Secretary for Security Tang Ping-keung today hosted a briefing on the consultation report on the proposed legislative framework to enhance protection of the computer systems of critical infrastructures.

Over 200 stakeholders, including local and foreign chambers of commerce, potential organisations to be designated as “critical infrastructure operators”, cybersecurity service providers, cybersecurity audit firms, proposed designated authorities under the proposed legislation, sectoral professional bodies and statutory bodies attended the briefing session.

During the consultation in July, 53 submissions were received, of which 52 supported the legislation or raised positive suggestions. Mr Tang today responded to some major concerns from the submissions, including actively considering relaxing the incident reporting time, and reiterating that the legislation has no extraterritorial effect nor does it target personal data and commercial secrets.

Mr Tang stressed to the participants that the proposed legislation aims to enhance the security of computer systems of Hong Kong as a whole by reducing the likelihood of disruption or damage due to cyber attacks and facilitating the smooth operation of essential services through stipulating three types of obligations: organisational, preventive, as well as incident reporting and response obligations, to be fulfilled by the “critical infrastructure operators”.

He also assured them that the Government will maintain communication with the stakeholders and listen to their views, pointing out that the Security Bureau is actively considering some of the suggestions received during the consultation period, and that 10 working meetings for stakeholders will be held starting this month.

The bureau hopes to finalise the bill for introduction to the Legislative Council this year, Mr Tang added.