Personnel of a government agency shall be subject to discipline or penalty in accordance with the relevant regulations if failing to comply with the regulation of the Act.
Regulations for such penalty in the preceding Paragraph shall be stipulated by the competent authority.

If aspecific non-government agency has one among those enumerated below transpired, the central authority in charge of relevant industry shall order it to complete corrective actions within the specified time limit. If it fails to complete corrective actions within the specified time limit, it shall be subject to a fine ranging from NT$100,000 as the minimum to NT$1,000,000 as the maximum for each offense:
1. If it fails to stipulate, amend or implementthe cyber security maintenance planin accordance with Paragraph 2 of Article 16 or Paragraph 1 of Article 17, orviolates the essential items in the cyber security maintenance plan under Paragraph 6 of Article 16 or Paragraph 4 of Article 17.
2. If it fails to submit the report on implementation of the cyber security maintenance plan to the central authority in charge of relevant industry in accordance with Paragraph 3 of Article 16 or Paragraph 2 of Article 17, or fails the requirements with the submittal of the implementation of the cyber security maintenance plan stipulated under Paragraph 6 of Article 16 or Paragraph 4 of Article 17.
3. If it fails the requirements under Paragraph 3 of Article 7, Paragraph 5 of Article 16 or Paragraph 3 of Article 17, unable to submit the improvement reports to the competent authority, the central authority in charge of relevant industry, or violates the regulation with the submitting of the improvement report under Paragraph 6 of Article 16 or Paragraph 4 of Article 17.
4. If it fails to stipulate the reporting and responding mechanism of cyber security incidentin accordance with Paragraph 1 of Article 18, or violates the essential items inthe reporting and responding mechanism under Paragraph 4 of Article 18.
5. If it fails the requirements under Paragraph 3 of Article 18, unable to submit the cyber security investigation, handling and improvement reports regarding cyber security incidents to the central authority in charge of relevant industryor the competent authority, or violate the regulation with the submitting of thereport under Paragraph 4 of Article 18.
6. If it violates the regulation regarding the contents of notification under Paragraph 4 of Article 18.

A specific non-government agency violates the provisions Paragraph 2 of Article 18, by failing to report a cyber security incident, the central authority in charge of relevant industry shall impose a fine ranging from NT$300,000 as the minimum to NT$5,000,000 as the maximum, and shall order it to complete improvement within a specified time limit. If it fails to complete such requirement within the specified time limit, apenalty for each additional offense shall be re-imposed.