Goto Main Content
:::

Chapter Law Content

Title: Cyber Security Management Act CH
Category: Ministry of Digital Affairs(數位發展部)
Chapter IV. Penalties
Article 19
Personnel of a government agency shall be subject to discipline or penalty in accordance with the relevant regulations if failing to comply with the regulation of the Act.
Regulations for such penalty in the preceding Paragraph shall be stipulated by the competent authority.
Article 20
If a specific non-government agency has one among those enumerated below transpired, the central authority in charge of relevant industry shall order it to complete corrective actions within the specified time limit. If it fails to complete corrective actions within the specified time limit, it shall be subject to a fine ranging from NT$100,000 as the minimum to NT$1,000,000 as the maximum for each offense:
1. If it fails to stipulate, amend or implement the cyber security maintenance plan in accordance with Paragraph 2 of Article 16 or Paragraph 1 of Article 17, or violates the essential items in the cyber security maintenance plan under Paragraph 6 of Article 16 or Paragraph 4 of Article 17.
2. If it fails to submit the report on implementation of the cyber security maintenance plan to the central authority in charge of relevant industry in accordance with Paragraph 3 of Article 16 or Paragraph 2 of Article 17, or fails the requirements with the submittal of the implementation of the cyber security maintenance plan stipulated under Paragraph 6 of Article 16 or Paragraph 4 of Article 17.
3. If it fails the requirements under Paragraph 3 of Article 7, Paragraph 5 of Article 16 or Paragraph 3 of Article 17, unable to submit the improvement reports to the competent authority, the central authority in charge of relevant industry, or violates the regulation with the submitting of the improvement report under Paragraph 6 of Article 16 or Paragraph 4 of Article 17.
4. If it fails to stipulate the reporting and responding mechanism of cyber security incident in accordance with Paragraph 1 of Article 18, or violates the essential items in the reporting and responding mechanism under Paragraph 4 of Article 18.
5. If it fails the requirements under Paragraph 3 of Article 18, unable to submit the cyber security investigation, handling and improvement reports regarding cyber security incidents to the central authority in charge of relevant industry or the competent authority, or violate the regulation with the submitting of the report under Paragraph 4 of Article 18.
6. If it violates the regulation regarding the contents of notification under Paragraph 4 of Article 18.
Article 21
A specific non-government agency violates the provisions Paragraph 2 of Article 18, by failing to report a cyber security incident, the central authority in charge of relevant industry shall impose a fine ranging from NT$300,000 as the minimum to NT$5,000,000 as the maximum, and shall order it to complete improvement within a specified time limit. If it fails to complete such requirement within the specified time limit, a penalty for each additional offense shall be re-imposed.