Security Intelligence

Close Protection in Japan and South Korea: Security for Northeast Asia | CloseProtectionHire

Q: "What is the close protection legal framework in Japan?"

"Close protection in Japan is governed by the Security Services Act (Keibi Gyo-ho, Act No. 117 of 1972), administered by the National Public Safety Commission. Commercial close protection operatives must be licensed individually, and security companies must hold a corporate licence. The law prohibits commercial security operatives from carrying firearms. Armed protection in Japan is effectively limited to law enforcement and Japan's Self-Defense Forces (JSDF). Background checks and training requirements are set nationally, with implementation by the National Police Agency. JSIA (Japan Security Industry Association) represents the industry and has set its own training standards. For international executives requiring protection in Japan, the engagement must be through a JSIA-registered company with qualified, licensed operatives. A foreign CP operator cannot provide services in Japan without working through a Japanese-licensed entity."

Q: "What does the assassination of Abe Shinzo tell us about Japanese security?"

"The assassination of former Prime Minister Abe Shinzo on 8 July 2022 at a street-level campaign event in Nara is the most significant security failure in modern Japanese protective security history. Abe was killed by a single attacker, Tetsuya Yamagami, using a home-made double-barrelled firearm. The attack exposed multiple systemic failures in the Police Security Division (Kidotai) close protection protocols: the principal's back was exposed to unscreened public space, there was insufficient standoff distance, and the reaction time to the first shot was inadequate to prevent the second. The attack was motivated by personal grievance related to the Unification Church (the attacker's mother had bankrupted the family through donations) rather than political ideology. The lesson for CP planning is not that Japan is generally dangerous -- it is not -- but that the 'low-threat-therefore-reduced-protocols' assumption is operationally dangerous. A principal who is publicly accessible and predictable in movements is at risk even in a low-crime country."

Q: "What is the North Korean threat relevant to South Korea-based business operations?"

"North Korea presents a persistent and multi-dimensional threat to South Korea. The kinetic threat -- conventional military attack, artillery along the Demilitarized Zone (DMZ), special operations -- is a strategic background risk rather than an operational daily concern for business visitors to Seoul. The cyber threat is active and documented: the Lazarus Group (attributed by the US, UK, Australia, and others to North Korean intelligence, the RGB) has conducted documented financial theft operations (estimated USD 2-3 billion stolen in cryptocurrency and banking system theft 2019-2024 per UN Panels of Experts), corporate espionage targeting South Korean defence and semiconductor companies, and infrastructure disruption operations. The cyber threat is the most operationally relevant for business visitors, particularly those in technology, defence, or critical infrastructure sectors."

Q: "What was the South Korean political crisis of December 2024?"

"On 3 December 2024, President Yoon Suk-yeol declared martial law, claiming that parliamentary opposition parties were conducting anti-state activities. The declaration lasted approximately 4 hours before the National Assembly voted to reject it. Yoon subsequently faced impeachment proceedings, was removed from office by the Constitutional Court, and faced criminal proceedings for insurrection. The episode demonstrated that political instability risk exists in South Korea despite its strong institutional framework, and that rapidly evolving political situations can create security implications for business operations -- including temporary restrictions on movement, civil unrest, and infrastructure disruption. The incident did not result in mass casualties or significant violence, but it demonstrated the speed at which a stable political environment can deteriorate."

Q: "Is China's relationship with Japan and South Korea relevant to security planning?"

"The PRC's strategic competition with both Japan and South Korea creates a specific intelligence and cyber threat dimension for business visitors. PSIA (Public Security Intelligence Agency, Japan) and NIS (National Intelligence Service, South Korea) both document PRC-linked cyber operations targeting defence, semiconductor, and strategic technology sectors in their respective countries. For executives in these sectors, the device and communications security protocol applicable to visits to China is relevant in attenuated form to visits to Japan and South Korea -- the risk is lower, but the targeting motivation is the same. The Taiwan Strait tension creates an indirect strategic risk: a cross-strait crisis would have immediate economic and potentially military security implications for both Japan and South Korea."

Close protection in Japan and South Korea: Japan's Security Services Act, North Korean cyber and kinetic threat, Abe assassination lessons, 2024 South Korean political crisis, and CP planning for Tokyo, Seoul, Osaka, and Busan.

4 May 2026

Written by James Whitfield

Speak to the Team

Japan and South Korea are P2 cities (Tokyo and Seoul respectively) in the site’s taxonomy and represent two of the most commercially significant destinations in Northeast Asia. Both countries operate at the low end of the violent crime spectrum for business visitors. Both carry specific threat dimensions – Japan’s reminder via the Abe assassination that low-threat environments are not zero-threat environments, and South Korea’s layered intelligence and political risk landscape – that require operationally considered security planning.

Japan

General security environment: Japan’s violent crime rate is among the world’s lowest. Homicide rates, street robbery, and public disorder are all at levels that make Japan one of the safest major business destinations globally. The specific risk factors for business visitors are: the occasional failure of the low-threat assumption (the Abe assassination being the defining case); corporate espionage by PRC and North Korean-linked intelligence services targeting strategic sectors; and, at the highest principal-risk levels, harassment by specific organised crime elements in specific business contexts.

The Abe assassination: Former Prime Minister Abe Shinzo was shot and killed in Nara on 8 July 2022 while delivering a street-level campaign speech. He was struck twice by rounds from a home-made firearm built from plumbing pipes. The National Police Agency’s post-incident review identified multiple systemic failures in the close protection protocols: insufficient rear-area screening, inadequate standoff between the public and the principal, and delayed reaction positioning after the first shot.

The attack was conducted by Tetsuya Yamagami, motivated by personal grievance related to the Unification Church rather than political ideology. The attack had no broader operational security implication for the general business visiting population. Its significance for CP professionals is as a case study: the ‘Japan is safe, therefore reduced protocols’ reasoning created an exploitable pattern-of-life vulnerability for a principal with sufficient public profile to attract a targeted attacker.

Security Services Act: Commercial CP in Japan operates under Act No. 117 of 1972. Licensed security companies must hold a corporate licence; individual operatives must be individually licensed. Firearms are prohibited for commercial CP operatives. The JSIA (Japan Security Industry Association) operates a training standards framework that supplements the statutory requirements. Foreign operators providing services in Japan must work through a JSIA-registered licensed Japanese entity.

Intelligence threat: PSIA (Public Security Intelligence Agency) Annual Reports document sustained PRC intelligence targeting of Japanese defence contractors, semiconductor manufacturers, and dual-use technology companies. North Korea’s cyber operations against Japanese financial and defence institutions are separately documented. Device security protocols for commercially sensitive Japan visits should reflect this environment.

City profiles:

Tokyo: The capital has low physical crime risk in business and tourist areas. Specific awareness is appropriate around crowded transit hubs (Tokyo has the world’s busiest train network), where the 1995 Aum Shinrikyo sarin attack killed 13 people and injured thousands. No equivalent infrastructure-targeting attack has occurred since, but awareness of chemical and CBRN response protocols remains part of Japanese emergency services training.

Osaka: Generally comparable to Tokyo. Osaka’s Namba and Shinsaibashi entertainment areas carry higher-than-average petty crime risk late at night.

South Korea

General security environment: Seoul and the major Korean cities are low-risk for standard business visits. South Korea has a strong rule of law, effective law enforcement, and low violent crime rates. The specific risk factors are the North Korean threat dimension, the political environment, and the cyber and intelligence targeting of strategic sectors.

North Korean threat: North Korea maintains an active military posture along the DMZ, approximately 50km north of Seoul. The kinetic threat – conventional military attack – is a strategic background consideration rather than an operational daily risk. Business visitors do not need to build military evacuation planning into standard itineraries; however, corporate security managers should maintain awareness of tension escalation cycles and have a decision protocol for operations during elevated-tension periods (missile tests, announced exercises, political provocations).

The Lazarus Group’s cyber operations are the most operationally relevant North Korean threat for business visitors. UN Panels of Experts reports (2023 and 2024) document cryptocurrency theft, banking system intrusions, and defence sector espionage attributed to Lazarus. Executives in technology, semiconductor, cryptocurrency, and defence-adjacent sectors should apply device and communications security protocols that reflect this threat.

2024 political crisis: The December 2024 martial law declaration by President Yoon Suk-yeol lasted 4 hours before the National Assembly voted to reject it. Yoon’s subsequent impeachment, Constitutional Court removal from office, and criminal insurrection proceedings underscored that political risk exists in South Korea’s otherwise stable institutional environment. CP and security planning for South Korea should include a political risk monitoring component.

City profiles:

Seoul: The capital is a manageable business environment. The area around the US military installations (Yongsan historically, Camp Humphreys in Pyeongtaek post-relocation) carries heightened strategic significance and is a potential target in any US-DPRK escalation scenario. For standard corporate operations in the central business, banking, and technology districts (Gangnam, Yoido, Mapo), the operational environment is normal business security discipline.

Busan: The port city is a manageable business destination. The 2024 APEC Summit was hosted in Gyeongju, demonstrating South Korea’s capability to manage international high-security events. No specific elevated Busan risk beyond the national baseline.

For the broader Asia-Pacific CP framework, see our close protection in Asia-Pacific guide. For the specific security environment in China, which shares the Northeast Asia intelligence threat dimension, see our close protection in China guide.

Sources

PSIA (Public Security Intelligence Agency, Japan): Annual Report 2025. NIS (National Intelligence Service, South Korea): Annual Report 2025. Japan National Police Agency: Post-Incident Review, Abe Assassination 2022. FCDO: Travel Advice Japan and South Korea, April 2026. OSAC Japan Country Security Report 2024. OSAC South Korea Country Security Report 2024. Control Risks RiskMap 2025. UN Panel of Experts, DPRK Sanctions Committee: Annual Report 2024. USFK (US Forces Korea): Posture Statement 2025. Freedom House: Freedom in the World 2025. ACLED: Northeast Asia Dataset 2025. JSIA: Security Industry Standards Japan 2024.

For executives operating out of Hong Kong, Singapore, or Taiwan – where NSL legal risk, intelligence collection, and cross-strait contingency planning define the security picture rather than physical crime – see our close protection in East Asia business hubs guide.

James Whitfield is a Senior Security Consultant with 20 years of experience in close protection and security risk management across Asia-Pacific and high-risk environments globally.

Summary

Key takeaways

The Abe assassination is a case study in the dangers of relaxed CP protocols in a low-threat environment -- the lesson applies universally

Japan's overall security environment is among the world's lowest for violent crime. The Abe attack demonstrates that this assessment, if applied as justification for minimal standoff, no rear screening, and reduced reaction positioning, creates exploitable vulnerabilities. A principal who is publicly accessible at a predictable event location is exposed regardless of the country's overall risk rating. Principals with any threat assessment -- public figures, executives with documented adversaries, government officials -- should receive operationally consistent protection regardless of environmental threat level.

North Korea's Lazarus Group is the most active state-linked financial and cyber threat actor in the Northeast Asia region -- relevant to any technology or financial sector executive visiting Seoul

UN Panels of Experts assessments document Lazarus Group operations targeting South Korean and international financial institutions, cryptocurrency exchanges, and defence contractors. The targeting is primarily digital, but the consequences -- theft of commercial intelligence, access to financial systems, disruption of operations -- are directly relevant to business operations. Technology and finance sector executives visiting Seoul should apply the same device security discipline as for visits to high-surveillance markets.

Japan's commercial CP market operates entirely within the unarmed framework -- assess providers on advance work quality and licensed operator credentials, not armed capability

Armed CP is not available through the commercial market in Japan. This is appropriate to the threat environment. The quality differentiators for Japan CP assignments are: advance work methodology (venue surveys, route intelligence, liaison with venue security and police if warranted), communication and emergency response protocols, and the operator's experience with the specific principal type (corporate versus political versus entertainment versus sporting).

South Korea's 2024 martial law episode is a reminder that political risk in apparently stable democracies requires monitoring and planning

The December 2024 martial law declaration lasted 4 hours but created a period of real uncertainty with potential for civil unrest, movement restrictions, and infrastructure disruption. Corporate security plans for South Korea operations should include a political risk monitoring component and a rapid decision protocol for in-country teams during political crises. The response speed required -- the National Assembly vote was decisive within hours -- means that monitoring must be real-time, not scheduled.

The regulatory requirement to use a locally licensed Japanese security company means international operators must have verified Japanese partner relationships before any deployment

Japan's Security Services Act requires that close protection services be delivered through a Japanese-licensed company. An international CP provider without a verified, licensed Japanese partner cannot operate in Japan. This is not an administrative inconvenience -- operating outside the licensing framework creates criminal liability for the operative and reputational risk for the client. When commissioning protection for a Japan deployment, confirm the provider's specific Japanese licensing credentials or its verified local partner relationship before any contract is signed.

FAQ

Frequently Asked Questions

Close protection in Japan is governed by the Security Services Act (Keibi Gyo-ho, Act No. 117 of 1972), administered by the National Public Safety Commission. Commercial close protection operatives must be licensed individually, and security companies must hold a corporate licence. The law prohibits commercial security operatives from carrying firearms. Armed protection in Japan is effectively limited to law enforcement and Japan’s Self-Defense Forces (JSDF). Background checks and training requirements are set nationally, with implementation by the National Police Agency. JSIA (Japan Security Industry Association) represents the industry and has set its own training standards. For international executives requiring protection in Japan, the engagement must be through a JSIA-registered company with qualified, licensed operatives. A foreign CP operator cannot provide services in Japan without working through a Japanese-licensed entity.

The assassination of former Prime Minister Abe Shinzo on 8 July 2022 at a street-level campaign event in Nara is the most significant security failure in modern Japanese protective security history. Abe was killed by a single attacker, Tetsuya Yamagami, using a home-made double-barrelled firearm. The attack exposed multiple systemic failures in the Police Security Division (Kidotai) close protection protocols: the principal’s back was exposed to unscreened public space, there was insufficient standoff distance, and the reaction time to the first shot was inadequate to prevent the second. The attack was motivated by personal grievance related to the Unification Church (the attacker’s mother had bankrupted the family through donations) rather than political ideology. The lesson for CP planning is not that Japan is generally dangerous – it is not – but that the ’low-threat-therefore-reduced-protocols’ assumption is operationally dangerous. A principal who is publicly accessible and predictable in movements is at risk even in a low-crime country.

North Korea presents a persistent and multi-dimensional threat to South Korea. The kinetic threat – conventional military attack, artillery along the Demilitarized Zone (DMZ), special operations – is a strategic background risk rather than an operational daily concern for business visitors to Seoul. The cyber threat is active and documented: the Lazarus Group (attributed by the US, UK, Australia, and others to North Korean intelligence, the RGB) has conducted documented financial theft operations (estimated USD 2-3 billion stolen in cryptocurrency and banking system theft 2019-2024 per UN Panels of Experts), corporate espionage targeting South Korean defence and semiconductor companies, and infrastructure disruption operations. The cyber threat is the most operationally relevant for business visitors, particularly those in technology, defence, or critical infrastructure sectors.

On 3 December 2024, President Yoon Suk-yeol declared martial law, claiming that parliamentary opposition parties were conducting anti-state activities. The declaration lasted approximately 4 hours before the National Assembly voted to reject it. Yoon subsequently faced impeachment proceedings, was removed from office by the Constitutional Court, and faced criminal proceedings for insurrection. The episode demonstrated that political instability risk exists in South Korea despite its strong institutional framework, and that rapidly evolving political situations can create security implications for business operations – including temporary restrictions on movement, civil unrest, and infrastructure disruption. The incident did not result in mass casualties or significant violence, but it demonstrated the speed at which a stable political environment can deteriorate.

The PRC’s strategic competition with both Japan and South Korea creates a specific intelligence and cyber threat dimension for business visitors. PSIA (Public Security Intelligence Agency, Japan) and NIS (National Intelligence Service, South Korea) both document PRC-linked cyber operations targeting defence, semiconductor, and strategic technology sectors in their respective countries. For executives in these sectors, the device and communications security protocol applicable to visits to China is relevant in attenuated form to visits to Japan and South Korea – the risk is lower, but the targeting motivation is the same. The Taiwan Strait tension creates an indirect strategic risk: a cross-strait crisis would have immediate economic and potentially military security implications for both Japan and South Korea.

Get in Touch

Request a Consultation

Describe your security requirements below. All enquiries are confidential and handled by licensed consultants.