If found guilty, the former can get sentenced up to three years in prison and a fine that could reach the sum of 500,000 yen ($6,200). The latter can receive a up to two years in prison or 300,000 yen ($3,720) in fines.
It is unclear if the law will be used against those people who inadvertently spread malware or, as Graham Cluley points out, those with a legitimate reason to store and acquire malware - anti-virus vendors for instance.
According to TheNextWeb, the new legislation also authorizes law enforcement agencies to request from ISPs email communication logs pertaining to the suspect, and the fact has put at the forefront the question of how will it affect the constitutionally guaranteed right to privacy of communication.
The law still awaits a decision of the upper house’s Judicial Affairs Committee on how it will properly implemented, but the parliamentary decision has brought Japan one step close to joining the Convention on Cybercrime, an international treaty that defined the rights and obligations of the countries who signed it when it comes to cooperating in cybercrime investigations.
Previous to this decision, malware developers could only be charged with destruction of property, but only if the malware they created caused damage.