CONNECT WITH US

𝗡𝗲𝘄 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗟𝗮𝘄

🔐 𝗪𝗵𝗼 𝗜𝘀 𝗜𝗻𝘃𝗼𝗹𝘃𝗲𝗱 𝗶𝗻 𝗛𝗼𝗻𝗴 𝗞𝗼𝗻𝗴’𝘀 𝗡𝗲𝘄 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗖𝘆𝗯𝗲𝗿𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗟𝗮𝘄?

Since 𝟭 𝗝𝗮𝗻𝘂𝗮𝗿𝘆 𝟮𝟬𝟮𝟲, the 𝘗𝘳𝘰𝘵𝘦𝘤𝘵𝘪𝘰𝘯 𝘰𝘧 𝘊𝘳𝘪𝘵𝘪𝘤𝘢𝘭 𝘐𝘯𝘧𝘳𝘢𝘴𝘵𝘳𝘶𝘤𝘵𝘶𝘳𝘦𝘴 (𝘊𝘰𝘮𝘱𝘶𝘵𝘦𝘳 𝘚𝘺𝘴𝘵𝘦𝘮𝘴) 𝘖𝘳𝘥𝘪𝘯𝘢𝘯𝘤𝘦 (𝘊𝘢𝘱. 653) has come into force. The law establishes a comprehensive framework to protect essential services from cyber threats.

Under Cap. 653, designated 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 (𝗖𝗜) 𝗢𝗽𝗲𝗿𝗮𝘁𝗼𝗿𝘀 are organizations whose computer systems are essential to maintaining critical societal or economic activities in Hong Kong.

🏗 𝗦𝗲𝗰𝘁𝗼𝗿𝘀 𝗗𝗲𝗳𝗶𝗻𝗲𝗱 𝗮𝘀 𝗖𝗿𝗶𝘁𝗶𝗰𝗮𝗹 𝗜𝗻𝗳𝗿𝗮𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗜𝗻𝗰𝗹𝘂𝗱𝗲:
1. Energy⚡
2. Information Technology💻
3. Banking & Financial Services🏦
4. Air Transport✈
5. Land Transport🚆
6. Maritime Transport⚓
7. Healthcare Services🏥
8. Telecommunications & Broadcasting📡

In addition, any other infrastructure the damage, loss of functionality or data leakage of which may hinder or otherwise substantially affect the maintenance of critical societal or economic activities in Hong Kong may also fall within scope.

These operators are now legally required to establish cybersecurity governance frameworks — from maintaining dedicated computer-system security management units to reporting incidents, conducting periodic risk assessments and audits, etc.

Besides the CI Operator, there are 𝘀𝗼𝗺𝗲 𝗼𝘁𝗵𝗲𝗿 𝗞𝗲𝘆 𝗥𝗼𝗹𝗲𝘀 𝘂𝗻𝗱𝗲𝗿 𝗖𝗮𝗽. 𝟲𝟱𝟯:👥
🔹 𝗖𝗼𝗺𝗽𝘂𝘁𝗲𝗿-𝘀𝘆𝘀𝘁𝗲𝗺 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗨𝗻𝗶𝘁
Responsible for managing and safeguarding critical computer systems and ensuring compliance with the Ordinance.

🔹 𝗦𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗼𝗿 𝗼𝗳 𝘁𝗵𝗲 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗨𝗻𝗶𝘁
An appointed employee with sufficient cybersecurity expertise, responsible for supervising the unit and notifying the regulating authority of the appointment.

💡 𝗖𝗮𝗽. 𝟲𝟱𝟯 𝗺𝗮𝗿𝗸𝘀 𝗮 𝘀𝗶𝗴𝗻𝗶𝗳𝗶𝗰𝗮𝗻𝘁 𝘀𝗵𝗶𝗳𝘁 𝗳𝗿𝗼𝗺 𝗯𝗲𝘀𝘁 𝗽𝗿𝗮𝗰𝘁𝗶𝗰𝗲 𝘁𝗼 𝗹𝗲𝗴𝗮𝗹 𝗼𝗯𝗹𝗶𝗴𝗮𝘁𝗶𝗼𝗻.
If your organization operates within a potentially designated sector, early preparation is essential.