OLN

Featured Home

Essential Guide: Appointing an In-House Head of Computer System Security

by

Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653) sets tough standards for Critical Infrastructure Operators (CIOs) to protect their Critical Computer Systems (CCSs) from cyber risks. A key requirement? Appointing a dedicated in-house head to oversee computer system security. This can’t be outsourced—it must be an internal employee for full accountability.

While these guidelines are tailored to CIOs under Cap. 653, they also serve as best practices for employing any high-level management role, ensuring accountability, smooth transitions, and risk mitigation across organizations.

Based on Cap. 653, Code of Practice (v1.0), and insights from the Office of the Commissioner of Critical Infrastructure (Computer-system Security) (OCCICS) website and FAQs, here’s why this role matters and practical HR tips to handle it smoothly.

The Must-Have In-House Role: Why It Can’t Be Outsourced

CIOs need to set up a security management unit and appoint an employee to lead it (s.21(4); Code of Practice §5.3.2). This falls under Category 1 organizational duties.

  • Purpose: To build strong security governance tailored to your CIO’s unique risks.
  • In-House Requirement: The head must have “adequate professional knowledge” specific to your operations (OCCICS FAQ 6). Outsourcing of computer-system security management units is allowed but the head must be an employee appointed by the CIO (OCCICS FAQ 7).
  • Accountability: While suppliers can help with other tasks (via contracts), core oversight stays internal.
  • Risks of Non-Compliance: Fines up to HK$5 million for the organization (ss. 7, 26, 28 and 70)—but no personal penalties for individuals (OCCICS FAQ 24).

With potential designations looming as of January 16, 2026, prioritize this hire now to stay ahead.

HR Essentials: What to Focus On

Managing this role involves blending HR best practices with regulatory needs. Break it down into key areas:

1. Defining the Role and Finding the Right Fit

The head leads the security unit, handling everything from risk assessments to incident responses. This role is not just an IT function but spans cross-business units (BUs), integrating security with operations, finance, legal, and other areas to address enterprise-wide risks.

  • Core Duties: Create and implement a security plan, including access controls, training, and supply chain checks (Code of Practice §§6.2.5–6.2.27). They co-endorse the plan with top executives and review it every two years or after changes.
  • Qualifications Needed: Look for certifications like CISSP, CISM, or CISA, plus experience matching your CCS threats (Code of Practice §5.3.2).

HR Tip: Involve senior management in hiring to align with strategy—they must grasp its importance for compliance, co-endorsement (Code of Practice §6.2.1), and avoiding fines/risks across BUs (OCCICS FAQ 6). Highlight Ordinance and cross-BU aspects in job postings; verify credentials for OCCICS (Annex C of Code of Practice); onboard with team training (Code of Practice §6.2.27).

2. Handling Changes and Notifications

Any shift in this role counts as a “material change” that must be reported, including during employment termination to maintain continuity and avoid compliance gaps.

  • What Triggers Notification: New hires, departures (such as resignations or terminations), or anything affecting security (s.22(1); Annex D of Code of Practice; OCCICS FAQ 8).
  • How to Report: Use Annex C with details like name, qualifications, and start or end date (Code of Practice §5.3.3).

HR Tip: Include notification clauses in contracts; report to OCCICS immediately post-hire or termination. Require advance exit notice, successor planning, and handover to link with exit protocols and prevent disruptions.

3. Understanding Legal Risks for the Employee

The role is high-stakes, but liability is organizational.

  • No Personal Fines: Penalties hit the CIO, not the individual (OCCICS FAQ 24).
  • Internal Protections: Clear duties help avoid blame in disputes.

HR Tip: Add indemnity clauses (excluding wilful errors); link reviews to security goals for accountability, trust, and lower turnover.

4. Managing Exits: Termination, Garden Leave, and Handovers

Smooth transitions are crucial to maintain continuity (Category 1).

  • Key Concerns: Sudden exits could disrupt operations and require immediate reporting.
  • No Fixed Rules: But longer notice periods help with knowledge transfer.

HR Tip: Use 3–6 month notice periods for handovers (data/knowledge transfer, successor training); apply garden leave for secrecy (s.57, up to HK$1M fines); limit non-competes to sensitive data; ensure pay and audit support.

Wrapping Up: Make It a Smart Move

View this appointment as a boost to your cyber defenses, not just compliance. Keep detailed HR records—they can back due diligence defenses (ss.65–66).

For custom advice, reach out to Oldham Li & Nie. Aligning HR with Cap. 653 now strengthens your position in Hong Kong’s evolving critical infrastructure landscape.

Disclaimer: This article is for reference only. Nothing herein shall be construed as Hong Kong legal advice or any legal advice for that matter to any person. Oldham, Li & Nie shall not be held liable for any loss and/or damage incurred by any person acting as a result of the materials contained in this article.

Are You Ready for Madrid?

by

Are you ready for Madrid – not for a relaxing holiday or to watch your favourite football team, but to extend your trade mark (brand) protection internationally.

In this context, “Madrid” refers to the Madrid System for the International Registration of Marks, an international framework administered by the World Intellectual Property Organization (“WIPO”). The system enables the trade mark owners to seek protection in multiple jurisdictions through a single application filed in one language, under one set of fees, thereby streamlining the international filing process and reducing administrative burdens.

Madrid System and Hong Kong: Current Position

At present, it is not yet possible to designate Hong Kong under the Madrid System, nor to file an international trade mark application through the Hong Kong Trade Marks Registry. The Hong Kong Government enacted the Trade Marks (Amendment) Ordinance 2020 to establish the legal framework for implementing the Madrid Protocol, but the relevant provisions will only take effect on a date to be appointed once all necessary preparatory work has been completed.

Recent government policy updates confirm that preparatory work for Hong Kong’s participation in the Madrid Protocol remains ongoing, and that implementation will only commence after the completion of legislative, IT and related arrangements. As of early 2026, no official commencement date or target year has been announced, and there is still no confirmed timetable for when the Madrid System will be extended to Hong Kong.

In anticipation of Hong Kong’s future participation in the Madrid System, it is helpful to understand the key filing requirements.

Basic Requirements for a Madrid Application

1. Eligibility

To use the Madrid System, an applicant must have a real and effective connection with at least one Madrid member. You will qualify if you:

  • are a national of, domiciled in, or have an industrial or commercial establishment in a Madrid member; and
  • have already filed or registered a trade mark (the “basic mark”) with the IP office of that member (the “Office of Origin”).

2. Basic mark requirement

Before filing an international application, you must already have filed or registered a national or regional trade mark in your Office of Origin. This “basic mark” must:

  • be the same mark;
  • be owned by the same proprietor; and
  • cover goods and/or services that are identical to, or narrower than, those claimed in the international application.

3. International application

The international application must:

  • be filed through the Office of Origin (not sent directly to WIPO);
  • use the prescribed WIPO form MM2 or a recognised e‑filing tool such as eMadrid or the Madrid Application Assistant;
  • match the particulars of the basic mark (owner details, mark representation, goods/services); and
  • designate at least one Madrid member, with payment of the WIPO basic fee plus the relevant per‑member or per‑class fees.

4. Examination and Grant of Protection

Once your Office of Origin has certified and forwarded the international application, WIPO conducts a formalities examination only, checking fees, classification and technical compliance. If the application does not comply, WIPO issues an irregularity notice to you and the Office of Origin, usually allowing a limited period (commonly three months) to correct the deficiencies.

If the formal requirements are met, WIPO records the mark in the International Register, publishes it in the WIPO Gazette of International Marks, issues a Certificate of International Registration, and notifies each designated IP office. Each designated national or regional office then carries out its own substantive examination under local trade mark law and must grant or refuse protection within a prescribed time limit, typically 12 or 18 months from notification.

If the mark is accepted, it is protected in that jurisdiction as if registered directly at the national or regional office. If protection is provisionally refused, you may need to appoint local counsel in that jurisdiction to respond or appeal in accordance with local procedures.

How to Protect Your Trade Mark in Hong Kong Now

As Hong Kong has not yet implemented the Madrid System, trade mark protection in Hong Kong can only be obtained by filing a separate application directly with the Hong Kong Trade Marks Registry.

At this stage, Hong Kong cannot be designated in an international registration under the Madrid System, and international applications cannot be filed through the Hong Kong Registry as an Office of Origin.

Where brand owners are also seeking protection in other jurisdictions that are members of the Madrid System, they will typically need to pursue two parallel routes:

  • file a standalone local application in Hong Kong for protection in the Hong Kong market; and
  • either file separate national or regional applications in other territories, or, where available, make use of the Madrid System via an eligible Office of Origin outside Hong Kong (for example, through an associated company or establishment in a Madrid member country).

This approach reflects the current reality: Hong Kong remains a separate, locally‑filed registration, while the Madrid System may be used only for those jurisdictions where it is already in force and where the applicant otherwise meets the eligibility requirements.

Getting Ready for Madrid in Hong Kong

As Hong Kong moves toward future implementation of the Madrid Protocol, it is prudent for brand owners to ensure that their key marks are already filed and registered in Hong Kong so that they can satisfy Madrid eligibility requirements once the system becomes available locally.

Our firm would be pleased to assist you with filing and maintaining trade mark registrations in Hong Kong and with developing an international filing strategy to take full advantage of the Madrid System when it is launched here.

Disclaimer: This article is for reference only. Nothing herein shall be construed as Hong Kong legal advice or any legal advice for that matter to any person. Oldham, Li & Nie shall not be held liable for any loss and/or damage incurred by any person acting as a result of the materials contained in this article.

Hong Kong Company Re-Domiciliation Regime: A New Gateway for International Businesses

by

From 23 May 2025, Hong Kong has introduced a modern company re-domiciliation framework that allows overseas companies to relocate their place of incorporation to Hong Kong without creating a new legal entity. The initiative, implemented under the Companies (Amendment) (No. 2) Ordinance 2025, is designed to strengthen Hong Kong’s appeal as a premier international business centre and to encourage inward corporate migration.

This new regime provides a practical solution for multinational groups seeking legal certainty, tax efficiency, and continuity when restructuring their global footprint.

Overview of the Re-Domiciliation Framework

Under the Hong Kong re-domiciliation regime, an eligible foreign company may transfer its corporate domicile to Hong Kong while preserving its legal identity. The company continues uninterrupted, retaining its assets, liabilities, contractual rights, and legal proceedings.

Once approved, the re-domiciled entity is treated in the same way as a company originally incorporated in Hong Kong and becomes subject to the Companies Ordinance and other applicable local legislation.

Key Characteristics of the Regime

The regime offers several defining features that distinguish it from traditional corporate migration options:

  • Eligible Company Types
    The regime applies to non-Hong Kong companies comparable to Hong Kong private companies limited by shares, public companies limited by shares,  private unlimited companies with share capital and public unlimited companies with share capital.  Companies limited by guarantee without share capital are excluded.
  • No Economic Substance Threshold
    There is no minimum size, turnover, or sector requirement, making the regime accessible to a broad range of businesses.
  • Retention of Legal Structure
    Companies must re-domicile using their existing legal form. Conversion into a different corporate type is not permitted as part of the process.
  • Full Local Status After Migration
    Once re-domiciled, the company is regarded as a Hong Kong-incorporated entity for corporate law purposes.
  • Inbound-Only Mechanism
    The regime allows migration into Hong Kong but does not provide a statutory route for companies to migrate out.
  • Ongoing Compliance Obligations
    Re-domiciled companies must maintain a registered office in Hong Kong and comply with all applicable filing, governance, and statutory requirements.

Strategic Benefits of Re-Domiciling to Hong Kong

Re-domiciliation offers significant commercial and operational advantages:

Continuity of Business Operations

The company’s existence remains uninterrupted. There is no liquidation, asset transfer, or novation of contracts, which helps preserve commercial relationships and regulatory approvals.

Cost and Time Efficiency

By avoiding dissolution and re-incorporation, companies reduce administrative burden, professional fees, and execution risk.

Eligibility Requirements

To qualify for re-domiciliation, a company must satisfy both jurisdictional and corporate conditions.

Legal Eligibility
  • Permission Under Home Jurisdiction Law
    The laws of the company’s original jurisdiction of incorporation must allow outbound re-domiciliation (for example, permitted in the BVI and Cayman Islands but restricted in certain jurisdictions such as Bermuda).
  • Comparable Corporate Form
    The company must closely correspond to one of the eligible Hong Kong company types.
  • Operating History
    The company must have completed at least one full financial year prior to applying.
Financial and Integrity Safeguards

The regime incorporates safeguards to protect stakeholders and the integrity of the process:

  • Solvency Confirmation
    The company must not be in liquidation or receivership. Directors are required to certify solvency.
  • Good Faith Requirement
    Applications must be made genuinely and not for improper or abusive purposes.
  • Member and Creditor Protection
    Approval from at least 75% of members is required, and creditors must be formally notified of the proposed re-domiciliation.

Re-Domiciliation Application Process

When documentation is complete, the re-domiciliation procedure typically takes around two weeks.

Key documents include:

  • Proposed Articles of Association aligned with Hong Kong requirements
  • Legal opinion from the original jurisdiction confirming eligibility and compliance
  • Director’s certificate confirming solvency and good faith
  • Recent financial statements (audited or unaudited, dated within the last 12 months)
  • Prescribed application forms containing corporate particulars

Upon approval, the Companies Registry issues a Certificate of Re-Domiciliation, confirming the company’s status as a Hong Kong entity.

Following re-domiciliation, the company must:

  • Deregister from its original jurisdiction within 120 days
  • File post-registration forms reporting corporate details
  • Maintain a registered office in Hong Kong
  • Appoint a Company Secretary and a Designated Representative

Hong Kong Tax Implications

Hong Kong’s territorial tax system provides clarity and potential advantages for re-domiciled companies:

  • Profits Tax
    Only profits arising in or derived from Hong Kong are subject to tax.
  • Tax Residency and Treaties
    Re-domiciled companies are generally regarded as Hong Kong tax residents for treaty purposes, subject to meeting substance and management requirements.
  • Stamp Duty
    No stamp duty is payable on the re-domiciliation itself, although subsequent transfers of shares may attract Hong Kong stamp duty.

Considerations for Regulated Industries

Companies operating in regulated sectors—such as banking, insurance, and financial services—must engage with the relevant regulators and comply with sector-specific legislation, including licensing and approval requirements under applicable ordinances.

Early regulatory engagement is strongly recommended to avoid delays.

Who Should Consider Re-Domiciling to Hong Kong?

The Hong Kong company re-domiciliation regime is particularly attractive for:

  • Businesses with existing or planned operations in Hong Kong
  • Financial institutions and insurers seeking regulatory alignment
  • Holding companies managing investment or intellectual property structures
  • Corporate groups aiming to access Hong Kong’s extensive tax treaty network
  • Multinational enterprises adapting to evolving global tax and transparency standards

Next Steps

The re-domiciliation regime offers a flexible and business-friendly route for companies seeking a stable, internationally recognised legal base in Hong Kong.

For tailored advice on whether re-domiciliation is suitable for your organisation, and for guidance on the application process, please contact us via the enquiry form.

Disclaimer: This article is for reference only. Nothing herein shall be construed as Hong Kong legal advice or any legal advice for that matter to any person. Oldham, Li & Nie shall not be held liable for any loss and/or damage incurred by any person acting as a result of the materials contained in this article.

Estate Planning in Hong Kong

by

Have you made preparations to ensure your loved ones will receive the assets you worked hard to acquire? Or is this something you keep postponing? Thinking about the topic of death can feel overwhelming. However, without a Will, your assets will be distributed in accordance with Hong Kong legislation which may not reflect your wishes.

Let’s explore some critical considerations before drafting a Will.

First, you should identify the persons who will inherit. Those are the beneficiaries. It’s also vital to have a contingency plan in case one of your beneficiaries predecease you.

Secondly, select an executive will be responsible for applying to the court for probate and upon the granting of a court order, engaging in the actual distribution of your assets. For example, dealing with the banks to access items stored in safety deposit boxes and handing over cash to beneficiaries.

Additionally, you should carefully consider how and where you will store your Will.

In addition to drafting a Will, if you wish to ensure that your finances are well taken care of in the event you become mentally incapacitated, you should think about establishing an Enduring Power of Attorney (EPOA). This document is effective only during your lifetime and enables you to designate a trusted individual to manage financial matters on your behalf, such as paying hospital bills, engaging in real estate transactions, and handling other financial matters.

The reason an Enduring Power of Attorney (EPOA) is needed in the event you become mentally unable is because financial institutions and other authorities will not accept your instructions once they learn of your mental incapacity.

Ultimately, effective estate planning protects both you and your loved ones. Even with a Will in place, disputes can arise, potentially leading to lawsuits, which can drag on for years and become expensive. Often, death is an emotionally charged event and can cause people to become different from their usual selves.

If you would like to discuss how to effectively plan your Will, please feel free to reach out to us anytime.

Issues to Consider Before Signing a Service Agreement with a Critical Infrastructure Operator

by

Imagine receiving an unexpected request from the Commissioner’s Office for your firm’s network diagrams and system details. This is a pre-designation inquiry under Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653). The OCCICS FAQs make clear that authorities use this power to assess whether your organisation should be designated as a Critical Infrastructure Operator (CIO).

Designated CIOs must fulfil obligations under three categories: organisational, preventive, and reporting. While CIOs cannot delegate ultimate accountability (OCCICS FAQ 6), they typically work with service suppliers — cloud providers, IT vendors, managed security firms — to meet these requirements. This creates “flow-down” obligations for suppliers through detailed compliance clauses in service agreements.

Below is a comprehensive guide to eight key issues, explaining the CIO’s legal duties under the Ordinance, the supplier’s perspective, and practical negotiation points to achieve balanced terms.

1. Basic Definitions

CIOs have a legal obligation to identify and designate Critical Computer Systems (CCSs) under section 13, focusing on those where disruption would seriously affect society or the economy. They cannot delegate core accountability (OCCICS FAQ 6 stresses that outsourcing does not relieve them of responsibility).

From a supplier’s viewpoint, overly broad or ambiguous definitions can unexpectedly widen liability and compliance burdens. The Ordinance defines a”computer system” broadly as any device or group of interconnected devices that processes, stores, or transmits data electronically (s.2). A “security incident” covers any unauthorized or adverse event affecting a CCS, including breaches, malware, ransomware, or integrity compromise (s.2 and Code of Practice v1.0).

Key negotiation points: Insist on precise definitions that limit the agreement’s scope to the specific services you provide. Explicitly exclude non-relevant systems and agree on clear triggers for what constitutes a reportable incident (e.g., excluding routine hardware failures or non-cyber events). This prevents overreach and protects against unintended regulatory exposure.

2. Incident Reporting Obligations

CIOs bear the ultimate duty to report serious incidents within 12 hours and others within 48 hours (initial notification) plus a 14-day written report (Code of Practice v1.0, Category 3). They must ensure supply chain partners support this process without shifting the primary reporting burden.

Suppliers should restrict their role to prompt internal notification to the CIO, avoiding direct regulatory reporting obligations that could complicate liability.

Key negotiation points: Require the supplier to alert the CIO within a tight window (e.g., 2–4 hours) of detecting any potential incident affecting the CIO’s systems. Include detailed joint response protocols for containment, eradication, and recovery. Negotiate clear cost allocation for investigations, external forensics, or regulatory assistance, and establish mutual timelines that align with the CIO’s reporting deadlines to avoid cascading delays.

3. Limitation of Liability

CIOs face significant fines up to HK$5 million for non-compliance (s.58), so they seek strong contractual protections against supplier-related risks. Suppliers must avoid unlimited or disproportionate exposure, especially since CIOs cannot fully transfer their regulatory liability.

Key negotiation points: Aim for a reasonable overall cap, such as 1–3 times the fees paid in the preceding 12 months. Explicitly exclude indirect, consequential, or punitive losses. Carve out exceptions only for gross negligence, willful misconduct, or breach of confidentiality. Negotiate balanced clauses that reflect the CIO’s primary duty while protecting the supplier from disproportionate fallout from regulatory fines or third-party claim

4. Indemnity

CIOs must ensure preventive measures extend to the supply chain (Category 2 obligations), and they remain fully liable for overall compliance. They often demand broad indemnity covering losses, regulatory fines, or third-party claims arising from supplier breaches.
Suppliers should push for mutual indemnity and limit it to direct, proven faults to avoid one-sided exposure.

Key negotiation points: Require the CIO to indemnify the supplier for issues caused by inaccurate information, CIO-provided data errors, or CIO faults. Include coverage for defense costs and a requirement for prompt notice of claims. Negotiate evidence thresholds for indemnity triggers and reasonable caps on indemnity amounts to keep exposure proportionate and fair.

5. Data Access & Processing

CIOs must conduct annual risk assessments that include data sensitivity and interdependencies (Category 2), and comply with the Personal Data (Privacy) Ordinance (PDPO) if personal data is processed.

Suppliers should restrict access to only necessary data and ensure the CIO provides accurate, complete information for processing.

Key negotiation points: Clearly define data ownership — the CIO retains title to its data. Include strict terms for purpose limitation, data minimization, security safeguards, and secure deletion or return upon termination. Negotiate provisions for supplier assistance with data subject rights requests and regulatory data access demands, while protecting the supplier’s own proprietary processes and algorithms.

6. Confidentiality

CIOs face strict secrecy obligations on designation-related information (s.57, with fines up to HK$1 million for unauthorized disclosure). They must protect sensitive data in security plans, assessments, and incident reports.

Suppliers should allow necessary regulatory disclosures while safeguarding their own intellectual property and trade secrets.

Key negotiation points: Require non-disclosure agreements (NDAs) at the Ordinance’s level of protection. Ensure confidentiality obligations survive termination for a reasonable period. Negotiate clear exceptions for legal or regulatory requirements, with prior notice to the CIO where feasible, and reciprocal protections for supplier confidential information.

7. Termination Rights

CIOs must notify material changes, such as operator cessation or significant system alterations (Category 1), and maintain operational continuity during transitions.

Suppliers should secure payment for work already performed and avoid abrupt or punitive terminations.

Key negotiation points: The CIO shall maintain the right to immediately terminate a supply contract in case of serious incident but make sure the operation of the computer system won’t be affected. Include reasonable cure periods (e.g., 30 days) for non-serious breaches before termination can take effect. Negotiate detailed transition support provisions, including data handover, continued service during wind-down, and handling of retained data to ensure a smooth and orderly exit.

8. Audits and Inspections

CIOs are required to conduct biennial independent audits (Category 2) and must permit Commissioner inspections and investigations (Part 5 powers).

Suppliers should limit the frequency, scope, and cost burden of audits while maintaining reasonable cooperation.

Key negotiation points: Grant the CIO and regulators reasonable audit rights over relevant services. Include provisions for periodic reviews and cooperation with external auditors. Negotiate clear scope restrictions (e.g., limited to services provided), advance notice requirements, and cost reimbursement or sharing mechanisms. Include reciprocal audit rights for fairness.

Final Tip

Treat the agreement as a strategic partnership rather than a defensive document. Thoroughly document all negotiations and compliance commitments — this record can support due diligence defenses under sections 65–66 if disputes arise. As of January 13, 2026, no designations have been announced, giving suppliers valuable time to negotiate balanced, protective terms.

Ready to review your draft agreement or prepare for upcoming negotiations with a CIO? Contact Oldham Li & Nie for expert, practical guidance tailored to your business.

Summary

Service suppliers contracting with Critical Infrastructure Operators (CIOs) under Cap. 653 face significant “flow-down” compliance burdens because CIOs cannot delegate ultimate regulatory accountability. The article outlines eight critical negotiation points:

  1. Definitions
    – Insist on precise scope limitations to avoid unintended regulatory exposure for systems you don’t control.
  2. Incident Reporting
    – Commit to fast internal alerts (2-4 hours) while avoiding direct regulatory reporting duties; establish clear cost allocation for investigations.
  3. Liability Caps
    – Negotiate reasonable limits (e.g., 1-3× annual fees) excluding indirect/consequential losses, with carve-outs only for gross negligence or willful misconduct.
  4. Indemnity
    – Push for mutual indemnity with evidence thresholds and caps, ensuring the CIO indemnifies you for its own faults or bad data.
  5. Data Terms
    – Confirm CIO data ownership; require purpose limitation, security safeguards, and assistance provisions for regulatory access requests.
  6. Confidentiality
    – Align NDAs with the Ordinance’s strict secrecy rules (s.57, HK$1M fines), with carve-outs for legal/ regulatory disclosures.
  7. Termination
    – Ensure mutual rights, cure periods (e.g., 30 days), and detailed transition/data handover provisions.
  8. Audits
    – Limit audit frequency/scope; negotiate advance notice, cost sharing, and reciprocal audit rights.

With no designations yet announced as of January 13, 2026, suppliers have a narrow window to negotiate balanced terms before CIO obligations take full effect.

Disclaimer: This article is for reference only. Nothing herein shall be construed as Hong Kong legal advice or any legal advice for that matter to any person. Oldham, Li & Nie shall not be held liable for any loss and/or damage incurred by any person acting as a result of the materials contained in this article.

Oldham, Li & Nie Wins Hong Kong Law Firm of the Year for the Second Consecutive Year at the Asialaw Awards 2025

by

Oldham, Li & Nie has once again been recognised as Hong Kong SAR Law Firm of the Year at the eighth annual asialaw Awards 2025, reaffirming its position as the leading firm in the region. The awards ceremony took place on 6 November 2025, in Ho Chi Minh City, Vietnam, where our Partner Anna Chan and Senior Associate Kacy Lam accepted the accolade on behalf of the firm.

This marks the second consecutive year that OLN has received this top jurisdictional honour, reflecting our continued commitment to excellence, innovation, and client service across all our practice areas.

Asialaw Awards 2025 Winner badge, Oldham, Li & Nie, Hong Kong SAR law firm of the year

About asialaw Awards

The asialaw Awards, organised by asialaw – a prominent legal directory known for its comprehensive regional rankings – recognise the most outstanding law firms, practitioners, and deals across Asia each year.

For 2025, asialaw celebrated legal excellence across 20 jurisdictions and 28 practice areas and industry sectors, based on meticulous research and feedback from clients and peers.

For the full list of winners and more information on the asialaw Awards 2025, please visit the asialaw website.