Japan issues guidelines on cybersecurity responsibilities for software companies

( March 31, 2026, 08:58 GMT | Official Statement) -- MLex Summary: Japan’s industry ministry and cybersecurity authorities on Tuesday issued guidelines clarifying the expected roles of cyber infrastructure providers, including cloud service providers and software developers, suppliers and operators. The Ministry of Economy, Trade and Industry and the National Cybersecurity Office said the guidelines aim to strengthen cybersecurity resilience in software supply chains under the Basic Act on Cybersecurity, amended last year. The guidelines set out expectations such as security by design and by default, supply chain risk management, software governance and enhanced information sharing and coordination with stakeholders.The statement is attached. ...

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

Japan issues guidelines on cybersecurity responsibilities for software companies

Prepare for tomorrow’s regulatory change, today

Documents

Related Sections