EU, Japan, Australia Move From Voluntary Cyber Guidelines to Binding Law

SAN FRANCISCO, March 26, 2026 — Senior cyber officials from the European Union, Japan and Australia told the RSA Conference Wednesday that binding regulation, mandatory reporting, and coordinated defense structures are replacing a decade of voluntary frameworks that panelists said have run their course.

Japan's three-pillar strategy

Japan concluded a new national cybersecurity strategy late last year anchored in three pillars, said Yoichi Iida , Japan's national cyber director. The first covers deterrence and defense against state-sponsored cyber actors. The second builds societal resilience by requiring small and medium-sized enterprises to implement their own baseline cybersecurity measures.

The third includes new legislation that gives the government authority to monitor internet traffic and requires 300 critical infrastructure operators to report incidents directly to the government. Japan stood up a new National Cybersecurity Office to lead the effort and a public-private partnership council to keep industry in the loop, Iida said.

Learn more about the Broadband Community...

                        Start Your Broadband Journey Here
                    

This post is for subscribers only

Become a member to get access to all content

Subscribe now