Japan

● The Basic Act on Cybersecurity (Act No. 104 of 2014): This Act aims to comprehensively and effectively implement and promote policies related to cybersecurity, thereby creating an environment that encourages organizations and individuals to make contributions to Japan's national economic growth and security.

● Act on the Protection of Personal Information (Act No. 57 of 2003): This Act specifies basic principles for processing personal information and the basic matters for the government to formulate basic policies and other measures to protect personal information. It specifies the responsibilities of national and local governments and the obligations that operators who process personal information must comply with to protect personal rights and interests.

● Enforcement Decree for the Act on the Protection of Personal Information: This Decree is a supplementary provision to the Act on the Personal Information Protection.

● Regulations for the Act on the Protection of Personal Information: These regulations provide guidelines for organizations on how to comply with The Act on the Protection of Personal Information and Enforcement Decree for the Act on the Protection of Personal Information.

● The Cybersecurity Policy for Critical Infrastructure Protection: This policy is important to critical infrastructure protection for organizations in Japan. The latest version of The Cybersecurity Policy for Critical Infrastructure Protection was revised on January 30, 2020 based on versions 2017 and 2018 and issued by the Japan Cabinet Network Strategy Department. This policy provides a framework for government departments in charge of critical infrastructure protection and for the CI operators who independently implement related protection measures.

Huawei Cloud is committed to providing you with secure and compliant infrastructure and services. Each service has built-in security features and is guaranteed to run securely through continuous O&M. Huawei Cloud ensures that the infrastructure and services it provides have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

When using Huawei Cloud services, you are responsible for the security and compliance of internal applications and custom configurations of your workloads on the cloud. As the owner and controller of your data, you are responsible for data security configuration, confidentiality, integrity, availability, as well as identity authentication and authorization for data access.

You are also responsible for compliance with the applicable regulatory requirements for your workloads on the cloud.

You can download HUAWEI CLOUD Security White Paper to view details about the responsibilities of Huawei Cloud and yours.

For more security and compliance issues, contact your account manager or Huawei Cloud.

Huawei Cloud is committed to building secure and trusted cloud services. The infrastructure and services provided by Huawei Cloud have been assessed by authoritative, independent, third-party agencies and reviewed by the relevant certifying bodies.

Huawei Cloud is compliant with a wide range of international standards and practices, Examples include:

• Security standards: ISO 27001, ISO 27017, CSA STAR, PCI DSS, PCI 3DS, ISO 27034, and NIST cyber security framework (CSF), and more

• Privacy standards: ISO 27018, ISO 27701, BS 10012, ISO 29151, and ISO 27799

• Other standards: ISO 22301 (for business continuity management), ISO/IEC 20000 (for IT service management), TL 9000 and ISO 9001 (for quality management), SOC 1, SOC 2, and SOC 3 (for audit)

Learn more from Compliance Certificates in the Compliance Center.