Tommy Liu and Kenneth Cheung of Hogan Lovells write:
In late June 2024, the Security Bureau of the Hong Kong SAR Government (the “Government”) proposed the first specific cybersecurity legislation in Hong Kong, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill (the “Bill”), to strengthen the security of the computer systems of critical infrastructure (“CI”) and minimise the chance of essential services being disrupted or compromised due to cyberattacks.
A paper on the Bill was submitted by the administration for the discussion of the Legislative Council (“LegCo”) Panel on Security on 2 July 2024. The proposed legislation seeks to regulate operators of CI that are necessary for:
- the continuous delivery of essential services or;
- maintaining important societal and economic activities in Hong Kong.
As such, the Bill will capture CI operators (“CIO”) which are large organisations, while small and medium enterprises and the general public will most likely fall out of scope.
A new Commissioner’s Office to be set up under the Security Bureau is also proposed under the Bill for the implementation of the proposed legislation.
Read more at Engage.