Proposed cyber legislation in Hong Kong has sparked worries among US corporations, who contend that it might give the Hong Kong government unique access to their computer systems.
TakeAway Points:
- Amazon, Google, and Meta are among the US companies that oppose Hong Kong’s new cyber regulations for giving the government undue access to private networks.
- Industry associations express concern that the rules may discourage IT investment and damage Hong Kong’s digital economy by compromising the reliability of service providers.
- There are serious compliance issues with proposed fines of up to HK$5 million ($642,000) and required breach reports within two hours.
Hong Kong’s proposed cyber laws
US firms have raised concerns over proposed cyber regulations in Hong Kong, which they argue could grant the Hong Kong government unusual access to their computer systems. The Asia Internet Coalition, which includes major tech companies such as Amazon.com Inc., Alphabet Inc.’s Google, and Meta Platforms Inc., has criticised the new rules, which officials claim are designed to protect critical infrastructure from cyberattacks. Critics argue that the proposals give authorities overly broad powers that could threaten the integrity of service providers and undermine confidence in the city’s digital economy.
The local American Chamber of Commerce and the Hong Kong General Chamber of Commerce have also expressed concerns. Two of the three groups highlighted the rules as “unprecedented,” particularly objecting to proposed investigative powers that would allow authorities to connect their equipment to critical computer systems owned by private firms and install programs on them. “Such unprecedented power directly intervenes in, and could have a significant impact on, a CIO’s operation and could harm the users of the services,” AmCham wrote in an August 1 letter.
They added that such a move “is likely to have a chilling effect” on tech investment in Hong Kong.
The Hong Kong government and the city’s Security Bureau did not respond to requests for comment on the concerns outlined by business groups. A Google spokeswoman declined to comment on the concerns raised in the Asia Internet Coalition letter, while Amazon and Meta did not immediately respond to requests for comment.
The government’s position on the matter
Officials have previously stated that the cybersecurity bill is necessary to protect the city’s economy, public safety, and national security. They have cited similar legislation in mainland China, Singapore, and various Western nations as precedents. The proposed legislation includes establishing a new commissioner’s office to oversee its implementation.
While Hong Kong’s internet remains relatively free compared to mainland China’s Great Firewall, the city’s top US diplomat in March warned of creeping online controls. President Xi Jinping’s crackdown on freedoms in the former British colony has raised concerns about the city’s reduced appeal as a financial hub.
Recently, Hong Kong showed its willingness to intervene directly with online content in its clash with Google over the hosting of pro-democracy protest songs on YouTube. The government, armed with a local court injunction, forced the American giant to block the videos, giving city leaders a potent new tool to order the mass removal of content.
The relatively open flow of information in Hong Kong is a key draw for international businesses. Restrictions on Western tech firms and services could hamper efforts to revitalize the city’s image, which took a hit from years of Covid curbs and a Beijing-imposed security law, also criticized as being vaguely worded and too far-reaching.
Effects on the business place
Under the proposed new cyber rules, companies would need to secure their computer systems and disclose serious breaches to the government within two hours. Fines for offences could range as high as HK$5 million ($642,000) and would be determined by a court, according to the proposal. The legislation is likely to be submitted to the city’s Legislative Council by the end of this year and enacted, according to legal observers.
While Hong Kong has a legitimate need for new cybersecurity rules, companies are worried about protecting user data, said George Chen, co-chair of digital practice at The Asia Group, a Washington-based business and policy consulting firm. “International platforms, especially cloud service providers, are also naturally concerned about the enforcement,” he added. The question will be “where to draw the line between protecting user data privacy and overall cybersecurity concerns.”