This Act is enacted for the establishment of the National Institute of Cyber Security（hereinafter referred to as “the Institute”）to enhance the nation’s cyber security technology competence, and promote the research, development, and application of cyber security technology.

The Institute shall be a non-departmental public body. The Ministry of Digital Affairs shall be its supervisory authority.
The Ministry of Digital Affairs may commission or designate an agency to supervise the Institute’s operation.

The Institute’s scope of operation shall include:
1. researching and developing cyber security technology, and promoting the application, technology transfer, industry-university collaboration services, and international cooperation and exchanges of cyber security technology;
2. assisting in planning and promoting national cyber security protection mechanisms;
3. assisting government agencies（or institutions）and critical infrastructure in responding to major cyber security incidents;
4. assisting in planning and supporting of the cyber security protection of nation’s critical infrastructure;
5. assisting in planning and fostering cyber security talents, and promoting cyber security awareness nationwide;
6. supporting government agencies or institutions in cyber security protection operations with special sensitivity;
7. supporting demands for the industry’s major development in cyber security and its regulatory initiatives; and
8. other matters related to cyber security technology.

The Institute’s sources of funding shall include:
1. budgets approved and allocated by the government, and donations or subsidies from the government;
2. domestic or overseas donations from public or private institutions, civil associations, and individuals;
3. revenue from commissioned research and provision of services; and
4. other revenue.
The donations specified in subparagraph 2 of the preceding paragraph shall be deemed to be the donations to the government.

The Institute shall prescribe its bylaws along with rules and regulations governing the management of personnel, accounting system, internal control, auditing and others related matters, which shall be adopted by its board of directors and filed to the supervisory authority for future reference.
The Institute may, without contravening any related laws or regulations, prescribe rules and regulations concerning its execution of public affairs, which shall be adopted by its board of directors and filed to the supervisory authority for future reference.

When engaging in cyber security operations with special sensitivity, government agencies may carry out procurements pursuant to subparagraph 3, paragraph 1, Article 105 of the Government Procurement Act. In such case, the Institute shall be deemed to be a government institution and the Ministry of Digital Affairs shall be deemed to be its superior authority.