Blog

Cybersecurity draft law approved by Macau Legislative Assembly

Following in the steps of various countries around the world that have drafted legislation on cybersecurity - including the People’s Republic of China’s Cybersecurity Law that came into force on June 1st, 2017 – the Macau’s Legislative Assembly has recently approved its own draft law on cybersecurity (the “Cybersecurity Law”).

December 04,2018

by: Joana Coimbra de Almeida

Based on principles of national security, safeguard of public interest and the protection of legitimate rights and interests, the draft law offers a legal framework on the administration of cybersecurity in Macau that should be explored in correlation with the Cybercrime Law enacted in 2009 (Law 11/2009/M) that has set out the types of cybercrimes and respective applicable penalties.

The direct scope of applicability of the draft law falls over the public sectors’ networks and data systems as well as over the private entities that operate critical infrastructures in Macau such as transportation, telecommunication, banking and insurance, medical affairs, electricity and water supply, in order to protect and maintain the integrity and security of data and information systems and networks.

A set of special duties ensure cybersecurity lies with the entities that operate critical infrastructures. This set of duties essentially entails:  duties of management of cybersecurity, including the setting up of the respective management structures and the appointment of a manager in charge of implementing the necessary and relevant measures as well as duties of observation and supervision, of reporting incidents, responding to complaints and cooperating with supervisory and regulatory authorities.

It should be noted that the appointed manager for cybersecurity must be a suitable professional with a certain background and experience and a Macau resident, for reasons of proximity and accessibility with the cybersecurity supervisory entities in Macau.

In this respect, the Cybersecurity Law intends to create a specific entity entitled the CARIC (“Cybersecurity Incidents Alert and Response Centre”), under the coordination of the Macau Judiciary Police, to function as a receiving centre of all incidents, to coordinate measures and responses with all other relevant entities and to supervise and monitor the data flow and data transmission as well as examine the data’s specificities in order to prevent and detect cybercrimes.

Under the envisaged law, the applicable penalties for infringements to the cybersecurity duties set out for entities operating critical infrastructures consist of fines from MOP50,000 to MOP5,000,000 as well as additional sanctions, such as the inhibition of participating in public tenders for the acquisition of goods or services by public authorities; or the suspension of benefits or financial aids. Moreover, it is set forth that the entities operating critical infrastructures will be directly liable for infringements, regardless of whether they have outsourced their cybersecurity to third parties. In addition, it should be noted that liability does not depend on the effective identification of the responsible person for the infringement.

However, the authorities may decide to notify the entity to offer the possibility of remediation of the infringement within a certain period of time, unless (i) the situation consubstantiates a substantial cybersecurity threat, or (ii) in case the operator has been punished for an administrative offense of identical nature less than a year before the infringement.

In light of the above, it is expected that entities operating critical infrastructures in Macau become aware of this draft law and their duties in particular and, in anticipation to its publication, start making the necessary internal adjustments and implementing relevant measures regarding cybersecurity.

 

Releated Stories
June 02, 2023 -

C&C Lawyers and AllBright Qingdao Law office signed a strategic cooperation agreement!

C&C Lawyers and AllBright have reached a strategic cooperation agreement on Legal Services to strengthen the cooperation between Qingdao and Macao...

May 22, 2023 -

Dr. Nuno Sardinha da Mata presented at the Lawyers’ Day 2023 Seminar

Last Friday (19 May 2023) marked the annual Lawyers' Day organized by the Macau Lawyers Association (AAM)! We are happy to share that our very own ...

May 22, 2023 -

C&C and IPSOL in INTA 2023 Singapore!

We’re thrilled to share that C&C Lawyers and IPSOL, our esteemed sister company for intellectual property, had the privilege of being represented ...

May 17, 2023 -

Visit to the National Security Education Exhibition 2023

Led by our partners Dr. Rui Cunha, Dr. Nuno Sardinha da Mata, Dr. Lu Zhao and Director Mr. Rui Pedro Cunha, our office visited the National Security E...

May 12, 2023 -

C&C at the Pitch Roadshow for Sci-Tech Enterprises from Brazil and Portugal at the BEYOND EXPO 2023

Our Director Rui Pedro Cunha attended the Pitch Roadshow for Sci-Tech Enterprises from Brazil and Portugal at the BEYOND EXPO 2023. The event brought ...

May 12, 2023 -

C&C at the “Hengqin Global Investment Promotion Conference 2023”

Our Director Rui Pedro Cunha attended the “Hengqin Global Investment Promotion Conference 2023” that took place on May 9th, invited by the Office of t...