Legislative Acts

Cybersecurity Legislation and Issue Advocacy

Current Progress: Legislative deliberation and budget advocacy underway (45%)

Resource Hub

Timeline

2025

• 2025.11.25 [General Inquiry] Cybersecurity Budget and Digital Human Rights Legislator JU CHUN KO pointed out during the Legislative Yuan’s general policy inquiry that SME cybersecurity budgets are severely insufficient, and government anti-fraud measures may infringe on digital human rights. He demanded the Executive Yuan increase cybersecurity budgets and establish a single complaint window.

  Play

• 2025.11 [Supply Chain Attack] Digital Marketing Company Hacked Taiwanese digital marketing companies were compromised long-term by Chinese hacking group APT24, affecting over 1,000 customer domains, exposing the extreme vulnerability of supply chain cybersecurity defenses.

• 2025.06 [Trust Crisis] Chrome Stops Trusting Chunghwa Telecom Certificates Google announced that Chrome browser would no longer trust newly-issued commercial certificates from Chunghwa Telecom, severely damaging the national telecom operator’s cybersecurity credibility and affecting government agencies and financial institutions.

• 2025.03 [Healthcare Security] CrazyHunter Ransomware Rampage Ransomware specifically targeting Taiwan attacked MacKay Memorial Hospital and other medical centers. The Ministry of Health and Welfare characterized it as a “systematic attack,” posing major threats to patient privacy and medical operations.

2024

• 2024.03.19 [General Inquiry] AI Fraud Deepfake Video Inquiry Legislator JU CHUN KO played two AI-generated videos in the Legislative Yuan and asked Premier Chen Chien-jen to identify which was real. The Premier could not distinguish them. This highlighted the AI fraud crisis of “seeing is no longer believing” and demanded concrete government countermeasures.

  Play

• 2024 Full Year [Warning] Asia-Pacific Cyberattack Leader Check Point Research reported that Taiwan is the most frequently attacked country in the Asia-Pacific region, suffering an average of nearly 4,000 attacks per week.

Key Issues & Q&A

Q1: Will cybersecurity law amendments become a tool for government surveillance of citizens?

A: The focus of amendments is “protection” not “surveillance.” Legislator JU CHUN KO emphasizes that the core of cybersecurity reform is requiring enterprises and government agencies to fulfill cybersecurity protection obligations (such as data encryption and regular drills) and establishing independent oversight mechanisms. Regarding public concerns about “digital surveillance,” the legislator has proposed four key demands for “digital human rights,” clearly opposing government abuse of anti-fraud justifications to block citizen accounts or monitor communications without due process.

Q2: Why emphasize SME cybersecurity budgets?

A: SMEs are the weakest link in the supply chain (the shortest plank). Hackers often don’t directly attack well-defended large enterprises; instead, they use SMEs in the supply chain (such as marketing companies or component suppliers) as stepping stones. Currently, the government’s cybersecurity budget for SMEs averages only 59 NTD, completely insufficient to build effective defenses. Shoring up this weakness is essential to protecting the entire nation’s industrial security.

Q3: How should we handle cybersecurity risks from Chinese AI software?

A: Establish testing mechanisms and risk classifications rather than blanket bans. Facing Chinese AI tools like DeepSeek, simple prohibition is difficult to enforce and hinders research. Taiwan should establish a national-level AI cybersecurity testing laboratory to conduct “unboxing inspections” of such software, revealing whether they transmit personal data or contain backdoors, and publish risk ratings, allowing citizens and businesses to make informed choices about usage.

Call to Action: Cybersecurity is national security; digital human rights cannot be compromised. Support Legislator JU CHUN KO in securing cybersecurity budgets and advancing regulatory reforms to equip Taiwan with the strongest digital armor!

Legislator JU CHUN KO’s Reform Demands

Facing these structural vulnerabilities, Legislator JU CHUN KO has proposed a set of concrete legal and budgetary demands, summarized as “Fix the holes, build a stronger wall, and protect human rights.”

Secure Multi-Year Project Funding

In the Legislative Yuan’s 2025 general policy inquiry, Legislator JU CHUN KO demanded the Executive Yuan allocate multi-year cybersecurity project funding to significantly increase subsidies for SMEs. Specific requests include:

• Raise the SME cybersecurity joint defense budget to at least 10,000 NTD per firm per year
• Adopt multi-year (3–5 year) budget planning to enable long-term cybersecurity programs
• Establish a cybersecurity insurance mechanism to share and mitigate risks across firms

Defend Digital Human Rights: Four Concrete Measures

To prevent anti-fraud measures from becoming instruments of digital repression, Legislator JU CHUN KO proposed the following four measures:

1. Establish a single complaint window: Citizens must have a clear, centralized appeals channel so government agencies can’t pass responsibility between ministries
2. Publish regular statistics: Release monthly counts of account takedowns, appeals, and account reinstatements for public and parliamentary oversight
3. Review algorithmic logic: Anti-fraud algorithms should be audited periodically, with error rates published and continuous improvements mandated
4. Prohibit training on real user accounts without consent: Government or private actors should not train AI models on users’ real social media accounts without explicit permission

These measures emphasize that technological enforcement must respect human rights and avoid opaque algorithmic decisions.

Aligning Personal Data Laws with International Standards

Legislator JU CHUN KO also pushes for amendments to Taiwan’s Personal Data Protection Act inspired by GDPR:

• Data portability: Citizens can request and receive an export of their personal data
• Right to be forgotten: Under specific conditions, individuals can request deletion of their data
• Right to object to automated decisions: Individuals subject to impactful automated decisions (e.g., loan or insurance decisions) can request human review

Aligning with international norms strengthens user protections and increases global interoperability.

Recent Major Cybersecurity Alerts

2025.03: CrazyHunter Ransomware Attacks

CrazyHunter ransomware targeted medical centers in Taiwan, encrypting systems and demanding ransom payments. The Ministry of Health and Welfare called it a “systematic attack,” underscoring severe vulnerabilities in hospital cybersecurity infrastructure that threaten patient records and the continuity of medical services.

2025.06: Chrome Distrusts Chunghwa Telecom Certificates

Google announced Chrome would no longer trust newly issued commercial certificates from Chunghwa Telecom due to certificate management noncompliance with international standards. This undermined national telecom credibility and highlighted the urgency of aligning infrastructure with global security practices.

2024.03: AI Deepfake Video Warning

Legislator JU CHUN KO played two AI-generated deepfake videos in the Legislative Yuan; Premier Chen Chien-jen could not distinguish them. The inquiry demonstrated that “seeing is no longer believing,” raising urgent demands for countermeasures.

Future Vision: Resilient Taiwan, Digital Security for All

Cybersecurity is not just a technical issue—it is a national concern that affects every citizen. Strengthening cybersecurity for SMEs and digital human rights enforcement will:

• Fortify the supply chain: Strong SME defenses safeguard the entire industrial ecosystem
• Promote digital equity: Robust appeals and transparent algorithmic practices protect citizens from arbitrary digital censorship
• Protect national security: A secure and resilient cyber posture defends democratic institutions against foreign influence and attacks

Cybersecurity is national security—digital human rights are not negotiable. Support Legislator JU CHUN KO’s reform agenda to shield Taiwan in the silent war of cyberspace.