• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
location iconSuite 503, 5/F, St. George's Building, 2 Ice House Street, Central, Hong Kongphone-icon +852 2868 0696 linkedintwitterfacebook
OLN IP Services
OLN Online
  • ENG
    • 简
    • 繁
    • FR
    • 日本語
Oldham, Li & Nie
OLN IP Services
close-btn
OLN IP Services
Get bespoke and commercially-driven advice to your Intellectual Property
Learn More
OLN IP Services
OLN Online
close-btn
OLN Online
Powered by Oldham, Li & Nie, the law firm of choice for Hong Kong’s vibrant startup and SME community, OLN Online is a forward-looking and seamless addition to traditional legal services – a true disruptor.
Learn More
OLN IP Services
  • About
        • Awards & Rankings
        • Corporate Social Responsibility
  • Practice Areas
        • Canadian Notarization Services
        • Commercial Fraud & Asset Tracing
        • Elder Law Practice Group
        • Financial Service & Regulatory
        • Insolvency & Restructuring Law
        • Japanese Practice
        • Private Client – Estate Planning & Probate
        • Tax Advisory
        • China Practice
        • Corporate & Commercial Law
        • Employment & Business Immigration Law
        • French Practice
        • Insurance Law
        • Notarial Services
        • Regulatory Compliance, Investigations and Enforcement
        • Chinese Notary Services (CAAO)
        • Dispute Resolution
        • Family Law
        • Fund Practice
        • Intellectual Property Law
        • Personal Injury Law
        • Startups & Venture Capital
        • Canadian Notarization Services
        • China Practice
        • Chinese Notary Services (CAAO)
        • Commercial Fraud and Asset Tracing
        • Corporate and Commercial Law
        • Dispute Resolution
        • Elder Law Practice Group
        • Employment and Business Immigration Law
        • Family Law
        • Financial Service and Regulatory
        • French Practice
        • Fund Practice
        • Insolvency & Restructuring Law
        • Insurance Law
        • Intellectual Property Law
        • Japanese Practice
        • Notarial Services
        • Personal Injury Law
        • Private Client – Estate Planning and Probate
        • Regulatory Compliance, Investigations and Enforcement
        • Startups & Venture Capital
        • Tax Advisory
  • People
  • Insights
  • Offices

Suite 503, St. George's Building,
2 Ice House Street, Central, Hong Kong

Tel. +852 2868 0696 | Send Email
linkedin twitter facebook
OLN Blue

OLN

  • About
    • Awards and Rankings
    • Corporate Social Responsibility
  • Awards and Rankings
  • Block Content Examples
  • Careers
  • Client Information & Registration
  • Contact Us
  • Cookie Policy (EU)
  • Globalaw
  • Offices
  • Oldham, Li & Nie
  • OLN and the Community
  • OLN Podcasts
  • People
  • Practice Areas
  • Privacy Policy
  • Review
  • Reviews
  • Standard Terms of Engagement
  • Test Blog
  • The Firm
  • What Others Say
  • About
        • Awards & Rankings
        • Corporate Social Responsibility
  • Practice Areas
        • Canadian Notarization Services
        • Commercial Fraud & Asset Tracing
        • Elder Law Practice Group
        • Financial Service & Regulatory
        • Insolvency & Restructuring Law
        • Japanese Practice
        • Private Client – Estate Planning & Probate
        • Tax Advisory
        • China Practice
        • Corporate & Commercial Law
        • Employment & Business Immigration Law
        • French Practice
        • Insurance Law
        • Notarial Services
        • Regulatory Compliance, Investigations and Enforcement
        • Chinese Notary Services (CAAO)
        • Dispute Resolution
        • Family Law
        • Fund Practice
        • Intellectual Property Law
        • Personal Injury Law
        • Startups & Venture Capital
        • Canadian Notarization Services
        • China Practice
        • Chinese Notary Services (CAAO)
        • Commercial Fraud and Asset Tracing
        • Corporate and Commercial Law
        • Dispute Resolution
        • Elder Law Practice Group
        • Employment and Business Immigration Law
        • Family Law
        • Financial Service and Regulatory
        • French Practice
        • Fund Practice
        • Insolvency & Restructuring Law
        • Insurance Law
        • Intellectual Property Law
        • Japanese Practice
        • Notarial Services
        • Personal Injury Law
        • Private Client – Estate Planning and Probate
        • Regulatory Compliance, Investigations and Enforcement
        • Startups & Venture Capital
        • Tax Advisory
  • People
  • Insights
  • Offices
Cybersecurity risk assessment for insurers Hong Kong

Cyber Resilience Assessment Framework Introduced for Insurers in Hong Kong

Insurance

Cyber Resilience Assessment Framework Introduced for Insurers in Hong Kong

December 23, 2024 by OLN Marketing

Following consultation with the insurance industry, on 11 December 2024 the Insurance Authority published a revised Guideline on Cybersecurity (Revised GL20). It takes effect on 1 January, 2025, introducing a Cyber Resilience Assessment Framework (CRAF or Framework) for insurers.

What Insurers Need to Know

The Framework applies (with limited exceptions) to the authorised insurers in relation to the business they carry on in or from Hong Kong. The provisions do not apply to captive, marine mutual, and special purpose insurers, Lloyd’s and insurers that have ceased underwriting or accepting business and are in run-off. All other provisions of the revised GL20 apply to all authorised insurers except for captive and marine mutual insurers.

The Framework requires insurers to evaluate inherent risk and the maturity of their controls against the prescribed control principles. The Framework’s three step approach is:

– Step One: the insurer conducts an inherent risk assessment.

– Step Two: the insurer conducts a cybersecurity maturity assessment.

– Step Three: the insurer makes a submission to the Insurance Authority on assessment results and proposed remedial measures.

What Insurers Need to Do, Generally

Important aspects of GL 20 require insurers to demonstrate a robust cybersecurity strategy and framework.  The requirements include:

1. Insurer’s board of directors to endorse the cybersecurity strategy and framework (CSF). In doing so it should ensure:

a. There are clearly defined roles and responsibilities including reporting lines and escalation procedures.

b. It should cultivate a strong level of awareness of and commitment to cybersecurity.

c. Risk appetite and tolerances are well defined.

d. This requires a complete risk assessment to identify risks and assess mitigating measures.It has oversight of CSF design and its implementation and effectiveness.

e. Where a designated management team of appropriately qualified individuals are tasked to assist the board, both board and team need to ensure the CSF is updated continuously.

2. Insurers are to include objectives and staff and system user competencies in the CSF, implement continuous monitoring and review the CSF periodically – annually, or more frequently if a material event occurs such as an incident or new system deployment.

3. Insurers are to have a well-developed cybersecurity incident response plan.

What insurers need to do regarding the Framework

Important actions to be implemented by insurers under CRAF include:

1. Conduct assessments:

a. An inherent risk assessment is to be conducted in accordance with the Inherent Risk Assessment Matrix. This is designed to identify the insurer’s rating on a three-tiered system:

i. High – extensive adoption of technologies over numerous delivery channels

ii. Medium – adoption of some complex new technologies

iii. Low or not applicable if appropriate – few emerging technologies are adopted

        b. A cybersecurity maturity assessment is to be conducted in accordance with the Cybersecurity Maturity Assessment Matrix – having regard to Governance, Identification, Protection, Detection, Response and Recovery, Situational Awareness and Third-Party Risk Management. If an insurer wishes to adopt an alternative cybersecurity assessment framework, for example, the framework adopted by the organisation elsewhere or a framework previously used, it must be comparable to the Framework and meet all required conditions.

        2. Make appointments:

        a. an Assessor is to be appointed, with appropriate skills and qualifications (having regard to the inherent risk rating). When assessing cybersecurity controls, the Assessor should determine the sampling size and approach, taking a risk-based approach. Samples may be limited to the preceding 6 months if the assessment is being conducted for the first time. Otherwise, a 12 months period should be used.

        b. If necessary, a Validator with the prescribed qualifications, is to be appointed.

        3. Make submissions to the Insurance Authority:

        a. For insurers with a high inherent risk rating the results of their assessments are to be submitted within 12 months from the effective date of CRAF.

        b. For insurers with a low or medium inherent risk rating the results of their assessments are to be submitted within 18 months from the effective date of CRAF.

        Thereafter, submissions are to be made at least every three years or more frequently (annually) or upon a major change to business or technologies.

        4. Ensure the insurer’s Chief Executive or a senior officer (i.e. a key persons in control function) and the Assessor and/or Validator responsible for conducting Assessment review and approve the assessment.

        Conclusion:

        The insurance industry faces significant cyber risk as a first party issue, in its supply chain and in its insurance portfolios. GL20 is a valuable tool for insurers to measure, implement and enhance their cyber governance, systems, controls and resilience on a continuous basis.

        Disclaimer: This article is for reference only. Nothing herein shall be construed as Hong Kong legal advice or any legal advice for that matter to any person. Oldham, Li & Nie shall not be held liable for any loss and/or damage incurred by any person acting as a result of the materials contained in this article.

        Filed Under: OLN, Insurance, News Tagged With: Insurance

        Legal Update: Is an insurer vicariously liable for an agent’s fraud?

        January 22, 2018 by OLN Marketing

        Vicarious liability is the legal doctrine that holds one party liable for wrongdoing committed by another, typically where the party held liable is superior to or has some right to control the other’s actions.  This most commonly arises in the employment context, where an employer is generally held liable for any tort committed by an employee in the course of his/her duties.  However, vicarious liability is not limited to the employment relationship and can extend to the relationship between insurer and insurance agent. 

        Recent cases affirm that the relationship between insurer and agent can give rise to vicarious liability, even though the agent is not the insurer’s employee and the agent’s contract with the insurer explicitly denies any employment relationship.  In deciding whether to impose vicarious liability, courts will consider if this is fair, just and reasonable taking into account the overall relationship (including the insurer’s control over the agent) and enterprise risk considerations, including the insurer’s business model, the regulatory framework governing the insurance industry and deterrence of future harm.  In Hong Kong, many agents are tied exclusively to one insurer and even non-exclusive agents are bound under the HKFI Code of Practice to represent no more than four insurers, including no more than 2 long-term insurers.  These ties between insurer and agent, and the functions performed by the agent on the insurer’s behalf, tend to create circumstances where a court may find vicarious liability.

        Case Analysis

        A recent Singapore case, in which a major life insurer was held vicariously liable for an agent’s fraud, is instructive.  In that case, the agent had sold the plaintiffs (an elderly Indonesian couple) a fictitious 5-year life insurance policy.  Funds remitted by the plaintiffs for the fake policy were used by the agent to buy unauthorized policies in the plaintiffs’ names, which the agent later deceived the plaintiffs into surrendering.  The funds were then misappropriated by the agent.  Throughout this process, the insurer relied on the agent to liaise with the plaintiffs regarding the policies they held and to transmit instructions as to how to handle their money, refund cheques and surrender proceeds. 

        In finding the insurer vicariously liable for the agent’s fraud, the Singapore High Court applied a 2-stage test, under which vicarious liability will be imposed where:

        1. There is a “special relationship” between the tortfeasor (fraud perpetrator) and the defendant making it “fair, just and reasonable” for liability to be imposed; and
        2. The conduct of the tortfeasor is closely connected to his/her relationship with the defendant, particularly where that relationship materially increases the risk of the fraud being committed.

        In applying this test for vicarious liability, the Singapore Court followed an established line of UK and Canadian caw law which identified two policy considerations for imposing liability:  1) effective compensation for the victim; and 2) enterprise risk theory, which holds that an enterprise which engages agents to advance its business interests and creates the risk of those agents committing wrongs against third parties should bear responsibility for the consequences, since it is best placed (and should be incentivized)  to manage the risks and prevent wrongdoing. 

        Under the first stage of the test (requiring a special relationship between tortfeasor and defendant), vicarious liability is no longer restricted to employment relationships and the court will examine the facts to see if the relationship has some of the same fundamental qualities inherent in employer-employee relationships, including control over the tortfeasor (agent) and integration of his/her activities in the defendant’s (insurer’s) enterprise.  On the facts of the Singapore case, the court found that these elements were present, noting that even though the agent’s contract with the insurer specifically stated that the agent was not an employee, she represented the insurer exclusively and performed a wide range of functions on the insurer’s behalf.  Further, the insurer’s control over her was very similar to that of an employer training, managing, supervising and disciplining its employees. 

        Turning to the second stage of the test (requiring a sufficient connection between the tortfeasor’s conduct and his/her relationship with the defendant), the court noted that the fraud had been perpetrated in the context of a business model in which insurers relied on agents to promote and market their policies by developing close relationships with high net-worth policy holders.  On the facts, the insurer further enhanced the risk of the agent’s fraud by allowing her to perform tasks on both sides without verification, including accepting her word as instructions and authorization from the customer.  Given this business framework and the policy justifications of victim compensation and deterrence, the court found that there was a sufficient connection between the agent’s fraud and her relationship with the insurer so as to justify imposing vicarious liability.

        OLN Insights

        1.  Recent case law confirms that vicarious liability is not confined to employment relationships and can render an insurer liable for its agent’s fraud.  Courts will look beyond the agent’s contract with the insurer in assessing if the agent is truly acting as an independent contractor or is effectively controlled by the insurer and integrated within the insurer’s enterprise. 

        2. Policy considerations, and particularly enterprise risk considerations, may lead a court to hold an insurer vicariously liable for an agent’s fraud in the current regulatory context, which (in Hong Kong as in Singapore) expects insurance companies to take responsibility for the management of its agents, particularly where agents are representing no more than a few insurers, and are seen by the public as representatives of their appointing insurer and an extension of their enterprise.

        3. To mitigate exposure, insurers would be well advised to institute more robust controls to verify policyholder instructions rather than relying exclusively on agents to communicate with customers.  Verification should be undertaken of significant policy-related requests from policyholders, including instructions on how to apply remitted and/or excess funds and policy surrender requests.  For example, policy approval confirmation letters, premium payment letters, policy surrender letters and refund cheques could be mailed directly to the policyholder (with proof of delivery) rather than passed on through the agent. 

        About OLN’s Insurance Practice Group

        OLN’s Insurance Practice Group has direct experience of the legal, regulatory and practical challenges facing insurers and reinsurers throughout Asia region. Members of our Group have worked in the insurance industry and have extensive experience working in and advising insurers and reinsurers on contractual and regulatory matters and risk management issues relevant to their businesses. We have particular expertise in the review and drafting of contractual documentation relating to insurance and reinsurance activities, including the development of policy wording for life, accident, medical and health insurance products, and the review and vetting of related proposals, product brochures and training materials. We also have experience advising on disputes over coverage for claims under both life and general insurance policies, and with support from OLN’s Dispute Resolution Group, are well placed to represent clients in all aspects of insurance litigation.

        For more information about any other insurance-related matters, please contact:

        Greg Crichton, Consultant

        Filed Under: Insurance Tagged With: Insurance

        Primary Sidebar

        This website uses cookies to optimise your experience and to collect information to customise content. By closing this banner, clicking a link or continuing to browse otherwise, you agree to the use of cookies. Please read the cookies section of our Privacy Policy to learn more. Learn more

        Footer

        OLN logo

        Suite 503, 5/F, St. George's Building 2 Ice House Street, Central, Hong Kong

        Tel. +852 2868 0696 | Email us
        About People Offices OLN IP Services Privacy Policy
        Practice Areas Insights Careers OLN Online
        About Practice Areas People Insights Offices
        Careers OLN IP Services OLN Online Privacy Policy Home
        linkedin twitter facebook
        OLN logo

        © 2025 Oldham, Li & Nie. All Rights Reserved.

        Manage Consent
        To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
        Functional Always active
        The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
        Preferences
        The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
        Statistics
        The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
        Marketing
        The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
        Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
        View preferences
        {title} {title} {title}
        OLN IP Services

        Get bespoke and commercially-driven advice to your Intellectual Property
        Learn More
        OLN IP Services
        OLN Online

        Powered by Oldham, Li & Nie, the law firm of choice for Hong Kong’s vibrant startup and SME community, OLN Online is a forward-looking and seamless addition to traditional legal services – a true disruptor.
        Learn More
        OLN IP Services
        Contact Us

        Please share the details of your message here.
        We will be in touch shortly.

          • Hong Kong (香港)+852
          • Australia+61
          • China (中国)+86
          • Afghanistan (‫افغانستان‬‎)+93
          • Albania (Shqipëri)+355
          • Algeria (‫الجزائر‬‎)+213
          • American Samoa+1684
          • Andorra+376
          • Angola+244
          • Anguilla+1264
          • Antigua and Barbuda+1268
          • Argentina+54
          • Armenia (Հայաստան)+374
          • Aruba+297
          • Australia+61
          • Austria (Österreich)+43
          • Azerbaijan (Azərbaycan)+994
          • Bahamas+1242
          • Bahrain (‫البحرين‬‎)+973
          • Bangladesh (বাংলাদেশ)+880
          • Barbados+1246
          • Belarus (Беларусь)+375
          • Belgium (België)+32
          • Belize+501
          • Benin (Bénin)+229
          • Bermuda+1441
          • Bhutan (འབྲུག)+975
          • Bolivia+591
          • Bosnia and Herzegovina (Босна и Херцеговина)+387
          • Botswana+267
          • Brazil (Brasil)+55
          • British Indian Ocean Territory+246
          • British Virgin Islands+1284
          • Brunei+673
          • Bulgaria (България)+359
          • Burkina Faso+226
          • Burundi (Uburundi)+257
          • Cambodia (កម្ពុជា)+855
          • Cameroon (Cameroun)+237
          • Canada+1
          • Cape Verde (Kabu Verdi)+238
          • Caribbean Netherlands+599
          • Cayman Islands+1345
          • Central African Republic (République centrafricaine)+236
          • Chad (Tchad)+235
          • Chile+56
          • China (中国)+86
          • Christmas Island+61
          • Cocos (Keeling) Islands+61
          • Colombia+57
          • Comoros (‫جزر القمر‬‎)+269
          • Congo (DRC) (Jamhuri ya Kidemokrasia ya Kongo)+243
          • Congo (Republic) (Congo-Brazzaville)+242
          • Cook Islands+682
          • Costa Rica+506
          • Côte d’Ivoire+225
          • Croatia (Hrvatska)+385
          • Cuba+53
          • Curaçao+599
          • Cyprus (Κύπρος)+357
          • Czech Republic (Česká republika)+420
          • Denmark (Danmark)+45
          • Djibouti+253
          • Dominica+1767
          • Dominican Republic (República Dominicana)+1
          • Ecuador+593
          • Egypt (‫مصر‬‎)+20
          • El Salvador+503
          • Equatorial Guinea (Guinea Ecuatorial)+240
          • Eritrea+291
          • Estonia (Eesti)+372
          • Ethiopia+251
          • Falkland Islands (Islas Malvinas)+500
          • Faroe Islands (Føroyar)+298
          • Fiji+679
          • Finland (Suomi)+358
          • France+33
          • French Guiana (Guyane française)+594
          • French Polynesia (Polynésie française)+689
          • Gabon+241
          • Gambia+220
          • Georgia (საქართველო)+995
          • Germany (Deutschland)+49
          • Ghana (Gaana)+233
          • Gibraltar+350
          • Greece (Ελλάδα)+30
          • Greenland (Kalaallit Nunaat)+299
          • Grenada+1473
          • Guadeloupe+590
          • Guam+1671
          • Guatemala+502
          • Guernsey+44
          • Guinea (Guinée)+224
          • Guinea-Bissau (Guiné Bissau)+245
          • Guyana+592
          • Haiti+509
          • Honduras+504
          • Hong Kong (香港)+852
          • Hungary (Magyarország)+36
          • Iceland (Ísland)+354
          • India (भारत)+91
          • Indonesia+62
          • Iran (‫ایران‬‎)+98
          • Iraq (‫العراق‬‎)+964
          • Ireland+353
          • Isle of Man+44
          • Israel (‫ישראל‬‎)+972
          • Italy (Italia)+39
          • Jamaica+1876
          • Japan (日本)+81
          • Jersey+44
          • Jordan (‫الأردن‬‎)+962
          • Kazakhstan (Казахстан)+7
          • Kenya+254
          • Kiribati+686
          • Kosovo+383
          • Kuwait (‫الكويت‬‎)+965
          • Kyrgyzstan (Кыргызстан)+996
          • Laos (ລາວ)+856
          • Latvia (Latvija)+371
          • Lebanon (‫لبنان‬‎)+961
          • Lesotho+266
          • Liberia+231
          • Libya (‫ليبيا‬‎)+218
          • Liechtenstein+423
          • Lithuania (Lietuva)+370
          • Luxembourg+352
          • Macau (澳門)+853
          • Macedonia (FYROM) (Македонија)+389
          • Madagascar (Madagasikara)+261
          • Malawi+265
          • Malaysia+60
          • Maldives+960
          • Mali+223
          • Malta+356
          • Marshall Islands+692
          • Martinique+596
          • Mauritania (‫موريتانيا‬‎)+222
          • Mauritius (Moris)+230
          • Mayotte+262
          • Mexico (México)+52
          • Micronesia+691
          • Moldova (Republica Moldova)+373
          • Monaco+377
          • Mongolia (Монгол)+976
          • Montenegro (Crna Gora)+382
          • Montserrat+1664
          • Morocco (‫المغرب‬‎)+212
          • Mozambique (Moçambique)+258
          • Myanmar (Burma) (မြန်မာ)+95
          • Namibia (Namibië)+264
          • Nauru+674
          • Nepal (नेपाल)+977
          • Netherlands (Nederland)+31
          • New Caledonia (Nouvelle-Calédonie)+687
          • New Zealand+64
          • Nicaragua+505
          • Niger (Nijar)+227
          • Nigeria+234
          • Niue+683
          • Norfolk Island+672
          • North Korea (조선 민주주의 인민 공화국)+850
          • Northern Mariana Islands+1670
          • Norway (Norge)+47
          • Oman (‫عُمان‬‎)+968
          • Pakistan (‫پاکستان‬‎)+92
          • Palau+680
          • Palestine (‫فلسطين‬‎)+970
          • Panama (Panamá)+507
          • Papua New Guinea+675
          • Paraguay+595
          • Peru (Perú)+51
          • Philippines+63
          • Poland (Polska)+48
          • Portugal+351
          • Puerto Rico+1
          • Qatar (‫قطر‬‎)+974
          • Réunion (La Réunion)+262
          • Romania (România)+40
          • Russia (Россия)+7
          • Rwanda+250
          • Saint Barthélemy+590
          • Saint Helena+290
          • Saint Kitts and Nevis+1869
          • Saint Lucia+1758
          • Saint Martin (Saint-Martin (partie française))+590
          • Saint Pierre and Miquelon (Saint-Pierre-et-Miquelon)+508
          • Saint Vincent and the Grenadines+1784
          • Samoa+685
          • San Marino+378
          • São Tomé and Príncipe (São Tomé e Príncipe)+239
          • Saudi Arabia (‫المملكة العربية السعودية‬‎)+966
          • Senegal (Sénégal)+221
          • Serbia (Србија)+381
          • Seychelles+248
          • Sierra Leone+232
          • Singapore+65
          • Sint Maarten+1721
          • Slovakia (Slovensko)+421
          • Slovenia (Slovenija)+386
          • Solomon Islands+677
          • Somalia (Soomaaliya)+252
          • South Africa+27
          • South Korea (대한민국)+82
          • South Sudan (‫جنوب السودان‬‎)+211
          • Spain (España)+34
          • Sri Lanka (ශ්‍රී ලංකාව)+94
          • Sudan (‫السودان‬‎)+249
          • Suriname+597
          • Svalbard and Jan Mayen+47
          • Swaziland+268
          • Sweden (Sverige)+46
          • Switzerland (Schweiz)+41
          • Syria (‫سوريا‬‎)+963
          • Taiwan (台灣)+886
          • Tajikistan+992
          • Tanzania+255
          • Thailand (ไทย)+66
          • Timor-Leste+670
          • Togo+228
          • Tokelau+690
          • Tonga+676
          • Trinidad and Tobago+1868
          • Tunisia (‫تونس‬‎)+216
          • Turkey (Türkiye)+90
          • Turkmenistan+993
          • Turks and Caicos Islands+1649
          • Tuvalu+688
          • U.S. Virgin Islands+1340
          • Uganda+256
          • Ukraine (Україна)+380
          • United Arab Emirates (‫الإمارات العربية المتحدة‬‎)+971
          • United Kingdom+44
          • United States+1
          • Uruguay+598
          • Uzbekistan (Oʻzbekiston)+998
          • Vanuatu+678
          • Vatican City (Città del Vaticano)+39
          • Venezuela+58
          • Vietnam (Việt Nam)+84
          • Wallis and Futuna (Wallis-et-Futuna)+681
          • Western Sahara (‫الصحراء الغربية‬‎)+212
          • Yemen (‫اليمن‬‎)+967
          • Zambia+260
          • Zimbabwe+263
          • Åland Islands+358

          x