• Font Size:
  • S
  • M
  • L

Chapter Content

Title:

Cyber Security Management Act  CH

Amended Date: 2025.09.24 
Article Content Chapter Content Search Article No. Search Subordinate Legislation Amended Article Legislative History Chinese 
   Chapter IV. Penalties
Article 28Personnel of government agencies who fail to perform duties in accordance with the provisions of this Act shall be subject to disciplinary sanctions or disciplinary actions in accordance with relevant regulations, depending on the severity of the case.
The rules for the disciplinary actions provided in the preceding paragraph shall be prescribed by the competent authority.
Personnel of specific non-government agencies who fail to perform duties in accordance with the provisions of this Act, and where the circumstances are significant, shall be subject to disciplinary action by the specific non-government agency in accordance with relevant regulations.
Article 29If specific non-government agencies fail to report a cyber security incident in accordance with Paragraph 2, Article 24, the central competent authority in charge of the relevant sector shall impose a fine of not less than NT$300,000 and not more than NT$10,000,000 and shall order correction within a specified period; if correction is not made within the prescribed period, additional fines shall be imposed for each violation. Info
Article 30Where specific non-government agencies fall under any of the following circumstances, the central competent authority in charge of the relevant sector shall order correction within a specified period; if correction is not made within the prescribed period, a fine of not less than NT$100,000 and not more than NT$5,000,000 shall be imposed for each violation:
1.Failure to formulate, revise, or implement a cyber security maintenance plan in accordance with Paragraph 2, Article 20 or Paragraph 1, Article 21, or violation of the requirement regarding essential elements of the cyber security maintenance plan as provided in the measures prescribed under Article 22.
2.Failure to submit the implementation status of the cyber security maintenance plan to the central competent authority in charge of the relevant sector in accordance with Paragraph 3, Article 20,or Paragraph 2, Article 21, or violation of the provisions on the submission of implementation status reports as prescribed under Article 22.
3.Failure to submit a corrective action report to the central competent authority in charge of the relevant sector in accordance with Paragraph 2, Article 8, Paragraph 5, Article 20, or Paragraph 3, Article 21, or violation of the provisions on the submission of corrective action reports as prescribed under Article 22.
4.Failure to formulate a notification and response mechanism for cyber security incidents in accordance with Paragraph 1, Article 24, or violation of the requirements regarding the essential elements of the reporting and response mechanism as prescribed under Paragraph 4, Article 24.
5.Failure to submit investigation, handling, and corrective action reports of cyber security incidents to the central competent authority in charge of the relevant sector, or to the competent authority in accordance with Paragraph 3, Article 24, or violation of the provisions on the submission and delivery of such reports as prescribed under Paragraph 4, Article 24.
6.Violation of the provisions regarding the contents of notifications and the execution of drills as prescribed under Paragraph 4, Article 24.		 Info
Article 31Those who evade, obstruct, or refuse an investigation in violation of Paragraph 3, Article 25 shall be subject to a fine of not less than NT$100,000 and not more than NT$1,000,000 imposed by the central competent authority in charge of the relevant sector. Info