Malaysia legislation
Section 25
Section 25
(2)
The national critical information infrastructure sector lead shall, in preparing the code of practice under subsection (1), consider among others the following matters:
(a)
the functions of the relevant national critical information infrastructure entities;
(b)
provisions relating to cyber security under any other written law applicable to the national critical information infrastructure sector lead;
(c)
the views of the relevant national critical information infrastructure entities; and
(d)
the views of the relevant regulatory authority, if any, which the national critical information infrastructure entity is subject to.
Act 854
(3)
The Chief Executive may endorse the code of practice prepared under subsection (1) if the Chief Executive is satisfied that—
(a)
the measures, standards and processes specified in the code of practice are consistent with or above the minimum requirements specified in the directive;
(b)
the matters as set out in subsection (2) have been given due consideration; and
(c)
the code of practice is consistent with the provisions of this Act.
(4)
The code of practice under this section shall take effect on the date of the endorsement of the code of practice by the
Chief Executive.
(5)
If the Chief Executive refuses to endorse the code of practice, the Chief Executive shall notify the national critical information infrastructure sector lead concerned of his decision in writing and provide the reasons for it.
(6)
Any national critical information infrastructure sector lead which contravenes subsection (1) commits an offence and shall, on conviction, be liable to a fine not exceeding one hundred thousand ringgit.
Directions under other written law shall be consistent with code of practice