Japan FSA to Mandate Cybersecurity Assessments for Crypto Exchanges

TLDR

• Japan’s Financial Services Agency has introduced a new framework requiring mandatory cybersecurity self-assessments for crypto exchanges.
• The policy draft aims to address rising cyber threats in the cryptocurrency sector and improve security protocols for exchanges.
• The FSA’s new regulations will be implemented starting in Japan’s 2026 fiscal year, beginning on April 1.
• The framework relies on a three-pillar approach involving self-help, mutual assistance, and public support to strengthen the industry’s security.
• The FSA will conduct penetration tests on crypto exchanges in 2026 to identify vulnerabilities and enhance protection measures.

On February 10, 2026, Japan’s Financial Services Agency (FSA) unveiled a new framework that mandates tougher cybersecurity standards for cryptocurrency exchanges. The draft policy introduces mandatory Cybersecurity Self-Assessments (CSSA) for all registered exchanges. This move is part of Japan’s strategy to address rising cyber threats within the digital asset sector.

Japan’s New Cybersecurity Standards for Exchanges

The FSA’s new draft mandates that cryptocurrency exchanges in Japan must conduct regular cybersecurity self-assessments. These assessments will help exchanges identify and address risks across various security domains. The FSA has set a deadline for public feedback on the policy, which will end on March 11, 2026. Once finalized, the regulations will be implemented starting in Japan’s 2026 fiscal year, beginning on April 1.

The policy shift comes as cyberattacks targeting the cryptocurrency sector have intensified. According to the FSA, recent attacks have exploited human and operational weaknesses rather than technical vulnerabilities. As part of the framework, exchanges must evaluate security measures related to technical infrastructure, human risks, and third-party vendor management.

Three-Pillar Framework for Industry Collaboration

The policy relies on a three-pillar framework to address cybersecurity concerns in the crypto sector. The first pillar, “self-help,” places the primary responsibility for security on individual exchanges. They are required to conduct mandatory cybersecurity self-assessments and report the results. This self-assessment will be a critical component of Japan’s evolving security approach.

The second pillar, “mutual assistance,” encourages exchanges to collaborate and share security intelligence. The FSA aims to strengthen the Japan Virtual and Crypto Assets Exchange Association (JVCEA) to promote information sharing across the industry. This collaboration will allow exchanges to learn from each other’s experiences, enhancing collective defense mechanisms.

Public Support and Ethical Hacking Measures

The third pillar, “public help,” involves government intervention to provide support through research and testing. The FSA has committed to continuing joint international research on blockchain security threats. Additionally, the agency plans to conduct real-world penetration tests on specific exchanges during the 2026 fiscal year. Ethical hackers may be hired to identify vulnerabilities before malicious actors can exploit them.

The FSA believes these efforts will ensure a more robust cybersecurity framework for Japan’s cryptocurrency exchanges. These measures are designed to improve security, create accountability, and foster industry-wide cooperation.

The post Japan FSA to Mandate Cybersecurity Assessments for Crypto Exchanges appeared first on CoinCentral.