English
The Technology Committee recognizes the Taiwan government’s achievement of last year’s 6.28% economic growth rate – the highest in over a decade – despite the challenges posed by the pandemic. As we enter a post- COVID era, technology-related industries will continue to lead growth by capitalizing on the solid foundation laid by the government. The Committee, for its part, will continue to work with the government to jointly address critical issues facing these industries.
Suggestion 1: Amend the PDPA with an eye to balancing industrial development and personal data protection.
The Committee appreciates the discussions conducted by the authorities on amending the Personal Data Protection Act (PDPA) and their consultation with experts on relevant matters. As this issue is of great concern to several AmCham committees, the Technology Committee would like to reiterate our recommendations from last year’s White Paper regarding the proposed amendments:
- Maintain the existing conditional cross-border transfer of data as defined in Article 21 of the PDPA and allow the free transfer of data in all circumstances not within the restrictions of Article 21;
- Establish a body within government dedicated to privacy and personal data protection. This body should coordinate work on various personal data protection- related regulations and measures and have the power to make final decisions on matters concerning personal data protection. This body would be expected to put in place a transparent and open mechanism for public communication;
- Define the respective roles of the data controller and the data processor and set out requirements based on their functions and levels of accessibility to and control over personal data;
- Limit the right of the above-mentioned body to carry out on-site inspections, referring to international legal practices in which such inspections can only be conducted after certain due-process requirements are met;
- Clearly define the scope of anonymized and de-identified data and the corresponding protection measures for such data to make it easier for companies to understand Taiwan’s data protection regime. Such a step would provide parties with more comprehensive protection of their privacy rights while still promoting the use of personal data; and
- Maintain close communication with industry, as well as scholars and experts, to ensure the technical feasibility of the amendments. In addition, follow the
EU’s example in its General Data Protection Regulation (GDPR) of adopting a two-year grace period before the amendments are enforced in order to minimize any adverse impact on businesses as they adapt to the new compliance requirements.
Suggestion 2: Adopt recognized standards to assess cybersecurity risks during government procurement of ICT products and services, and continue providing clear cybersecurity guidelines.
The Committee acknowledges the Taiwan government’s concerns regarding foreign cybersecurity threats and its efforts to strengthen its cybersecurity measures. However, recent measures have leaned toward pre-inspection of information and communication (ICT) products before they enter the government procurement process. In contrast, other developed countries have accepted international certification such as ISO/IEC as a means of recognizing product cybersecurity safety and do not, as the Taiwan government’s cloud tender rules state, “require that companies submit software source code or corresponding binary code (Android: APK file; iOS: IPA file) and other important business secrets to be reverse engineered and audited” before beginning the procurement process. We urge the government to consider the necessity and proportionality of such measures before implementing them.
Further, we recommend that Taiwan recognize certifications provided by internationally or regionally recognized agencies in addition to domestic standards and accreditation, as doing so would help local businesses venture into the international market, reduce the legal threshold for international companies to invest in Taiwan (or exempt them from it), and save costs for both parties while promoting administrative efficiency. At the same time, with increased disclosure of cybersecurity information, the risk of trade secret leaks also increases. We thus recommend that cybersecurity inspection agencies also have a comprehensive control mechanism.
In addition, although current international cybersecurity trends do not rely solely on the country of origin of ICT products as a criterion for determining their security risks, Taiwan’s Cybersecurity Management Act restricts agencies from using cybersecurity products from dangerous countries, while the Government Procurement Act may restrict agencies from using ICT products from particular countries of origin. Domestic or foreign companies that are not from prohibited countries of origin but have set up factories in those countries are unable to provide services to the Taiwan government, even if they practice good production management. Furthermore, the differing standards for procurement set out in the two Acts make implementation more complex and burdensome. We recommend that the Public Construction Commission, the body that oversees enforcement of the Government Procurement Act and its procurement template, refer to the draft “Cybersecurity Reference Guidelines on Cloud Service Application by Government Agencies” proposed by the Executive Yuan’s Department of Cybersecurity (DOC), and that the government only apply country of origin restrictions in procurement cases involving sensitive information.
The Committee thanks the Taiwan government for providing clear applicable guidelines on the “Restrictions on Use of Cybersecurity Products from Dangerous Countries” and a general definition of such products in the Frequently Asked Questions section of the Cybersecurity Management Law (Version: 1110207). However, we note that in the interest of clarity, many foreign governments instead provide a list of restricted companies and products, and we hope the government will consider adopting this practice.
Taiwan’s national security (including cybersecurity) is very important, but it is also necessary to consider the rapid evolution of technology and development of cybersecurity best practices. Applying a pre-inspection and country of origin regime to eliminate cybersecurity risks is not aligned with international norms. We urge the government to gather suggestions from industry experts, allowing them to make a positive contribution to the government’s cybersecurity policies in an era of increasing digitalization.
Suggestion 3: Create a regulatory environment conducive to the use of cloud technology by government agencies, financial institutions, and telemedicine providers.
The Committee greatly appreciates the government’s efforts to promote Taiwan’s digital transformation, including those initiated by the National Development Council (NDC), the DOC, the Financial Supervisory Commission (FSC), the Ministry of Economic Affairs’ Industrial Development Bureau, and the Ministry of Health and Welfare.
In order to ensure the success of those efforts and continue adopting international best practices in the public sector, financial institutions, and the healthcare industry, the Committee makes the following recommendations:
3.1 General policy recommendations:
a. Recognize and adopt auditing reports submitted by third parties. Public cloud services involve a multi- tenant architecture. Disclosure and provision of information about elements such as audit mechanisms, vulnerability scans, penetration testing, threat models, monitoring and recording of audit processes, machine maintenance and operation management, and encrypted management may pose potential cybersecurity risks. We recommend that public service providers, banks, insurance and securities institutions, and fintech enterprises such as Open Application Programing Interface Third-Party Service Providers (Open API TSP) recognize regular assessments and audits of cloud service providers (such as SOC 2 reports, ISO certifications, etc.) carried out by international third-party auditing organizations and based on internationally recognized cybersecurity management and control frameworks. We also suggest that verification bodies refer directly to cloud service providers’ SOC 2 reports and related ISO certifications.
b. Adhere to the principle of shared responsibility in issuing cloud service cybersecurity guidance. The security and compliance of the public cloud is the shared responsibility of cloud service providers and customers. Cloud service providers should oversee the “Security of the Cloud,” which includes the hardware, software, networking, and components that constitute the infrastructure of cloud services. Likewise, customers should oversee and manage “Security in the Cloud,” which involves visitors’ operating systems (including updates and security patch programs), other related application software, and security group firewall configurations, among others. We recommend that the authorities examine and propose outsourcing solutions and cloud service guidelines based on the internationally accepted principle of shared responsibility, in order to raise awareness of cloud security and increase efforts to resolve relevant issues.
3.2 Recommendations for government agencies:
a. Integrate the guidelines for various agencies on the use of cloud services into a single, concise set of regulations. The Committee welcomes the efforts of the DOC and the NDC to examine and develop several sets of guidelines (and assessment forms) related to cloud services. However, each set is drafted individually and includes different specifications, which could make compliance challenging for agencies and vendors, hinder the development of the government’s digitalization policy, and use up many administrative resources. We recommend that the government combine the various guidelines into a single concise set to facilitate compliance by agencies and vendors and better promote the government’s digitalization goals by supporting both digital development and cybersecurity compliance.
b. Establish an effective audit mechanism. The planning and effective implementation of audits require relevant expertise. Agencies conducting their own audits and on-site inspections may duplicate the audits already carried out by professional organizations and increase the cost of legal compliance, as well as the risk of cybersecurity breaches. Also, involving a large number of central and local authorities in the audit process may increase the difficulty of conducting audits. We thus recommend accepting audit reports submitted by internationally recognized professional third-party organizations. Under certain circumstances, a single agency can be tasked with conducting the audit. In cases where multiple agencies are required to participate, a joint audit mechanism should be put in place prior to the audit.
c. Adhere to international practices for signing confidentiality agreements. When a vendor (such as a systems integrator) begins work on a government project, the staff involved are required to sign a confidentiality agreement regarding the project’s scope and content. However, according to the principle of shared responsibility, cloud service providers (original manufacturers) are responsible for providing the cloud infrastructure and software tools, and most have no access to relevant data processed by agencies or vendors. Furthermore, cloud computing involves a wide range of technologies, and in cases where a cloud service provider is needed to provide technical support, a representative of the provider generally signs the confidentiality agreement in the name of the company, rather than as an individual staff member. This widely adopted practice fulfills confidentiality requirements and ensures accountability.
3.3 Recommendations for financial regulators:
a. Clarify doubts related to the application of self- regulatory codes. In order to strengthen cybersecurity for emerging technology industries, the FSC has provided guidance for the Bankers Association to stipulate self-disciplinary codes. In practice, these codes are included in the financial inspection program of the FSC’s Financial Examination Bureau (FEB) and have legal effect. If the codes meet the requirement for an audit by the FEB, we recommend that the Bankers Association update the scope of the codes to align them with the FSC’s “Regulations on Internal Systems and Procedures for Delegation of Financial Institutions’ Operations” (including FAQ). If the codes are not subject to examination by the FEB, the FEB should clarify the issues in order to facilitate compliance by financial institutions.
b. Adopt an annual audit report system. As the security of the cloud does not vary with the customers using cloud services, we recommend that the FSC assign a single organization (for example, the Bankers Association) to work with cloud service providers and professional third parties to: 1) discuss which audit items are required in Taiwan but are not covered by the current SOC 2 or ISO certifications; 2) agree on the annual audit report and audit methods for Taiwan; and 3) provide unified Open API TSPs for adoption, so as to effectively enhance risk management, reduce the cost of compliance for fintech enterprises, and accelerate the innovation of digital financial businesses.
c. Set up a platform for regular communication between the FSC and the Committee. Since regulations related to the outsourcing of financial institutions’ cloud services were adopted and implemented at the end of 2019, common issues such as operational reporting and audit mechanisms continue to be discussed by the government, financial institutions, and the cloud industry. The November 26, 2021, meeting of the Committee, the Banking Bureau, and the FEB covered some of these issues, highlighting the importance of having a platform for regular communication with the authorities. We recommend holding quarterly meetings, during which the Committee can provide information on international cloud technology trends and best practices. Such meetings would also give us the opportunity to provide input on the FSC’s development of detailed guidelines for the adoption of cloud technology by the financial industry.
3.4 Accelerate the application of cloud and smart technologies in telemedicine. The use of telemedicine during the pandemic demonstrates the successful application of cloud and smart technologies by the healthcare industry. To make the most of the deepening cooperation between the cloud and healthcare industries, we recommend that the government:
a. Expand the circumstances under which telemedicine can be practiced as set out in Article 11 of the Physicians Act, which currently limits its practice to “mountain areas, on outlying islands, in remote areas, or under special or urgent circumstances.” Doing so would increase the availability of telemedicine.
b. Remove regulatory barriers to medical practices such as prescription and drug administration, in order to implement zero-contact telemedicine.
c. Accelerate the removal of restrictions on virtual health insurance cards. Discuss solutions for new features such as electronic prescription and online payment to provide improved one-stop online services.
Suggestion 4: Open the full 6 GHz spectrum band for Wi-Fi 6E license-exempt use.
The Committee thanks the Ministry of Transportation and Communications for its continued consideration of our proposal to allow license-exempt use of the 6 GHz band (5925-7125MHz) for Wi-Fi 6E in its spectrum planning, which we believe would maximize the benefits of spectrum resources. Taiwan has already provided sufficient 5G mid-band spectrum for commercial mobile use. Moreover, the complementary nature of Wi-Fi and 5G mobile networks enables 5G mobile traffic offloading, improves the synergy of telecom operators in their deployment of 5G, reduces internet costs for consumers, and enhances the industry’s competitiveness, all of which create a win-win situation for consumers, telecom operators, and the information and communications industries in Taiwan.
With the introduction of innovative network applications, the number of Wi-Fi-connected devices and the bandwidth requirements of enterprises or individuals have increased rapidly. Both the increasingly mainstream Wi-Fi 6E and the next-generation Wi-Fi 7 technology will rely on the full 1,200 MHz frequency band to give full play to the benefits of its large channel bandwidth and frequency reuse, as well as solve the current congestion problems in the 2.4 GHz and 5 GHz frequency bands. Countries that have opened the full 6 GHz frequency band include the U.S., South Korea, Canada, Brazil, and Chile, while many other countries are actively studying the idea and preparing to do so.
According to many spectrum studies conducted in Europe and the U.S., Wi-Fi technology makes spectrum sharing between license-exempt users and incumbent users feasible, without causing harmful interference, and without the time and financial costs associated with relocating incumbents. We recommend that the authority refer to the experiences and practices of international spectrum experts in clarifying frequency interference concerns and formulating effective solutions as soon as possible. Doing so will help Taiwan maintain its market leadership in the areas of digital economy and industrial development.
Suggestion 5: Cultivate talent at home and abroad to bridge the industrial manpower gap.
Taiwan’s exports have grown significantly since 2020, and the electronics industry has achieved record highs thanks to the government’s proper handling of the COVID-19 pandemic. Taiwan is a key player in the global semiconductor supply chain, ranking first worldwide in the IC foundry and packaging sectors and second in IC design. Emerging fields such as AI, 5G, and the Internet of Things continue to open up opportunities for the semiconductor industry. However, with the tech sector’s growing prosperity also come concerns about its shortage of talent. The talent shortage in the semiconductor industry has reached a seven- year high. In addition, there is also a gap in the quality of the work force, from front-line manufacturing personnel to the R&D talent critical to Taiwan’s future competitiveness. To address pivotal manpower issues, we offer the following recommendations:
5.1 Relax legal restrictions on international talent to help recruit more students and professionals. The Employment Gold Card program was launched by the NDC in 2018, and with nearly 4,000 Gold Cards issued as of February 2022, the government’s efforts to recruit foreign professionals are worthy of recognition. Despite a rapid increase in the number of international students, however, most such students come from neighboring Asian countries. According to Ministry of Education (MOE) statistics, Asian students account for nearly 90% of all overseas students enrolled in Taiwanese colleges and universities, indicating room for improvement in terms of the diversity of international students. The Committee therefore encourages the government to formulate a more comprehensive foreign talent recruitment plan to attract more international high-tech talent to study in Taiwan, especially students from Europe and the U.S., who currently account for only 10%. We also recommend that the government further loosen residence restrictions on foreign professionals to improve the cultivation and retention of international talent.
5.2 Strengthen industry-academia cooperation and create an international learning environment combining theory and practice. In addition to laying a theoretical academic foundation for students through degree programs, providing practical industry experience is also necessary for cultivating cross-field talent. The Committee encourages the government to promote occupational certification and vocational education, as well as cooperation with relevant industries to set up training courses to help students strengthen their professional skills. In terms of strategic industry-academia cooperation, the government could devise internship programs to enable students to gain early work experience, so as to narrow the gap between learning and doing and cultivate employment-oriented manpower. As for international exchanges, the government could expand cooperation with foreign schools or large enterprises, using lectures to introduce the latest knowledge and technology, thus better facilitating Taiwan’s connection with the world. By complementing academic theory with practical experience, Taiwan can build a stronger talent pool.
5.3 Cultivate talent in the semiconductor and high-tech industries. Despite a steady upward trend in talent recruitment, the semiconductor industry still craves talent. We thus recommend that the government create a cross-field learning environment for budding semiconductor talent that combines theory and practice through research programs, joint guidance, corporate internships, seminars, and joint laboratories. This program could provide related support for semiconductor technology, electronic design automation (EDA) and IC design, semiconductor packaging and testing, key materials, and smart manufacturing. Importantly, it would help foster a world-class semiconductor talent pool in Taiwan, further cementing its status as a key international semiconductor hub.
Chinese
COVID-19 疫情使全球經濟面臨嚴峻挑戰,然台灣2021經濟成長率高達6.28%,為十多年來最高,科技委員會肯定台灣政府去年的努力。隨著世界進入後疫情時代,科技產業將運用政府奠定的堅實基礎,持續引領經濟成長。我們將持續與政府合作,共同解決產業面臨的關鍵議題。
建議一:修訂《個人資料保護法》,兼顧產業發展與個人資料保護
委員會認可主管機關持續就《個人資料保護法》之修訂進行探討,並徵求專家意見。本議題持續受到美國商會各委員會之高度關注,故就相關議題,科技委員會重申建議如下:
• 維持現行《個人資料保護法》第21條採行之有條件跨境資料傳輸模式。允許在不違反第21條規範的前提下,自由傳輸資料。
• 成立隱私及個人資料保護之專責機構。該機構應統籌主管個人資料保護之規範與措施,並對個人資料保護議題有最終決策權,且該機構應採取透明、開放的機制與大眾溝通。
• 界定資料控制者和資料處理者的角色。《個人資料保護法》修正案應明確區分資料控制者與資料處理者扮演之角色,並按其職能及對個人資料的可及程度與控制水準制定相應要求。
• 限制上述機構的現場檢查權利。政府應參照國際司法慣例,只有在滿足正當程序要求後,始能進行現場檢查。
• 推動匿名化及去識別化資料的使用。《個人資料保護法》修正案應明確定義匿名化資料及去識別化資料的範圍與其相應的保護措施,使企業更容易理解台灣的資料保護機制,在促進個人資料使用的同時,提供當事人更完整之隱私權利保障。
• 持續與業界溝通並設立過渡期。主責機關在研議修法過程中,除學者專家外,亦應與業界保持密切溝通,以確保修正案之技術可行性。此外,歐盟給予《個人資料保護規則》(General Data Protection Regulation, GDPR)兩年過渡期,減低業界因應合規上的衝擊,《個人資料保護法》修正案生效實施前,亦應有相同之過渡期。
建議二:適用國際或區域廣為認可之標準或規範評估政府採購資通訊產品和服務之資安風險,持續提供明確的資安準則
委員會理解台灣政府對境外網路威脅的關切,以及加強資安防護所做的努力。然近期政府對資通訊產品採購所採行之資安防護措施,似偏好採取事前檢驗手段。然而,許多先進國家多接受資安國際認證(例如ISO及IEC)認可產品資安,與台灣政府不同,其並未要求於政府採購前,「需由廠商提交軟體原始碼或相應的二進制代碼(Android:APK檔, iOS:IPA檔)等重要營業秘密進行類逆向工程分析與檢驗」。委員會建請政府審酌必要性及比例原則綜合考量適當措施,而非僅採事前檢驗之高度管制作法。
此外,主管機關所適用之檢驗規範及檢驗機構,除適用本國規範及認可機構外,建請併行納入廣為接受之國際或區域規範,且接受國際或區域認可機構所提供之認證,此舉可扶植本土廠商拓展國際市場,降低或減免國際廠商投資台灣之法規門檻,節約雙方成本與提升行政效率。同時,揭露更多資安訊息,廠商營業秘密洩漏之風險亦有同步增加之虞,建議資安檢驗機構也需要有完整的控管機制。
另,雖國際現代資安防護態勢並不以資通訊產品之原產地等單一要素以直接判定某資通訊產品之資安風險,查《資通安全管理法》限制機關使用來自高風險國家之資通安全產品,《政府採購法》亦限制機關使用特定原產地之資通訊產品。查非屬禁止國家廠牌之國內外廠商若於禁用之原產地設廠生產,即使產製管理非不良善,亦無法提供台灣政府相應服務。再者,兩法認定標準不一,致適用複雜。委員會建請負責監督政府採購法執行與採購模型設立之公共工程委員會,參酌行政院資通安全處《政府機關雲端服務應用資安參考指引》(草案),建議機關於辦理採購時,僅就涉及政府機敏資料之採購案始適用原產地之限制為宜。
又,委員會感謝台灣政府透過《資通安全管理法》常見問題(版本:1110207)就「限制使用危害國家資通安全產品」提供概括性定義及明確適用準則。然查國外政府實作多以提供廠商或產品清單以達法律適用明確性,委員會敬請政府卓參。
台灣國安與資安至關重要,然需考量科技資安防護發展快速演進,採事前檢驗及原產地以論斷資安風險或非現今最佳實作,亦不符合國際規範。委員會敦請政府廣開言路以納產學專家意見,俾利就數位政府之資安政策提供貢獻。
建議三:打造有利政府機關、金融機構及遠距醫療採用雲端技術的法規環境
委員會高度肯定政府各機關為推動台灣數位轉型所做的努力,包含國家發展委員會(國發會)、金融管理委員會(金管會)、經濟部工業局及衛生福利部(衛福部)之付出。為成功實踐數位轉型並使公部門、金融機構及醫療應用面採用雲端服務國際最佳實踐,委員會提出以下建言:
3.1 整體政策建言:
- 認可並採用專業第三方機構提交之查核報告:公有雲服務係採多租戶設計,若干項目例如稽核機制、弱點掃描、滲透測試、威脅模型、稽核過程之監控與紀錄、機器維運操作管理與加密管理等資料的揭露與提供可能造成潛在資安風險。委員會建議公部門、銀行、保險證期機構與新興金融科技業者【例如開放應用程式介面第三方服務業者(Open API TSP)】之查核,可採用國際專業第三方稽核機構根據國際公認的資安管理暨控制框架,對雲端服務業者進行定期的評估與查核,例如系統與組織控制(SOC 2)報告與ISO認證等,亦建議驗證機構可直接引用雲端服務業者的系統與組織控制報告及相關之ISO 證書。
- 雲端服務資安相關指引參採國際通用之安全共同責任原則(Shared Responsibility Principle):公有雲的安全與合規是雲端服務供應商和客戶的共同責任。雲端服務供應商負責「雲端本身的安全」(Security of the Cloud),也就是建構雲端服務的基礎設施,包含硬體、軟體、聯網與設施組成;客戶負責和管理「雲端內部的安全」,包含訪客作業系統(包含更新和安全性修補程式)、其他相關應用程式軟體,以及安全群組防火牆組態等。委員會建請主責機關研擬之委外辦法及雲端服務指引,參採國際通用之共同責任原則,以提升雲安全的認識與管理能量。
3.2 公部門採用雲端服務相關建議
- 整合不同機構雲端服務使用規範,制定單一簡要的法規:委員會感謝國發會與經濟部商業司審查與制定多套雲端服務使用指引與評估表格。然指引皆為各機關單獨起草且運用不同標準,這使機關與廠商無所適從,形成合規性的挑戰,亦阻礙政府發展數位化政策,進而消耗大量行政資源。委員會建議政府整合不同使用指引,建立單一且簡明扼要的法規,加強機構與廠商的合規性,透過支持數位發展與網路安全合規性,實現政府數位化目標。
- 建立有效查核機制:稽核範疇的規劃與有效執行皆需相關專業,若機關各自檢核及實地查核,可能重複執行專業機構定期查核的項目與內容,徒增法遵成本,並恐增加資安風險。此外,如涉及之中央及地方機關眾多,實務上恐難以執行。委員會建請參採國際認可專業第三方機構提交之查核報告,若在特定情況需進行查核,委由單一機關進行查核,如必要多個機關查核,建請制定聯合查核機制進行查核。
- 參採國際常模簽署保密協定:廠商(如系統整合商)執行政府專案時,相關人員需就該專案執行之範疇内容簽署保密協定。然根據雲端安全共同責任原則,雲端服務業者(原廠)負責提供雲端服務設施與軟體工具,多不觸及機關或廠商所處理之相關内容;其次,雲端運算涉及技術廣泛,實務上雲端服務業者若有技術支援專案之必要,皆由公司代表簽署保密協定,而非個人。此一做法在國際上被廣泛採用,並可更全面的保障機關的保密需求與責任歸屬。
3.3 金融機構採用雲端服務相關建議
- 釐清公協會自律規範適用疑義:為強化新興科技資安防護,金管會指導銀行公會修訂資安自律規範,實務上該自律規範亦被檢查局納入金檢項目,具有法律效力。設若自律規範屬合規範疇,委員會建請公會實時更新該規範,與金管會「金融機構作業委託他人處理內部作業制度及程序辦法」(含常見問題)之適用範圍一致化;若自律規範非屬檢查局檢查範疇,尚請檢查局釐清,以利金融機構遵循。
- 建請研議並參採年度查核報告:雲端本身的安全不會因使用雲端服務的客戶不同而有所差異,委員會建請金管會指派單一機構(例如銀行公會),與雲端服務業者以及專業第三方,共同探討台灣所需並且不在現有系統與組織控制(SOC 2)報告或ISO認證範圍内之查核項目,議定台灣年度查核報告與查核執行方式,統一提供開放應用程式介面第三方服務業者(Open API TSP)採用,有效兼顧風險管理且降低金融科技
業者之法遵成本,加速數位金融業務的創新。 - 建立金管會與科技委員會的定期溝通平台:因金融委外上雲的相關規定於2019年底後陸續通過與施行,在部分共通性議題如報部作業、查核機制之見解等,仍待政府、金融業者與雲端服務業者的持續溝通。2021年11月26日在本委員會與金管會銀行局與檢查局的會議中,三方就金融機構委外上雲之多項議題進行充分討論,給予委員會信心延續此一溝通平台。我們建議本年度設立並進行每季一次的三方溝通架構,分享國
際雲端技術趨勢和措施,亦可就金管會為金融業採用雲端技術制定詳細指引提供相關意見,促進金融業對雲端科技之使用。3.4 加速遠距醫療結合雲端與智慧科技之應用:疫情期間,遠距醫療的發揮可謂醫療業結合雲端與智慧科技應用的成功案例。為利雲端與醫療產業深化合作,委員會提出以下建議:
•鬆綁遠距醫療的法規限制:放寬《醫師法》第11條限制遠距醫療僅能「於山地、離島、偏僻地區或有特殊、急迫情形」之規範,讓遠距醫療的適用更為全面與普及。
•調整電子處方箋與藥品監管障礙:調修處方、用藥等一系列醫療行為等法規,實現完全零接觸遠距醫療的願景。
•加速突破虛擬健保卡之限制:政府應就線上領取處方箋及批價付款等功能研議解方,以提供完善之線上一站式服務。
建議四:開放6 GHz全頻段作為Wi-Fi 6E免執照使用
本委員會感謝交通部持續關注6 GHz頻段(5925-7125MHz)作為Wi-Fi 6E免執照使用的頻譜規劃,我們建議主管機關應加速開放6 GHz全頻段,讓頻譜資源發揮最大效益。目前台灣在中頻段已透過釋照提供了充分的5G商用頻譜,Wi-Fi與5G行動網路具互補作用,可支持5G行動流量卸載,提升電信商在5G佈建的綜效,降低消費者的網路成本,提升產業競爭力,對台灣的消費者、電信商、資通訊產業將創造三贏。
在網路創新應用推陳出新下,企業或個人的Wi-Fi連網載具數量及頻寬需求急速增加。不論是漸居市場主流的Wi-Fi6E,或是下一代的Wi-Fi 7技術,皆有賴於開放6 GHz的1200 MHz全頻段,始能發揮其寬頻道和頻率復用的效益,也能解決當前Wi-Fi使用的2.4 GHz 和5 GHz頻段面臨的頻
譜壅塞問題。目前已開放6 GHz全頻段的國家包含美國、南韓、加拿大、巴西與智利等,尚有許多國家正積極研究準備開放中。
根據許多歐美的頻譜研究及證據顯示,使用免頻譜執照的Wi-Fi技術可以和既有的無線通訊服務共享頻譜,並不會對既有的服務造成嚴重干擾,也沒有移頻帶來的經濟與時間成本。因此,委員會建議主管機關透過頻譜專家團隊,接軌國際經驗和作法,釐清頻率干擾疑慮,以儘速制定有
效的解決方案,維持台灣的數位經濟及產業發展的市場競爭優勢。
建議五:培育國內外專業人才,解決產業人力缺口
儘管全球依然籠罩在COVID-19疫情陰影下,台灣因政府控制得宜,外銷逆勢成長,電子科技業更創下歴年佳績。台灣為全球半導體供應鏈之關鍵角色,晶圓代工與封測高居世界第一,積體電路設計也達世界第二,人工智慧、5G和物聯網等新興領域更持續為半導體產業帶來機會。然而,在科
技業榮景下,也浮現人才短缺的隱憂,半導體產業的人才缺口創下七年來新高。除了人力供不應求,品質亦出現落差,從工廠第一線人員到攸關未來競爭力的研發人才皆有所匮乏。為解決關鍵的人力問題,委員會提供若干建議供政府參考:
5.1 放寛法令限制,延攬育留國際人才
國發會自2018年核發就業金卡,截至2022年2月,已核卡近4千張,政府延攬外籍專業人才的努力值得肯定。儘管國際學生人數快速增長,來源仍以亞洲為大宗。在國際教育方面,根據教育部大專校院境外學生概況統計,亞洲留學生佔比近九成,顯示國際學生的多元性有待提升。委員會鼓勵政府研擬更完善的海外攬才政策就學配套計劃,吸引更多高技術能力的國際人才來台就學,特別是目前佔比僅10%的歐美國家學生,同時放寬外國人才的居留限制,使國際人才的育留產生規模與延續性。
5.2 加強產學合作,打造理論與實務兼具的國際級學習環境
除透過學位學程奠定學生的理論基礎外,產業實務資源支持亦為培育跨領域整合性人才的關鍵因素。委員會鼓勵政府推廣證照制度與技職教育,與相關產業合作成立職能培訓課程,助學生強化專業技能。在產學策略合作方面,政府應規劃企業實習制度,讓學生提早接觸產業工作,縮小學用落差,育成就業實務導向之產業人力。
在跨域交流方面,擴展與國外學校或大型企業的合作,以授課或講習方式,引進最新的知識與技術,以利接軌國際,藉由學理與實務的相輔相成,打造實力堅強的人才庫。
5.3 培養半導體與高科技產業人才
儘管半導體全產業徵才趨勢穩定向上,企業卻求才若渴。我們建議政府透過研究計畫、共同指導、企業實習、專題研討與聯合實驗室等方式,打造跨領域整合且理論與實務兼具的學習環境,提供學理基礎、企業實務,半導體技術、電子設計自動化與積體電路設計、半導體封裝與測試、關鍵材料與智慧製造等產業相關資源,培養半導體與高科技產業人才,打造國際級研究與實務兼具的人才庫,讓台灣成為國際關鍵的半導體重鎮。
