Macau Cybersecurity Law: Are you ready?

How does Macau Cybersecurity Law affect business?

The MCSL, similar to the China Cybersecurity Law, introduce the concept of critical infrastructure. Critical infrastructure under MCSL important system and network that may dangerous to social well-being, public safety, order and interests if disrupted. MCSL applies to:

• Public critical infrastructure operators;

  
  

• Private critical infrastructure operators (e.g. Utilities, Transportation, Banking, finance and insurance, Casino, Medical); and

  
  

• Internet service providers.

Penalties for private operators' non-compliance with the MCSL could result in a fine up to Mop 5 million. Other sanctions cover suspension of operation, termination of public servant employment, etc. Not to forget reputational damage which could leave the business a very deep scar on the business.

What are the key Macau Cybersecurity Law requirements?

The MCSL emphasize and specify on cyber security requirement on top of the existing security regulations issued by the Government Departments (e.g. AMCM, DICJ) on different industries. The key obligations set out are:

• Establish cyber security governance, including appointing competent officer/ setting up a security office, developing policies and procedures;

  
  

• Monitor, respond and report on the security incident and breaches, including the mandatory regulatory entity notification;

  
  

• Conducting and submit the security assessment on annual basis; and

  
  

• Review the performance of cybersecurity service providers for public operators.

MCSL introduction brochure

Sidney Cheng

Macau Office Managing Director

Tel: +853 8898 8898

Email: [email protected]

Eva Kwok