HK slams 'biased' Bloomberg report on the city's new cyber rules

The Hong Kong government has slammed a Bloomberg report that quoted US firms saying they were concerned about the city’s proposed new legislation to enhance the cybersecurity of critical infrastructures. 

On 20 August, Bloomberg published a report titled “US firms warn against ‘unprecedented’ Hong Kong cyber rules”, claiming US firms had warned that the proposed cyber regulations could grant the Hong Kong government “unusual access” to their computer systems. 

The article also said granting authorities “overly broad powers” could undermine the integrity of service providers. According to the report, the bodies that have criticised the city’s new cyber rules include The Asia Internet Coalition, which includes Amazon, Alphabet’s Google and Meta Platforms.  

In response, the Hong Kong government described the report as biased and taking the views of the submissions out of context. 

In the one-month consultation of the legislative framework ended on 1 August, the government said it received 53 submissions, of which 52 submissions supported the legislation and made constructive suggestions, including those from the Asia Internet Coalition, the American Chamber of Commerce in Hong Kong, and the Hong Kong General Chamber of Commerce. 
 
The proposed legislative framework only concerns protecting the Critical Computer Systems (CCSs) of the Critical Infrastructure Operators (CIOs), which in no way involves personal data and business information, said the government.

It also said relevant legislation already exists in other jurisdictions, such as the Mainland, Macau, the US, the UK, Australia, the European Union and Singapore. 

Only individual organisations, instead of the entire IT sector, having regard to the following factors, will be designated as CIOs to be regulated under the new regime, such as the level of dependence on information technology; the importance of the data controlled; and the degree of control on the critical infrastructure, said the government.  

“The proposed legislation does not have extraterritorial effect. The Commissioner's Office will only request information accessible to CIOs and will allow reasonable time for preparation.” 

“CIOs have the responsibility of properly responding to cyberattacks. Only when a CIO is unwilling or unable to respond to an incident on its own would the Commissioner's Office consider applying to a Magistrate for a warrant to connect to the CCSs or install programmes in the CCSs in view of necessity, appropriateness, proportionality and public interest,” the statement added.

Related articles:

HK slams ‘misleading’ Forbes commentary claiming HK's economy risky
Bloomberg media names Scott Havens global head of digital