mylaw.my

Malaysia legislation

Section 20

of CYBER SECURITY ACT 2024

Section 20

(2)

Where the national critical information infrastructure entity procures or has come into possession or control of any additional computer or computer system which in the opinion of the national critical information infrastructure entity that the computer or computer system is a national critical information infrastructure, the national critical information infrastructure entity shall provide such information to its national critical information infrastructure sector lead regardless whether there is a request under subsection (1).

(3)

If a material change is made to the design, configuration, security or operation of the national critical information infrastructure owned or operated by the national critical information infrastructure entity after the information on such national critical information infrastructure has been provided under subsection (1), the national critical information infrastructure entity shall notify its national critical information infrastructure sector lead of the material change within thirty days from the date the change was completed.

(4)

For the purposes of subsection (3), a change is a material change if the change affects or may affect the cyber security of the national critical information infrastructure or the ability of the national critical information infrastructure entity to respond to a cyber security threat or cyber security incident.

(5)

The national critical information infrastructure sector lead shall notify the Chief Executive of any information received under subsections (2) and (3) in the manner as may be determined by the Chief Executive.

(6)

Any national critical information infrastructure entity which contravenes subsection (1), (2) or (3) commits an offence and shall, on conviction, be liable to a fine not exceeding one hundred thousand ringgit or to imprisonment for a term not exceeding two years or to both.

(7)

Any national critical information infrastructure sector lead which contravenes subsection (5) commits an offence and shall, on conviction, be liable to a fine not exceeding one hundred thousand ringgit.

Act 854

Duty to implement code of practice

Read in full context — CYBER SECURITY ACT 2024