Japan: Adopted METI Guidelines and Model Clauses for Handling Offensive Technical Information

On 11 March 2024, the Japanese Ministry of Economy, Trade and Industry (METI) adopted the 'Guidelines for the Handling and Utilisation of Attack Techniques Information' and 'Model Provisions Concerning the Handling of Attack Technological Information That Should Be Included in Non-Disclosure Agreements'. In particular, the guidelines specify measures that specialised organisations should take in regard to de-identification processes, which are processes to remove information that can infer the identity of a person. The model clauses concern the sharing of attack technology information which has been de-identified by specialised organisations, such as security or research vendors. The documents were formulated to supplement the final report by the Industrial Cyber Security Study Group, aiming to promote information sharing on damage caused by cyber-attacks.