Particle.news

Download on the App Store

Hong Kong Passes Landmark Cybersecurity Law for Critical Infrastructure

The new law mandates strict security measures and penalties to protect essential systems, set to take effect on January 1, 2026.

Image
Figurines with computers and smartphones are seen in front of the words "Cyber Security" in this illustration taken, February 19, 2024. REUTERS/Dado Ruvic/Illustration/File Photo
Image

Overview

  • The legislation requires annual risk assessments, independent audits every two years, and rapid reporting of serious cybersecurity incidents within two hours.
  • It applies to eight critical industries, including banking, IT, energy, healthcare, and transport, as well as sectors like sports venues and research parks.
  • Non-compliance could result in fines ranging from HK$500,000 to HK$5 million, with additional penalties for ongoing violations.
  • Authorities plan to establish a commissioner’s office and identify affected operators by June 2025 in preparation for the law’s implementation.
  • The law responds to recent cyberattacks on essential services and raises concerns about potential impacts on foreign investment due to increased compliance costs.