Cloudflare Successfully Completes ISMAP Registration to Support Japan’s Commitment to Cybersecurity Compliance

Tokyo, January 15, 2026 - Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today announced it has been officially registered under the Information System Security Management and Assessment Program (ISMAP). This achievement positions Cloudflare to provide its secure, resilient, and high-performance solutions to government agencies and highly regulated industries across Japan.

ISMAP is the standard for government security procurement in Japan, administered by the National Cybersecurity Office (NCO), Digital Agency, Ministry of Internal Affairs and Communications (MIC), and Ministry of Economy Trade and Industry (METI). Achieving this registration validates Cloudflare's capability to meet the rigorous security baselines required for public procurement.

"Achieving the ISMAP registration is a crucial step in our focus on protecting the digital infrastructure and safeguarding sensitive data across the Japanese public sector. Japanese government agencies now have the ability to upgrade their cyber and digital platforms with the same cutting-edge, resilient, and automation-driven infrastructure that empowers global digital-native customers to innovate rapidly, securely, and with efficiency at scale," said Sayoko Matsumoto, Vice President at Cloudflare. "Through Cloudflare for Government, a unified platform that integrates our services, including our Data Localization Suite and Zero Trust platform, we can provide compliant, seamless, and secure solutions across the Japanese public sector, utilities, and critical infrastructure agencies, regardless of the complexity of their needs."

Cloudflare's differentiated approach builds compliance capabilities directly into its massive global network, avoiding the performance and feature lag often associated with siloed "government-only" cloud offerings.

Key aspects of the ISMAP Cloudflare for Government offering include:

• Data Locality: Leveraging Cloudflare's Data Localization Suite to give agencies precise control over their data, including Regional Services to ensure traffic is decrypted and processed only in Japanese colocations, and Geo Key Manager to store private SSL/TLS keys exclusively in Japan.

• Global Scale, Local Control: Cloudflare's network spans more than 330 cities globally, including a robust presence in Tokyo and Osaka, ensuring lightning-fast performance while maintaining a security inspection boundary within Japan.

• Broad Scope of Services: ISMAP registration covers a wide range of services, including core application security products like CDN, WAF, and DDoS protection, as well as Zero Trust services (Secure Web Gateway, Remote Browser Isolation, and more) and Workers for compliant serverless applications.

The ISMAP registration joins other critical compliance milestones achieved through the Cloudflare for Government program, including FedRAMP Moderate authorization, IRAP PROTECTED assessment, and ENS Certification.

To learn more, please check out the resources below:

About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company on a mission to help build a better Internet. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare's connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world's largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations-from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.

Learn more about Cloudflare's connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at radar.cloudflare.com.

Follow us: Blog | X | LinkedIn | Facebook | Instagram

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as "may," "will," "should," "expect," "explore," "plan," "anticipate," "could," "intend," "target," "project," "contemplate," "believe," "estimate," "predict," "potential," or "continue," or the negative of these words, or other similar terms or expressions that concern Cloudflare's expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding Cloudflare's plans and objectives to pursue public sector security certifications, the impact to Cloudflare and its customers if Cloudflare achieves public sector security certifications, the benefits to public sector and other customers from using Cloudflare's products and technology, the expected functionality and performance of Cloudflare's products and technology, Cloudflare's global network, Cloudflare's technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare's Vice President of Japan, and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare's filings with the Securities and Exchange Commission (SEC), including Cloudflare's Quarterly Report on Form 10-Q filed on October 30, 2025, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare's forward-looking statements, and you should not place undue reliance on Cloudflare's forward-looking statements.

© 2026 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.