
Critical infrastructure cybersecurity law to take effect 1 January 2026
The notice goes to LegCo for negative vetting on 2 July.
The Protection of Critical Infrastructures (Computer Systems) Ordinance is set to come into effect on 1 January next year, following its formal publication in the Government Gazette today.
The law requires designated operators of critical infrastructure to implement mandatory cybersecurity measures to protect their computer systems.
According to the government, the legislation aims to reduce the risk of cyberattacks that could disrupt essential services, thereby protecting the continuity of daily life and the smooth operation of Hong Kong society.
The commencement notice will be tabled at the Legislative Council on 2 July for negative vetting.