In this snapshot authorized update, we report that on 25 May well 2022, in a written reply by Mr. Alfred Sit, the Secretary for Innovation and Engineering, to Legislative Council concerns on cybersecurity specifications in Hong Kong, Mr. Sit confirmed that the Hong Kong Governing administration is looking at legislation to plainly outline cybersecurity obligations of important infrastructure operators in Hong Kong.
This has been foreshadowed due to the fact the Main Executive’s 2021 Plan Tackle. The Coverage Tackle mentioned that, along with the direction in a quantity of countries and regions, the Hong Kong governing administration would boost the establishment of administration process by operators of significant data infrastructure (“CII operators”) for the safe and sound operation of those information techniques and networks. This would be put together with preparatory function for the enactment of cybersecurity legislation, with a perspective to strengthening the cybersecurity of important information infrastructures in Hong Kong through very clear delineation of cybersecurity obligations for the operators.
This plan assertion was further recurring in the Legislative Council briefing on information and facts protection by the Office environment of the Governing administration Chief Officer (OGCIO) to the Panel on Info Technological know-how and Broadcasting. In its concluding statements on the way ahead for details stability in Hong Kong, the OGCIO mentioned that it would support the Stability Bureau in its preparatory perform for enacting cybersecurity legislation to obviously define the cybersecurity tasks of CII operators and strengthen the protection of the procedure and information of Hong Kong’s community techniques and crucial infrastructure information and facts systems.
The critical extra factors in the reaction of the Secretary for Innovation and Technologies on 25 Could 2022 are:
- Legislation was needed to nutritional supplement the cybersecurity pointers and prerequisites imposed by person regulatory authorities, as Hong Kong does not have particular authorized demands on the cybersecurity of essential info infrastructures.
- The legislative proposals will get into account cybersecurity requirements adopted by other jurisdictions about the planet.
- Most importantly, a public session would be launched right before the stop of 2022.
In typical, a unified tactic to cybersecurity in Hong Kong is a welcome improvement. As with all legislative alter, the satan will be in the element. The aspects that will define the policy effect and route of the proposed legislation will be:
- the proposed scope of phrases these kinds of as CII operators.
- any proposed limits on the transfer out of Hong Kong of knowledge collected or produced by CII operators.
- regardless of whether network operators will be included within just the scope of regulation, and if so, the proposed scope used to that phrase.
- the proposed authority selected as the skilled authority for oversight and enforcement.
This is a coverage initiative primarily below the remit of the Protection Bureau.
The whole concern and response by the Secretary for Innovation and Technological know-how concerning the proposal critique and public session on cybersecurity is obtainable here.