After almost two years of discussions and engagement with various stakeholders, the Legislative Council approved the "Protection of Critical Infrastructures (Computer Systems) Bill" on 19 March 2025. This legislation aims to strengthen cybersecurity measures for critical infrastructure and ensure the reliability of essential services. With enforcement slated to commence on January 1, 2026, the bill mandates Critical Infrastructure Organizations (CIOs) to adhere to specific cybersecurity protocols, while granting regulatory bodies the authority to address and mitigate cyber risks. For a detailed understanding of the bill’s provisions, including compliance obligations, its impact and key actions, please read our latest publication.
Overview of the Protection of Critical Infrastructures (Computer Systems) Bill, Hong Kong
On 19 March 2025, Hong Kong introduced the “Protection of Critical Infrastructures (Computer Systems) Bill” to safeguard the cybersecurity of critical infrastructure and ensure the stability of essential services. The bill imposes statutory requirements on operators of Critical Infrastructure Organizations (CIOs) to implement robust cybersecurity measures.
