Article

Macau Cybersecurity Law

Are you ready?

On 22 Dec 2019, the Macau Cybersecurity Law ("MCSL") will come into force. With this law, public and private critical infrastructure operators of different industries will have to meet obligations that aims to protect the information network and computer systems of critical infrastructure.

How does Macau Cybersecurity Law affect business?

The MCSL, similar to the China Cybersecurity Law, introduce the concept of critical infrastructure. Critical infrastructure under MCSL important system and network that may dangerous to social well-being, public safety, order and interests if disrupted. MCSL applies to:

Public critical infrastructure operators;
Private critical infrastructure operators (e.g. Utilities, Transportation, Banking, finance and insurance, Casino, Medical); and
Internet service providers.

Penalties for private operators' non-compliance with the MCSL could result in a fine up to MOP 5 million. Other sanctions cover deprivation of the right to participate in public procurement, deprivation of the right to subsidies or benefits granted by public entities, etc. Not to forget reputational damage which could leave the business a very deep scar on the business.

What are the key Macau Cybersecurity Law requirements?

The MCSL emphasize and specify on cyber security requirement on top of the existing security regulations issued by the supervisory entities (e.g. AMCM, DICJ) on different industries. The key obligations set out are:

Establish cyber security governance, including appointing competent officer/ setting up a cybersecurity management unit, developing policies and procedures;
Monitor, respond and report on the security incident and breaches, including the mandatory supervisory entity notification;
Conducting and submit the security assessment on annual basis; and
Review the performance of cybersecurity service providers for public critical infrastructure operators.

MCSL introduction brochure

We drafted a MCSL introduction brochure, which provides you a high-level overview of the law and the obligation under the law. Also in the deck we included information how we/Deloitte could help you in the compliance journey.

Feel free to let us know if you would like to engage us in a further discussion and we will link you up with the corresponding colleagues in this area.

Thanks a lot in advance for supporting this initiative!

(English version)

Audit & Assurance

Consulting

Financial Advisory

Risk Advisory

Tax and Business Advisory

Deloitte Private

Cross-border Business

Hot Topics

Innovation & Digital Services

Consumer

Energy, Resources & Industrials

Financial Services

Government & Public Services

Life Sciences & Health Care

Technology, Media & Telecommunications

Careers Home

Experienced Hires

Students

Life at Deloitte

Climate and Sustainability

Digital Transformation

The Greater Bay Area or "GBA"

Mergers and Acquisitions

Belt & Road

SOE

Operate

Private

CFO Program

Hot Topics Overview

Macau Cybersecurity Law

Are you ready?

Recommendations

A new era for Cybersecurity in China

Cyber Risk

Macau Cybersecurity Law

Are you ready?

Let’s make this work.

Recommendations