HKCNSA CI Committee workshop highlights CoP compliance measures

On 5^th November 2025, the Critical Infrastructure Committee workshop, jointly organized by the HKCNSA and corporate member Bird & Bird, was successfully held at Bird & Bird’s Hong Kong office. This workshop centers on the upcoming Protection of Critical Infrastructures (Computer Systems) Bill to be introduced by the Hong Kong Security Bureau, along with its associated guidance, the Cybersecurity Code of Practice (CoP). Legal experts and industry representatives were invited to engage in in-depth discussions regarding its compliance regulations and strategies implementations.

The workshop revolved around the key themes within the CoP, including compliance requirements, the importance of documentation, the impact on current business operations, and future trends. Experts emphasized that the CoP provisions are not entirely new, as corporates already possess foundational security management, and typically only require moderate enhancements to meet the requirements. During audits, documents serve as crucial compliance evidence, and their absence is interpreted as non-compliance. While technical measures are important, they alone are insufficient to demonstrate adherence with the regulations. 

During the discussions, the guests shared how they met the CoP requirements without significantly increasing manpower. They noted how the Security Bureau focuses on ensuring the fundamental strategies are in place currently, with expectations that regulatory standards will become more stringent in the future. Participants also shared insights on leveraging existing resources, streamlining internal processes, and reducing compliance costs. The long-term implications of the CoP on critical infrastructure operations were also explored in-depth.

This workshop drew wide attention from the legal sector, cybersecurity fields, and corporate leadership. Through thematic presentations and interactive Q&A sessions, participants gained a clearer understanding of implementation strategies for the CoP and engaged in in-depth discussions regarding the future direction of compliance.

Looking ahead, the Hong Kong China Network Security Association will continue to host specialized seminars to foster industry exchange and collaboration. We aim to support enterprises in navigating emerging regulatory challenges and contribute to the continuous enhancement of Hong Kong’s cybersecurity infrastructure.