2026-06-02

Added · Updated

Code of Practice Pursuant to the Protection of Critical Infrastructures (Computer Systems) Ordinance for Authorized Institutions Designated as Critical Infrastructure Operators

The Monetary Authority of Hong Kong issued this Code of Practice to establish cybersecurity standards for authorized institutions designated as critical infrastructure operators under the Protection of Critical Infrastructures (Computer Systems) Ordinance. The document mandates specific technology risk management and cybersecurity protocols to safeguard computer systems against threats. It includes annexes providing templates for notifications required under category 1 and category 2 obligations to ensure regulatory compliance.

Hong Kong Monetary Authority logo

Hong Kong

Hong Kong Monetary Authority

Click to view thumbnail

COP

Current

Issue Date:

02 Jun 2026

20260527-25-EN.pdf (301.0 KB)

Topic:

Technology Risk Management - Cybersecurity

Group:

All Authorized Institutions

Directly related Document

Cross referenced Document

Version History

Superseded Document

Directly related Document

Annex

Current

02 Jun 2026

Annex - Templates for notifications required under category 1 and category 2 obligations

Annex

Current

02 Jun 2026

Annex - Templates for notifications required under category 1 and category 2 obligations

Cross referenced Document

Version History

Superseded Document

You may also be interested in

CIR

Current

24 May 2016

Cybersecurity Fortification Initiative

CIR

Current

21 Dec 2016

Cybersecurity Fortification Initiative

CIR

Current

03 Nov 2020

Cybersecurity Fortification Initiative 2.0