Hong Kong 2024 Cybersecurity Legislation: What You Need to Know

Abhimanyu Grover
August 20, 2024

As of August 2024, Hong Kong has taken significant steps toward strengthening its cybersecurity framework, particularly focusing on critical infrastructure. This post explores the recent developments, legislative proposals, and the broader context of cybersecurity in Hong Kong based on a comprehensive research report.

Legislative Background

Current State of Cybersecurity Legislation

Historically, Hong Kong has lacked specific cybersecurity legislation targeting critical infrastructures (CIs). This absence is particularly noticeable compared to measures enacted by Mainland China, Singapore, and Australia.

Legislative Developments

The initiative for cybersecurity legislation was first announced in the Chief Executive’s policy address in October 2022. Extensive consultations with various stakeholders resulted in a discussion paper on the proposed legislative framework being presented to the Legislative Council Panel on Security by June 2024.

Proposed Cybersecurity Legislation

Protection of Critical Infrastructure (Computer System) Bill

On June 25, 2024, the Hong Kong government proposed the "Protection of Critical Infrastructure (Computer System) Bill." This bill aims to protect computer systems of critical infrastructures and imposes statutory obligations on CI operators (CIOs).

Key Components

1. Scope and Targets: Focuses on critical infrastructures and their computer systems.


2. Obligations of CIOs: Divided into three categories:
  - Organisational: Developing a robust cybersecurity framework.
  - Preventive: Implementing measures to prevent cyberattacks.
  - Incident Reporting and Response: Promptly reporting and responding to cyber incidents.


3. Commissioner’s Office: To be established under the Government’s Security Bureau for oversight.


4. Penalties: Non-compliance can lead to fines between HK$500,000 to HK$5 million, with additional daily fines for persistent non-compliance.


5. Appeal Mechanism: Provisions for appealing decisions made under the legislation.

Timeline

The Security Bureau plans to consult relevant sectors for a one-month period, introduce the Bill to the Legislative Council by the end of 2024, establish the Commissioner’s Office within a year of passage, and enforce the legislation six months later.

Cybersecurity Threat Landscape

Summary of Cybersecurity Incidents in 2023

HKCERT reported handling 7,752 security cases in 2023, with nearly 48% being phishing attacks. This number marked a 27% increase from 2022, targeting mainly the banking, finance, e-payment, and e-commerce sectors.

Emerging Threats

New threats include AI exploitation by hackers, emphasizing the need for a heightened cybersecurity awareness and response readiness

Ransomware Attacks

Ransomware attacks, involving unauthorized access, data theft, and ransom demands, are increasingly common. Proactive measures are crucial to mitigate these threats.

Broader Context and Comparisons

Regional and International Comparisons

Hong Kong's proposed legislation is similar to laws in Mainland China, Singapore, and Australia, all designed to protect critical infrastructure from cyber threats and ensure service resilience.

National Security Considerations

Influenced by Article 9 of the National Security Law, the legislation aims to safeguard national security by strengthening cyber regulation.

Conclusion

The proposed Protection of Critical Infrastructure (Computer System) Bill marks a critical advancement in Hong Kong’s cybersecurity efforts. It seeks to fortify CI against cyber threats, align with international standards, and address national security concerns. As the government consults with stakeholders to refine the legislation, it is crucial for Hong Kong's organizations to prepare for new cybersecurity obligations.

How Test Collab Can Help

Test Collab supports teams in building necessary checklists, sharing compliance-related tasks, and tracking performance. By providing tools to ensure adherence to new cybersecurity regulations, Test Collab helps organizations stay compliant and secure in this evolving landscape. Explore Test Collab to learn more about our solutions for cybersecurity readiness

Related Posts

Navigating Microservices: From Refactoring and Testing
Hong Kong 2024 Cybersecurity Legislation: What You Need to Know
As of August 2024, Hong Kong has taken significant steps toward strengthening its cybersecurity framework, particularly focusing on critical infrastructure. This post explores the recent developments, legislative proposals, and the broader context of cybersecurity in Hong Kong based on a comprehensive research report.
Navigating the EU AI Act in 2024: A Comprehensive Guide for Compliance
The EU AI Act introduces comprehensive regulations for AI systems, categorizing them by risk levels and imposing corresponding compliance requirements to ensure safe and ethical AI use. Effective data governance and ethical oversight are crucial, and organizations can navigate the Act by using a detailed compliance checklist and robust test cases to validate adherence. Implementing these strategies helps businesses align with the regulation while fostering trust and transparency in their AI applications.