Search for:
Cybersecurity, Data and Tech

Hong Kong: The city’s first cybersecurity law is expected to take effect on 1 January 2026

By and 2 Mins Read

In brief

On 19 March 2025, Hong Kong’s Legislative Council enacted the Protection of Critical Infrastructures (Computer Systems) Bill (“Bill“), which was gazetted as the Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653) (“Ordinance“) on 28 March 2025.

The Ordinance, which is set to take effect on 1 January 2026, aims to enhance cybersecurity standards in relation to the providers of essential services in eight sectors deemed crucial to the normal functioning of the society, namely energy, information technology, banking and financial services, air transport, land transport, maritime transport, healthcare services, and telecommunications and broadcasting services, as well as critical societal or economic activities (such as those managing major sports and performance venues, as well as research and development parks) in Hong Kong. An office for the new Commissioner of Critical Infrastructure (Computer-system Security) (“Commissioner“) will be set up to oversee and enforce the new regime.

This article considers the Government’s amendments during the Second and Third Readings of the Bill, discusses grey areas that await further clarification from the Government, potentially by way of Codes of Practice (CoPs), and sets out a high-level comparison of the Ordinance with similar laws in other jurisdictions.

Click here to read the full alert.

*****

Jacqueline Wong, Knowledge Lawyer, has contributed to this legal update.

Categories:
Tags:
Author

Dr. Isabella Liu is the head of the Firm's Asia Pacific Intellectual Property and Technology Group. She advises clients on matters relating to the creation, exploitation and protection of IP rights. She is also responsible for the local IP Group's China and Hong Kong patent prosecution matters. Previously, Dr. Isabella Liu was the head of the Firm's Asia Pacific Healthcare and Life Sciences Industry Group for three years, leading a team of legal experts in this field cross multiple practices in the region. Dr. Liu is ranked as a leading lawyer in her field by top legal directories such as Chambers Asia Pacific for the Life Sciences category and IAM Patent. She has been complimented by clients that she possesses "a superb ability to understand the most complex technologies" and was noted for "advis[ing] in a way that is very commercial and strategic." Dr. Liu is also engaged as a regular guest lecturer by the University of Hong Kong's Department of Pharmacology and Pharmacy to share her expertise on intellectual property in the pharmaceutical industry with HKU students.

Author

Dominic Edmondson is a special counsel in Baker McKenzie's Hong Kong office and a member of the Firm's Intellectual Property Practice Group. His practice focuses on global data privacy and data protection, information technology advisory work, IT sourcing & transactions, cybersecurity, e-commerce, telecommunications, digital media as well as contentious and non-contentious intellectual property matters for clients in all sectors, and in particular TMT, automotive, financial services, CGR and healthcare and life sciences. As a Mandarin speaker, he spent four years advising clients on intellectual property strategy and enforcement in Mainland China (Beijing) before moving to Hong Kong to expand his practice to encompass data privacy as well as technology transactions.
Dominic has a keen interest in AI, big data and distributed ledger technology and their impact on business in the Greater China region and more broadly in Asia.
Dominic has obtained the CIPP/E (Certified Information Privacy Practitioner / Europe) and the CIPT (Certified Information Privacy Technologist) certifications from the IAPP.

Related Posts