Acts Online
GT Shield

Critical Infrastructure Protection Act, 2019 (Act No. 8 of 2019)

Chapter 6 : Regulations

27. Regulations

 

(1) The Minister may, by notice in the Gazette, make regulations regarding—
(a) factors to be taken into account in making any recommendation in terms of section 7(2) or 9(3)(c) regarding identification, categorisation or declaration of critical infrastructure;
(b) the functioning and meeting procedure of the Critical Infrastructure Council;
(c) the establishment, functions, functioning, meeting and reporting procedure of any committee or forum contemplated in section 9(2) or (3);
(d) the manner in which—
(i) the National Commissioner must apply for the declaration of any infrastructure as critical infrastructure as contemplated in section 9(4);
(ii) the physical security assessment and evaluation contemplated in section 11(1)(c) must be carried out; and
(iii) a notification contemplated in section 23(5)(a) must be issued;
(e) the form and content of—
(i) a compliance notice contemplated in section 11(3) and the manner in which an inspector must issue such a compliance notice;
(ii) a written notice contemplated in section 11(4) and the manner in which such a notice must be issued;
(iii) an application for declaration of critical infrastructure contemplated in sections 17(1) or 18(1)(b) and the manner in which such an application must be lodged;
(iv) a notice contemplated in section 17(4)(a);
(v) an application for an extension contemplated in section 17(10) or 19(6) and the manner in which such an application must be lodged;
(vi) a notice contemplated in section 18(3)(a) and the manner in which such a notice must be issued;
(vii) a certificate contemplated in section 21(1) and the manner in which such a certificate must be issued;
(viii) the register contemplated in section 21(5) and the manner in which such a register must be made accessible to the public;
(ix) the written notice, to order a person to take steps in respect of the security of critical infrastructure, as contemplated in section 24(5), and the manner in which such a notice must be issued;
(x) any notification contemplated in section 25(1)(b) and the manner in which such notification must be issued; and
(xi) any notice or sign that must be placed as contemplated in section 24(8) or 25(8), including the size of the notice or sign and the manner in which it must be placed;
(f) the form of any certificate contemplated in section 10(2);
(g) the procedure, contemplated in section 11(2)(b), that must be followed by inspectors when carrying out duties or exercising powers;
(h) guidelines for the identification and declaration of infrastructure as critical infrastructure, as contemplated in section 19(1)(d);
(i) guidelines and standards to establish a system to categorise critical infrastructure or parts thereof in a low-risk, medium-risk or high-risk category, as contemplated in section 20(1)(b);
(j) any conditions regarding the steps and measures the person in control of critical infrastructure must implement to safeguard the critical infrastructure, as contemplated in section 20(1)(d);
(k) the particulars that must be published where infrastructure has been declared as critical infrastructure or where such declaration has been terminated, as contemplated in section 21(6);
(l) the steps that must be taken by the person in control of critical infrastructure to secure such critical infrastructure as contemplated in section 24(1);
(m) in respect of security personnel, including a security manager
(i) the administration, provisioning and functioning of security service providers at a critical infrastructure;
(ii) such standards and training courses as may be determined and recognised by PSIRA that security personnel who render a security service at a critical infrastructure must comply with;
(iii) the requirements, qualification, security clearance level and procedure of appointment of security personnel at a critical infrastructure;
(iv) grounds which disqualify persons from appointment as security personnel or from continued employment at a critical infrastructure; and
(v) the role and responsibilities of security service providers at a critical infrastructure;
(n) in respect of the physical security measures at a critical infrastructure—
(i) the standards of physical security measures;
(ii) access and egress control at a critical infrastructure; and
(iii) emergency and evacuation procedures at a critical infrastructure; and
(o) any other ancillary or administrative matter that it is necessary or expedient to prescribe for the proper implementation or administration of this Act.

 

(2) Regulations made under this section may provide for a penalty of a fine or imprisonment for a period not exceeding 12 months or both a fine and such imprisonment, for any contravention thereof or for a failure to comply therewith.

 

(3) The Minister may make different regulations for different categories of critical infrastructure.

 

(4) The Minister may issue such practice directives regarding the identification, assessment and management of critical infrastructure as may be required to ensure consistent application of this Act.

 

(5) The Minister must table any proposed regulations in Parliament for scrutiny before promulgation.

 

(6) Any regulation necessary for the immediate implementation of this Act must be promulgated to coincide with the coming into operation of this Act.

 

(7) Before making any regulation in terms of this section, the Minister must—
(a) publish a notice in the Gazette
(i) setting out the draft regulations; and
(ii) inviting written comments to be submitted on the proposed regulations within a specified period; and
(b) consider any comments received.

 

(8) The Minister may, after complying with subsection (7), and whether or not he or she has amended the regulations referred to in subsection (1), after complying with subsection (5), publish the regulations in final form in the Gazette.