Macau Cybersecurity Law

Are you ready?

On 22 Dec 2019, the Macau Cybersecurity Law ("MCSL") will come into force. With this law, public and private critical infrastructure operators of different industries will have to meet obligations that aims to protect the information network and computer systems of critical infrastructure.

How does Macau Cybersecurity Law affect business?

The MCSL, similar to the China Cybersecurity Law, introduce the concept of critical infrastructure. Critical infrastructure under MCSL important system and network that may dangerous to social well-being, public safety, order and interests if disrupted. MCSL applies to:

  • Public critical infrastructure operators;
  • Private critical infrastructure operators (e.g. Utilities, Transportation, Banking, finance and insurance, Casino, Medical); and
  • Internet service providers.

Penalties for private operators' non-compliance with the MCSL could result in a fine up to MOP 5 million. Other sanctions cover deprivation of the right to participate in public procurement, deprivation of the right to subsidies or benefits granted by public entities, etc. Not to forget reputational damage which could leave the business a very deep scar on the business.


What are the key Macau Cybersecurity Law requirements?

The MCSL emphasize and specify on cyber security requirement on top of the existing security regulations issued by the supervisory entities (e.g. AMCM, DICJ) on different industries. The key obligations set out are:

  • Establish cyber security governance, including appointing competent officer/ setting up a cybersecurity management unit, developing policies and procedures;
  • Monitor, respond and report on the security incident and breaches, including the mandatory supervisory entity notification;
  • Conducting and submit the security assessment on annual basis; and
  • Review the performance of cybersecurity service providers for public critical infrastructure operators.


MCSL introduction brochure

We drafted a MCSL introduction brochure, which provides you a high-level overview of the law and the obligation under the law. Also in the deck we included information how we/Deloitte could help you in the compliance journey.

Feel free to let us know if you would like to engage us in a further discussion and we will link you up with the corresponding colleagues in this area.

Thanks a lot in advance for supporting this initiative!

Did you find this useful?