2026-06-02

Added · Updated

Code of Practice Pursuant to the Protection of Critical Infrastructures (Computer Systems) Ordinance for Authorized Institutions Designated as Critical Infrastructure Operators

The Monetary Authority of Hong Kong issued this Code of Practice to establish cybersecurity standards for authorized institutions designated as critical infrastructure operators. The document mandates compliance with the Protection of Critical Infrastructures (Computer Systems) Ordinance to safeguard essential computer systems against cyber threats. It includes annexes providing templates for notifications required under category 1 and category 2 obligations to ensure timely reporting of incidents.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view thumbnail

COP

Current

Issue Date:

02 Jun 2026

20260527-26-EN.pdf (215.6 KB)

Topic:

Technology Risk Management - Cybersecurity

Group:

All Authorized Institutions

Directly related Document

Cross referenced Document

Version History

Superseded Document

Directly related Document

COP

Current

02 Jun 2026

Code of Practice Pursuant to the Protection of Critical Infrastructures (Computer Systems) Ordinance (for Authorized Institutions designated by the Monetary Authority as Critical Infrastructure Operators)

COP

Current

02 Jun 2026

Code of Practice Pursuant to the Protection of Critical Infrastructures (Computer Systems) Ordinance (for Authorized Institutions designated by the Monetary Authority as Critical Infrastructure Operators)

Cross referenced Document

Version History

Superseded Document

You may also be interested in

CIR

Current

24 May 2016

Cybersecurity Fortification Initiative

CIR

Current

21 Dec 2016

Cybersecurity Fortification Initiative

CIR

Current

03 Nov 2020

Cybersecurity Fortification Initiative 2.0