Hong Kong enacts law to protect critical infrastructure cybersecurity

Hong Kong has passed a new law aimed at boosting cybersecurity for "critical infrastructure." This law was enacted on Wednesday and is meant to protect vital sectors such as banking, air transport, and healthcare from cyber attacks. Officials stressed that the law focuses only on critical infrastructure operators and does not involve personal or business data. Those who fail to meet security requirements could face fines of up to HK$5 million, or around $640,000. Operators must conduct security audits, create contingency plans, and report any cyber attacks. Security chief Chris Tang mentioned that the law is expected to go into effect at the start of next year. A dedicated office will be established to manage its implementation. The law covers eight sectors, including energy, telecommunications, and information technology. The American Chamber of Commerce in Hong Kong expressed concerns about the inclusion of the broad term "information technology." Officials assured that the bill aligns with safety measures from the United States, UK, Australia, and the European Union. The identities of the critical infrastructure operators will remain confidential to prevent them from becoming targets for cyber criminals. The Hong Kong government has emphasized the importance of stability and security, particularly after the pro-democracy protests in 2019. Some businesses worry that stricter cybersecurity regulations could hinder the free flow of information, which is vital for Hong Kong's global appeal. The government clarified that the law is specifically for designated operators and will not impact small and medium enterprises.