Cyber and physical security – integrated by design.
Hybrid threats cross the line between cyber and physical security every day. This Working Group is the Czech-Japan platform where security, resilience, and regulation meet on both sides of that line.
In May 2025, Japan adopted the Active Cyber Defense Law (ACDL) – a foundational shift in Japanese security doctrine that, for the first time, permits proactive defensive measures against state-level cyber threats. The law takes full effect in phases through 2027.
In Czechia, the new Cybersecurity Act transposing the Network and Information Security Directive 2 (NIS2) is being implemented across 2025–2026, alongside the EU Cyber Resilience Act (CRA), which fundamentally rewrites the obligations of digital product manufacturers. The scope of regulated entities is expanding into healthcare, energy, transport, water, finance, and digital services.
Both countries have placed critical infrastructure protection at the top of national priorities. Operational resilience has moved from a board-level term into a legal obligation – DORA (the Digital Operational Resilience Act) in financial services, analogous logic spreading sector by sector. And hybrid attacks combining cyber and physical dimensions are no longer the exception.
In this specific window, the Czech-Japan Hub is the only functioning bridge between the Czech and Japanese security and resilience ecosystems.
Compliance and operational adaptation to NIS2, CRA, and ACDL, with a focus on the seams where the three frameworks meet.
Energy, healthcare, transport, water, finance, and digital infrastructure: the sectors where outages stop being inconvenient and become a matter of national interest.
Smart buildings, OT/IT integration, IoT, video surveillance, and access control treated as one security architecture, not two budget lines.
Pre-defined playbooks, tabletop exercises, and bilateral coordination for incidents that cross borders or jurisdictions.
BCM, BCP, DR, and BIA as one connected discipline – not four separate drills.
DORA-style logic spreading from financial services into healthcare, energy, transport, and digital infrastructure. The Group tracks where it lands next.
Machine learning in security operations, balanced against the risks of automation at moments of critical decision.
A standalone focus because the patient-safety stakes and regulatory density justify it. Ransomware in a hospital is not a corporate incident.
Formats of structured dialogue with NÚKIB, NCO, METI, the Digital Agency, and sectoral regulators on both sides.
The thread that runs through every other topic on this list. The Group does not treat it as a separate chapter – it treats it as the binding.
The Working Group is designed for senior decision-makers carrying responsibility for the security and resilience of their organisation as a whole – not for any single technology stack.
Cyber security and physical security have lived in separate rooms for decades. Hybrid threats do not respect that boundary, and the new regulations on both sides do not either. Integrated Security & Resilience is the room where those worlds finally meet.
Access to this Working Group is open to Corporate Members and above with an interest in the sector. Members joining the Founding Cohort by 30 June 2026 receive permanent Founding Member status – a designation no later member can earn.
