Read More
White phone with red screen on black background, representing digital disinformation and cyber threats

Enhancing Japan’s Cyber Resilience Against Information Warfare | NCD

April 30, 2025 Cyber Resilience
Mandatory reporting and ransom payment bans sound tough on cybercrime, but will they actually work? Businesses need a smarter approach to ransomware resilience. Here’s what needs to change...
Read More
Digital city skyline protected by a cyber dome, symbolising Japan’s Active Cyber Defence strategy

Japan’s Active Cyber Defense Bill Passes Lower House

April 23, 2025 Risk Management
Japan passes cyber security bill enabling preemptive threat disruption by 2027. What critical infrastructure, finance, and industry leaders must prepare for...
Read More
A security analyst monitors three screens showing a "System Hacked" alert after a ransomware attack in a corporate environment.

The Ransomware Dilemma

April 15, 2025 Cyber Resilience
Mandatory reporting and ransom payment bans sound tough on cybercrime, but will they actually work? Businesses need a smarter approach to ransomware resilience. Here’s what needs to change...
Read More
UK CyberFirst Lessons: Transforming Japan’s Cyber Security Education

Lessons from the UK CyberFirst Program for Japan

March 24, 2025 Cyber Security Leadership
Japan can bridge its cybersecurity talent gap by leveraging public-private partnerships, corporate sponsorships, and government-backed education programs, inspired by CyberFirst...
Read More
Building the Next Generation of Cybersecurity Experts

Educational Strategies and Initiatives to Address the Cyber security Talent Gap

March 17, 2025 Cyber Security Leadership
Learn how education programs and strategic initiatives are addressing Japan’s cybersecurity workforce gap...
Read More
Edit Template
NCDLogoWhite@1x_1

Cyber Future Today

Company

Services

Associated sites

Social Link

Linkedin