Cybersecurity

EU, Japan, Australia Move From Voluntary Cyber Guidelines to Binding Law

Australia recorded a cybercrime report every six minutes, up from one every ten minutes two years ago.

Akul Saxena

Mar 26, 2026 — 3 min read

Photo of (from left) Chris Inglis, former U.S. national cyber director; Despina Spanou, European Commission's head of cybersecurity policy; Yoichi Iida, director of Japan's National Cyber Security Office; and Jessica Hunter, Australia's ambassador for cyber affairs and critical technology, on Wednesday, March 25, 2026.

SAN FRANCISCO, March 26, 2026 — Senior cyber officials from the European Union, Japan and Australia told the RSA Conference Wednesday that binding regulation, mandatory reporting, and coordinated defense structures are replacing a decade of voluntary frameworks that panelists said have run their course.

Japan's three-pillar strategy

Japan concluded a new national cybersecurity strategy late last year anchored in three pillars, said Yoichi Iida, Japan's national cyber director. The first covers deterrence and defense against state-sponsored cyber actors. The second builds societal resilience by requiring small and medium-sized enterprises to implement their own baseline cybersecurity measures.

The third includes new legislation that gives the government authority to monitor internet traffic and requires 300 critical infrastructure operators to report incidents directly to the government. Japan stood up a new National Cybersecurity Office to lead the effort and a public-private partnership council to keep industry in the loop, Iida said.

Learn more about the Broadband Community...

Start Your Broadband Journey Here

Post tagged in

Cybersecurity RSA Conference Japan European Union Australia Despina Spanou Cyber Resilience Act Cybersecurity Skills Academy EU Cyber Reserve NATO Jessica Hunter Kingdom of Tonga New Zealand Chris Inglis National Security Agency