Cybersecurity draft law approved by Macau Legislative Assembly

Following in the steps of various countries around the world that have drafted legislation on cybersecurity - including the People’s Republic of China’s Cybersecurity Law that came into force on June 1st, 2017 – the Macau’s Legislative Assembly has recently approved its own draft law on cybersecurity (the “Cybersecurity Law”).

December 04,2018

by: Joana Coimbra de Almeida

Based on principles of national security, safeguard of public interest and the protection of legitimate rights and interests, the draft law offers a legal framework on the administration of cybersecurity in Macau that should be explored in correlation with the Cybercrime Law enacted in 2009 (Law 11/2009/M) that has set out the types of cybercrimes and respective applicable penalties.

The direct scope of applicability of the draft law falls over the public sectors’ networks and data systems as well as over the private entities that operate critical infrastructures in Macau such as transportation, telecommunication, banking and insurance, medical affairs, electricity and water supply, in order to protect and maintain the integrity and security of data and information systems and networks.

A set of special duties ensure cybersecurity lies with the entities that operate critical infrastructures. This set of duties essentially entails:  duties of management of cybersecurity, including the setting up of the respective management structures and the appointment of a manager in charge of implementing the necessary and relevant measures as well as duties of observation and supervision, of reporting incidents, responding to complaints and cooperating with supervisory and regulatory authorities.

It should be noted that the appointed manager for cybersecurity must be a suitable professional with a certain background and experience and a Macau resident, for reasons of proximity and accessibility with the cybersecurity supervisory entities in Macau.

In this respect, the Cybersecurity Law intends to create a specific entity entitled the CARIC (“Cybersecurity Incidents Alert and Response Centre”), under the coordination of the Macau Judiciary Police, to function as a receiving centre of all incidents, to coordinate measures and responses with all other relevant entities and to supervise and monitor the data flow and data transmission as well as examine the data’s specificities in order to prevent and detect cybercrimes.

Under the envisaged law, the applicable penalties for infringements to the cybersecurity duties set out for entities operating critical infrastructures consist of fines from MOP50,000 to MOP5,000,000 as well as additional sanctions, such as the inhibition of participating in public tenders for the acquisition of goods or services by public authorities; or the suspension of benefits or financial aids. Moreover, it is set forth that the entities operating critical infrastructures will be directly liable for infringements, regardless of whether they have outsourced their cybersecurity to third parties. In addition, it should be noted that liability does not depend on the effective identification of the responsible person for the infringement.

However, the authorities may decide to notify the entity to offer the possibility of remediation of the infringement within a certain period of time, unless (i) the situation consubstantiates a substantial cybersecurity threat, or (ii) in case the operator has been punished for an administrative offense of identical nature less than a year before the infringement.

In light of the above, it is expected that entities operating critical infrastructures in Macau become aware of this draft law and their duties in particular and, in anticipation to its publication, start making the necessary internal adjustments and implementing relevant measures regarding cybersecurity.


Releated Stories
September 28, 2022 -

AllBright (Qingdao) Law office’s visit to C&C Lawyers Macau

[su_row][su_column size="1/3"] On September 27, 2022, eight representatives of the Chinese law firm AllBright Qingdao office were warmly welcomed by ...

May 19, 2022 -

C&C Lawyers’ Senior Partner Nuno Sardinha da Mata and other Macau Financial Law Association experts visited the Hengqin Guangdong-Macao In-Depth Cooperation Zone

On May 13th, the Zhuhai Hengqin Qin Ao Financial Services Co., Ltd. hosted experts from the Macau Financial Law Association in the Hengqin Guangdong-M...

April 29, 2022 -

C&C Lawyers and Dentons sign strategic cooperation agreement

On April 28, 2022, C&C Lawyers and Notaries and international law firm Dentons signed a strategic cooperation agreement. C&C Lawyers and Dent...

March 23, 2022 -

Macau Consumer Rights Protection Law: Understanding Contracts for the supply of consumer goods

by: Kimi Chan, Jurist Law no. 9/2021, "Law for the protection of consumer rights and interests", currently in force, regulates contracts for the supp...

February 16, 2022 -

Macau Consumer Rights Protection Law: Improper Business Practices against Consumers

by: Nuno Sardinha da Mata, Senior Partner & Ng Pui U, Trainee Lawyer The Macau Consumer Rights and Interests Protection Law (Law 09/2021) (CRPL) ...

January 27, 2022 -

The Macau Trust Law

by: António Isóo de Azeredo, Senior Associate Lawyer Macau is finally taking the last steps of a long legislative path to approve and implement a tru...