Hong Kong Archives

In Cybersecurity, Data and Tech

Hong Kong: The first draft of the new critical infrastructures cybersecurity law is here

January 9, 2025 by Isabella F. C. Liu and Dominic Edmondson 3 Mins Read

The Hong Kong Government has published on 6 December 2024 a draft of the Protection of Critical Infrastructures (Computer Systems) Bill (“Bill”), marking a significant step towards enhancing cybersecurity standards in relation to essential services and critical societal or economic activities in Hong Kong. This Bill aims to protect the security of the critical computer systems (CCSs) of critical infrastructures (CIs), to regulate operators of CIs (i.e., critical infrastructure operators (CIOs)) and to provide for the investigation into, and response to, computer-system security threats and incidents.

In AML & Financial Services Regulatory

Hong Kong: Gazettal of the Stablecoins Bill

December 17, 2024 by Karen H.Y. Man, Grace Fung and Samantha Lai 1 Min Read

On 6 December 2024, the Hong Kong government gazetted the Stablecoins Bill, which aims to establish a regulatory regime for issuers of fiat-referenced stablecoins in Hong Kong. This follows public consultations by the Financial Services and the Treasury Bureau and the Hong Kong Monetary Authority. The Bill aims to introduce a licensing and regulatory framework for FRS issuers and those involved in offering FRS.

In Cybersecurity, Data and Tech

Hong Kong: Critical infrastructure cybersecurity law – Government’s latest updates

December 14, 2024 by Isabella F. C. Liu and Dominic Edmondson 7 Mins Read

While this article was published, the Security Bureau of the Hong Kong Government announced that the Protection of Critical Infrastructure (Computer System) Bill will be gazetted on Friday, 6 December 2024, and will be introduced into the Legislative Council for First Reading and Second Reading on 11 December 2024. We will provide an update on further developments.

In Corporate Compliance

Hong Kong: SEHK issues new guidance letter highlighting its expectations on independent investigations conducted by long suspended issuers

December 14, 2024 by Bryan Ng and Cheryl Tang 5 Mins Read

On 26 November 2024, The Stock Exchange of Hong Kong Limited (SEHK) issued a new guidance letter (GL120-24) to inform the market of its expectations on investigations conducted by suspended issuers and the roles of the directors and the independent investigation committees (IIC). According to the latest monthly prolonged suspension status report published by the SEHK, as at 29 November 2024, there were 57 Main Board and eight GEM issuers which have been suspended for three months or more.

In Cybersecurity, Data and Tech

Hong Kong: The first critical infrastructure cybersecurity law is on the horizon

September 3, 2024 by Isabella F. C. Liu, Dominic Edmondson, Jacqueline Wong and Gillian Lam 8 Mins Read

On 25 June 2024, the Government proposed to enact a new piece of cybersecurity legislation, tentatively entitled the Protection of Critical Infrastructure (Computer System) Bill, to enhance the protection of computer systems of critical infrastructures (CIs). On 2 July 2024, the proposed legislative framework was tabled to the Legislative Council Panel on Security for consultation. The proposed legislation would require CI operators to fulfill certain statutory obligations and take appropriate measures to strengthen the security of their critical computer systems and minimize the chance of essential services being disrupted or compromised due to cyberattacks.

In Cybersecurity, Data and Tech

Hong Kong: The first critical infrastructure cybersecurity law is on the horizon

August 7, 2024 by Isabella F. C. Liu, Dominic Edmondson, Gillian Lam and Jacqueline Wong 8 Mins Read

In Cybersecurity, Data and Tech

Hong Kong: New personal data privacy framework for the adoption of artificial intelligence (AI) published

July 31, 2024 by Isabella F. C. Liu, Dominic Edmondson and Jacqueline Wong 2 Mins Read

On 11 June 2024, the Office of Privacy Commissioner for Personal Data published the “Artificial Intelligence: Model Personal Data Protection Framework” (“AI Framework”). The AI Framework aims to provide practical recommendations for organizations in their adoption of third-party AI systems to comply with the Personal Data (Privacy) Ordinance.

In Employment

Hong Kong: Court reaffirmed its robust approach on the enforceability of non-compete clauses in an employment context

June 8, 2024 by Roberta Chan and Hugo Suen 5 Mins Read

A recent decision of the Hong Kong Court reaffirmed the robust approach taken by the Court in examining the enforceability of a non-compete clause in an employment context even at the interim-interim stage. A former employer has the burden of proof to adduce evidence to substantiate that a non-compete clause is reasonable and necessary for the protection of the former employer’s legitimate business interests for it to be enforceable. The Court will take a very robust approach in examining the scope of the restraint, and the specific basis of justifying a non-compete clause even at the interim-interim stage when a former employer seeks to restrain the ex-employee from joining the new employer competitor by relying on the non-compete clause in the employment agreement.

In AML & Financial Services Regulatory

Hong Kong: Court of Final Appeal upholds Hong Kong Police’s No Consent Regime

June 8, 2024 by Gary A. Seib, Gillian Lam, Victor Yip and Andrea Kan 6 Mins Read

On 10 April 2024, the Hong Kong Court of Final Appeal (CFA), Hong Kong’s highest court, delivered its judgment in Tam Sze Leung & Ors v Commissioner of Police [2024] HKCFA 8, affirming the validity of the ‘No Consent Regime’ (“Regime”) of the Hong Kong Police (“Police”). The Regime encompassed a practice of issuing “Letters of No Consent” (LNCs) to financial institutions for customer accounts that contain suspected proceeds of crime, thereby triggering informal freezes on these accounts.

In Cybersecurity, Data and Tech

Hong Kong: Fuelling Growth – Data transfers in the Guangdong-Hong Kong Greater Bay Area

June 1, 2024 by Isabella F. C. Liu, Dominic Edmondson and Jacqueline Wong 1 Min Read

Regulatory measures came into force at the end of 2023 to facilitate cross-border transfers of personal data between Guangdong Province (“Guangdong”) and Hong Kong (“GBA Measures”). The recent relaxation of the cross-border data transfer (CBDT) regime at a national level may make the GBA Measures less appealing to some companies in the Chinese Mainland (“China” in this article, for the sake of brevity), but the GBA Measures will still be useful to companies which operate in Hong Kong and Guangdong that need to transfer sensitive personal data or large volumes of personal data across the Greater Bay Area, such as those in the healthcare and financial sectors, or those with a large base of data subjects in Guangdong and a regional office in Hong Kong that conduct cross-border transfers of personal data (e.g., customer data) on a regular basis.