Hong Kong gov’t rejects Bloomberg report on US firms’ concerns over proposed cybersecurity law as ‘biased’
Hong Kong Free Press
The Hong Kong government has issued a statement opposing what it called a “biased” report by Bloomberg, which quoted US firms’ concerns over a proposed cybersecurity legislation meant to enhance safeguards for critical infrastructure.
The bill is expected to cover cyber systems of sectors including energy, information technology, banking and financial services, land transport, air transport, maritime, communications and broadcasting, and healthcare services. Under the proposed legislation, computer system operators behind critical infrastructure could be fined up to HK$5 million for lapses in cybersecurity.
The month-long consultation for the Protection of Critical Infrastructure (Computer System) Bill came to a close on August 1, amid a string of data security incidents that have affected universities, NGOs, and hospitals. In May, three government departments saw data leaks in the span of less than a week.
In its statement issued on Tuesday night in response to the Bloomberg report, the government said that 52 of the 53 submissions it had received expressed support for the legislation, including those from the Asia Internet Coalition (AIC), the American Chamber of Commerce in Hong Kong (AmCham), and the Hong Kong General Chamber of Commerce.
Bloomberg’s article, published on Tuesday, noted that US firms had expressed concerns about the proposed law, including that it could grant the Hong Kong government “unusual access to their computer system.”
AmCham was quoted as saying in a letter submitted as part of the consultation that: “Such unprecedented power directly intervenes in, and could have a significant impact on, a [critical infrastructure operator’s] operation and could harm the users of the services.”
The legislation was “likely to have a chilling effect” on tech investment in Hong Kong, AmCham added, according to Bloomberg’s report.
The AIC, an industry association representing Amazon, Google, and Meta in the Asia Pacific region, was among bodies that had “in recent weeks criticized new rules that officials say are designed to protect critical infrastructure from cyberattacks,” Bloomberg reported.
HKFP has reached out to the AIC and AmCham for comment.
The government statement said the proposed legislative framework “in no way involves… personal data and business information,” and that the law would not have extraterritorial effect.
“Relevant legislation already exists in other jurisdictions, such as the Mainland, Macau SAR, the United States, the United Kingdom, Australia, the European Union and Singapore,” it said.
Hong Kong would only seek a court warrant to connect to computer systems or install programs if critical infrastructure operators were unwilling or unable to respond to cyber incidents, the government added.
The government has said it aimed to introduce the bill to the legislature by the end of the year.
Support HKFP | Policies & Ethics | Error/typo? | Contact Us | Newsletter | Transparency & Annual Report | Apps
Help safeguard press freedom & keep HKFP free for all readers by supporting our team
HKFP has an impartial stance, transparent funding, and balanced coverage guided by an Ethics Code and Corrections Policy.
Support press freedom & help us surpass 1,000 monthly Patrons: 100% independent, governed by an ethics code & not-for-profit.