Cybersecurity legislation insights

A comparative study and considerations for future cybersecurity legislation

With the rapid development of new technologies in recent years, increased dependency on technology has subsequently led to greater exposure to cyber threats and challenges. In response to those challenges, nations across the globe have been establishing domestic legislation and cooperating internationally to address their vulnerabilities against cyberattacks.

This discussion paper intends to share the research observations on cybersecurity legislation in 13 countries, including Brazil, Chile, China, Germany, India, Mexico, Singapore, South Africa, the United Arab Emirates (UAE), the United Kingdom (UK), the United States (US), Vietnam and the European Union (EU). 

In this study, we identified commonalities and differences in the cybersecurity legislation of our study subjects, collated considerations and produced roadmaps for designing cybersecurity legislation and introduces some emerging trends in cybersecurity legislation.

Nine cybersecurity areas

This study conducted a thorough comparative study on the cybersecurity legislation of 13 countries and shortlisted nine common areas of interest:

1. Critical infrastructure (CI) protection

2. Incident response and crisis management

3. Cybercrime law

4. Personal data protection

5. Non-personal data protection

6. Information and communication technology (ICT) vulnerability management

7. Awareness and capability

8. International cooperation

9. Cybersecurity technologies and solutions marketplace

Designing cybersecurity legislation

This study produced five considerations that are foundational, significantly insightful, and highly beneficial for all countries to take into account when designing cybersecurity legislation. The five considerations are:

  1. Designing affordable cybersecurity legislation
  2. Recognising cybersecurity as a shared responsibility
  3. Strengthening cybersecurity baseline requirements to prevent cybercrime
  4. Collaborating to solve cybersecurity problems
  5. Balancing security and development

Emerging trends of cybersecurity legislation

This study reveals emerging cybersecurity legislation trends so that countries may better prepare themselves for a rapidly evolving digital paradigm.

Introduction and study summary

The first volume is an overarching summary that contains the project background, research methodology and a concise illustration of all our key findings. Subsequent volumes will provide detailed analysis and examples of our key findings.


Chapter 1: National Cybersecurity Strategy (NCS)

NCS is a cornerstone document that governments publish prior to outlining their cybersecurity legislation. Our research observed that NCS serves to unify the vision and direction of the country through highlighting national cybersecurity challenges, goals and priorities.


Chapter 2: Critical infrastructure (CI) protection

Most countries are increasingly digitising their CI operations. Thus, governments are prioritising the establishment of cybersecurity in their CI sectors. Relevant legislation usually defines the industry scope, clarifies enforcement methods and provides requirements for the operators.

Request a digital copy

Coming soon

Chapter 1: Legislation of incident response and crisis management

Efficient reporting is the key to mitigating cyber incidents. Relevant cybersecurity legislation identifies the responsible agency, reporting content and time requirements.


Chapter 2: Legislation of cybercrime law

Until recently, governments have been combatting cybercrime mainly through investigation. However, the trend is now shifting towards strengthening prevention through enhancing security.


Chapter 3: Legislation of information and communication technology (ICT) vulnerability management

As ICT is the central driver of digitisation, countries are increasingly establishing relevant security requirements to manage potential vulnerabilities. The management process includes identification, verification, mitigation and disclosure.


Chapter 4: Awareness and capability

More countries now recognise the significance of raising public awareness of cybersecurity issues. Governments are initiating diverse training programs to enhance people’s capability and society’s overall resilience.

Coming soon

Chapter 1: Legislation of personal data protection

Most countries worldwide have already enacted legislation on personal data protection. Typically covered contents include principles of personal data usage, the legal basis for the collection, data subject rights, data transfer rules and the responsible authority.


Chapter 2: Legislation of non-personal data (NPD) protection

Governments are increasingly paying attention to the potential economic value of NPD. Domestic sharing of NPD is not as stringently regulated as personal data, but the cross-border transfer of it is still under tight requirements.


Chapter 3: Legislation of international cooperation

In borderless cyberspace, international cooperation is inevitable. Countries are reaping significant benefits from establishing partnerships and cooperating with overseas stakeholders, such as foreign governments, academics, organisations and overseas private entities.


Chapter 4: Legislation of cybersecurity technologies and solutions marketplace

The demand for cybersecurity products and services is increasing with rising number of cyber threats. A strong and vibrant cybersecurity marketplace is the foundation for the products and services.

Coming soon 

Designing cybersecurity legislation and emerging trend of cybersecurity legislation

Five considerations:

There is no one size fits all method when designing cybersecurity legislation. However, our study collated five considerations that are significantly beneficial for all stakeholders to take into account:

  1. Designing affordable cybersecurity legislation
  2. Recognising cybersecurity as a shared responsibility
  3. Strengthening cybersecurity baseline requirements to prevent cybercrime
  4. Collaborating to solve cybersecurity problems
  5. Balancing security and development

Emerging trends:

We identify five emerging trends in cybersecurity legislation, which are as follows:

  • Increasing attention is given to regulating artificial intelligence and blockchain technology.
  • Cross-border data transfer is under continuous balancing between privacy protection and economic interest.
  • Cybersecurity insurance products are emerging in the market.
  • An increasing trend in ICT supply chain cybersecurity is assessing not only vendors but also products and services.
  • Governments are looking for secure ways to harvest the significant economic potential of non-personal data.

Contact us

Kenneth Wong

Kenneth Wong

Mainland China and Hong Kong Digital Trust & Risk - Cybersecurity and Privacy Leader, PwC Hong Kong

Tel: +[852] 2289 2719

Lisa Li

Lisa Li

Mainland China Digital Trust & Risk - Cybersecurity and Privacy Leader, PwC China

Tel: +[86] (10) 6533 2312

Chun Yin Cheung

Chun Yin Cheung

Partner, PwC China

Tel: +[86] (21) 2323 3927

Danny Weng

Danny Weng

Partner, PwC China

Tel: +[86] (20) 3819 2629

Follow us