Blog

Cybersecurity draft law approved by Macau Legislative Assembly

Following in the steps of various countries around the world that have drafted legislation on cybersecurity - including the People’s Republic of China’s Cybersecurity Law that came into force on June 1st, 2017 – the Macau’s Legislative Assembly has recently approved its own draft law on cybersecurity (the “Cybersecurity Law”).

December 04,2018

by: Joana Coimbra de Almeida

Based on principles of national security, safeguard of public interest and the protection of legitimate rights and interests, the draft law offers a legal framework on the administration of cybersecurity in Macau that should be explored in correlation with the Cybercrime Law enacted in 2009 (Law 11/2009/M) that has set out the types of cybercrimes and respective applicable penalties.

The direct scope of applicability of the draft law falls over the public sectors’ networks and data systems as well as over the private entities that operate critical infrastructures in Macau such as transportation, telecommunication, banking and insurance, medical affairs, electricity and water supply, in order to protect and maintain the integrity and security of data and information systems and networks.

A set of special duties ensure cybersecurity lies with the entities that operate critical infrastructures. This set of duties essentially entails:  duties of management of cybersecurity, including the setting up of the respective management structures and the appointment of a manager in charge of implementing the necessary and relevant measures as well as duties of observation and supervision, of reporting incidents, responding to complaints and cooperating with supervisory and regulatory authorities.

It should be noted that the appointed manager for cybersecurity must be a suitable professional with a certain background and experience and a Macau resident, for reasons of proximity and accessibility with the cybersecurity supervisory entities in Macau.

In this respect, the Cybersecurity Law intends to create a specific entity entitled the CARIC (“Cybersecurity Incidents Alert and Response Centre”), under the coordination of the Macau Judiciary Police, to function as a receiving centre of all incidents, to coordinate measures and responses with all other relevant entities and to supervise and monitor the data flow and data transmission as well as examine the data’s specificities in order to prevent and detect cybercrimes.

Under the envisaged law, the applicable penalties for infringements to the cybersecurity duties set out for entities operating critical infrastructures consist of fines from MOP50,000 to MOP5,000,000 as well as additional sanctions, such as the inhibition of participating in public tenders for the acquisition of goods or services by public authorities; or the suspension of benefits or financial aids. Moreover, it is set forth that the entities operating critical infrastructures will be directly liable for infringements, regardless of whether they have outsourced their cybersecurity to third parties. In addition, it should be noted that liability does not depend on the effective identification of the responsible person for the infringement.

However, the authorities may decide to notify the entity to offer the possibility of remediation of the infringement within a certain period of time, unless (i) the situation consubstantiates a substantial cybersecurity threat, or (ii) in case the operator has been punished for an administrative offense of identical nature less than a year before the infringement.

In light of the above, it is expected that entities operating critical infrastructures in Macau become aware of this draft law and their duties in particular and, in anticipation to its publication, start making the necessary internal adjustments and implementing relevant measures regarding cybersecurity.

 

Notícias Relacionadas
June 02, 2023 -

C&C e AllBright de Qingdao assinaram um acordo de cooperação estratégica sobre serviços jurídicos !

  A C&C Advogados e a AllBright chegaram a um acordo de cooperação estratégica para reforçar a cooperação entre Qingdao e Macau, construir...

May 22, 2023 -

Apresentação do Dr. Nuno Sardinha da Mata no Seminário do Dia de advogado 2023

Na sexta-feira passada (19 de Maio de 2023) marcou o Dia Anual dos Advogados organizado pela Associação dos Advogados de Macau (AAM)! Temos o praze...

May 22, 2023 -

C&C e IPSOL na conferência INTA 2023 realizada em Cingapura!

Temos o prazer de compartilhar que a C&C Lawyers e a IPSOL, nossa empresa irmã de propriedade intelectual, tiveram o privilégio de ser representad...

May 17, 2023 -

Visita à Exposição sobre a Educação da Segurança Nacional 2023

Liderados pelos nossos sócios Dr. Rui Cunha, Dr. Nuno Sardinha da Mata, Dr. Lu Zhao e Director Sr. Rui Pedro Cunha, o nosso escritório visitou ontem a...

May 12, 2023 -

C&C participou no Pitch Roadshow para Empresas de Tecnologia Científica do Brasil e Portugal na BEYOND EXPO 2023

O nosso Director Rui Pedro Cunha participou no Pitch Roadshow para Empresas de Tecnologia Científica do Brasil e Portugal na BEYOND EXPO 2023. O event...

May 12, 2023 -

C&C na “Conferência de Promoção de Investimento Global de Hengqin 2023”

O nosso Diretor Rui Pedro Cunha, esteve presente no dia 9 de maio na “Conferência de Promoção de Investimento Global de Hengqin 2023”, convidado pelo ...