Taipei: The Legislature on Friday passed amendments to the Cyber Security Management Act, imposing restrictions on the use of products deemed a threat to national security and raising the maximum fine for failing to report certain cyber security breaches.
According to Focus Taiwan, the amendments designate the Ministry of Digital Affairs (MODA) as the lead agency responsible for implementing the law, replacing the Executive Yuan, which first proposed the bill last year. Under the new regulations, government agencies are prohibited from downloading, installing, or using products that could endanger national security, unless specifically approved by the relevant authorities. These products are defined as those supplied by "enemy forces" or groups they control under the National Security Act and the Anti-Infiltration Act.
All central government agencies, including the Presidential Office and the five branches of government -- the Legislative Yuan, Executive Yuan, Control Yuan, Examination Yuan, and Judicial Yuan -- must file cybersecurity plans with MODA. Additionally, county and city governments are required to submit their own plans and oversee the cybersecurity of their subordinate agencies.
The amendments also significantly increase penalties for designated non-government organizations that fail to report cybersecurity incidents. The maximum fine has been raised to NT$10 million (US$327,000), from the previous range of NT$300,000 to NT$5 million. Organizations covered under these regulations include state-owned enterprises, telecom providers, other infrastructure operators, and legal entities established or funded by the government, such as the National Performing Arts Center.
Furthermore, the amendments authorize central government agencies overseeing these organizations to investigate cyber security incidents, thereby enhancing the overall enforcement of the new regulations.