Cyber Security
1.Amendment to Cyber Security Management Act
On September 24, 2025, the President announced the amendments to the Cyber Security Management Act. We summarize below:
(1) The competent authority is changed from the Executive Yuan to the Ministry of Digital Affairs (moda).
(2) Government agencies are prohibited from downloading, installing, or using products that endanger national cyber security. However, if there is a business need with no alternatives, such products may be used upon approval by the Chief Information Security Officer and ratification by the competent authority, with usage subject to project-based control and record-keeping. The same restrictions apply to specific non-government agencies designated by the competent authority.
(3) The moda may conduct regular or ad hoc audits on the implementation of cyber security maintenance plans by each agency. Where deficiencies or areas for improvements are identified, the agency shall submit an improvement report, and when necessary, provide explanations or make adjustments.
(4) Government agencies and specific non-government agencies shall appoint a Chief Information Security Officer and dedicated cyber security personnel. When necessary, government agencies may review the qualifications and suitability of such personnel. Those who refuse or fail to pass may not engage in cyber security tasks involving state secrets, military secrets, and national defense secrets.
(5) To strengthen regulation of outsourced cyber system establishment and maintenance, including requiring contractors to establish effective cyber security management mechanisms, ensuring that operational procedures include cyber security measures or have passed third-party certification, and mandating written contracts between agencies and contractors. In addition, agencies shall cooperate with the moda in conducting cyber security exercises.
(6) To increase penalties for non-government agencies violating obligations under the Act. Failure to report cyber security incidents as required is subject to fines of up to NT$10 million. Violations of cyber security maintenance plans, reporting, or response mechanisms that remain uncorrected within the deadline set by the central competent authority are subject to fines of up to NT$5 million.
(7) Addition of investigative powers for the central competent authority with respect to major cyber security incidents involving specific non-government agencies, including notifying the parties or related persons to attend and present their statements, requesting the submission of independent third-party reports, or dispatching personnel to conduct necessary inspections.
Reported by: Stacy Lo/ Alva Wu
Tax
2.Ministry of Finance Directive: Interpretation of Article 35 of the Value-added and Non-value-added Business Tax Act
On September 10, 2025, the Ministry of Finance announced the interpretation of Article 35 of the Value-added and Non-value-added Business Tax Act (VAT Act). The ruling provides the following grace period and rules for penalties exemption for individuals who frequently publish creative works or share information online (internet influencers) and for platforms that use the content from internet influencers to broadcast advertisements or provide related paid services, obtain service income from advertisers or paying viewers, but fail to comply with the VAT Act in as to tax registration, issuance and delivery of uniform invoices, or the filing and payment of business tax:
(1) Those who failed to complete tax registration in accordance with the law before June 30, 2026 shall be exempt from penalties under Article 45 of the Business Tax Act.
(2) Those who failed to issue and deliver uniform invoices in accordance with the law before June 30, 2026 shall be exempt from penalties under Article 52 of the Business Tax Act and Article 44 of the Tax Collection Act.
(3) Those who failed to declare sales amounts and pay business tax in accordance with the law before July 15, 2026 shall be exempt from penalties under Article 51 of the Business Tax Act.
Reported by: Alex Li/ Alva Wu
Fair Trade
3.Amendments to Directions for Enterprises Filing for Merger
On 16 September 2025, the Fair Trade Commission amended the “Directions for Enterprises Filing for Merger,” changing “Chinese” in Point 6 to “the language of the Republic of China.”
Reported by: Kang-Shen Liu / Sean Tsai
Financials
4.Climate-related Disclosure Examples under the IFRS Sustainability Disclosure Standards
On 17 August, 2023, the Financial Supervisory Commission (FSC) published Taiwan’s Roadmap for Adopting IFRS Sustainability Disclosure Standards, under which Taiwan Stock Exchange (TWSE) and Taipei Exchange (TPEx) listed companies will directly adopt the FSC-endorsed IFRS Sustainability Disclosure Standards in three phases beginning from the fiscal year of 2026, and disclose sustainability-related financial information in a dedicated section of their annual reports. The first phase applies to listed companies with paid-in capital exceeding NT$10 billion (approximately 125 companies), which shall adopt from the year of 2026.
The FSC, together with TWSE, TPEx, and the Accounting Research and Development Foundation, has established a project task force and set up an “IFRS Sustainability Disclosure Standards” portal. The portal provides translations of the IFRS Sustainability Disclosure Standards and related guidance, together with FAQs on practical issues and disclosure examples, to help companies prepare climate-related disclosures.
Taking industry characteristics into account, the task force has released climate-related disclosure examples for five industries, including steel manufacturing, hardware, semiconductors, oil and gas, and electronics manufacturing services. In addition, the task force has recently released medical equipment and supplies, apparel and accessories, industrial machinery and goods, commercial banking, and building materials. All ten sets of examples are centralized under “Practical Guidance and Examples” on the portal.
Reported by: Stacy Lo/ Linda Guo
5.Regulations Governing Cross-selling among Subsidiaries of Financial Holding Company
On 23 September 2025, the FSC announced the draft amendment to the “Regulations Governing Cross-selling among Subsidiaries of Financial Holding Companies” for public consultation, which expand the scope of cross-selling for securities business. We summarize below:
(1) The scope of account opening for securities business has been expanded from “opening a securities brokerage account” to “opening a securities brokerage account or securities introducing business account”; and
(2) With the installation of online order terminals, the counterparty for investor’s orders has been expanded from “securities firms” to “securities firms or securities introducing brokers”.
Reported by: Stacy Lo/ Zoe Chen
Securities
Draft Amendment to the “Regulations Governing the Issuance of Call (Put) Warrants by Issuers”
On 12 September 2025, the FSC announced a draft amendment to Article 8 of the “Regulations Governing the Issuance of Call (Put) Warrants by Issuers,” proposing to include active exchange-traded funds within the scope of underlying assets eligible for issuers to issue call (put) warrants.
Reported by: Jeffrey Liu/ Eden Hsieh
7.Amendment to Regulations Governing Offshore Securities Branches
On 18 September 2025, the FSC issued a ruling amending the “Regulations Governing Offshore Securities Branches.” We summarize below:
(1) It is stipulated that when an Offshore Securities Unit (OSU) conducts customer entrusted account custody business and its customers are individuals, juristic persons, government agencies, or financial institutions located outside the Republic of China (Taiwan), the OSU may also open a foreign currency deposit account with a foreign custodian institution to hold customer funds.
(2) It is stipulated that the term “foreign custodian institution” refers to an institution, or its controlling or subsidiary entity, that has established a securities firm or bank branch/subsidiary within Taiwan; if the custodian institution or its affiliates have not established such a presence in Taiwan, the custodian institution must be a financial institution that meets specific credit rating standards.
Reported by: Jeffrey Liu/ Eden Hsieh
| Editors: Mike Lu (Partner) Stacy Lo (Partner) Jeffrey Liu (Partner) Kang-Shen Liu (Partner) David Tsai (Partner) Angela Lin (Partner) Paul Hsu (Partner) Alex Li (Partner) | Counselors: Echo Yeh Sue Su Jolene Wang (Lexcel Partners IP Firm) |
