Severe Penalties Without Defined Licensing Criteria

The provision imposes mandatory licensing for all cybersecurity service providers with penalties of 50,000-100,000 penalty units (or damages plus financial gains) for violations, yet fails to specify licensing criteria, timelines, or appeal procedures. This creates severe regulatory uncertainty for businesses: providers cannot determine what standards they must meet to obtain licenses, how long approval will take, or how to challenge adverse decisions. The penalty structure makes no distinction between minor administrative violations and serious breaches, treating all unlicensed provision equally. Combined with 16 requiring individual accreditation, this creates a dual-layer compliance burden that significantly increases operational costs and market entry barriers, particularly for smaller providers and consultants.