Premium content from before 2023 is now available for everyone!
  1. Committees
  2. National Assembly
  3. Police
  4. Tabled Reports

ATC180814: Report of the Portfolio Committee on Police on the Critical Infrastructure Protection Bill [B 22 – 2017] (National Assembly – sec 75), dated 14 August 2018

Police

Report of the Portfolio Committee on Police on the Critical Infrastructure Protection Bill [B 22 – 2017] (National Assembly – sec 75), dated 14 August 2018
 

The Portfolio Committee on Police having considered the subject of the Critical Infrastructure Protection Bill [B 22 – 2017] (National Assembly – sec 75), referred to it and classified by the JTM as a section 75 Bill, reports the Bill with amendments [B-22A– 2017], as follows:

 

  1. On page 3, from line 33, after “16.” to omit “Power of Minister to declare critical infrastructure and determine critical infrastructure complex” and to substitute “Requirements for declaration of infrastructure as critical infrastructure”.

 

  1. On page 3, from line 35, after “17.” to omit “Factors to be taken into account in declaration of critical infrastructure” and to substitute “Application for declaration as critical infrastructure and critical infrastructure complex by person in control of infrastructure”.

 

  1. On page 3, from line 36, after “18.” to omit “Application for declaration as critical infrastructure by person in control” and to substitute “Application for declaration as critical infrastructure and critical infrastructure complex by National Commissioner”.

 

  1. On page 3, from line 37, after “19.” to omit “Application for declaration as critical infrastructure by National Commissioner” and to substitute “Consideration of application for declaration as critical infrastructure by Critical Infrastructure Council”.

 

  1. On page 3 from line 38, after “20.” to omit “Declaration as critical infrastructure” and to substitute “Powers of Minister to declare infrastructure as critical infrastructure”.

 

CLAUSE 1

  1. On page 4, from line 28, to omit “section 20(4)” and to substitute with “section 20(1) and includes a critical infrastructure complex where required by the context”.
  2. On page 4, from line 31, to omit “section 16(3)” and to substitute with “section 20(1)(c)”.
  3. On page 4, after line 38, to insert the following definition:

‘‘ ‘‘government infrastructure’’ for the purposes of section 9(4) and section 18 means infrastructure controlled, owned, occupied or possessed by a government department in the national sphere and in respect of whose  operation or administration that department is responsible;’’

  1. On page 5, on line 2, after “water” to insert “but excludes any information infrastructure as contemplated in any legislation on cybersecurity”.
  2. On page 5, after line 6, to insert the following definition:

“national security” has the meaning ascribed to it in section 198 of the Constitution;”

  1. On page 5, on line 13, after “any other person” to insert “, whether by way of a public-private partnership or similar agreement”.
  2. On page 5, on line 20, after “post” to insert “, and “person in control of an infrastructure” shall be construed accordingly”.
  3. On page 5, after line 23, to insert:

“PSIRA” means the Private Security Industry Regulatory Authority established in terms of section 2(1) of the Private Security Industry Regulation Act, 2001 (Act No. 56 of 2001) ;”

  1. On page 5, from line 29, to omit “section 20(4)” and to substitute with “sections 19(1)(b) and 20(1)(b)”.
  2. On page 5, on line 39, after” ”security measures” ” to insert “subject to section 26(2),”.

 

CLAUSE 2

  1. On page 5, on line 60, after “pertaining to” to insert “security measures applicable to”.
  2. On page 6, from line 1, to omit “legislation” and to substitute “Act of Parliament”.

 

CLAUSE 4

 

  1. On page 6, from line 39, to substitute for clause 4 the following clause 4:

4. (1) A Critical Infrastructure Council is hereby established.

(2) The Minister appoints members of the Critical Infrastructure Council which must consist of the following persons:

  1. The Secretary for the Police Service;
  2. an official at the level of at least Chief Director or an equivalent level, designated by each of the heads of the following institutions—
  1. Department of Defence;
  2. Department of Home Affairs;
  3. Department of Public Works;
  4. National Disaster Management Centre;
  5. South African Local Government Association;
  6. South African Police Service; and
  7. State Security Agency; and

(c)      five members appointed in terms of subsection (8) from the private sector and civil society who are—

(i)       not disqualified in terms of section 5; and

(ii)      preferably appropriately qualified, knowledgeable and experienced in fields that include critical infrastructure protection, risk management, disaster management or basic public services.

  1. The members of the Council must, when viewed collectively, preferably be persons who are suited to serve in the Council by virtue of their qualifications, expertise and experience in fields that include infrastructure protection, engineering, disaster management or security policy.
  2. In the event that—
  1. the functions or functioning of infrastructure that forms the subject of an application for declaration as critical infrastructure may affect or be affected by the functional area of responsibility of a government department or an organ of state not referred to in subsection (2)(b), the Chairperson may request the Head of that Government department or the head of that organ of state to designate an appropriately qualified official to assist with such application; or
  2. the Council is of the opinion that any other person could assist in general or with a specific application for declaration as critical infrastructure, the Council may request the Minister to appoint such person on an ad hoc basis to advise or assist the Council.
  1.  The Minister must appoint—
  1. officials referred to in subsection (2)(b) after consultation with the Cabinet member responsible for the institution in question;
  2. members referred to in subsection (2)(c) in terms of subsection (8); and
  3. persons referred to in subsection (4)(b) on advice of the Council.
    1.  In the event that it is necessary to appoint a member referred to in subsection 2(c), the Minister must request the National Assembly to submit a list of candidates for appointment.
    2.  The Speaker must refer the matter to the relevant committee of the National Assembly to—
  1. publish a notice in the Gazette and in at least two national newspapers circulating in the Republic, inviting applications from interested persons and members of the public to nominate persons;
  2. compile a shortlist of not less than 20 persons who are not disqualified in terms of section 5(a), (c), (d), (e), (f), or g from the applications and nominations referred to in paragraph (a) or persons serving on the Council who qualify for a further appointment in terms of subsection (10) ;
  3. submit the list referred to in paragraph (b) to the State Security Agency for consideration and issuing of a top secret security clearance;
  4. conduct interviews with the persons referred to in paragraph (b) who are not disqualified in terms of section 5(b) for purposes of compiling a list of 10 recommended candidates in order of preference;
  5. submit the list of names referred to in paragraph (d) to the National Assembly for approval; and
  6. submit the approved list of names contemplated in paragraph (e) together with their résumés to the Minister.
    1. The Minister must appoint five members to the Council from the list referred to in subsection (7)(f) and publish the names of the members in the Gazette.
    2. Subject to subsection (12), a member of the Council appointed in terms of subsection (8) holds office for a period not exceeding five years.
    3. Upon the expiry of an appointed member’s first term of office as contemplated in subsection (9), the member may be re-appointed for one further term only.
    4. The Secretary for the Police Service is the Chairperson of the Council and the Minister must designate, from the persons contemplated in subsection (2)(c), a member as deputy chairperson.
    5. A member of the Council appointed in terms of subsection (8) must vacate office if that member—
  7. resigns by giving at least 30 days written notice addressed to the Minister; or
  8. is removed from office by the Minister as contemplated in subsection (14).
    1. If a member of the Council appointed in terms subsection (8) resigns or vacates office before the expiry of his or her period of office, the Minister must request the National Assembly to follow the procedure in subsection (7): Provided that the Minister may appoint a new member from the list contemplated in subsection (7)(d) where candidates on that list are still available for appointment.
    2. The Minister may, after due process by the National Assembly, remove a member of the Council appointed in terms of subsection (8) from office on account of—
  9. absence from three consecutive meetings without good cause;
  10. misconduct, incapacity or incompetence;
  11. becoming disqualified as contemplated in section 5; or
  12. any other lawful reason.
    1. The Minister may suspend a member where there are reasonable grounds to do so, until the process contemplated in subsection (14) is finalised.
    2. The Minister may request the Cabinet member responsible for an institution which is represented on the Council, as contemplated in subsection (2)(b), to nominate another representative for appointment to substitute the institution’s representative in the Council.
    3. Members of the Council who are appointed in terms of subsection (8) may be paid such remuneration and allowances as the Minister may, with the written concurrence of the Minister of Finance, determine.
    4. The deputy chairperson referred to in subsection (11) must, when the chairperson is absent or unable to perform his or her duties, act in his or her stead and when so acting, exercise or perform any function of the chairperson.”

 

CLAUSE 5

 

  1. On page 8, from line 17, to omit “section 4(3)(c)” and to substitute “section 4(2)(b) and (c)”.
  2.  On page 8, from line 25, after “infrastructure;” to omit “or”.
  3. On page 8, from line 26, to omit paragraph (f) and to insert:

“(f) has been removed from an office of trust; or

(g) is by virtue of any other law, disqualified from being appointed.”

CLAUSE 6

  1. On page 8, from line 28, to substitute for clause 6 the following clause 6:

“6. The expenses incurred in connection with the exercise of the powers, the carrying out of the duties and the performance of the functions of the Critical Infrastructure Council, including the remuneration and expenses contemplated in section 4(17), must be defrayed from the budget allocation of the Civilian Secretariat for the Police Service established in terms of section 4(1) of the Civilian Secretariat for Police Service Act, 2011 (Act No. 2 of 2011) as voted in terms of the annual Division of Revenue Act.”

 

CLAUSE 7

 

  1. On page 8, from line 35, to substitute for clause 7, the following clause 7:

7. (1) The functions of the Critical Infrastructure Council are to-

  1. subject to subsection (2), consider any application for declaration of infrastructure as critical infrastructure referred to in Chapter 3 and make recommendations on such application to the Minister;
  2. subject to subsection (3), approve guidelines regarding-
    1.         the assessment of an application contemplated in section 17;
    2.         the implementation of the prescribed system for categorisation of critical infrastructure in a low-risk, medium-risk or high-risk category referred to in sections 19(1)(b) and 20(1)(b);
    3. policies, protocols and standards regarding any matter necessary to achieve the purpose of this Act; and
    4. the promotion of public-private sector cooperation in the protection of critical infrastructure; and
  3. perform any other functions which may be assigned to the Council by the Minister.
    1. When making a recommendation to the Minister on an application referred to in subsection (1)(a), the Council must consider the following before making such a recommendation­—

(a)      The requirements referred to in section 16(1);

  1. any criteria contemplated in sections 16(1);
  2. any report or submission that must accompany such application;
  3. an appropriate risk categorisation of the infrastructure in question in accordance with the prescribed system of categorisation referred to in sections 19(1)(b) and 20(1)(b); and
  4. any conditions for such declaration as contemplated in section 21(1)(c).
    1. When approving guidelines referred to in subsection (1)(b), the Council must consider the following:
  1. any submission by the National Commissioner as contemplated in section 9(2);
  2. any relevant submission by any other person having an interest in the protection of critical infrastructure;
  3. any budgetary implications related to critical infrastructure protection;
  4. any other matter that may promote the purpose of this Act or affect the implementation thereof.
    1. The guidelines referred to in subsection (1)(b) must include guidelines regarding—
  1. the identification and management of risks relating to critical infrastructure;
  2. the establishment and maintenance of a legitimate, effective and transparent process for identifying and declaring infrastructure as critical infrastructure; and
  3. the procedures to coordinate the functions and activities of Government departments and the private sector insofar as those functions and activities are performed to achieve the purpose of this Act.
    1. In addition to any function contemplated in this section, the Council may—
  1. advise the Minister on the evaluation, monitoring and reviewing of the implementation of policy, protocols, standards and legislation related to the protection of critical infrastructure; and
  2. make recommendations to the Minister on any function of the Minister contemplated in section 22 or section 23.
    1. The Council must submit a report to the Minister within three months after the end of each financial year regarding—
  1. the activities of the Council during the preceding financial year;
  2. particulars pertaining to the number of declarations as critical infrastructure, including the names of the critical infrastructure;
  3. particulars pertaining to any decision by the Council to depart from publication of the notice contemplated in section 17(8)(b);
  4. particulars pertaining to any limitations or revocation as critical infrastructure;
  5. the level and extent of public-private sector cooperation; and
  6. any other matter that may impact on the protection of critical infrastructure or the functioning of the Council.”

 

CLAUSE 8

 

  1. On page 9, from line 26, to substitute for clause 8, the following clause 8:

8. (1) The Critical Infrastructure Council must meet at least quarterly.

  1. The Secretary for the Police Service must ensure that secretarial services are provided to the Critical Infrastructure Council.
  2. The chairperson may at any time convene a special meeting of the Council and must also convene such a meeting at the written request of the Minister.
  3. If at least three members of the Council request a special meeting in writing, the chairperson must convene such a meeting within seven days after receiving the request.
  4. Seven members of the Council, which must include the chairperson or deputy chairperson, will constitute a quorum at any meeting of the Council.
  5. Decisions of the Council must be taken by majority of votes, and in the case of an equality of votes the chairperson has a casting vote in addition to his or her deliberate vote.”

CLAUSE 9

  1. On page 9, from line 36, to substitute for clause 9 the following clause 9:

9. (1) The National Commissioner must—

  1. establish and maintain the administrative systems and procedures necessary for the implementation and enforcement of this Act;
  2. support the Critical Infrastructure Council and the Minister in the administration of this Act; and
  3. effect cooperation between the South African Police Service, other organs of state and the private sector insofar as it relates to the protection of critical infrastructure.
    1. The functions of the National Commissioner are to develop uniform standards, guidelines and protocols for approval by the Council regarding—
  1. the manner in which—
    1.         infrastructure must be identified, categorised and declared critical infrastructure;
    2.         any physical security assessment of critical infrastructure and potential critical infrastructure is conducted and coordinated between Government departments;
    3. information which may be relevant to critical infrastructure protection is shared between the relevant stakeholders; or
    4. any prescribed committee or forum must function and report; and
  2. structures and mechanisms to facilitate coordination in, and management of, the protection of critical infrastructure.
    1. The National Commissioner must—
  1. consider an application from a person in control of an infrastructure for declaring that infrastructure as critical infrastructure;
  2. conduct or facilitate any physical security assessment of critical infrastructure or potential critical infrastructure;
  3. make recommendations to the Council on the declaration and risk categorisation of such critical infrastructure or potential critical infrastructure;
  4. evaluate, monitor and review the application and operational effectiveness of policy, guidelines or legislation related to the protection of critical infrastructure, and advise the Council accordingly;
  5. evaluate and review physical security assessments, resilience reports and any designation as critical infrastructure, and advise the Council accordingly;
  6. consider any draft of a prescribed security policy or plan submitted to his or her office;
  7. issue directives regarding the procedures to be followed at the meetings of any prescribed committee or forum; and
  8. compile and submit quarterly reports to the Council, which must at least include—
  9.         particulars of the related activities of the South African Police Service during the preceding quarter;
    1.         particulars of the number of applications for declaration of infrastructure as critical infrastructure;
    2. particulars of the level and extent of Government department participation in the functioning of a committee or forum; and
    3. the level and extent of public-private sector cooperation in the functioning of a committee or forum.
  10. The National Commissioner may, in the prescribed manner, apply for the declaration of government infrastructure as critical infrastructure.”

 

CLAUSE 10

  1. On page 10, on line 46, after “police officials” insert “who are in possession of an appropriate security clearance certificate,”.

 

CLAUSE 11

  1. On page 11, on line 2, after “physical security” to insert “assessment”.
  2. On page 11, from line 2, to omit “section 18” and to substitute with “section 17(5)(c)(i) or any other subsequent physical security assessment”.
  3. On page 12, from line 10, to omit “(7)” and to substitute “(8)”.
  4. On page 12, from line 14, to insert new subclause (10):

“(10) An inspector, prior to exercising any power in terms of this Chapter, must identify himself or herself to the person in control or the security manager of the critical infrastructure in question and must produce the certificate issued by the National Commissioner referred to in section 10(2) .”

 

 

CLAUSE 12

  1. On page 12, from line 25, to substitute for subclause (4), the following subclause (4):

“(4) The National Commissioner must designate a police official who is a member of a committee or working group, as chairperson thereof.”

  1. On page 12, on line 29, after “advice” to insert “or assistance”.
  2. On page 12, from line 41, to omit “national critical information infrastructure” and to substitute “information infrastructure”’.

 

CLAUSE 13

  1. On page 12, from line 44, to substitute for clause 13, the following clause:

13. (1) The restrictions on entry contemplated in section 25(2) do not apply in respect of a member of the security services established in terms of section 199 of the Constitution, who is required in the performance of his or her functions and the carrying out of his or her duties, to enter any critical infrastructure.

(2) Section 25(2) must not be interpreted so as to restrict powers of entry assigned by law on any functionary in the employ of an organ of state.

(3) Any member or functionary referred to in subsections (1) or (2) must produce proof of his or her appointment and identity to the satisfaction of the person in control of the critical infrastructure or an appointed security manager.”

 

CLAUSE 14

  1. On page 12, on line 54, after “sections” to insert “11,”.
  2. On page 12, from line 55, after “sections” to omit “4, 11, 16, 19, 20 and 21” and to substitute with “4, 14(2), 15 and 20”.

 

CLAUSE 15

  1. On page 13, from line 27, to omit “an annual”, and to insert “a bi-annual”.
  2. On page 13, from line 39, to omit “7(g)” and to insert “7(6)”.

 

CLAUSE 16

  1. On page 13, from line 33, to substitute clause 16 with the following clause 16:

Requirements for declaration of infrastructure as critical infrastructure

16. (1) Infrastructure qualifies for declaration as critical infrastructure, if—

(a)      the functioning of such infrastructure is essential for the economy, national security, public safety and the continuous provision of basic public services; and

(b)      the loss, damage, disruption or immobilisation of such infrastructure may severely prejudice—

(i)       the functioning or stability of the Republic;

(ii)      the public interest with regard to safety and the maintenance of law and order; and

(iii)     national security.

(2) In determining whether the qualifying requirements contemplated in subsection (1) are met, one or more of the following criteria must be applied:

(a)      the infrastructure must be of significant economic, public, social or strategic importance;

(b)      the Republic’s ability to function, deliver basic public services or maintain law and order may be affected if a service rendered by the infrastructure is interrupted, or if the infrastructure is destroyed, disrupted, degraded or caused to fail;

(c)      interruption of a service rendered by the infrastructure, or the destruction, disruption, degradation, or failure of such infrastructure will have a significant effect on the environment, the health or safety of the public or any segment of the public, or any other infrastructure that may negatively affect the functions and functioning of the infrastructure in question;

(d)      there are reasonable grounds to believe that the declaration as critical infrastructure will not have a significantly negative effect on the interests of the public;

(e)      the declaration as critical infrastructure is in pursuance of an obligation under any binding international law or international instrument; and

(f)       any other criteria which may, from time to time, be determined by the Minister by notice in the Gazette, after consultation with the Critical Infrastructure Council.”

 

CLAUSE 17

1.       On page 14, from line 12, to substitute clause 17 with the following clause:

Application for declaration as critical infrastructure and critical infrastructure complex by person in control of infrastructure

17. (1) A person in control of infrastructure may, in the prescribed manner and format, lodge with the National Commissioner an application to have such infrastructure declared as critical infrastructure in terms of this Chapter.

(2) An application for declaration of infrastructure as critical infrastructure must contain the following information—

(a)      the sector in which the primary functions of such an infrastructure take place;

(b)      the resources available to the person in control of the infrastructure to—

(i)       safeguard such an infrastructure against destruction, disruption, failure or degradation;

(ii)      repair or replace such infrastructure, including its equipment, materials or service; or

(iii)     ensure that the infrastructure recovers from any destruction, disruption, failure or degradation;

(c)      the effects or the risk of a destruction, disruption, failure or degradation of such an infrastructure on—

(i)       the environment;

(ii)      the health or safety of the public or any segment of the public;

(iii)     the Republic’s ability to function, deliver basic public services or maintain law and order; and

(iv)     any other infrastructure that may negatively affect the functions and functioning of the infrastructure in question;

(d)      the size and location of any population at risk;

(e)      historic incidents of—

(i)       threats against the infrastructure; and

(ii)      destruction, failure or degradation of such infrastructure;

(f)       the level of risk or threats to which such an infrastructure is exposed or potentially exposed;

(g)      special characteristics or attributes of such an infrastructure to deal with any threat contemplated in paragraph (f);

(h)      the extent to which the declaration as critical infrastructure will promote the interests of the public; and

(i)       any other information which may, from time to time, be determined by the Minister by notice in the Gazette, after consultation with the Critical Infrastructure Council.

(3) In the event that a government department or an organ of state has functional control over the sector in which the activities of the infrastructure falls, the application must further contain—

(a)      a submission by the head of the government department or head of an organ of state who has functional control over the sector in which the activities of the infrastructure falls to support the application; and

(b)      particulars of any—

(i)       person other than the applicant who has a right or interest in the infrastructure in question;

(ii)      agreement with a person contemplated in subparagraph (i) regarding the application for declaration as critical infrastructure;

(iii)     person other than the applicant who will be responsible for the costs of securing the infrastructure in question;

(iv)     agreement with a person contemplated in subparagraph (iii) regarding the costs of securing the infrastructure in question; and

(c)      any other relevant information which is, in the opinion of the applicant, necessary for the proper consideration of the application.

(4) Where it appears from the application that the infrastructure contemplated in subsection (1) partly consists of, incorporates or houses, any information infrastructure as contemplated in any legislation on cybersecurity, the National Commissioner must follow the procedure contemplated in section 20(4).

(5) Subject to subsection (6), the National Commissioner must—

(a)      upon receipt of an application, publish a notice of the application in the Gazette

(i)       stating the name of the applicant and the address of the premises in respect of which the application is made; and

(ii)      inviting interested persons to submit written comments in relation to the application;

(b)      within 30 days of receipt of an application conduct a physical security assessment of the infrastructure in order to—

(i)       verify the information in the application;

(ii)      assess the risk category in which such infrastructure or parts thereof may be categorised;

(iii)     confirm whether the physical security measures proposed by the person in control of the infrastructure comply with the prescribed measures and standards for the protection of the infrastructure;

(iv)     provide the person in control of that infrastructure with an opportunity to make written submissions regarding the physical security assessment which is conducted in terms of this subsection; and

(c)      within 60 days after the physical security assessment has been conducted or the submissions contemplated in paragraph (b)(iv) are received, whichever occurs last, submit to the Council for consideration—

(i)       the written physical security assessment report together with the application;

(ii)      any comments contemplated in paragraph (a)(ii); and

(iii)     any written submissions in terms of paragraph (b)(iv).

(6) In the event that the applicant shows good cause why the procedure in subsection (5)(a) should not be followed, the National Commissioner must refer the request to the Council who may dispense with the publication as referred to in subsection (5)(a) after considering the factors in subsection (7).

(7) For purposes of subsections (5) and (6), the applicant must show that a departure from the procedure in subsection (5)(a) is reasonable and justifiable in the circumstances, taking into account all relevant factors, including—

(a)      the objects of declaration as critical infrastructure;

(b)      the nature, purpose and likely effect of the declaration as critical infrastructure;

(c)      the nature and the extent of the departure from subsection (5)(a);

(d)      the relation between the departure and its purpose;

(e)      the importance of the purpose of the departure; and

(f)       the need to promote an efficient administration and good governance.

(8) In the event that the Council decides that the process contemplated in subsection (5)(a)

(a)      must be followed, the Council must direct the National Commissioner to publish the notice contemplated in subsection (5)(a) with directions on the information that must be contained in the notice, whereafter the National Commissioner will deal with the application; or

(b)      may be departed from, the Council must direct the National Commissioner to depart from the provisions of subsection (5)(a) and proceed to deal with the application.

(9) The National Commissioner may request the Head of a Government department which is a security service established under section 199 of the Constitution, to designate a suitably experienced member of that security service to assist with the physical security assessment contemplated in subsection (5)(b), when required.

(10) If the infrastructure relevant to the application consists of multiple structures, services or facilities, the person in control of those infrastructures must apply for declaration in respect of all such infrastructure as critical infrastructure.

(11) Where the National Commissioner is unable to comply with any of the timeframes contemplated in subsection (5), the National Commissioner must, in writing, apply to the Council in the prescribed form and manner for an extension not exceeding 30 days or such other period as the Council may determine.

(12) Where an extension of time is granted as contemplated in subsection (11), the Council must inform the applicant referred to in subsection (1) in writing of such extension.”

 

CLAUSE 18

  1. On page 14 from line 45, to substitute clause 18 with the following clause:

Application for declaration as critical infrastructure and critical infrastructure complex by National Commissioner

18. (1) Where the National Commissioner identifies for possible declaration as critical infrastructure—

(a)      any infrastructure under the control of or occupied by a local or provincial government department, he or she must advise the relevant municipal manager or the relevant head of the department in the province to lodge an application in terms of section 17; and

(b)      government infrastructure, he or she must lodge an application in accordance with subsection (2).

(2) Where the National Commissioner makes an application for the declaration of government infrastructure as critical infrastructure, the application must, subject to subsection (3), be made in the prescribed form and manner and submitted to the Critical Infrastructure Council for consideration.

(3) Before the National Commissioner makes an application referred to in subsection (1)(b), the National Commissioner must—

(a)      notify the relevant head of a Government department who is the person in control of the infrastructure, in the prescribed form and manner, of the intention of the National Commissioner;

(b)      afford the person referred to in paragraph (a) an opportunity to submit written representations within 60 days on any aspect relating to the intended application;

(c)      consider the representations referred to in paragraph (b); and

(d)      within seven days of taking a decision on whether or not to proceed with the application, notify the person referred to in paragraph (a) in writing of such decision and his or her reasons.

(4) In the event that the National Commissioner decides to proceed with the application, he or she must ensure that the written representations referred to in subsection (3)(b) as well as his or her written reasons referred to in subsection (3)(d) forms part of the application that is submitted to the Council.”

 

CLAUSE 19

  1. On page 15, from line 41, to substitute clause 19 with the following clause:

 “Consideration of application for declaration as critical infrastructure by Critical Infrastructure Council

19. (1) Upon receiving an application for declaration of infrastructure as critical infrastructure, the Critical Infrastructure Council must—

(a)      apply the criteria referred to in section 16(2) in order to determine whether such an application demonstrates that the infrastructure in question qualifies under section 16(1) for declaration as critical infrastructure;

(b)      consider the potential risk category of such an infrastructure, taking into account—

(i)    the prescribed system of categorising infrastructure in a low-risk, medium-risk or high-risk category;

(ii)    the probability of failure, disruption or destruction of the infrastructure in question or threat thereof; and

(iii)   the impact and consequence of failure, disruption or destruction of infrastructure or threat thereof;

(c)      consider the extent to which the declaration as critical infrastructure will promote the interests of the public;

(d)      consider any prescribed guidelines for the identification and declaration of infrastructure as critical infrastructure; and

(e)      take into account any other criteria contemplated in section 16(2)(f).

(2) The Critical Infrastructure Council must, after performing the functions in subsection (1), make recommendations to the Minister on—

(a)      whether or not the infrastructure in question qualifies to be declared as critical infrastructure; and

(b)      an appropriate risk categorisation for the infrastructure.

(3) Before the Council makes a recommendation to the Minister to declare or not to declare the infrastructure as critical infrastructure, the Council must—

(a)      notify the person in control of that critical infrastructure of such intended recommendation and the reasons for such recommendation; and

(b)      afford the person in control of that infrastructure a period of no less than 30 days to make representations.

(4) The Council must consider any representations received in terms of subsection (3) before making a recommendation to the Minister on whether or not to declare the infrastructure as critical infrastructure.

(5) Subject to subsection (3), the Council must within seven days of its last meeting submit the application and its recommendations to the Minister for a decision within 30 days of receipt thereof.

(6) Where the Council is unable to comply with the timeframes as contemplated in subsection (5), the Council must, in writing, request the Minister for an extension not exceeding 30 days or such other period as the Minister may determine.

(7) Where an extension of time is granted as contemplated in subsection (6), the Council must inform the applicant referred to in section 17(1) in writing of such extension.”

 

 

CLAUSE 20

  1. On page 16, from line 1, to substitute clause 20 with the following clause:

Powers of Minister to declare infrastructure as critical infrastructure

20. (1) Subject to subsection (2), the Minister may, on recommendation of the Critical Infrastructure Council—

(a)      declare infrastructure as critical infrastructure after considering—

(i)       whether the application complies with the requirements contemplated in section 16(1);

(ii)      the recommendation of the Critical Infrastructure Council; and

(iii)     any other information which the Minister deems reasonable and appropriate;

(b)      categorise critical infrastructure or certain parts of such critical infrastructure that is declared in terms of paragraph (a) in either a low-risk, medium-risk or high-risk category, as may be prescribed;

(c)      where it is necessary to achieve the objects of this Act, determine that critical infrastructure is part of a critical infrastructure complex; and

(d)      impose such conditions as may be prescribed regarding any steps and measures the person in control of the critical infrastructure must implement to safeguard the critical infrastructure in question.

(2) The Minister must notify the Council, the National Commissioner and the person in control of that critical infrastructure of—

(a)      the declaration of the infrastructure as a critical infrastructure;

(b)      the risk category of such declaration;

(c)      the conditions contemplated in subsection (1)(d);

(d)      any implications of the Income Tax Act, 1962 (Act No. 58 of 1962); and

(e)      the period within which the person in control of that critical infrastructure must take the steps contemplated in section 24(1).

(3) When infrastructure has been declared as critical infrastructure, the Minister may, in consultation with the person in control of the infrastructure, taking into account the probability of compromising the security of the critical infrastructure in question, determine that the publication of information regarding some security measures which must be implemented at such critical infrastructure, be restricted.

(4) The Minister must, in consultation with the Cabinet member responsible for State security, determine the procedure that the National Commissioner and the State Security Agency must follow when dealing with an application contemplated in section 17(4).

(5) Where an application contemplated in section 17(4) is referred to the Cabinet member responsible for State security in terms of any legislation on cybersecurity, the Cabinet member responsible for State security must, within 60 days or such further period as agreed upon between the Ministers, decide whether the infrastructure in question, or any part thereof must be dealt with in terms of any legislation on cybersecurity or not, and inform the Minister in writing of the decision.

(6) Where the Cabinet member responsible for State security decides that an application must not be dealt with in terms of legislation on cybersecurity, the Cabinet member responsible for State security must return the application to the Minister, whereafter the application must be dealt with in terms of this Act.”

 

CLAUSE 21

  1. On page 16, from line 46, to omit “category” and to substitute “categorisation”.
  2. On page 16, from line 47, to omit “and”.
  3. On page 16 from line 49, to omit “.” and to substitute “; and”.
  4. On page 16, after line 49, to insert the following:

(d)     whether information regarding security measures will be restricted.”

  1. On page 16, from line 54, to substitute subclause (4) for the following subclause (4):

“(4) Declaration as critical infrastructure does not exempt a person in control of critical infrastructure from having to comply with the provisions of any other law applicable to the critical infrastructure in question.”

CLAUSE 22

  1.  On page 17, from line 9, to omit “section 20(4)(b)” and to substitute with “section 20(1)(b)”.

CLAUSE 24

  1. On page 18, from line 20, to omit “section 20(5)(e)” and to substitute with “section 20(2)”.
  2. On page 18, from line 35, to omit “section 18(1)” and to substitute with “sections 17(1) or 18(1)(b)”.
  3. On page 18, from line 36, to omit “or 19(1)”.

 

  1. On page 19, on line 6, before “security” to insert “person in the employ of the critical infrastructure as”.
  2. On page 19, on line 23, after “must” to insert “as far as practically possible”.
  3. On page 19, after line 25, to insert the following new subclause (9):

“(9) A person to whom functions are assigned in terms of this Chapter must exercise such powers and perform such duties subject to the Constitution and with due regard to the fundamental rights of every person.”

CLAUSE 25

  1. On page 19, from line 30, after “infrastructure;” to omit “and”.
  2. On page 19, on line 33, after “searched upon” to insert “entering or”.
  3. On page 19, from line 34, after “subsection (5)” to omit the full stop and insert “; and”.
  4. On page 19, after line 34, to insert the following new paragraph (c):

“(c)     ensure that a notification as contemplated in paragraph (b) is placed at the entrance to that critical infrastructure.”

  1. On page 19, on line 52, before “be searched” to insert “subject to subsection (6)”.
  2. On page 20, on line 16, after “searched” to insert “subject to subsection (6)”.

7.       On page 20, from line 17, to substitute subclause (6) for the following subclause (6):

“(6) (a) Any search of a person’s body conducted under subsections (2)(b)(vi) or (5) must be carried out by a person of the same gender, or as preferred in terms of paragraph (d)(ii), with strict regard to the right to privacy and dignity and must be in accordance with the provisions of this section and any other prescribed directive.

  1. When conducting a search of a person’s body under subsections (2)(b)(vi) and (5), the manner of search is restricted to a pat-down of the person’s outer garments to establish whether that person is in possession or control of a prohibited or dangerous object.
  2. A search of a person’s body under subsections (2)(b)(vi) or (5) may only be performed if—
  1.            a reasonable suspicion exists that such a person did not declare a dangerous or prohibited object in his or her possession or under his or her control; and
  2.            the manner of or place where the search is performed does not infringe upon the privacy and dignity of the person to be searched.
  1. Before a security manager or security personnel under the direction of the security manager may search a person referred to in paragraph (c)(i), the person to be searched must be—
  1.            informed of the gender of the person who will conduct the search, the manner of search and the place where the search will be performed; and
  2.            provided with an opportunity to express a preference regarding the gender of the member of the security personnel who must conduct the search.”
  1. On page 20, from line 21, after “subsection (2),” to omit “it”.

 

 

CLAUSE 26

1.       On page 20, from line 29, to substitute clause 26 for the following clause 26:

“(1) Any person whounlawfully—

 (a)     furnishes, disseminates or publishes in any manner whatsoever information relating to the security measures applicable at or in respect of a critical infrastructure other than in accordance with the Protected Disclosures Act, 2000 (Act No. 26 of 2000), Prevention and Combating of Corrupt Activities Act, 2004 (Act No. 12 of 2004) or any other Act of Parliament that provides for the lawful disclosure of information;

(b)      takes or records, or causes to take or record, an analog or digital photographic image, video or film of the security measures at a critical infrastructure;

(c)      hinders, obstructs or disobeys a person in control of a critical infrastructure in taking any steps required or ordered in terms of this Act in relation to the security of any critical infrastructure;

(d)      hinders, obstructs or disobeys any person while performing a function or in doing anything required to be done in terms of this Act;

(e)      enters or gains access to critical infrastructure without the consent of the security manager or person in control of that critical infrastructure;

(f)       enters or gains access to critical infrastructure in contravention of the notice contemplated in section 24(8) or 25(8);

(g)      damages, endangers or disrupts a critical infrastructure or threatens the safety or security at a critical infrastructure or part thereof;

(h)      threatens to damage critical infrastructure; or

(i)       colludes with or assists another person in the commission, performance or carrying out of an activity referred to in paragraphs (a) to (h),

commits an offence and is, subject to subsections (3) and (4), liable on conviction to a fine or to imprisonment for a period not exceeding three years, or to both a fine and imprisonment.

(2) For purposes of subsection (1)(a) and subsection (1)(b), “security measures” means those security measures at critical infrastructure that are not clearly visible to the public or in the public domain.

(3) If the evidence on a charge for any offence in subsection (1)(a) to (i) proves that the activity referred to was carried out with the intention to cause damage or substantial harm to critical infrastructure, a court may, in the case of critical infrastructure categorised as—

(a)      low-risk, impose a fine or imprisonment for a period not exceeding three years or both a fine and imprisonment;

(b)      medium-risk, impose a fine or imprisonment for a period not exceeding five years, or both a fine and imprisonment; or

(c)      high-risk, impose a fine or imprisonment for a period not exceeding seven years, or both a fine and imprisonment.

(4) If the evidence on a charge for any offence in subsection (1)(a) to (i) proves that the activity referred to in fact caused damage, substantial harm or loss of property to the critical infrastructure in question, the court may in the case of critical infrastructure categorised as—

(a)      low-risk, impose a fine or imprisonment for a period not exceeding 10 years, or both a fine and imprisonment;

(b)      medium-risk, impose a fine or imprisonment for a period not exceeding 15 years, or both a fine and imprisonment;

(c)      high-risk, impose a fine or imprisonment for a period not exceeding 20 years, or both a fine and imprisonment.

(5) Any person in control of a critical infrastructure who—

(a)      knowingly furnishes false or incorrect information on an application for declaration as critical infrastructure;

(b)      refuses or fails to comply with a notice issued in terms of section 11(3) or 11(4);

(c)      refuses or fails to take the steps specified in the notice contemplated in section 20(2);

(d)      refuses or fails to take the steps specified in the notice contemplated in section 20(2) within the period specified in the notice;

(e)      refuses or fails to comply with section 24(8) in circumstances where compliance would not severely threaten the security at the critical infrastructure concerned; or

(f)       refuses or fails to comply with section 25(8),

commits an offence and is liable on conviction to a fine or to imprisonment for a period not exceeding five years, or to both a fine and imprisonment or, in the case of a corporate body as contemplated in section 332 of the Criminal Procedure Act, 1977 (Act No. 51 of 1977), a fine not exceeding R10 million.

(6) Whenever a court convicts any person of an offence in terms of this Act where damage to or loss of property related to a critical infrastructure was caused, the prosecutor must direct the attention of the person in control of that critical infrastructure to the provisions of section 300 of the Criminal Procedure Act, 1977 (Act No. 51 of 1977), and inform the court accordingly.”

 

CLAUSE 27

  1. On page 21, from line 46, to omit “section 18(1) or 19(1)” and to substitute with “sections 17(1) or 18(1)(b)”.
  2. On page 21, from line 48, to omit “section 18(3)(a)” and to substitute with “section 17(5)(a)”.
  3. On page 21, from line 49, to omit “sections 18(6) or (9),” and to substitute with “section 17(11) or 19(6)”.
  4. On page 21, from line 51, to omit “section 19(3)(a)” and to substitute with “section 18(3)(a)”.
  5. On page 22, from line 10, to omit “section 16(2)(c)” and to substitute with “section 19(1)(d)”.
  6. On page 22, on line 12, after “infrastructure” to insert “or parts thereof”.
  7. On page 22, from line 13, to omit “section 20(4)(b)” and to substitute with “section 20(1)(b)”.
  8. On page 22, from line 16, to omit “section 20(4)(c)” and to substitute with “section 20(1)(d)”.
  9. On page 22, on line 22, after “security personnel” to insert “, including a security manager”.
  10. On page 22, on line 25, to substitute for subparagraph (ii) the following subparagraph:

“(ii) such standards and training courses as may be determined and recognised by PSIRA that security personnel who render a security service at a critical infrastructure must comply with;”

  1. On page 22, from line 48, to omit “notification” and to substitute “scrutiny”.
  2. On page 22, from line 51, to omit “within three months after” and to substitute “to coincide with”.

 

CLAUSE 30

  1. On page 23, from line 15, to omit “section 20(4)” and to substitute with “section 20(1)”.
  2. On page 23, from line 16, to omit “60” and to insert “48”.
  3. On page 23, from line 22, to omit “section 20” and to substitute with “section 19”.
  4. On page 23, after line 48, to insert the following subclause (8) and subclause (9):

“(8) The Minister must, by notice in the Gazette and within a period of 60 days after the coming into operation of this Act, publish a list containing the names of National Key Points or National Key Point Complexes which are deemed to be critical infrastructure in terms of subsection (1).

(9) In the event that no legislation on cybersecurity is in operation when this Act comes into operation, the Minister must, in consultation with the Cabinet member responsible for State Security, determine interim guidelines on the manner in which an application contemplated in section 17(4) must be dealt with by any person performing a function in terms of this Act.”

 

Report to be considered

 

 

 

Documents

No related documents

What's wrong with this page?