🇯🇵 Japan's AI and Cyber Capability

Japan is increasingly prioritizing artificial intelligence (AI) and cybersecurity as integral components of its national strategy. In recent years, Japanese policymakers have grappled with how to harness emerging technologies for economic growth and military readiness while safeguarding against digital threats. Tokyo’s approach emphasizes innovation and international cooperation, reflecting Japan’s unique cultural and legal context. This article analyzes Japan’s national strategy for AI and cyber capabilities – spanning government policy, industrial initiatives, and the dual-use applications that straddle civilian and defense domains – and how these efforts bolster Japan’s overall national capability.

AI Strategy: Innovation-Driven and Soft-Law Governance

Japan’s AI strategy has evolved with an innovation-first mindset, guided by the concept of Society 5.0 – a vision of a technology-empowered society launched under former Prime Minister Shinzo Abe . As early as 2017, Japan released its first AI Technology Strategy to promote R&D and industry adoption of AI, followed by updated strategies in 2019 and 2022 focusing on human resources and deployment of AI systems in society . These plans dovetailed with broader industrial policy goals, aiming to position Japan at the forefront of the digital transformation. Notably, Japan’s 2022 AI Strategy placed relatively less emphasis on AI ethics and governance compared to contemporaneous strategies in Europe or the United States, reflecting a domestic priority on innovation over regulation . Nevertheless, Japanese agencies did introduce ethical guidelines – from the Ministry of Internal Affairs and Communications (MIC) issuing AI R&D principles in 2017 to the Cabinet Office’s 2019 “Social Principles of Human-Centric AI” – signaling awareness of global AI governance debates even as formal regulation lagged .

Generative AI breakthroughs in late 2022 (e.g. ChatGPT) spurred Japan to reassess AI policy with greater urgency. In 2023, the government convened a new AI Strategy Council that quickly outlined potential risks of generative AI and the need for updated guidelines . Rather than pivot to heavy-handed regulation, Japan doubled down on its “soft-law” approach, urging businesses to voluntarily address AI risks. In April 2024 authorities issued AI Guidelines for Business – a nonbinding code of practice for companies – which was aligned with the G7-led Hiroshima AI Process international code of conduct developed during Japan’s G7 presidency . This voluntary guidance was further revised in 2025, underscoring an agile governance ethos that favors flexibility over strict rules.

Japan’s preference for soft law in AI governance is rooted in both cultural attitudes and legal constraints. Japanese society exhibits relatively less anxiety about speculative AI risks (such as future superintelligence) than many Western countries, resulting in little domestic appetite for sweeping precautionary regulation . Policymakers also worry that rigid laws could stifle innovation in a field Japan is eager to advance . Thus, Tokyo’s approach is to promote voluntary industry initiatives via government-issued guidelines, instead of imposing binding rules across the board . As one analysis notes, “Japan’s AI governance system… consistently maintains the so-called soft-law approach” of nonbinding, business-led compliance . This strategy relies on Japan’s tradition of close government–industry cooperation, where most companies are inclined to follow official guidance as part of corporate social responsibility culture . In sectors where AI poses immediate safety risks (e.g. self-driving cars or medical devices), Japan does move to update specific regulations, but broadly the ethos is to govern AI through flexible standards rather than hard prohibitions .

The culmination of Japan’s recent AI policy debate is the new AI Act, a law championed by the Kishida administration and approved by the cabinet in early 2025. Formally titled the Bill on Promotion of R&D and Utilization of AI, this legislation was passed by the Diet in May 2025 . Notably, the AI Act continues Japan’s light-touch philosophy – it mandates the government to develop guidelines and best practices for AI developers and users, but imposes no direct penalties or rigid restrictions on AI development . In essence, the law institutionalizes the soft-law framework: it encourages voluntary compliance with ethical norms and international standards, calls for monitoring and addressing AI risks within existing laws, and emphasizes ex post facto enforcement (after problems occur) rather than ex ante constraints . The Act’s swift passage reflects Japan’s resolve to have a say in global AI governance – Prime Minister Fumio Kishida described it as a potential “model for the world,” aiming to showcase a balanced approach that other nations might emulate . However, implementing the Act will require bureaucratic capacity Japan is still building; experts note that strengthening AI expertise within government agencies is essential for the law to be effective .

Dual-Use AI: From Commercial Innovation to Defense Applications

Japan’s AI push is not solely about governance – it is also about harnessing AI for economic and security gains. The Ministry of Economy, Trade and Industry (METI) has led AI strategy to boost industrial innovation, aligning with Japan’s commercial strengths in robotics, manufacturing automation, and electronics . Initiatives like Society 5.0 envision AI and IoT solving societal challenges (from healthcare for an aging population to smart infrastructure), underscoring the dual-use nature of these technologies . Major Japanese corporations are investing in AI for improved productivity and new services, often with government support. For example, Japan has built world-class supercomputing capabilities (the Fugaku supercomputer was ranked among the fastest globally) to power AI research in areas like drug discovery and climate modeling – assets that also contribute to national prestige and technical sovereignty.

On the defense side, long-standing cultural hesitance is giving way to cautious adoption of AI to enhance military capability. In July 2024, the Ministry of Defense released its first-ever basic policy on AI utilization in defense, acknowledging that AI is critical to maintaining Japan’s defense edge amid declining troop numbers and rapid tech advances . Defense planners identified seven priority areas for AI applications, including target detection and identification, command-and-control support, unmanned systems, and even back-office functions . The focus is on force multiplication – using AI for surveillance (e.g. AI-enabled base security systems), autonomous drones, decision support, and logistics – to mitigate manpower shortages and keep pace with rival militaries . In its 2024 budget, Japan’s defense ministry earmarked ¥18 billion for an AI-powered surveillance system to protect military bases, alongside investments in drones and highly automated warships that require smaller crews . These steps, while modest, signal a recognition that advanced AI and automation are “technologies that can overcome [Japan’s] challenges” in defense . Importantly, the defense ministry’s policy emphasizes “human-in-the-loop” control and AI safety, reflecting Japan’s cautious approach to deploying AI in lethal contexts . By integrating AI in both commercial and military spheres, Japan seeks synergy between its high-tech industry and national security – a hallmark of dual-use technology strategy.

Cybersecurity: Addressing Vulnerabilities and Enhancing Capabilities

Cyber capabilities have become an indispensable facet of Japan’s national security strategy. Cyberspace is now recognized as the “fifth domain” of warfare alongside land, sea, air, and space, and a frontline of great-power competition . Japan faces relentless cyber threats, chiefly from state-sponsored actors in China and North Korea, which target Japanese government networks and strategic industries on a near-daily basis . Chinese hacking groups conduct extensive espionage – for instance, a recent campaign by the MirrorFace group breached Japanese semiconductor, telecom, and aerospace sectors, often aligning operations with Beijing’s work hours, a sign of state backing . North Korean actors, by contrast, have brazenly stolen hundreds of millions of dollars worth of cryptocurrency from Japanese exchanges to fund Pyongyang’s regime . These incidents underscore that Japan’s critical infrastructure and financial systems are squarely in the crosshairs of sophisticated adversaries.

Despite being the world’s third-largest economy, Japan has long been perceived as punching below its weight in cyber defense. International assessments have repeatedly ranked Japan’s cyber power as middling – for example, Harvard’s National Cyber Power Index dropped Japan from 9th place in 2020 to 16th in 2022, and the International Institute for Strategic Studies labeled Japan a “Tier 3” cyber power, on par with countries like North Korea . A major reason for these low rankings is Japan’s lack of offensive cyber capabilities and a historically reactive posture . Japan has excelled in defensive measures (protecting networks, prosecuting cybercrime, and helping ASEAN neighbors build capacity) but refrained from “hacking back” or developing cyber weapons, due to legal and constitutional constraints . Article 9 of Japan’s constitution renounces war and has been interpreted to forbid preemptive military actions – a stance that extended to cyberspace, effectively limiting Japan to defensive cyber operations . Until recently, if Japanese networks were attacked, authorities could bolster firewalls and share threat info with allies, but had no clear mandate to infiltrate an adversary’s systems or neutralize threats at their source . As a result, analysts noted a critical gap in Japan’s security toolkit that dragged down its international cyber standing . Indeed, Japan’s own National Security Strategy of 2022 explicitly acknowledged the need to “strengthen cybersecurity response capabilities equal to or surpassing the level of leading Western countries” .

Tokyo is now moving decisively to close this gap. In 2023–2025, the government undertook a significant legislative shift by drafting and enacting an Active Cyber Defense law – a turning point in Japan’s cyber policy . Building on groundwork laid by Prime Minister Kishida, the administration of Prime Minister Shigeru Ishiba (who succeeded Kishida) introduced a package of legal amendments collectively nicknamed the Active Cyber Defense Bill . This passed the Diet in May 2025 and is slated to come into force by late 2027 . The reform expands the authorities of Japan’s National Police Agency (NPA) and the Self-Defense Forces (SDF) to conduct “active cyber” operations in limited contexts . For the first time, Japanese law will permit coordinated cyber countermeasures against incoming threats, rather than confining responders to passive network defense. A new organization under the Cabinet Secretariat will orchestrate these operations, ensuring close coordination between the SDF’s cyber unit and law enforcement, with oversight by the National Security Secretariat .

The Active Cyber Defense law also tackles structural and oversight issues. It authorizes Japanese agencies and domestic internet service providers to monitor cross-border internet traffic for malicious activity transiting Japan’s networks . Given Japan’s strong constitutional protections for privacy and communications secrecy, this was controversial – opposition lawmakers raised concerns about infringing citizens’ rights . Lawmakers added provisions to reassure that domestic communications will remain off-limits and that any monitoring will not “unduly restrict” privacy rights under Article 21 of the constitution . An independent oversight panel will be established to supervise these cyber traffic monitoring activities, providing checks and balances . Additionally, the law mandates a major bureaucratic reorganization: it creates a centralized Cybersecurity Agency reporting to the Prime Minister . This new body will replace the existing NISC (National Center of Incident Readiness and Strategy for Cybersecurity) with a more powerful Cybersecurity Strategic Headquarters chaired by the Prime Minister and inclusive of all cabinet ministers . A Cabinet Cybersecurity Officer at vice-minister rank will coordinate day-to-day cyber strategy, and the door is opened for appointing a dedicated Minister of State for Cyber Affairs . This institutional upgrade is designed to “quarterback” Japan’s cybersecurity efforts and deepen public-private collaboration in defending critical infrastructure .

Japanese experts characterize the Active Cyber Defense law as a first step on a long road . It remains carefully limited – for instance, the traffic monitoring will exclude domestic data, which some worry might leave blind spots in detecting threats . The new authorities granted are narrow in scope and Japan’s offensive cyber capacity will need substantial expansion in practice. Still, the consensus is that this reform was necessary to begin closing the capability gap. It “marks a turning point for the country” by enabling closer operational coordination with the United States in countering state-sponsored hackers . The U.S.-Japan alliance has already elevated cyber cooperation as a core pillar – in a 2025 summit, the two nations’ leaders agreed to deepen information-sharing and leverage technologies like AI and secure cloud services for joint cyber defense . With a legal mandate for active cyber response, Japan can contribute more fully to allied cyber operations, enhancing deterrence against adversaries.

Securing Critical Infrastructure and International Cooperation

A standout feature of Japan’s cyber and AI strategy is the recognition of critical digital infrastructure as a national security priority. As an island nation, Japan relies on undersea fiber-optic cables for 99% of its international communications, making cable networks a strategic vulnerability . Learning from incidents like the 2024 sabotage of Baltic Sea cables and strikes on satellite networks during the Ukraine war, Japan is focusing on protecting the “public core” of the internet – the physical and digital backbones of connectivity . Notably, Japanese companies are world leaders in subsea cable technology: domestic firms manufacture cutting-edge fiber-optic cables and repeaters, and Japan’s telecom operators maintain a fleet of specialized cable-laying ships (the largest in East Asia) . This industrial capacity gives Japan a significant role in building resilient communication links. Tokyo is leveraging these strengths to bolster infrastructure at home and assist partners abroad. For example, Japan has invested in new cable routes in the Indo-Pacific and provided equipment and training to Southeast Asian countries to improve their cyber and data infrastructure security . Japanese policymakers emphasize sharing Japan’s experience and resources with regions like Southeast Asia and Africa to raise baseline cybersecurity and digital resilience globally – an area where Japan has quietly been active through capacity-building programs and development aid .

Collaboration with like-minded partners is a cornerstone of Japan’s approach. Beyond its alliance with the U.S., Japan works in multilateral fora to shape norms for responsible technology use. On AI governance, Japan has carved out a neutral, bridge-building role between the U.S. emphasis on innovation and the European preference for regulation . Lacking the market clout to unilaterally set global AI rules, Japan instead promotes interoperability – ensuring different countries’ AI frameworks can align on common principles . Tokyo was instrumental in the OECD’s AI Principles (2019) and took the lead in the G7 Hiroshima AI Process to draft a voluntary Code of Conduct for Advanced AI developers . By championing such international standards, Japan contributes to global governance in a way that punches above its weight. Similarly in cybersecurity, Japan advocates for norms against cyberattacks on critical infrastructure and has endorsed United Nations discussions on responsible state behavior in cyberspace. Japan’s 2023 G7 presidency put digital security high on the agenda, and the resulting commitments call for collective measures to secure supply chains, critical infrastructure, and emerging technologies .

At home, Japan is also aligning its industry with global best practices to secure the technology ecosystem. One example is software supply chain security: in response to new U.S. requirements for software Bills of Materials (SBOM) – essentially ingredient lists for software components – METI issued guidelines in 2023 to help Japanese manufacturers and IT firms comply with these emerging standards . This ensures Japanese companies remain competitive in markets with stricter cyber regulations and enhances overall software security in Japan’s domestic market.

Outlook

Artificial intelligence and cybersecurity have swiftly moved to the forefront of Japan’s national capability development. Japanese leaders recognize that economic vitality and national security now depend on mastery of digital and dual-use technologies. Accordingly, Japan’s national strategy aims to foster cutting-edge AI innovation and integrate it across society – from smart factories to military units – while also fortifying the nation’s defenses against cyber threats. Tokyo’s approach is distinctively Japanese: favoring collaboration, soft governance, and incremental reforms over drastic intervention. By encouraging industry-led AI ethics and carefully expanding legal bounds for cyber operations, Japan hopes to strike a balance between opportunity and security. Significant challenges remain – Japan must continue investing in talent and infrastructure to operationalize these policies, and it must navigate public sensitivities about privacy and the military use of technology. Nonetheless, recent moves like the AI Act and Active Cyber Defense law indicate a strategic shift: Japan is treating AI and cyber capabilities as core elements of national power and is proactively shaping an environment where these tools can be used safely and effectively for the nation’s benefit . Through global partnerships and domestic reforms, Japan is working to ensure that the digital future is one where it can thrive securely, and help set the norms that govern the technologies of tomorrow.