Hong Kong Cybersecurity Bill: Clarification and Controversy Surrounding the Proposed Legislation

Hong Kong’s Secretary for Security, Chris Tang Ping-keung, has addressed concerns surrounding the newly proposed Hong Kong cybersecurity bill, specifically its impact on US businesses in the region. The Protection of Critical Infrastructure (Computer System) Bill aims to enhance cybersecurity measures for essential infrastructures in key sectors such as energy, information technology, banking, and healthcare services.

Tang reassured the American Chamber of Commerce in Hong Kong that the bill’s focus is on securing critical systems, not infringing on privacy. Only one of the 53 submissions during the consultation period opposed the bill, citing concerns about the broad inclusion of the information technology sector.

Tang emphasized the importance of including the IT sector in the bill due to its vital role in daily operations and cybersecurity. He clarified that the legislation would only apply to critical infrastructures, not small or medium-sized enterprises.

The new office established under the Security Bureau will oversee the bill’s implementation, focusing solely on critical infrastructure. Operators will be required to report security incidents promptly, with failure to comply resulting in fines. The government plans to keep the list of affected companies confidential to prevent potential threats.

In conclusion, Hong Kong’s cybersecurity bill aims to enhance the protection of critical infrastructure without compromising individual privacy. The government is working to address concerns and finalize the legislation by the end of the year, ensuring the bill’s effectiveness in safeguarding against cyber threats.