A Bill for an Act to amend legislation relating to transport security, and for other purposes
The Parliament of Australia enacts:
1 Short title
This Act is the Transport Security Amendment (Critical Infrastructure) Act 2022.
2 Commencement
(1) Each provision of this Act specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.
| Commencement information |
| Column 1 | Column 2 | Column 3 |
| Provisions | Commencement | Date/Details |
| 1. Sections 1 to 3 and anything in this Act not elsewhere covered by this table | The day this Act receives the Royal Assent. | |
| 2. Schedule 1, Part 1 | A single day to be fixed by Proclamation. However, if the provisions do not commence within the period of 12 months beginning on the day this Act receives the Royal Assent, they commence on the day after the end of that period. | |
| 3. Schedule 1, Part 2 | Immediately after the commencement of the provisions covered by table item 2. | |
| 4. Schedule 2, Part 1 | A single day to be fixed by Proclamation. However, if the provisions do not commence within the period of 12 months beginning on the day this Act receives the Royal Assent, they commence on the day after the end of that period. | |
| 5. Schedule 2, Part 2 | Immediately after the commencement of the provisions covered by table item 4. | |
| 6. Schedule 3, Part 1 | Immediately after the commencement of the provisions covered by table item 2. | |
| 7. Schedule 3, Part 2 | Immediately after the commencement of the provisions covered by table item 4. | |
Note: This table relates only to the provisions of this Act as originally enacted. It will not be amended to deal with any later amendments of this Act.
(2) Any information in column 3 of the table is not part of this Act. Information may be inserted in this column, or information in it may be edited, in any published version of this Act.
3 Schedules
Legislation that is specified in a Schedule to this Act is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this Act has effect according to its terms.
Schedule 1—Amendment of the Aviation Transport Security Act 2004
Part 1—General amendments
Division 1—Amendments
Aviation Transport Security Act 2004
1 Section 4 (after paragraph beginning “Part 6”)
Insert:
Part 6A deals with the submission of reports by aviation industry participants, known consignors and regulated agents.
2 Section 4 (after paragraph beginning “Part 7”)
Insert:
Part 7A provides that the making of a record, or the use or disclosure, of protected information is authorised in particular circumstances but is otherwise an offence.
3 Section 4 (paragraph beginning “Part 8”)
After “infringement notices,”, insert “improvement notices,”.
4 Section 6
Before “Section 15.2”, insert “(1)”.
5 Section 6
After “Act”, insert “(other than section 112E)”.
6 At the end of section 6
Add:
(2) Section 15.1 of the Criminal Code (extended geographical jurisdiction—category A) applies to an offence against section 112E.
7 Section 9
Insert:
access, in relation to a computer program, means the execution of the computer program.
access to computer data means:
(a) in a case where the computer data is held in a computer—the display of the data by the computer or any other output of the data from the computer; or
(b) in a case where the computer data is held in a computer—the copying or moving of the data to:
(i) any other location in the computer; or
(ii) another computer; or
(iii) a data storage device; or
(c) in a case where the computer data is held in a data storage device—the copying or moving of the data to:
(i) a computer; or
(ii) another data storage device.
asset includes:
(a) a system; and
(b) a network; and
(c) a facility; and
(d) a computer; and
(e) a computer device; and
(f) a computer program; and
(g) computer data; and
(h) premises; and
(i) any other thing.
computer means all or part of:
(a) one or more computers; or
(b) one or more computer systems; or
(c) one or more computer networks; or
(d) any combination of the above.
computer data means data held in:
(a) a computer; or
(b) a data storage device.
connected, in relation to equipment, includes connection otherwise than by means of physical contact, for example, a connection by means of radiocommunication.
cyber security incident has the meaning given by section 9B.
data includes information in any form.
data storage device means a thing (for example, a disk or file server) containing (whether temporarily or permanently), or designed to contain (whether temporarily or permanently), data for use by a computer.
electronic communication means a communication of information in any form by means of guided or unguided electromagnetic energy.
impairment of electronic communication to or from a computer includes:
(a) the prevention of any such communication; and
(b) the impairment of any such communication on an electronic link or network used by the computer;
but does not include a mere interception of any such communication.
improvement notice means a notice under subsection 117A(2).
lawful advocacy, protest, dissent or industrial action does not include a cyber security incident.
modification:
(a) in respect of computer data—means:
(i) the alteration or removal of the data; or
(ii) an addition to the data; or
(b) in respect of a computer program—means:
(i) the alteration or removal of the program; or
(ii) an addition to the program.
8 Section 9 (definition of national security)
Repeal the definition.
9 Section 9
Insert:
operation of an aviation industry participant means the operation of the participant in the participant’s capacity as an aviation industry participant.
protected information means information that:
(a) is obtained by a person in the course of exercising powers, or performing duties or functions, under this Act; or
(b) is security compliance information; or
(c) is aviation security information; or
(d) if a transport security program for an aviation industry participant is in force—is about the content of the program.
relevant impact has the meaning given by section 9D.
technical assistance notice has the same meaning as in Part 15 of the Telecommunications Act 1997.
technical assistance request has the same meaning as in Part 15 of the Telecommunications Act 1997.
technical capability notice has the same meaning as in Part 15 of the Telecommunications Act 1997.
unauthorised access, modification or impairment has the meaning given by section 9C.
10 After Division 4 of Part 1
Insert:
Division 4A—Cyber security incidents
9B Meaning of cyber security incident
A cyber security incident is one or more acts, events or circumstances involving any of the following:
(a) unauthorised access to:
(i) computer data; or
(ii) a computer program;
(b) unauthorised modification of:
(i) computer data; or
(ii) a computer program;
(c) unauthorised impairment of electronic communication to or from a computer;
(d) unauthorised impairment of the availability, reliability, security or operation of:
(i) a computer; or
(ii) computer data; or
(iii) a computer program.
9C Meaning of unauthorised access, modification or impairment
(1) For the purposes of this Act:
(a) access to:
(i) computer data; or
(ii) a computer program; or
(b) modification of:
(i) computer data; or
(ii) a computer program; or
(c) the impairment of electronic communication to or from a computer; or
(d) the impairment of the availability, reliability, security or operation of:
(i) a computer; or
(ii) computer data; or
(iii) a computer program;
by a person is unauthorised if the person is not entitled to cause that access, modification or impairment.
(2) For the purposes of subsection (1), it is immaterial whether the person can be identified.
(3) For the purposes of subsection (1), if:
(a) a person causes any access, modification or impairment of a kind mentioned in that subsection; and
(b) the person does so:
(i) under a warrant issued under a law of the Commonwealth, a State or a Territory; or
(ii) under an emergency authorisation given to the person under Part 3 of the Surveillance Devices Act 2004 or under a law of a State or Territory that makes provision to similar effect; or
(iii) under a tracking device authorisation given to the person under section 39 of the Surveillance Devices Act 2004; or
(iv) in accordance with a technical assistance request; or
(v) in compliance with a technical assistance notice; or
(vi) in compliance with a technical capability notice;
the person is entitled to cause that access, modification or impairment.
9D Meaning of relevant impact
Each of the following is a relevant impact of a cyber security incident on an asset:
(a) the impact (whether direct or indirect) of the incident on the availability of the asset;
(b) the impact (whether direct or indirect) of the incident on the integrity of the asset;
(c) the impact (whether direct or indirect) of the incident on the reliability of the asset;
(d) the impact (whether direct or indirect) of the incident on the confidentiality of:
(i) information about the asset; or
(ii) if information is stored in the asset—the information; or
(iii) if the asset is computer data—the computer data.
11 Paragraph 10(1)(a)
Repeal the paragraph, substitute:
(a) taking control of an aircraft:
(i) whether by force, or threat of force, or any other form of intimidation; or
(ii) whether by any trick or false pretence; or
(iii) whether by any other means;
12 Paragraph 10(1)(g)
Omit “false or misleading”.
13 After paragraph 10(1)(g)
Insert:
(ga) doing anything in relation to an aircraft that:
(i) puts the safety of the aircraft at risk; or
(ii) puts the safety of any person on board the aircraft at risk; or
(iii) puts the safety of a person outside the aircraft at risk;
(gb) putting the safe operation of an aviation industry participant at risk by communicating information;
14 Paragraph 10(1)(h)
Omit “at an airport”.
15 Paragraph 10(1)(h)
Omit “the airport” (wherever occurring), substitute “an airport”.
16 At the end of subsection 10(1)
Add:
; (i) committing an act, or causing any interference or damage, that puts the safe operation of an aviation industry participant at risk.
17 At the end of section 10
Add:
(3) If a cyber security incident has a relevant impact on an asset that is:
(a) used in connection with the operation of an aviation industry participant; and
(b) owned or operated by an aviation industry participant;
the cyber security incident is an unlawful interference with aviation.
18 After subsection 16(2)
Insert:
(2A) A transport security program for an aviation industry participant must include a security assessment for the participant’s operation.
(2B) The security assessment under subsection (2A) must:
(a) take into account any documents required in writing by the Secretary to be taken into account; and
(b) address any matters prescribed in the regulations.
(2C) A transport security program for an aviation industry participant must set out how the participant will address the results of the security assessment included in the program.
19 Subsection 19(6)
Repeal the subsection, substitute:
(6) The notice must specify a reasonable period within which the information must be given.
(6A) The Secretary may, if requested to do so by the participant, vary a notice under subsection (5) by extending the period specified in the notice.
20 Paragraph 19(7)(b)
Repeal the paragraph, substitute:
(b) ending at:
(i) if the information requested in that notice was given within the period specified in that notice—the end of the period of 30 days beginning on the day on which the information requested in that notice was received by the Secretary; or
(ii) if the information requested in that notice was not given within the period specified in that notice—the end of that period.
21 Paragraph 23A(7)(b)
Omit “period of 60 days after the request was given”, substitute “consideration period”.
22 At the end of section 23A
Add:
Secretary may request further information
(8) The Secretary may, by written notice given to the participant within the consideration period, request the participant to give the Secretary specified information relevant to the approval of the alterations.
(9) The notice must specify a reasonable period within which the information must be given.
(10) The Secretary may, if requested to do so by the participant, vary a notice under subsection (8) by extending the period specified in the notice.
Consideration period
(11) The consideration period is the period of 60 days starting on the day on which the request was given under subsection (1), extended, for each notice given under subsection (8), by the number of days falling within the period:
(a) starting on the day on which the notice was given; and
(b) ending at:
(i) if the information requested in that notice was given within the period specified in that notice—the end of the period of 30 days beginning on the day on which the information requested in that notice was received by the Secretary; or
(ii) if the information requested in that notice was not given within the period specified in that notice—the end of that period.
23 At the end of Division 5 of Part 2
Add:
26AA Reviewing programs
If:
(a) a transport security program for an aviation industry participant is in force; and
(b) the program was not given to the participant under section 26B;
the participant must review the program on a regular basis.
Civil penalty: 200 penalty units.
24 After subsection 26C(1)
Insert:
(1AA) A transport security program that is given to an aviation industry participant under section 26B may set out the security activities or measures to be undertaken or implemented by the participant under the program for the purposes of safeguarding against unlawful interference with aviation.
(1A) A transport security program that is given to an aviation industry participant under section 26B may include a security assessment for the participant’s operation.
25 Section 39 (paragraph beginning “The matters”)
Omit “examining and clearing”, substitute “cargo”.
26 Division 2A of Part 4 (heading)
Omit “Examining and clearing cargo”, substitute “Cargo”.
27 Section 44C (heading)
Omit “for examining and clearing”, substitute “relating to”.
28 At the end of paragraph 44C(1)(g)
Add:
; or (iv) all aircraft operators; or
(v) one or more specified classes of aircraft operators; or
(vi) one or more specified aircraft operators.
29 After subsection 44C(3A)
Insert:
(3B) A known consignor security program provided to a known consignor under the regulations may include a security assessment for the consignor’s operation.
(3C) A RACA security program provided to a regulated air cargo agent under the regulations may include a security assessment for the agent’s operation.
(3D) An AACA security program provided to an accredited air cargo agent under the regulations may include a security assessment for the agent’s operation.
30 Subsection 67(1)
Repeal the subsection, substitute:
(1) If:
(a) both of the following apply:
(i) a specific threat of unlawful interference with aviation is made or exists;
(ii) the Secretary is satisfied that giving a direction under this subsection is an appropriate response to the threat; or
(b) both of the following apply:
(i) there is a change in the nature of an existing general threat of unlawful interference with aviation;
(ii) the Secretary is satisfied that giving a direction under this subsection is an appropriate response to the threat; or
(c) both of the following apply:
(i) a national emergency declaration (within the meaning of the National Emergency Declaration Act 2020) is in force;
(ii) the Secretary is satisfied that giving a direction under this subsection is appropriate to support the national emergency declaration;
the Secretary may, in writing, direct that:
(d) a specified act or thing be done; or
(e) a specified act or thing not be done.
31 After subsection 70(4)
Insert:
(4A) The Secretary may, by writing, revoke a special security direction.
32 After paragraph 79(2)(g)
Insert:
(ga) operate equipment at a place mentioned in paragraph (a) or (b) for the purposes of testing the equipment; or
(gb) connect equipment to equipment at a place mentioned in paragraph (a) or (b) for the purposes of testing the last‑mentioned equipment; or
33 After subsection 79(2)
Insert:
(2AA) For the purposes of paragraph (2)(g), it is immaterial whether a document in electronic form, or a record in electronic form, is held:
(a) at a place mentioned in paragraph (2)(a) or (b); or
(b) at another place:
(i) in Australia; or
(ii) outside Australia.
(2AB) Subsection (2AA) is enacted for the avoidance of doubt.
34 At the end of Division 2 of Part 5
Add:
80A Investigation powers
Provisions subject to investigation
(1) A provision is subject to investigation under Part 3 of the Regulatory Powers (Standard Provisions) Act 2014 if it is an offence against this Act.
Authorised applicant
(2) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, each of the following persons is an authorised applicant in relation to evidential material that relates to a provision mentioned in subsection (1):
(a) an aviation security inspector;
(b) an SES employee, or an acting SES employee, in the Department.
Note: The expressions SES employee and acting SES employee are defined in section 2B of the Acts Interpretation Act 1901.
Authorised person
(3) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, an aviation security inspector is an authorised person in relation to evidential material that relates to a provision mentioned in subsection (1).
Issuing officer
(4) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, each of the following persons is an issuing officer in relation to evidential material that relates to a provision mentioned in subsection (1);
(a) a magistrate;
(b) a judge of a court that is, for the purposes of that Part, a relevant court in relation to such evidential material.
Note: For relevant court, see subsection (9).
Relevant chief executive
(5) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, the Secretary is the relevant chief executive in relation to evidential material that relates to a provision mentioned in subsection (1).
(6) The relevant chief executive may, in writing, delegate the powers and functions mentioned in subsection (7) to a person who is an SES employee or an acting SES employee in the Department.
Note: The expressions SES employee and acting SES employee are defined in section 2B of the Acts Interpretation Act 1901.
(7) The powers and functions that may be delegated are:
(a) powers under Part 3 of the Regulatory Powers (Standard Provisions) Act 2014 in relation to evidential material that relates to a provision mentioned in subsection (1); and
(b) powers and functions under the Regulatory Powers (Standard Provisions) Act 2014 that are incidental to a power mentioned in paragraph (a).
(8) A person exercising powers or performing functions under a delegation under subsection (6) must comply with any directions of the relevant chief executive.
Relevant court
(9) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, each of the following courts is a relevant court in relation to evidential material that relates to a provision mentioned in subsection (1):
(a) the Federal Court;
(b) the Federal Circuit and Family Court of Australia (Division 2);
(c) a court of a State or Territory that has jurisdiction in relation to matters arising under this Act.
Person assisting
(10) An authorised person may be assisted by other persons in exercising powers, or performing functions or duties, under Part 3 of the Regulatory Powers (Standard Provisions) Act 2014 in relation to evidential material that relates to a provision mentioned in subsection (1), so long as those other persons have appropriate skills and expertise to assist the authorised person.
External Territories
(11) Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, as it applies in relation to the provisions mentioned in subsection (1), extends to every external Territory.
Other powers not limited
(12) This section does not, by implication, limit a power conferred by another provision of this Division.
80B Persons to assist aviation security inspectors
Scope
(1) If a person is:
(a) an aviation industry participant; or
(b) an employee of an aviation industry participant;
an aviation security inspector may, by written notice given to the person, require the person to provide the inspector with specified assistance that is reasonably necessary to allow the inspector to exercise powers conferred on the inspector by this Act.
Compliance with notice
(2) A person must comply with a notice under subsection (1).
Civil penalty: 150 penalty units.
Liability
(3) A person is not liable to an action or other proceeding for damages for, or in relation to, an act done or omitted in good faith in compliance with a notice under subsection (1).
(4) An officer, employee or agent of a person is not liable to an action or other proceeding for damages for, or in relation to, an act done or omitted in good faith in connection with an act done or omitted by the person as mentioned in subsection (3).
80C Information gathering direction
Direction
(1) If:
(a) a person is:
(i) an aviation industry participant; or
(ii) an employee of an aviation industry participant; and
(b) an aviation security inspector has reason to believe that the person has, or is capable of obtaining, information that is reasonably necessary to allow the inspector to exercise powers conferred on the inspector by this Act;
the aviation security inspector may, by written notice given to the person, direct the person to:
(c) give any such information to the aviation security inspector; and
(d) do so within the period, and in the manner, specified in the direction.
Offence
(2) A person commits an offence if:
(a) the person is given a notice under subsection (1); and
(b) the person engages in conduct; and
(c) the person’s conduct breaches the notice.
Penalty: 45 penalty units.
(3) Subsection (2) is an offence of strict liability.
Other powers not limited
(4) This section does not, by implication, limit a power conferred by another provision of this Act.
80D Self‑incrimination
(1) An individual is not excused from giving information under section 80C on the ground that giving the information might tend to incriminate the individual in relation to an offence.
Note: A body corporate is not entitled to claim the privilege against self‑incrimination.
(2) However:
(a) the information given; or
(b) giving the information; or
(c) any information, document or thing obtained as a direct or indirect consequence of giving the information;
is not admissible in evidence against the individual:
(d) in civil proceedings for the recovery of a penalty; or
(e) in criminal proceedings (other than proceedings for an offence against section 137.1 or 137.2 of the Criminal Code that relates to giving the information).
(3) If, at general law, an individual would otherwise be able to claim the privilege against self‑exposure to a penalty (other than a penalty for an offence) in relation to giving information under section 80C, the individual is not excused from giving information or producing a document under that section on that ground.
Note: A body corporate is not entitled to claim the privilege against self‑exposure to a penalty.
80E Persons assisting aviation security inspectors
Aviation security inspectors may be assisted by other persons
(1) An aviation security inspector may be assisted by other persons in exercising powers under section 79 or 80, so long as those other persons have appropriate skills and expertise to assist the aviation security inspector.
(2) A person giving such assistance is a person assisting the aviation security inspector.
Powers of a person assisting
(3) A person assisting the aviation security inspector:
(a) may exercise any of the powers conferred on the aviation security inspector under section 79 or 80, as the case requires; and
(b) must do so in accordance with a direction given to the person assisting by the aviation security inspector.
(4) A power exercised by a person assisting the aviation security inspector as mentioned in subsection (3) is taken for all purposes to have been exercised by the aviation security inspector.
(5) If a direction is given under paragraph (3)(b) in writing, the direction is not a legislative instrument.
35 Paragraph 100(1)(a)
After “aviation security incident”, insert “(other than a cyber security incident)”.
36 At the end of section 100
Add:
Cyber security incidents
(4) If:
(a) an aviation industry participant is an airport operator; and
(b) the participant becomes aware of an aviation security incident that is a cyber security incident;
the participant must:
(c) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(d) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the participant believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the participant has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
37 Paragraph 101(1)(a)
After “aviation security incident”, insert “(other than a cyber security incident)”.
38 At the end of section 101
Add:
Cyber security incidents
(4) If:
(a) an aviation industry participant is an aircraft operator; and
(b) the participant becomes aware of an aviation security incident that is a cyber security incident;
the participant must:
(c) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(d) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the participant believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the participant has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
39 Paragraph 102(1)(a)
After “aviation security incident”, insert “(other than a cyber security incident)”.
40 After subsection 102(3)
Insert:
Cyber security incidents
(3A) If:
(a) a person is a person with incident reporting responsibilities; and
(b) the person becomes aware of an aviation security incident that is a cyber security incident;
the person must:
(c) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(d) do so as soon as possible.
Civil penalty: 50 penalty units.
(3B) Subsection (3A) does not apply in relation to a report that must be made to a particular person or body (the person or body to be notified) if:
(a) the person with incident reporting responsibilities believes, on reasonable grounds, that the person or body to be notified is already aware of the incident; or
(b) the person with incident reporting responsibilities has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (3B) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
41 Before subsection 102(4)
Insert:
Persons with incident reporting responsibilities
42 Paragraph 103(1)(a)
After “aviation security incident”, insert “(other than a cyber security incident)”.
43 At the end of section 103
Add:
Cyber security incidents
(4) If:
(a) an employee is an employee of an aviation industry participant; and
(b) the employee becomes aware of an aviation security incident that is a cyber security incident;
the employee must:
(c) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(d) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the employee believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the employee has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
44 Subsection 104(1)
After “aviation security incidents”, insert “(other than cyber security incidents)”.
45 Subsection 105(1)
After “aviation security incidents”, insert “(other than cyber security incidents)”.
46 Subsection 106(1)
After “aviation security incidents”, insert “(other than cyber security incidents)”.
47 After Part 6
Insert:
Part 6A—Reports by aviation industry participants, known consignors and regulated agents
107A Simplified outline of this Part
Certain aviation industry participants are required to submit periodic reports.
If an aviation industry participant has been given a transport security program, the Secretary may require the participant to submit a report.
If a known consignor has been provided with a known consignor security program, the Secretary may require the known consignor to submit a report.
If a regulated cargo agent has been provided with a RACA security program, the Secretary may require the agent to submit a report.
If an accredited air cargo agent has been provided with an AACA security program, the Secretary may require the agent to submit a report.
107B Certain aviation industry participants must submit periodic reports
Scope
(1) This section applies if:
(a) a transport security program was, or is, in force for an aviation industry participant; and
(b) an applicable reporting period for the transport security program has ended; and
(c) the transport security program was not given to the participant under section 26B; and
(d) the transport security program included, or includes, a security assessment; and
(e) the participant is included in a class of aviation industry participants specified in the regulations.
Periodic report
(2) The participant must, within 90 days after the end of the applicable reporting period, give the Secretary a report that:
(a) relates to the applicable reporting period; and
(b) sets out such matters (if any) as are specified in the regulations; and
(c) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the transport security program was up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the transport security program was not up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(d) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the transport security program adequately addressed the relevant requirements under Division 4 of Part 2 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the transport security program did not adequately address the relevant requirements under Division 4 of Part 2 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(e) is in the form approved, in writing, by the Secretary.
Civil penalty: 150 penalty units.
(3) A matter must not be specified in regulations made for the purposes of paragraph (2)(b) unless the matter relates to:
(a) unlawful interference with aviation; or
(b) safeguarding against unlawful interference with aviation.
(4) A report given by a person under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
Applicable reporting period for a transport security program
(5) For the purposes of this section, an applicable reporting period for a transport security program is:
(a) if the transport security program has been in force for at least 30 months:
(i) the 30‑month period that began when the program came into force; or
(ii) the remainder of the period for which the program was in force; or
(b) in any other case—the period when the transport security program was in force.
(6) However, an applicable reporting period for a transport security program does not include a day that occurred before the commencement of this section.
107C Secretary may require an aviation industry participant to submit report
Scope
(1) This section applies if:
(a) a transport security program was, or is, in force for an aviation industry participant; and
(b) the transport security program was given to the participant under section 26B.
Notice
(2) The Secretary may, by written notice given to the participant, require the participant to:
(a) give the Secretary a report that:
(i) relates to the period specified in the notice; and
(ii) sets out such matters (if any) as are specified in the regulations; and
(iii) is in the form approved, in writing, by the Secretary; and
(b) do so within 90 days after the notice is given.
(3) The period specified in the notice:
(a) must consist of, or be included in, the period for which the transport security program was, or is, in force; and
(b) must end before the notice is given; and
(c) must begin after the commencement of this section.
(4) A matter must not be specified in regulations made for the purposes of subparagraph (2)(a)(ii) unless the matter relates to:
(a) unlawful interference with aviation; or
(b) safeguarding against unlawful interference with aviation.
Compliance
(5) A person must comply with a notice under subsection (2).
Civil penalty: 150 penalty units.
(6) A report given by a person in compliance with a notice under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
107D Secretary may require a known consignor to submit report
Scope
(1) This section applies if:
(a) a known consignor security program was, or is, in force for a known consignor; and
(b) the known consignor security program was provided to the known consignor under the regulations.
Notice
(2) The Secretary may, by written notice given to the known consignor, require the known consignor to:
(a) give the Secretary a report that:
(i) relates to the period specified in the notice; and
(ii) sets out such matters (if any) as are specified in the regulations; and
(iii) is in the form approved, in writing, by the Secretary; and
(b) do so within 90 days after the notice is given.
(3) The period specified in the notice:
(a) must consist of, or be included in, the period for which the known consignor security program was, or is, in force; and
(b) must end before the notice is given; and
(c) must begin after the commencement of this section.
(4) A matter must not be specified in regulations made for the purposes of subparagraph (2)(a)(ii) unless the matter relates to:
(a) unlawful interference with aviation; or
(b) safeguarding against unlawful interference with aviation.
Compliance
(5) A person must comply with a notice under subsection (2).
Civil penalty: 150 penalty units.
(6) A report given by a person in compliance with a notice under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
107E Secretary may require a regulated air cargo agent to submit report
Scope
(1) This section applies if:
(a) a RACA security program was, or is, in force for a regulated air cargo agent; and
(b) the RACA security program was provided to the regulated air cargo agent under the regulations.
Notice
(2) The Secretary may, by written notice given to the regulated air cargo agent, require the regulated air cargo agent to:
(a) give the Secretary a report that:
(i) relates to the period specified in the notice; and
(ii) sets out such matters (if any) as are specified in the regulations; and
(iii) is in the form approved, in writing, by the Secretary; and
(b) do so within 90 days after the notice is given.
(3) The period specified in the notice:
(a) must consist of, or be included in, the period for which the RACA security program was, or is, in force; and
(b) must end before the notice is given; and
(c) must begin after the commencement of this section.
(4) A matter must not be specified in regulations made for the purposes of subparagraph (2)(a)(ii) unless the matter relates to:
(a) unlawful interference with aviation; or
(b) safeguarding against unlawful interference with aviation.
Compliance
(5) A person must comply with a notice under subsection (2).
Civil penalty: 150 penalty units.
(6) A report given by a person in compliance with a notice under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
107F Secretary may require an accredited air cargo agent to submit report
Scope
(1) This section applies if:
(a) an AACA security program was, or is, in force for an accredited air cargo agent; and
(b) the AACA security program was provided to the accredited air cargo agent under the regulations.
Notice
(2) The Secretary may, by written notice given to the accredited air cargo agent, require the accredited air cargo agent to:
(a) give the Secretary a report that:
(i) relates to the period specified in the notice; and
(ii) sets out such matters (if any) as are specified in the regulations; and
(iii) is in the form approved, in writing, by the Secretary; and
(b) do so within 90 days after the notice is given.
(3) The period specified in the notice:
(a) must consist of, or be included in, the period for which the AACA security program was, or is, in force; and
(b) must end before the notice is given; and
(c) must begin after the commencement of this section.
(4) A matter must not be specified in regulations made for the purposes of subparagraph (2)(a)(ii) unless the matter relates to:
(a) unlawful interference with aviation; or
(b) safeguarding against unlawful interference with aviation.
Compliance
(5) A person must comply with a notice under subsection (2).
Civil penalty: 150 penalty units.
(6) A report given by a person in compliance with a notice under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
48 Subsection 109(2)
After “has”, insert “, or is capable of obtaining,”.
49 After Part 7
Insert:
Part 7A—Use and disclosure of protected information
Division 1—Simplified outline of this Part
112AA Simplified outline of this Part
The making of a record, or the use or disclosure, of protected information is authorised in particular circumstances but is otherwise an offence.
Division 2—Authorised use and disclosure
112A Authorised use and disclosure—performing functions etc.
(1) A person may make a record of, use or disclose protected information if the person makes the record, or uses or discloses the information, for the purposes of:
(a) exercising the person’s powers, or performing the person’s functions or duties, under this Act; or
(b) otherwise ensuring compliance with a provision of this Act.
Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
(2) A person may make a record of, use or disclose protected information if the person makes the record, or uses or discloses the information, for purposes in connection with the administration or execution of this Act.
Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
112B Authorised use and disclosure—other person’s functions etc.
(1) The Secretary may:
(a) disclose protected information to a person mentioned in subsection (2); and
(b) make a record of or use protected information for the purpose of that disclosure;
for the purposes of enabling or assisting the person to exercise the person’s powers or perform the person’s functions or duties.
Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
(2) The persons to whom the Secretary may disclose protected information are the following:
(a) a Minister of the Commonwealth who has responsibility for any of the following:
(i) national security;
(ii) law enforcement;
(iii) foreign investment in Australia;
(iv) taxation policy;
(v) industry policy;
(vi) promoting investment in Australia;
(vii) defence;
(viii) customs;
(ix) immigration;
(x) transport;
(xi) health;
(xii) biosecurity;
(xiii) emergency management;
(xiv) the regulation or oversight of aviation safety;
(xv) a matter specified in an instrument made under subsection (3);
(b) a Minister of a State, the Australian Capital Territory, or the Northern Territory, who has responsibility for any of the following:
(i) emergency management;
(ii) transport;
(iii) health;
(iv) law enforcement;
(v) a matter specified in an instrument made under subsection (4);
(c) a person employed as a member of staff of a Minister mentioned in paragraph (a) or (b);
(d) the head of an agency (including a Department) administered by a Minister mentioned in paragraph (a) or (b), or an officer or employee of that agency.
(3) The Minister may, by legislative instrument, specify one or more matters for the purposes of subparagraph (2)(a)(xv).
(4) The Minister may, by legislative instrument, specify one or more matters for the purposes of subparagraph (2)(b)(v).
112C Authorised disclosure relating to law enforcement
The Secretary may disclose protected information to an enforcement body (within the meaning of the Privacy Act 1988) for the purposes of one or more enforcement related activities (within the meaning of that Act) conducted by or on behalf of the enforcement body.
Note: This section is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
112CA Authorised disclosure—instrument made by Secretary
(1) A person may disclose protected information to another person for a particular purpose if:
(a) the other person is specified in an instrument under subsection (2); and
(b) the purpose is specified in the instrument in relation to the other person.
Note 1: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
Note 2: For record‑keeping requirements, see section 112H.
(2) The Secretary may, by legislative instrument, specify:
(a) one or more persons for the purposes of subsection (1); and
(b) for each of those persons—one or more purposes in relation to the person concerned.
112D Secondary use and disclosure of protected information
A person may make a record of, use or disclose protected information if:
(a) the person obtains the information under this Division (including this section); and
(b) the person makes the record, or uses or discloses the information, for the purposes for which the information was disclosed to the person.
Note: This section is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
Division 3—Offence for unauthorised use or disclosure
112E Offence for unauthorised use or disclosure of protected information
A person commits an offence if:
(a) the person obtains information; and
(b) the information is protected information; and
(c) the person:
(i) makes a record of the information; or
(ii) discloses the information to another person; or
(iii) otherwise uses the information; and
(d) the making of the record, or the disclosure or use, is not authorised by this Act.
Penalty: Imprisonment for 2 years or 120 penalty units, or both.
112F Exceptions to offence for unauthorised use or disclosure
Required or authorised by law
(1) Section 112E does not apply if the making of the record, or the disclosure or use, of the protected information is required or authorised by or under:
(a) a law of the Commonwealth; or
(b) a law of a State or Territory prescribed by the regulations.
Good faith
(2) Section 112E does not apply to a person to the extent that the person makes a record of, discloses or otherwise uses protected information in good faith and in purported compliance with this Act.
Person to whom the protected information relates
(3) Section 112E does not apply to a person if:
(a) the person discloses protected information to the person to whom the information relates; or
(b) the person is the person to whom the protected information relates; or
(c) the making of the record, or the disclosure or use, of the protected information is in accordance with the express or implied consent of the person to whom the information relates.
Note: A defendant bears an evidential burden in relation to the matters in this section (see subsection 13.3(3) of the Criminal Code).
112G No requirement to provide information
(1) A person is not (subject to subsections (2) and (3)) to be required to disclose protected information, or produce a document containing protected information, to:
(a) a court; or
(b) a tribunal, authority or person that has the power to require the answering of questions or the production of documents.
(2) Subsection (1) does not prevent a person from being required to disclose protected information, or to produce a document containing protected information, if it is necessary to do so for the purposes of giving effect to this Act.
(3) Subsection (1) does not prevent a person from being required to disclose protected information, or to produce a document containing protected information, in a judicial review proceeding before:
(a) the High Court of Australia; or
(b) the Federal Court; or
(c) the Federal Circuit and Family Court of Australia (Division 2).
Division 4—Record‑keeping
112H Record‑keeping requirements
(1) If:
(a) a person (the first person) discloses protected information to another person (the recipient); and
(b) the disclosure is covered by section 112CA;
the first person must:
(c) make a record of:
(i) the disclosure; and
(ii) the identity of the recipient; and
(d) keep the record for 90 days.
(2) A person commits an offence if:
(a) the person is subject to a requirement under subsection (1); and
(b) the person engages in conduct; and
(c) the conduct breaches the requirement.
Penalty for contravention of this subsection: 50 penalty units.
50 Section 116 (paragraph beginning “To ensure”)
After “criminal offences”, insert “or civil penalties”.
51 Section 116 (paragraph beginning “To ensure”)
After “criminal prosecution”, insert “or civil penalty proceedings”.
52 Section 116 (paragraph beginning “The enforcement options”)
Repeal the paragraph, substitute:
The enforcement options (and the relevant Divisions) are as follows:
(a) infringement notices (Division 2);
(b) improvement notices (Division 2A);
(c) enforcement orders (Division 3);
(d) enforceable undertakings (Division 3A);
(e) injunctions (Division 4);
(f) demerit points system (Division 5).
53 After Division 2 of Part 8
Insert:
Division 2A—Improvement notices
117A Improvement notices
Scope
(1) This section applies if an aviation security inspector reasonably believes that an aviation industry participant:
(a) is contravening a provision of this Act; or
(b) has contravened a provision of this Act in circumstances that make it likely that the contravention will continue or be repeated; or
(c) is likely to contravene a provision of this Act.
Improvement notice
(2) The aviation security inspector may give the aviation industry participant a written notice requiring the participant to:
(a) remedy the contravention; or
(b) prevent the likely contravention from occurring; or
(c) remedy the things or operations causing the contravention or likely contravention.
(3) A notice under subsection (2) is to be known as an improvement notice.
117B Contents of improvement notices
(1) An improvement notice given to an aviation industry participant by an aviation security inspector must state:
(a) that the inspector reasonably believes that the participant:
(i) is contravening a provision of this Act; or
(ii) has contravened a provision of this Act in circumstances that make it likely that the contravention will continue or be repeated; or
(iii) is likely to contravene a provision of this Act; and
(b) the provision the inspector believes is being, has been, or is likely to be, contravened; and
(c) briefly, how the provision is being, has been, or is likely to be, contravened; and
(d) the period within which the participant must comply with the notice.
(2) The improvement notice may include directions concerning the measures to be taken to:
(a) remedy the contravention; or
(b) prevent the likely contravention from occurring; or
(c) remedy the things or operations causing the contravention or likely contravention.
(3) The period stated for compliance with the improvement notice must be reasonable in all the circumstances.
117C Compliance with improvement notice
(1) A person commits an offence if:
(a) the person is:
(i) an aircraft operator; or
(ii) an airport operator; and
(b) the person is given an improvement notice; and
(c) the person engages in conduct; and
(d) the person’s conduct breaches the improvement notice.
Penalty: 200 penalty units.
(2) Subsection (1) is an offence of strict liability.
(3) A person commits an offence if:
(a) the person is an aviation industry participant other than:
(i) an aircraft operator; or
(ii) an airport operator; and
(b) the person is given an improvement notice; and
(c) the person engages in conduct; and
(d) the person’s conduct breaches the improvement notice.
Penalty: 100 penalty units.
(4) Subsection (3) is an offence of strict liability.
117D Extension of time for compliance with improvement notices
Scope
(1) This section applies if a person has been given an improvement notice.
Extension of compliance period
(2) An aviation security inspector may, by written notice given to the person, extend the compliance period for the improvement notice.
(3) However, the aviation security inspector may extend the compliance period only if the period has not ended.
(4) In this section, compliance period means the period stated in the improvement notice under section 117B, and includes that period as extended under this section.
117E Variation of improvement notices
Scope
(1) This section applies if a person has been given an improvement notice.
Changes
(2) An aviation security inspector may, by written notice given to the person, vary the notice.
(3) An aviation security inspector may also, in accordance with section 117D, extend the compliance period for an improvement notice.
117F Revocation of improvement notices
(1) If:
(a) a person has been given an improvement notice; and
(b) at a time during the compliance period for the notice, an aviation security inspector forms a reasonable belief that the notice is no longer required for the purposes of requiring the person to:
(i) remedy a contravention of this Act; or
(ii) prevent a likely contravention of this Act from occurring; or
(iii) remedy the things or operations causing a contravention, or likely contravention, of this Act;
the inspector must, by written notice given to the person, revoke the notice.
(2) In this section, compliance period means the period stated in the improvement notice under section 117B, and includes that period as extended under section 117D.
117G Formal irregularities or defects in improvement notices
An improvement notice is not invalid only because of:
(a) a formal defect or irregularity in the notice unless the defect or irregularity causes or is likely to cause substantial injustice; or
(b) a failure to use the correct name of the person to whom the notice is issued if the notice sufficiently identifies the person.
54 At the end of Part 8
Add:
Division 6—Civil penalties
125A Civil penalty provision
Enforceable civil penalty provision
(1) A civil penalty provision in this Act is enforceable under Part 4 of the Regulatory Powers (Standard Provisions) Act 2014.
Note: Part 4 of the Regulatory Powers (Standard Provisions) Act 2014 allows a civil penalty provision to be enforced by obtaining an order for a person to pay a pecuniary penalty for the contravention of the provision.
Authorised applicant
(2) For the purposes of Part 4 of the Regulatory Powers (Standard Provisions) Act 2014, the Secretary is an authorised applicant in relation to a civil penalty provision in this Act.
Relevant court
(3) For the purposes of Part 4 of the Regulatory Powers (Standard Provisions) Act 2014, the Federal Court of Australia and the Federal Circuit and Family Court of Australia (Division 2) are relevant courts in relation to a civil penalty provision in this Act.
Extension to external Territories etc.
(4) Part 4 of the Regulatory Powers (Standard Provisions) Act 2014, as it applies in relation to a civil penalty provision in this Act, extends to every external Territory.
55 Before section 126
Insert:
Division 1—External review
56 At the end of subsection 126(1)
Add:
; or (g) under section 126D (internal review).
57 At the end of Part 9
Add:
Division 2—Internal review
126B Which decisions are internally reviewable
The following table sets out:
(a) decisions made under this Act that are internally reviewable in accordance with this Division (internally reviewable decisions); and
(b) who is eligible to apply for review of an internally reviewable decision (the eligible person).
| Internally reviewable decisions |
| Item | Provision under which internally reviewable decision is made | Eligible person in relation to internally reviewable decision |
| 1 | Section 117A (giving an improvement notice). | The person to whom the notice was given. |
| 2 | Section 117D (extension of time for compliance with improvement notice). | The person to whom the notice was given. |
| 3 | Section 117E (variation of improvement notice). | The person to whom the notice was given. |
126C Application for internal review
(1) An eligible person in relation to an internally reviewable decision may apply to the Secretary for review (an internal review) of the decision within:
(a) the prescribed time after the day on which the decision first came to the eligible person’s notice; or
(b) such longer period as the Secretary allows.
(2) The application must be made in the manner and form required by the Secretary.
(3) For the purposes of this section, the prescribed time is:
(a) in the case of a decision to give an improvement notice—the period specified in the notice for compliance with the notice or 14 days, whichever is the lesser; and
(b) in any other case—14 days.
126D Decision on internal review
(1) The Secretary must:
(a) review the internally reviewable decision; and
(b) make a decision:
(i) as soon as is reasonably practicable; and
(ii) in any event, within 14 days after the application for internal review is received.
(2) The decision may be:
(a) to confirm or vary the internally reviewable decision; or
(b) to set aside the internally reviewable decision and substitute another decision that the Secretary considers appropriate.
(3) If the Secretary seeks further information from the applicant, the 14‑day period ceases to run until the applicant provides the information to the Secretary.
(4) The applicant must provide the further information within the time (being not less than 7 days) specified by the Secretary in the request for information.
(5) If the applicant does not provide the further information within the required time, the decision is taken to have been confirmed by the Secretary at the end of that time.
(6) If the internally reviewable decision is not varied or set aside within the 14‑day period, the decision is taken to have been confirmed by the Secretary.
126E Notification of decision on internal review
As soon as practicable after reviewing the decision, the Secretary must give the applicant in writing:
(a) the decision on the internal review; and
(b) the reasons for the decision.
126F Stays of internally reviewable decisions
(1) If an application is made for an internal review of a decision to issue an improvement notice, the Secretary may stay the operation of the decision pending a decision on the internal review.
(2) A stay of the operation of a decision pending a decision on an internal review continues until whichever of the following is the earlier:
(a) the end of the period for applying to the Administrative Appeals Tribunal for review of the decision made on the internal review;
(b) an application is made to the Administrative Appeals Tribunal for review of the decision made on the internal review.
58 Subsection 127(1)
After “this Act”, insert “(other than powers or functions under Division 2 of Part 9)”.
59 Paragraph 127(1)(b)
Omit “that carries on activities that relate to national security”.
60 Subsection 127(1A)
After “the delegation”, insert “in writing”.
61 After paragraph 127(2)(b)
Insert:
; or (c) Division 2 of Part 9;
62 After subsection 127(2A)
Insert:
(2B) The Secretary may, by writing, delegate all or any of the Secretary’s powers and functions under Division 2 of Part 9 to an SES employee who holds, or performs the duties of, an SES Band 2 position, or an SES Band 3 position, in the Department.
63 After subsection 132(2)
Insert:
(2A) This Act also has the effect that it would have if:
(a) each reference to an aviation industry participant were expressly confined to an aviation industry participant that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(b) each reference to an airport operator were expressly confined to an airport operator that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(c) each reference to an aircraft operator were expressly confined to an aircraft operator that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(d) each reference to a known consignor were expressly confined to a known consignor that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(e) each reference to a regulated air cargo agent were expressly confined to a regulated air cargo agent that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(f) each reference to an accredited air cargo agent were expressly confined to an accredited air cargo agent that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(g) each reference to a regulated agent were expressly confined to a regulated agent that is a corporation to which paragraph 51(xx) of the Constitution applies.
Division 2—Application provisions
64 Application—transport security programs
(1) The amendment of section 16 of the Aviation Transport Security Act 2004 made by this Part applies in relation to a transport security program for an aviation industry participant if:
(a) the participant gives the program to the Secretary under section 18 of that Act after the commencement of this item; or
(b) the participant gives a copy of the program to the Secretary under section 22 of that Act after the commencement of this item; or
(c) the participant gives the program to the Secretary in compliance with a notice that was given under section 23 of that Act after the commencement of this item.
(2) Despite subitem (1), in determining, for the purposes of sections 21, 23, 23A and 25 of the Aviation Transport Security Act 2004, whether a transport security program adequately addresses the relevant requirements under Division 4 of Part 2 of that Act, assume that the amendment of section 16 of that Act made by this Part applies in relation to the program.
(3) The amendment of section 26C of the Aviation Transport Security Act 2004 made by this Part applies in relation to a transport security program if the program is given to an aviation industry participant under section 26B of that Act after the commencement of this item.
65 Application—known consignor security programs
(1) Subsection 44C(3B) of the Aviation Transport Security Act 2004 (as amended by this Part) applies in relation to a known consignor security program if the program is given to a known consignor under the regulations after the commencement of this item.
(2) For the purposes of this item, regulations means regulations made under the Aviation Transport Security Act 2004.
66 Application—RACA security programs
(1) Subsection 44C(3C) of the Aviation Transport Security Act 2004 (as amended by this Part) applies in relation to a RACA security program if the program is given to a regulated cargo agent under the regulations after the commencement of this item.
(2) For the purposes of this item, regulations means regulations made under the Aviation Transport Security Act 2004.
67 Application—AACA security programs
(1) Subsection 44C(3D) of the Aviation Transport Security Act 2004 (as amended by this Part) applies in relation to an AACA security program if the program is given to an accredited cargo agent under the regulations after the commencement of this item.
(2) For the purposes of this item, regulations means regulations made under the Aviation Transport Security Act 2004.
68 Application—security directions
The amendment of section 67 of the Aviation Transport Security Act 2004 made by this Part applies in relation to a special security direction given after the commencement of this item.
68A Application—request for further information
The amendments of section 19 of the Aviation Transport Security Act 2004 made by this Part apply in relation to a notice given under subsection 19(5) of that Act after the commencement of this item.
68B Application—deemed refusal of request for alterations of a transport security program
The amendment of paragraph 23A(7)(b) of the Aviation Transport Security Act 2004 made by this Part applies in relation to a request given by an aviation industry participant after the commencement of this item.
Part 2—Other amendments
Division 1—Amendments
Aviation Transport Security Act 2004
69 Subsection 3(1)
After “aviation”, insert “and operational interference with aviation”.
70 Subsection 3(2)
Omit “security” (first occurring).
71 Section 4 (paragraph beginning “This Act establishes”)
After “aviation”, insert “and operational interference with aviation”.
72 Section 4 (paragraph beginning “Part 2”)
After “operations”, insert “, and may also deal with safeguarding against operational interference with aviation”.
73 Section 9
Insert:
critical aviation industry participant has the meaning given by section 10B.
operational interference with aviation has the meaning given by section 10AA.
relevant interference has the meaning given by section 9E.
74 After Division 4A of Part 1
Insert:
Division 4B—Relevant interference
9E Meaning of relevant interference
(1) Each of the following is a relevant interference with an asset:
(a) interference (whether direct or indirect) with the availability of the asset;
(b) interference (whether direct or indirect) with the integrity of the asset;
(c) interference (whether direct or indirect) with the reliability of the asset;
(d) interference (whether direct or indirect) with the confidentiality of:
(i) information about the asset; or
(ii) if information is stored in the asset—the information; or
(iii) if the asset is computer data—the computer data.
(2) Each of the following is a relevant interference with the operation of an aviation industry participant:
(a) interference (whether direct or indirect) with the availability of the operation of the participant;
(b) interference (whether direct or indirect) with the integrity of the operation of the participant;
(c) interference (whether direct or indirect) with the reliability of the operation of the participant;
(d) interference (whether direct or indirect) with the confidentiality of information relating to the operation of the participant.
75 After Division 5 of Part 1
Insert:
Division 5A—Operational interference with aviation
10AA Meaning of operational interference with aviation
(1) For the purposes of this Act, operational interference with aviation means:
(a) committing, or attempting to commit, an act that results in a relevant interference with the operation of an aviation industry participant; or
(b) committing, or attempting to commit, an act that results in a relevant interference with an asset that is:
(i) used in connection with the operation of an aviation industry participant; and
(ii) owned or operated by an aviation industry participant; or
(c) the occurrence of a hazard that results in a relevant interference with the operation of an aviation industry participant; or
(d) the occurrence of a hazard that results in a relevant interference with an asset that is:
(i) used in connection with the operation of an aviation industry participant; and
(ii) owned or operated by an aviation industry participant.
(2) However, operational interference with aviation does not include any of the following:
(a) unlawful interference with aviation;
(b) lawful advocacy, protest, dissent or industrial action.
76 At the end of Part 1
Add:
Division 7—Critical aviation industry participants
10B Minister may declare critical aviation industry participants
(1) The Minister may, by writing, declare that a specified aviation industry participant is a critical aviation industry participant for the purposes of this Act.
(2) A declaration under subsection (1) is not a legislative instrument.
(3) Subsection 33(3AB) of the Acts Interpretation Act 1901 does not apply to subsection (1) of this section.
Note: Subsection 33(3AB) of the Acts Interpretation Act 1901 deals with specification by class.
(4) The Minister must not specify an aviation industry participant under subsection (1) unless the Minister is satisfied that:
(a) the participant is critical to:
(i) the social or economic stability of Australia or its people; or
(ii) the defence of Australia; or
(iii) national security (within the meaning of the Security of Critical Infrastructure Act 2018); and
(b) there is a risk, in relation to the participant, that may be prejudicial to security (within the meaning of the Australian Security Intelligence Organisation Act 1979).
(5) In making a declaration under subsection (1), the Minister must have regard to:
(a) such matters (if any) as are specified in the regulations; and
(b) such other matters (if any) as the Minister considers relevant.
Class of aviation industry participants
(6) The Minister may, by legislative instrument, declare that each aviation industry participant included in a specified class of aviation industry participants is a critical aviation industry participant for the purposes of this Act.
(7) The Minister must not specify a class of aviation industry participants under subsection (6) unless the Minister is satisfied that:
(a) each aviation industry participant in the class is critical to:
(i) the social or economic stability of Australia or its people; or
(ii) the defence of Australia; or
(iii) national security (within the meaning of the Security of Critical Infrastructure Act 2018); and
(b) there is a risk, in relation to each aviation industry participant in the class, that may be prejudicial to security (within the meaning of the Australian Security Intelligence Organisation Act 1979).
(8) In making a declaration under subsection (6), the Minister must have regard to:
(a) such matters (if any) as are specified in the regulations; and
(b) such other matters (if any) as the Minister considers relevant.
77 At the end of section 16
Add:
(4) The regulations may prescribe matters that:
(a) relate to safeguarding against operational interference with aviation; and
(b) must be dealt with in each transport security program for a critical aviation industry participant.
(5) Subsection (4) does not limit subsection (3).
78 After subsection 26C(1AA)
Insert:
(1AB) A transport security program that is given to an aviation industry participant under section 26B may set out the activities or measures to be undertaken or implemented by the participant under the program for the purposes of safeguarding against operational interference with aviation.
79 Subsection 35(1)
After “aviation”, insert “or safeguarding against operational interference with aviation”.
80 Subsection 36(1)
After “aviation”, insert “or safeguarding against operational interference with aviation”.
81 Subsection 36A(1)
After “aviation”, insert “or safeguarding against operational interference with aviation”.
82 Subsection 37(1)
After “aviation”, insert “or safeguarding against operational interference with aviation”.
83 Subsection 38(1)
After “aviation”, insert “or safeguarding against operational interference with aviation”.
84 Subsection 38A(1)
After “aviation”, insert “or safeguarding against operational interference with aviation”.
85 Subsection 44C(1)
After “safeguarding against unlawful interference with aviation”, insert “or safeguarding against operational interference with aviation”.
86 After paragraph 67(1)(b)
Insert:
(ba) both of the following apply:
(i) a specific threat of operational interference with aviation is made or exists;
(ii) the Secretary is satisfied that giving a direction under this subsection is an appropriate response to the threat; or
(bb) both of the following apply:
(i) there is a change in the nature of an existing general threat of operational interference with aviation;
(ii) the Secretary is satisfied that giving a direction under this subsection is an appropriate response to the threat; or
87 After subsection 70(5)
Insert:
(5A) A special security direction made under paragraph 67(1)(ba) must be revoked when the specific threat no longer exists.
88 Section 107A (before paragraph beginning “Certain”)
Insert:
Critical aviation industry participants are required to submit periodic reports.
89 After section 107A
Insert:
107AA Critical aviation industry participants must submit periodic reports
Scope
(1) This section applies if:
(a) a transport security program was, or is, in force for a critical aviation industry participant; and
(b) an applicable reporting period for the transport security program has ended.
Periodic report
(2) The participant must, within 90 days after the end of the applicable reporting period, give the Secretary a report that:
(a) relates to the applicable reporting period; and
(b) sets out such matters (if any) as are specified in the regulations; and
(c) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the transport security program was up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the transport security program was not up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(d) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the transport security program adequately addressed the relevant requirements under Division 4 of Part 2 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the transport security program did not adequately address the relevant requirements under Division 4 of Part 2 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(e) is in the form approved, in writing, by the Secretary.
Civil penalty: 150 penalty units.
(3) A matter must not be specified in regulations made for the purposes of paragraph (2)(b) unless the matter relates to:
(a) unlawful interference with aviation; or
(b) safeguarding against unlawful interference with aviation; or
(c) operational interference with aviation; or
(d) safeguarding against operational interference with aviation.
(4) A report given by a person under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
Applicable reporting period for a transport security program
(5) For the purposes of this section, an applicable reporting period for a transport security program is:
(a) if the transport security program was in force for the whole of a financial year—the financial year; or
(b) if the transport security program was in force for a part of a financial year—the part of the financial year.
(6) However, an applicable reporting period for a transport security program does not include a day that occurred before the commencement of this section.
90 Section 107B (heading)
After “participants”, insert “(other than critical aviation industry participants)”.
91 Paragraph 107B(1)(a)
After “participant”, insert “(other than a critical aviation industry participant)”.
92 At the end of subsection 107B(3)
Add:
; or (c) operational interference with aviation; or
(d) safeguarding against operational interference with aviation.
93 At the end of subsection 107C(4)
Add:
; or (c) operational interference with aviation; or
(d) safeguarding against operational interference with aviation.
94 At the end of subsection 107D(4)
Add:
; or (c) operational interference with aviation; or
(d) safeguarding against operational interference with aviation.
95 At the end of subsection 107E(4)
Add:
; or (c) operational interference with aviation; or
(d) safeguarding against operational interference with aviation.
96 At the end of subsection 107F(4)
Add:
; or (c) operational interference with aviation; or
(d) safeguarding against operational interference with aviation.
97 After paragraph 111(2)(d)
Insert:
(da) information about activities undertaken, or to be undertaken, at an airport for the purposes of safeguarding against operational interference with aviation;
98 Paragraph 119(2)(b)
Repeal the paragraph, substitute:
(b) it is necessary to make the order to:
(i) safeguard against unlawful interference with aviation; or
(ii) safeguard against operational interference with aviation.
99 Subsection 121(2)
After “aviation”, insert “or safeguard against operational interference with aviation”.
100 Paragraph 121(3)(a)
After “aviation”, insert “or adequately safeguards against operational interference with aviation”.
Division 2—Application provisions
101 Application—transport security programs
(1) The amendment of section 16 of the Aviation Transport Security Act 2004 made by this Part applies in relation to a transport security program for an aviation industry participant if:
(a) the participant gives the program to the Secretary under section 18 of that Act after the commencement of this item; or
(b) the participant gives a copy of the program to the Secretary under section 22 of that Act after the commencement of this item; or
(c) the participant gives the program to the Secretary in compliance with a notice that was given under section 23 of that Act after the commencement of this item.
(2) Despite subitem (1), in determining, for the purposes of sections 21, 23, 23A and 25 of the Aviation Transport Security Act 2004, whether a transport security program adequately addresses the relevant requirements under Division 4 of Part 2 of that Act, assume that the amendment of section 16 of that Act made by this Part applies in relation to the program.
(3) The amendment of section 26C of the Aviation Transport Security Act 2004 made by this Part applies in relation to a transport security program if the program is given to an aviation industry participant under section 26B of that Act after the commencement of this item.
Schedule 2—Amendment of the Maritime Transport and Offshore Facilities Security Act 2003
Part 1—General amendments
Division 1—Amendments
Maritime Transport and Offshore Facilities Security Act 2003
1 Title
Omit “related”, substitute “other”.
2 Section 4 (after paragraph beginning “Part 9”)
Insert:
Part 9A deals with the submission of reports by maritime industry participants, ship operators and offshore industry participants.
3 Section 4 (after paragraph beginning “Part 10”)
Insert:
Part 10A provides that the making of a record, or the use or disclosure, of protected information is authorised in particular circumstances but is otherwise an offence.
4 Section 4 (paragraph beginning “Part 11”)
After “infringement notices,”, insert “improvement notices,”.
5 Subsection 6(1)
After “(2)”, insert “or (3)”.
6 At the end of section 6
Add:
(3) Section 15.1 of the Criminal Code (extended geographical jurisdiction—category A) applies to an offence against section 185G.
7 Section 10
Insert:
access, in relation to a computer program, means the execution of the computer program.
access to computer data means:
(a) in a case where the computer data is held in a computer—the display of the data by the computer or any other output of the data from the computer; or
(b) in a case where the computer data is held in a computer—the copying or moving of the data to:
(i) any other location in the computer; or
(ii) another computer; or
(iii) a data storage device; or
(c) in a case where the computer data is held in a data storage device—the copying or moving of the data to:
(i) a computer; or
(ii) another data storage device.
asset includes:
(a) a system; and
(b) a network; and
(c) a facility; and
(d) a computer; and
(e) a computer device; and
(f) a computer program; and
(g) computer data; and
(h) premises; and
(i) any other thing.
Commonwealth body means a body established by a law of the Commonwealth.
computer means all or part of:
(a) one or more computers; or
(b) one or more computer systems; or
(c) one or more computer networks; or
(d) any combination of the above.
computer data means data held in:
(a) a computer; or
(b) a data storage device.
connected, in relation to equipment, includes connection otherwise than by means of physical contact, for example, a connection by means of radiocommunication.
cyber security incident has the meaning given by section 10A.
data includes information in any form.
data storage device means a thing (for example, a disk or file server) containing (whether temporarily or permanently), or designed to contain (whether temporarily or permanently), data for use by a computer.
electronic communication means a communication of information in any form by means of guided or unguided electromagnetic energy.
evidential burden, in relation to a matter, means the burden of adducing or pointing to evidence that suggests a reasonable possibility that the matter exists or does not exist.
impairment of electronic communication to or from a computer includes:
(a) the prevention of any such communication; and
(b) the impairment of any such communication on an electronic link or network used by the computer;
but does not include a mere interception of any such communication.
improvement notice means a notice under subsection 187A(2).
lawful advocacy, protest, dissent or industrial action does not include a cyber security incident.
8 Section 10 (definition of maritime transport or offshore facility security incident)
Omit “subsections 170(1) and (2)”, substitute “section 170”.
9 Section 10
Insert:
modification:
(a) in respect of computer data—means:
(i) the alteration or removal of the data; or
(ii) an addition to the data; or
(b) in respect of a computer program—means:
(i) the alteration or removal of the program; or
(ii) an addition to the program.
10 Section 10 (definition of national security)
Repeal the definition.
11 Section 10
Insert:
operation of a maritime industry participant means the operation of the participant in the participant’s capacity as a maritime industry participant.
operation of an offshore industry participant means the operation of the participant in the participant’s capacity as an offshore industry participant.
protected information means information that:
(a) is obtained by a person in the course of exercising powers, or performing duties or functions, under this Act; or
(b) is security compliance information; or
(c) if:
(i) a maritime security plan; or
(ii) a ship security plan; or
(ii) an offshore security plan;
for a maritime industry participant is in force—is about the content of the plan.
relevant impact has the meaning given by section 10C.
technical assistance notice has the same meaning as in Part 15 of the Telecommunications Act 1997.
technical assistance request has the same meaning as in Part 15 of the Telecommunications Act 1997.
technical capability notice has the same meaning as in Part 15 of the Telecommunications Act 1997.
test weapon means a weapon of a kind that is a replica or an imitation of another weapon.
unauthorised access, modification or impairment has the meaning given by section 10B.
12 After Division 4 of Part 1
Insert:
Division 4A—Cyber security incidents
10A Meaning of cyber security incident
A cyber security incident is one or more acts, events or circumstances involving any of the following:
(a) unauthorised access to:
(i) computer data; or
(ii) a computer program;
(b) unauthorised modification of:
(i) computer data; or
(ii) a computer program;
(c) unauthorised impairment of electronic communication to or from a computer;
(d) unauthorised impairment of the availability, reliability, security or operation of:
(i) a computer; or
(ii) computer data; or
(iii) a computer program.
10B Meaning of unauthorised access, modification or impairment
(1) For the purposes of this Act:
(a) access to:
(i) computer data; or
(ii) a computer program; or
(b) modification of:
(i) computer data; or
(ii) a computer program; or
(c) the impairment of electronic communication to or from a computer; or
(d) the impairment of the availability, reliability, security or operation of:
(i) a computer; or
(ii) computer data; or
(iii) a computer program;
by a person is unauthorised if the person is not entitled to cause that access, modification or impairment.
(2) For the purposes of subsection (1), it is immaterial whether the person can be identified.
(3) For the purposes of subsection (1), if:
(a) a person causes any access, modification or impairment of a kind mentioned in that subsection; and
(b) the person does so:
(i) under a warrant issued under a law of the Commonwealth, a State or a Territory; or
(ii) under an emergency authorisation given to the person under Part 3 of the Surveillance Devices Act 2004 or under a law of a State or Territory that makes provision to similar effect; or
(iii) under a tracking device authorisation given to the person under section 39 of the Surveillance Devices Act 2004; or
(iv) in accordance with a technical assistance request; or
(v) in compliance with a technical assistance notice; or
(vi) in compliance with a technical capability notice;
the person is entitled to cause that access, modification or impairment.
10C Meaning of relevant impact
Each of the following is a relevant impact of a cyber security incident on an asset:
(a) the impact (whether direct or indirect) of the incident on the availability of the asset;
(b) the impact (whether direct or indirect) of the incident on the integrity of the asset;
(c) the impact (whether direct or indirect) of the incident on the reliability of the asset;
(d) the impact (whether direct or indirect) of the incident on the confidentiality of:
(i) information about the asset; or
(ii) if information is stored in the asset—the information; or
(iii) if the asset is computer data—the computer data.
13 Subsection 11(1)
After “done”, insert “, or attempted to be done,”.
14 Paragraph 11(1)(g)
Omit “or security systems”, substitute “, security systems or other systems”.
15 Paragraph 11(1)(h)
Omit “false”.
16 At the end of section 11
Add:
(3) If a cyber security incident has a relevant impact on an asset that is:
(a) used in connection with the operation of a maritime industry participant; and
(b) owned or operated by a maritime industry participant;
the cyber security incident is an unlawful interference with maritime transport or offshore facilities.
17 After subsection 22(3)
Insert:
(3A) A heightened risk to maritime transport or offshore facilities may involve a cyber security incident.
(3B) Subsection (3A) does not limit subsection (3).
18 Subsection 33(1)
Repeal the subsection, substitute:
(1) If:
(a) both of the following apply:
(i) a specific threat of unlawful interference with maritime transport or offshore facilities is made or exists;
(ii) the Secretary is satisfied that giving a direction under this subsection is an appropriate response to the threat; or
(b) both of the following apply:
(i) there is a change in the nature of an existing general threat of unlawful interference with maritime transport or offshore facilities;
(ii) the Secretary is satisfied that giving a direction under this subsection is an appropriate response to the threat; or
(c) both of the following apply:
(i) a national emergency declaration (within the meaning of the National Emergency Declaration Act 2020) is in force;
(ii) the Secretary is satisfied that giving a direction under this subsection is appropriate to support the national emergency declaration;
the Secretary may, in writing, direct that:
(d) a specified act or thing be done; or
(e) a specified act or thing not be done.
19 Subsection 33(3)
Repeal the subsection.
20 Paragraph 37(3)(c)
Omit “paragraph 33(3)(b)”, substitute “paragraph 33(1)(c)”.
21 Subsection 38(1)
Repeal the subsection, substitute:
(1) The Secretary may, by writing, revoke a security direction.
(1A) A security direction covered by paragraph 33(1)(a) must be revoked when the specific threat no longer exists.
22 At the end of section 41
Add:
The Secretary may give a maritime security plan to a maritime industry participant. This is dealt with in Division 6. That Division also deals with the content, revision and cancellation of such plans.
23 Before section 47
Insert:
46A Application of this Division
This Division applies to a maritime security plan other than a maritime security plan given by the Secretary under Division 6.
24 After paragraph 47(1)(a)
Insert:
(aaa) set out how the participant will address the results of the security assessment included in the plan; and
(aa) set out how the participant will respond to maritime security incidents; and
25 Before section 50
Insert:
49A Application of this Division
This Division applies to a maritime security plan other than a maritime security plan given by the Secretary under Division 6.
26 Subsection 51(6)
Repeal the subsection, substitute:
(6) The notice must specify a reasonable period within which the information must be given.
(6A) The Secretary may, if requested to do so by the participant, vary a notice under subsection (5) by extending the period specified in the notice.
27 Paragraph 51(7)(b)
Repeal the paragraph, substitute:
(b) ending at:
(i) if the information requested in that notice was given within the period specified in that notice—the end of the period of 30 days beginning on the day on which the information requested in that notice was received by the Secretary; or
(ii) if the information requested in that notice was not given within the period specified in that notice—the end of that period.
28 Subsection 52A(9)
Repeal the subsection, substitute:
(9) The notice must specify a reasonable period within which the information must be given.
(9A) The Secretary may, if requested to do so by the participant, vary a notice under subsection (8) by extending the period specified in the notice.
29 Paragraph 52A(10)(b)
Repeal the paragraph, substitute:
(b) ending at:
(i) if the information requested in that notice was given within the period specified in that notice—the end of the period of 30 days beginning on the day on which the information requested in that notice was received by the Secretary; or
(ii) if the information requested in that notice was not given within the period specified in that notice—the end of that period.
30 At the end of Division 5 of Part 3
Add:
59AA Reviewing maritime security plans
If:
(a) a maritime security plan for a maritime industry participant is in force; and
(b) the plan was not given to the participant under section 59A;
the participant must review the plan on a regular basis.
Civil penalty: 200 penalty units.
31 At the end of Part 3
Add:
Division 6—Maritime security plans given by the Secretary
59A Secretary may give participants a maritime security plan
(1) The Secretary may, by written notice, give a maritime security plan to a maritime industry participant referred to in subsection 42(1).
(2) The notice must set out, or be accompanied by writing that sets out, the maritime security plan for the participant.
(3) The Secretary may give a participant a maritime security plan under subsection (1) only if the Secretary is satisfied that it is appropriate to do so, taking into account existing circumstances as they relate to maritime security.
59B Content of maritime security plans
(1) A maritime security plan that is given to a maritime industry participant under section 59A must:
(a) deal with any matter required to be dealt with in the maritime security plan by regulations made for the purposes of subsection (4); and
(b) be appropriate for the operations or locations covered by the plan.
(2) A maritime security plan that is given to a maritime industry participant under section 59A may set out the security activities or measures to be undertaken or implemented by the participant under the plan for the purposes of safeguarding against unlawful interference with maritime transport or offshore facilities.
(3) A maritime security plan that is given to a maritime industry participant under section 59A may include a security assessment for the participant’s operation.
(4) The regulations may prescribe other matters that are to be dealt with in one or more of the following:
(a) each maritime security plan given under section 59A;
(b) each maritime security plan for a particular kind of maritime industry participant given under section 59A;
(c) each maritime security plan for a particular class of a particular kind of maritime industry participant given under section 59A.
(5) A maritime security plan that is given to a maritime industry participant under section 59A may:
(a) set out the security activities or measures to be undertaken or implemented by the participant under the plan for maritime security levels 1, 2 and 3; and
(b) designate, by name or by reference to a position, all security officers responsible for implementing and maintaining the plan; and
(c) make provision for the use of declarations of security; and
(d) demonstrate that the implementation of the plan will make an appropriate contribution towards the achievement of the maritime security outcomes.
59C When a maritime security plan is in force
When maritime security plan comes into force
(1) A maritime security plan given under section 59A comes into force at the time specified in the notice giving the maritime security plan. The time specified must not be earlier than the time the notice is given.
Period in which maritime security plan remains in force
(2) The maritime security plan remains in force until the earliest of the following times:
(a) if the notice giving the maritime security plan specifies a time at which the maritime security plan ceases to be in force—that time;
(b) if the maritime security plan is replaced under section 59E—the time of replacement;
(c) if the maritime security plan is cancelled under section 59E or 59G—the time of cancellation.
59D Relationship with Division 5
If a maritime security plan given to a maritime industry participant under section 59A is in force, the participant must not give the Secretary another maritime security plan under Division 5 unless the Secretary has given the participant written permission to do so.
Note: The permission could be a permission under subsection 42(2).
59E Secretary may revise or cancel inadequate maritime security plan
Scope
(1) This section applies if:
(a) a maritime security plan given to a maritime industry participant under section 59A (the existing plan) is in force; and
(b) the Secretary is no longer satisfied that the existing plan is appropriate:
(i) because there is a change in the circumstances that relate to maritime security; or
(ii) because there is a change in circumstances that could impact on maritime security; or
(iii) for some other reason.
Revise or cancel
(2) The Secretary may:
(a) give the participant another maritime security plan under section 59A (a revised plan); or
(b) by written notice to the participant, cancel the existing plan.
(3) If the Secretary gives the participant a revised plan, the revised plan replaces the existing plan when it comes into force.
59G Cancelling maritime security plans on request
(1) A maritime industry participant may, in writing, request the Secretary to cancel a maritime security plan given to the participant under section 59A.
(2) The request must set out reasons for making the request.
(3) The Secretary may, by written notice given to the participant, cancel the maritime security plan if the Secretary is satisfied that it is appropriate to do so, taking into account existing circumstances as they relate to maritime security.
(4) If the Secretary is not so satisfied, the Secretary must:
(a) refuse to cancel the maritime security plan; and
(b) give the participant written notice of the refusal.
32 Section 60 (after paragraph beginning “The approval”)
Insert:
The Secretary may give a ship security plan to a ship operator for a regulated Australian ship. This is dealt with in Division 5A. That Division also deals with the content, revision and cancellation of such plans.
33 Before section 66
Insert:
65A Application of this Division
This Division applies to a ship security plan other than a ship security plan given by the Secretary under Division 5A.
34 After paragraph 66(1)(a)
Insert:
(aaa) set out how the ship operator for the ship will address the results of the security assessment included in the plan; and
(aa) set out how the ship operator will respond to maritime security incidents that affect the ship; and
35 Before section 69
Insert:
68A Application of this Division
This Division applies to a ship security plan other than a ship security plan given by the Secretary under Division 5A.
36 Subsection 70(6)
Repeal the subsection, substitute:
(6) The notice must specify a reasonable period within which the information must be given.
(6A) The Secretary may, if requested to do so by the ship operator, vary a notice under subsection (5) by extending the period specified in the notice.
37 Paragraph 70(7)(b)
Repeal the paragraph, substitute:
(b) ending at:
(i) if the information requested in that notice was given within the period specified in that notice—the end of the period of 30 days beginning on the day on which the information requested in that notice was received by the Secretary; or
(ii) if the information requested in that notice was not given within the period specified in that notice—the end of that period.
38 Subsection 71A(8)
Repeal the subsection, substitute:
(8) The notice must specify a reasonable period within which the information must be given.
(8A) The Secretary may, if requested to do so by the ship operator, vary a notice under subsection (7) by extending the period specified in the notice.
39 Paragraph 71A(9)(b)
Repeal the paragraph, substitute:
(b) ending at:
(i) if the information requested in that notice was given within the period specified in that notice—the end of the period of 30 days beginning on the day on which the information requested in that notice was received by the Secretary; or
(ii) if the information requested in that notice was not given within the period specified in that notice—the end of that period.
40 At the end of Division 5 of Part 4
Add:
78AA Reviewing ship security plans
If:
(a) a ship security plan for a regulated Australian ship is in force; and
(b) the plan was not given to the ship operator for the ship under section 78A;
the ship operator must review the plan on a regular basis.
Civil penalty: 200 penalty units.
41 After Division 5 of Part 4
Insert:
Division 5A—Ship security plans given by the Secretary
78A Secretary may give ship operators a ship security plan
(1) If a ship is a regulated Australian ship, the Secretary may, by written notice, give the ship operator for the ship a ship security plan for the ship.
(2) The notice must set out, or be accompanied by writing that sets out, the ship security plan for the ship operator.
(3) The Secretary may give a ship operator a ship security plan under subsection (1) only if the Secretary is satisfied that it is appropriate to do so, taking into account existing circumstances as they relate to maritime security.
78B Content of ship security plans
(1) A ship security plan that is given to a ship operator under section 78A must:
(a) deal with any matter required to be dealt with in the ship security plan by regulations made for the purposes of subsection (3); and
(b) be appropriate for the operations or locations covered by the plan.
(1A) A ship security plan that is given to a ship operator under section 78A may set out the security activities or measures to be undertaken or implemented by the ship operator under the plan for the purposes of safeguarding against unlawful interference with maritime transport or offshore facilities.
(2) A ship security plan that is given to a ship operator under section 78A may include a security assessment for the ship concerned.
(3) The regulations may prescribe other matters that are to be dealt with in one or more of the following:
(a) each ship security plan given under section 78A;
(b) each ship security plan for a particular kind of ship given under section 78A;
(c) each ship security plan for a particular class of a particular kind of ship given under section 78A.
(4) A ship security plan that is given to a ship operator under section 78A may:
(a) set out the security activities or measures to be undertaken or implemented on, or in connection with, the ship for maritime security levels 1, 2 and 3; and
(b) designate, by name or by reference to a position, all security officers responsible for implementing and maintaining the plan; and
(c) make provision for the use of declarations of security; and
(d) demonstrate that the implementation of the plan will make an appropriate contribution towards the achievement of the maritime security outcomes.
78C When a ship security plan is in force
When ship security plan comes into force
(1) A ship security plan given under section 78A comes into force at the time specified in the notice giving the ship security plan. The time specified must not be earlier than the time the notice is given.
Period in which ship security plan remains in force
(2) The ship security plan remains in force until the earliest of the following times:
(a) if the notice giving the ship security plan specifies a time at which the ship security plan ceases to be in force—that time;
(b) if the ship security plan is replaced under section 78D—the time of replacement;
(c) if the ship security plan is cancelled under section 78D or 78F—the time of cancellation.
78D Secretary may revise or cancel inadequate ship security plan
Scope
(1) This section applies if:
(a) a ship security plan given to a ship operator under section 78A (the existing plan) is in force; and
(b) the Secretary is no longer satisfied that the existing plan is appropriate:
(i) because there is a change in the circumstances that relate to maritime security; or
(ii) because there is a change in circumstances that could impact on maritime security; or
(iii) for some other reason.
Revise or cancel
(2) The Secretary may:
(a) give the ship operator another ship security plan under section 78A (a revised plan); or
(b) by written notice to the ship operator, cancel the existing plan.
(3) If the Secretary gives the ship operator a revised plan, the revised plan replaces the existing plan when it comes into force.
78F Cancelling ship security plans on request
(1) A ship operator may, in writing, request the Secretary to cancel a ship security plan given to the ship operator under section 78A.
(2) The request must set out reasons for making the request.
(3) The Secretary may, by written notice given to the ship operator, cancel the ship security plan if the Secretary is satisfied that it is appropriate to do so, taking into account existing circumstances as they relate to maritime security.
(4) If the Secretary is not so satisfied, the Secretary must:
(a) refuse to cancel the ship security plan; and
(b) give the ship operator written notice of the refusal.
42 At the end of section 100A
Add:
The Secretary may give an offshore security plan to an offshore industry participant. This is dealt with in Division 6. That Division also deals with the content, revision and cancellation of such plans.
43 Before section 100G
Insert:
100FA Application of this Division
This Division applies to an offshore security plan other than an offshore security plan given by the Secretary under Division 6.
44 After paragraph 100G(1)(a)
Insert:
(aaa) set out how the participant will address the results of the security assessment included in the plan; and
(aa) set out how the participant will respond to maritime security incidents; and
45 Before section 100J
Insert:
100IA Application of this Division
This Division applies to an offshore security plan other than an offshore security plan given by the Secretary under Division 6.
46 Subsection 100K(6)
Repeal the subsection, substitute:
(6) The notice must specify a reasonable period within which the information must be given.
(6A) The Secretary may, if requested to do so by the participant, vary a notice under subsection (5) by extending the period specified in the notice.
47 Paragraph 100K(7)(b)
Repeal the paragraph, substitute:
(b) ending at:
(i) if the information requested in that notice was given within the period specified in that notice—the end of the period of 30 days beginning on the day on which the information requested in that notice was received by the Secretary; or
(ii) if the information requested in that notice was not given within the period specified in that notice—the end of that period.
48 Subsection 100LA(9)
Repeal the subsection, substitute:
(9) The notice must specify a reasonable period within which the information must be given.
(9A) The Secretary may, if requested to do so by the participant, vary a notice under subsection (8) by extending the period specified in the notice.
49 Paragraph 100LA(10)(b)
Repeal the paragraph, substitute:
(b) ending at:
(i) if the information requested in that notice was given within the period specified in that notice—the end of the period of 30 days beginning on the day on which the information requested in that notice was received by the Secretary; or
(ii) if the information requested in that notice was not given within the period specified in that notice—the end of that period.
50 At the end of Division 5 of Part 5A
Add:
100TAA Reviewing offshore security plans
If:
(a) an offshore security plan for an offshore industry participant is in force; and
(b) the plan was not given to the participant under section 100TA;
the participant must review the plan on a regular basis.
Civil penalty: 200 penalty units.
51 At the end of Part 5A
Add:
Division 6—Offshore security plans given by the Secretary
100TA Secretary may give offshore industry participants an offshore security plan
(1) The Secretary may, by written notice, give an offshore security plan to an offshore industry participant referred to in subsection 100B(1).
(2) The notice must set out, or be accompanied by writing that sets out, the offshore security plan for the offshore industry participant.
(3) The Secretary may give an offshore industry participant an offshore security plan under subsection (1) only if the Secretary is satisfied that it is appropriate to do so, taking into account existing circumstances as they relate to maritime security.
100TB Content of offshore security plans
(1) An offshore security plan that is given to an offshore industry participant under section 100TA must:
(a) deal with any matter required to be dealt with in the offshore security plan by regulations made for the purposes of subsection (3); and
(b) be appropriate for the operations or locations covered by the plan.
(1A) An offshore security plan that is given to an offshore industry participant under section 100TA may set out the security activities or measures to be undertaken or implemented by the participant under the plan for the purposes of safeguarding against unlawful interference with maritime transport or offshore facilities.
(2) An offshore security plan that is given to an offshore industry participant under section 100TA may include a security assessment for the offshore industry participant’s operation.
(3) The regulations may prescribe other matters that are to be dealt with in one or more of the following:
(a) each offshore security plan given under section 100TA;
(b) each offshore security plan for a particular kind of offshore industry participant given under section 100TA;
(c) each offshore security plan for a particular class of a particular kind of offshore industry participant given under section 100TA.
(4) An offshore security plan that is given to an offshore industry participant under section 100TA may:
(a) set out the security activities or measures to be undertaken or implemented by the participant under the plan for maritime security levels 1, 2 and 3; and
(b) designate, by name or by reference to a position, all security officers responsible for implementing and maintaining the plan; and
(c) make provision for the use of declarations of security; and
(d) demonstrate that the implementation of the plan will make an appropriate contribution towards the achievement of maritime security outcomes; and
(e) complement, to the fullest extent possible, the occupational health and safety requirements under the laws of the Commonwealth, a State or Territory applying at the facility.
100TC When an offshore security plan is in force
When offshore security plan comes into force
(1) An offshore security plan given under section 100TA comes into force at the time specified in the notice giving the offshore security plan. The time specified must not be earlier than the time the notice is given.
Period in which offshore security plan remains in force
(2) The offshore security plan remains in force until the earliest of the following times:
(a) if the notice giving the offshore security plan specifies a time at which the offshore security plan ceases to be in force—that time;
(b) if the offshore security plan is replaced under section 100TE—the time of replacement;
(c) if the offshore security plan is cancelled under section 100TE or 100TG—the time of cancellation.
100TD Relationship with Division 5
If an offshore security plan given to an offshore industry participant under section 100TA is in force, the participant must not give the Secretary another offshore security plan under Division 5 unless the Secretary has given the participant written permission to do so.
Note: The permission could be a permission under subsection 100B(2).
100TE Secretary may revise or cancel inadequate offshore security plan
Scope
(1) This section applies if:
(a) an offshore security plan given to an offshore industry participant under section 100TA (the existing plan) is in force; and
(b) the Secretary is no longer satisfied that the existing plan is appropriate:
(i) because there is a change in the circumstances that relate to maritime security; or
(ii) because there is a change in circumstances that could impact on maritime security; or
(iii) for some other reason.
Revise or cancel
(2) The Secretary may:
(a) give the offshore industry participant another offshore security plan under section 100TA (a revised plan); or
(b) by written notice to the offshore industry participant, cancel the existing plan.
(3) If the Secretary gives the offshore industry participant a revised plan, the revised plan replaces the existing plan when it comes into force.
100TG Cancelling offshore security plans on request
(1) An offshore industry participant may, in writing, request the Secretary to cancel an offshore security plan given to the offshore industry participant under section 100TA.
(2) The request must set out reasons for making the request.
(3) The Secretary may, by written notice given to the offshore industry participant, cancel the offshore security plan if the Secretary is satisfied that it is appropriate to do so, taking into account existing circumstances as they relate to offshore facility security.
(4) If the Secretary is not so satisfied, the Secretary must:
(a) refuse to cancel the offshore security plan; and
(b) give the offshore industry participant written notice of the refusal.
52 At the end of subsection 139(2)
Add:
; (g) operate equipment on the ship for the purposes of testing the equipment;
(h) connect equipment to equipment on the ship for the purposes of testing the last‑mentioned equipment;
(i) test a security system (including by using an item, test weapon or vehicle to test its detection) in a restricted access area of the ship, in accordance with any requirements prescribed in the regulations.
Note: A maritime security inspector must ensure that the exercise of the power under paragraph (i) does not seriously endanger the health or safety of any person, or the inspector will not be immune from civil or criminal liability (see subsection (4)).
53 After subsection 139(2)
Insert:
(2A) However, a power under paragraph (2)(i) must not be exercised unless regulations prescribing requirements for conducting tests of security systems have been made for the purposes of that paragraph and are in force.
(2B) For the purposes of paragraph (2)(f), it is immaterial whether a document in electronic form, or a record in electronic form, is held:
(a) on a security regulated ship; or
(b) at a place:
(i) in Australia; or
(ii) outside Australia.
(2C) Subsection (2B) is enacted for the avoidance of doubt.
54 At the end of section 139
Add:
Power to test a security system—immunity
(4) A maritime security inspector is not subject to any civil or criminal liability under a law of the Commonwealth, a State or a Territory in relation to the exercise of a power under paragraph (2)(i) to the extent that the exercise of the power:
(a) is in good faith; and
(b) does not seriously endanger the health or safety of any person; and
(c) does not result in significant loss of, or serious damage to, property.
Note: A defendant bears an evidential burden in relation to the matter in this subsection for a criminal proceeding (see subsection 13.3(3) of the Criminal Code).
(5) A person who wishes to rely on subsection (4) in relation to a civil proceeding bears an evidential burden in relation to that matter.
55 Paragraph 140(2)(a)
Omit “inspection”, substitute “exercise of the power”.
56 At the end of subsection 140A(2)
Add:
; (g) operate equipment on the facility for the purposes of testing the equipment;
(h) connect equipment to equipment on the facility for the purposes of testing the last‑mentioned equipment;
(i) test a security system (including by using an item, test weapon or vehicle to test its detection) in a restricted access area on the facility, in accordance with any requirements prescribed in the regulations.
Note: A maritime security inspector must ensure that the exercise of the power under paragraph (i) does not seriously endanger the health or safety of any person, or the inspector will not be immune from civil or criminal liability (see subsection (5)).
57 After subsection 140A(2)
Insert:
(2A) However, a power under paragraph (2)(i) must not be exercised unless regulations prescribing requirements for conducting tests of security systems have been made for the purposes of that paragraph and are in force.
(2B) For the purposes of paragraph (2)(f), it is immaterial whether a document in electronic form, or a record in electronic form, is held:
(a) on a security regulated offshore facility; or
(b) at a place:
(i) in Australia; or
(ii) outside Australia.
(2C) Subsection (2B) is enacted for the avoidance of doubt.
58 At the end of section 140A
Add:
Power to test a security system—immunity
(5) A maritime security inspector is not subject to any civil or criminal liability under a law of the Commonwealth, a State or a Territory in relation to the exercise of a power under paragraph (2)(i) to the extent that the exercise of the power:
(a) is in good faith; and
(b) does not seriously endanger the health or safety of any person; and
(c) does not result in significant loss of, or serious damage to, property.
Note: A defendant bears an evidential burden in relation to the matter in this subsection for a criminal proceeding (see subsection 13.3(3) of the Criminal Code).
(6) A person who wishes to rely on subsection (5) in relation to a civil proceeding bears an evidential burden in relation to that matter.
59 Paragraph 140B(2)(a)
Omit “inspection”, substitute “exercise of the power”.
60 Paragraph 141(2)(f)
Omit “at a place”, substitute “in a place, vehicle or vessel”.
61 At the end of subsection 141(2)
Add:
; (g) operate equipment in a place, vehicle or vessel mentioned in paragraph (a) for the purposes of testing the equipment;
(h) connect equipment to equipment in a place, vehicle or vessel mentioned in paragraph (a) for the purposes of testing the last‑mentioned equipment;
(i) test a security system (including by using an item, test weapon or vehicle to test its detection) in a place, vehicle or vessel mentioned in paragraph (a), in accordance with any requirements prescribed in the regulations.
Note: A maritime security inspector must ensure that the exercise of the power under paragraph (i) does not seriously endanger the health or safety of any person, or the inspector will not be immune from civil or criminal liability (see subsection (4)).
62 After subsection 141(2)
Insert:
(2A) However, a power under paragraph (2)(i) must not be exercised unless regulations prescribing requirements for conducting tests of security systems have been made for the purposes of that paragraph and are in force.
(2B) For the purposes of paragraph (2)(f), it is immaterial whether a document in electronic form, or a record in electronic form, is held:
(a) at a place, vehicle or vessel mentioned in paragraph (2)(a); or
(b) at another place:
(i) in Australia; or
(ii) outside Australia.
(2C) Subsection (2B) is enacted for the avoidance of doubt.
63 At the end of section 141
Add:
Power to test a security system—immunity
(4) A maritime security inspector is not subject to any civil or criminal liability under a law of the Commonwealth, a State or a Territory in relation to the exercise of a power under paragraph (2)(i) to the extent that the exercise of the power:
(a) is in good faith; and
(b) does not seriously endanger the health or safety of any person; and
(c) does not result in significant loss of, or serious damage to, property.
Note: A defendant bears an evidential burden in relation to the matter in this subsection for a criminal proceeding (see subsection 13.3(3) of the Criminal Code).
(5) A person who wishes to rely on subsection (4) in relation to a civil proceeding bears an evidential burden in relation to that matter.
64 At the end of Division 2 of Part 8
Add:
145BA Investigation powers
Provisions subject to investigation
(1) A provision is subject to investigation under Part 3 of the Regulatory Powers (Standard Provisions) Act 2014 if it is an offence against this Act.
Authorised applicant
(2) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, each of the following persons is an authorised applicant in relation to evidential material that relates to a provision mentioned in subsection (1):
(a) a maritime security inspector;
(b) an SES employee, or an acting SES employee, in the Department.
Note: The expressions SES employee and acting SES employee are defined in section 2B of the Acts Interpretation Act 1901.
Authorised person
(3) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, a maritime security inspector is an authorised person in relation to evidential material that relates to a provision mentioned in subsection (1).
Issuing officer
(4) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, each of the following persons is an issuing officer in relation to evidential material that relates to a provision mentioned in subsection (1);
(a) a magistrate;
(b) a judge of a court that is, for the purposes of that Part, a relevant court in relation to such evidential material.
Note: For relevant court, see subsection (9).
Relevant chief executive
(5) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, the Secretary is the relevant chief executive in relation to evidential material that relates to a provision mentioned in subsection (1).
(6) The relevant chief executive may, in writing, delegate the powers and functions mentioned in subsection (7) to a person who is an SES employee or an acting SES employee in the Department.
Note: The expressions SES employee and acting SES employee are defined in section 2B of the Acts Interpretation Act 1901.
(7) The powers and functions that may be delegated are:
(a) powers under Part 3 of the Regulatory Powers (Standard Provisions) Act 2014 in relation to evidential material that relates to a provision mentioned in subsection (1); and
(b) powers and functions under the Regulatory Powers (Standard Provisions) Act 2014 that are incidental to a power mentioned in paragraph (a).
(8) A person exercising powers or performing functions under a delegation under subsection (6) must comply with any directions of the relevant chief executive.
Relevant court
(9) For the purposes of Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, each of the following courts is a relevant court in relation to evidential material that relates to a provision mentioned in subsection (1):
(a) the Federal Court;
(b) the Federal Circuit and Family Court of Australia (Division 2);
(c) a court of a State or Territory that has jurisdiction in relation to matters arising under this Act.
Person assisting
(10) An authorised person may be assisted by other persons in exercising powers, or performing functions or duties, under Part 3 of the Regulatory Powers (Standard Provisions) Act 2014 in relation to evidential material that relates to a provision mentioned in subsection (1), so long as those other persons have appropriate skills and expertise to assist the authorised person.
External Territories
(11) Part 3 of the Regulatory Powers (Standard Provisions) Act 2014, as it applies in relation to the provisions mentioned in subsection (1), extends to every external Territory.
Other powers not limited
(12) This section does not, by implication, limit a power conferred by another provision of this Division.
145BB Persons to assist maritime security inspectors
Scope
(1) If a person is:
(a) a maritime industry participant; or
(b) an employee of a maritime industry participant;
a maritime security inspector may, by written notice given to the person, require the person to provide the inspector with specified assistance that is reasonably necessary to allow the inspector to exercise powers conferred on the inspector by this Act.
Compliance with notice
(2) A person must comply with a notice under subsection (1).
Civil penalty: 150 penalty units.
Liability
(3) A person is not liable to an action or other proceeding for damages for, or in relation to, an act done or omitted in good faith in compliance with a notice under subsection (1).
(4) An officer, employee or agent of a person is not liable to an action or other proceeding for damages for, or in relation to, an act done or omitted in good faith in connection with an act done or omitted by the person as mentioned in subsection (3).
145BC Information gathering direction
Direction
(1) If:
(a) a person is:
(i) a maritime industry participant; or
(ii) an employee of a maritime industry participant; and
(b) a maritime security inspector has reason to believe that the person has, or is capable of obtaining, information that is reasonably necessary to allow the inspector to exercise powers conferred on the inspector by this Act;
the maritime security inspector may, by written notice given to the person, direct the person to:
(c) give any such information to the maritime security inspector; and
(d) do so within the period, and in the manner, specified in the direction.
Offence
(2) A person commits an offence if:
(a) the person is given a notice under subsection (1); and
(b) the person engages in conduct; and
(c) the person’s conduct breaches the notice.
Penalty: 45 penalty units.
(3) Subsection (2) is an offence of strict liability.
Other powers not limited
(4) This section does not, by implication, limit a power conferred by another provision of this Act.
145BD Self‑incrimination
(1) An individual is not excused from giving information under section 145BC on the ground that giving the information might tend to incriminate the individual in relation to an offence.
Note: A body corporate is not entitled to claim the privilege against self‑incrimination.
(2) However:
(a) the information given; or
(b) giving the information; or
(c) any information, document or thing obtained as a direct or indirect consequence of giving the information;
is not admissible in evidence against the individual:
(d) in civil proceedings for the recovery of a penalty; or
(e) in criminal proceedings (other than proceedings for an offence against section 137.1 or 137.2 of the Criminal Code that relates to giving the information).
(3) If, at general law, an individual would otherwise be able to claim the privilege against self‑exposure to a penalty (other than a penalty for an offence) in relation to giving information under section 145BC, the individual is not excused from giving information or producing a document under that section on that ground.
Note: A body corporate is not entitled to claim the privilege against self‑exposure to a penalty.
145BE Persons assisting maritime security inspectors
Maritime security inspectors may be assisted by other persons
(1) A maritime security inspector may be assisted by other persons in exercising powers under section 138, 139, 140A or 141, so long as those other persons have appropriate skills and expertise to assist the maritime security inspector.
(2) A person giving such assistance is a person assisting the maritime security inspector.
Powers of a person assisting
(3) A person assisting the maritime security inspector:
(a) may exercise any of the powers conferred on the maritime security inspector under section 138, 139, 140A or 141, as the case requires; and
(b) must do so in accordance with a direction given to the person assisting by the maritime security inspector.
(4) A power exercised by a person assisting the maritime security inspector as mentioned in subsection (3) is taken for all purposes to have been exercised by the maritime security inspector.
(5) If a direction is given under paragraph (3)(b) in writing, the direction is not a legislative instrument.
65 At the end of subsection 148(2)
Add:
; (e) operate equipment in the operational area of a security regulated ship for the purposes of testing the equipment;
(f) connect equipment to equipment in the operational area of a security regulated ship for the purposes of testing the last‑mentioned equipment.
66 After subsection 148(2)
Insert:
(2A) For the purposes of paragraph (2)(d), it is immaterial whether a document in electronic form, or a record in electronic form, is held:
(a) on a security regulated ship; or
(b) at a place:
(i) in Australia; or
(ii) outside Australia.
(2B) Subsection (2A) is enacted for the avoidance of doubt.
67 At the end of subsection 148A(2)
Add:
; (f) operate equipment in the operational area of a security regulated offshore facility for the purposes of testing the equipment;
(g) connect equipment to equipment in the operational area of a security regulated offshore facility for the purposes of testing the last‑mentioned equipment.
68 After subsection 148A(2)
Insert:
(2A) For the purposes of paragraph (2)(e), it is immaterial whether a document in electronic form, or a record in electronic form, is held:
(a) on a security regulated offshore facility; or
(b) at a place:
(i) in Australia; or
(ii) outside Australia.
(2B) Subsection (2A) is enacted for the avoidance of doubt.
69 Section 170
Repeal the section, substitute:
170 Meaning of maritime transport or offshore facility security incident
Each of the following is a maritime transport or offshore facility security incident:
(a) a threat of unlawful interference with maritime transport or offshore facilities;
(b) an unlawful interference with maritime transport or offshore facilities.
70 Paragraph 171(1)(a)
After “maritime transport or offshore facility security incident”, insert “(other than a cyber security incident)”.
71 At the end of section 171
Add:
Cyber security incidents
(4) If a port operator becomes aware of a maritime transport or offshore facility security incident that is a cyber security incident, the port operator must:
(a) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(b) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the port operator believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the port operator has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
72 Paragraph 172(1)(a)
After “maritime transport or offshore facility security incident”, insert “(other than a cyber security incident)”.
73 At the end of section 172
Add:
Cyber security incidents
(4) If the master of:
(a) a security regulated ship; or
(b) a ship regulated as an offshore facility;
becomes aware of a maritime transport or offshore facility security incident that is a cyber security incident, the master must:
(c) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(d) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the master believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the master has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
74 Paragraph 173(1)(a)
After “maritime transport or offshore facility security incident”, insert “(other than a cyber security incident)”.
75 At the end of section 173
Add:
Cyber security incidents
(4) If a ship operator for a security regulated ship becomes aware of a maritime transport or offshore facility security incident that is a cyber security incident, the ship operator must:
(a) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(b) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the ship operator believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the ship operator has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
76 Paragraph 174(1)(a)
After “maritime transport or offshore facility security incident”, insert “(other than a cyber security incident)”.
77 At the end of section 174
Add:
Cyber security incidents
(4) If a port facility operator becomes aware of a maritime transport or offshore facility security incident that is a cyber security incident, the port facility operator must:
(a) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(b) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the port facility operator believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the port facility operator has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
78 Paragraph 174A(1)(a)
After “maritime transport or offshore facility security incident”, insert “(other than a cyber security incident)”.
79 At the end of section 174A
Add:
Cyber security incidents
(4) If an offshore facility operator becomes aware of a maritime transport or offshore facility security incident that is a cyber security incident, the offshore facility operator must:
(a) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(b) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the offshore facility operator believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the offshore facility operator has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
80 Paragraph 175(1)(a)
After “maritime transport or offshore facility security incident”, insert “(other than a cyber security incident)”.
81 After subsection 175(3)
Insert:
Cyber security incidents
(3A) If a person with incident reporting responsibilities becomes aware of a maritime transport or offshore facility security incident that is a cyber security incident, the person must:
(a) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(b) do so as soon as possible.
Civil penalty: 50 penalty units.
(3B) Subsection (3A) does not apply in relation to a report that must be made to a particular person or body (the person or body to be notified) if:
(a) the person with incident reporting responsibilities believes, on reasonable grounds, that the person or body to be notified is already aware of the incident; or
(b) the person with incident reporting responsibilities has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (3B) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
82 Paragraph 176(1)(a)
After “maritime transport or offshore facility security incident”, insert “(other than a cyber security incident)”.
83 At the end of section 176
Add:
Cyber security incidents
(4) If an employee of a maritime industry participant becomes aware of a maritime transport or offshore facility security incident that is a cyber security incident, the employee must:
(a) report the incident to:
(i) the Secretary; and
(ii) the Australian Signals Directorate; and
(b) do so as soon as possible.
Civil penalty: 50 penalty units.
(5) Subsection (4) does not apply in relation to a report that must be made to a particular person or body if:
(a) the employee believes, on reasonable grounds, that the person or body is already aware of the incident; or
(b) the employee has a reasonable excuse.
Note: A defendant bears an evidential burden in relation to the matters in subsection (5) (see section 96 of the Regulatory Powers (Standard Provisions) Act 2014).
84 Subsection 177(1)
After “maritime transport or offshore facility security incidents”, insert “(other than cyber security incidents)”.
85 Subsection 178(1)
After “maritime transport or offshore facility security incidents”, insert “(other than cyber security incidents)”.
86 Subsection 179(1)
After “maritime transport or offshore facility security incidents”, insert “(other than cyber security incidents)”.
87 Subsection 179A(1)
After “maritime transport or offshore facility security incidents”, insert “(other than cyber security incidents)”.
88 Subsection 180(1)
After “maritime transport or offshore facility security incidents”, insert “(other than cyber security incidents)”.
89 Subsection 181(1)
After “maritime transport or offshore facility security incidents”, insert “(other than cyber security incidents)”.
90 After Part 9
Insert:
Part 9A—Reports by maritime industry participants, ship operators and offshore industry participants
182A Simplified outline of this Part
Certain maritime industry participants, ship operators and offshore industry participants are required to submit periodic reports.
If a maritime industry participant has been given a maritime security plan, the Secretary may require the participant to submit a report.
If a ship operator for a regulated Australian ship has been given a ship security plan, the Secretary may require the ship operator to submit a report.
If an offshore industry participant has been given an offshore security plan, the Secretary may require the participant to submit a report.
182B Certain maritime industry participants must submit periodic reports
Scope
(1) This section applies if:
(a) a maritime security plan was, or is, in force for a maritime industry participant; and
(b) an applicable reporting period for the maritime security plan has ended; and
(c) the maritime security plan was not given to the participant under section 59A; and
(d) the maritime security plan included, or includes, a security assessment; and
(e) the participant is included in a class of maritime industry participants specified in the regulations.
Periodic report
(2) The participant must, within 90 days after the end of the applicable reporting period, give the Secretary a report that:
(a) relates to the applicable reporting period; and
(b) sets out such matters (if any) as are specified in the regulations; and
(c) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the maritime security plan was up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the maritime security plan was not up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(d) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the maritime security plan adequately addressed the relevant requirements under Division 4 of Part 3 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the maritime security plan did not adequately address the relevant requirements under Division 4 of Part 3 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(e) is in the form approved, in writing, by the Secretary.
Civil penalty: 150 penalty units.
(3) A matter must not be specified in regulations made for the purposes of paragraph (2)(b) unless the matter relates to:
(a) unlawful interference with maritime transport or offshore facilities; or
(b) safeguarding against unlawful interference with maritime transport or offshore facilities.
(4) A report given by a person under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
Applicable reporting period for a maritime security plan
(5) For the purposes of this section, an applicable reporting period for a maritime security plan is:
(a) if the maritime security plan has been in force for at least 30 months:
(i) the 30‑month period that began when the plan came into force; or
(ii) the remainder of the period for which the plan was in force; or
(b) in any other case—the period when the maritime security plan was in force.
(6) However, an applicable reporting period for a maritime security plan does not include a day that occurred before the commencement of this section.
182C Certain ship operators must submit periodic reports
Scope
(1) This section applies if:
(a) a ship security plan was, or is, in force for a ship operator for a regulated Australian ship; and
(b) an applicable reporting period for the ship security plan has ended; and
(c) the ship security plan was not given to the ship operator under section 78A; and
(d) the ship security plan included, or includes, a security assessment; and
(e) the ship operator is included in a class of ship operators specified in the regulations.
Periodic report
(2) The ship operator must, within 90 days after the end of the applicable reporting period, give the Secretary a report that:
(a) relates to the applicable reporting period; and
(b) sets out such matters (if any) as are specified in the regulations; and
(c) if the ship operator has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the ship security plan was up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the ship security plan was not up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(d) if the ship operator has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the ship security plan adequately addressed the relevant requirements under Division 4 of Part 4 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the ship security plan did not adequately address the relevant requirements under Division 4 of Part 4 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(e) is in the form approved, in writing, by the Secretary.
Civil penalty: 150 penalty units.
(3) A matter must not be specified in regulations made for the purposes of paragraph (2)(b) unless the matter relates to:
(a) unlawful interference with maritime transport or offshore facilities; or
(b) safeguarding against unlawful interference with maritime transport or offshore facilities.
(4) A report given by a person under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
Applicable reporting period for a ship security plan
(5) For the purposes of this section, an applicable reporting period for a ship security plan is:
(a) if the ship security plan has been in force for at least 30 months:
(i) the 30‑month period that began when the plan came into force; or
(ii) the remainder of the period for which the plan was in force; or
(b) in any other case—the period when the ship security plan was in force.
(6) However, an applicable reporting period for a ship security plan does not include a day that occurred before the commencement of this section.
182D Certain offshore industry participants must submit periodic reports
Scope
(1) This section applies if:
(a) an offshore security plan was, or is, in force for an offshore industry participant; and
(b) an applicable reporting period for the offshore security plan has ended; and
(c) the offshore security plan was not given to the participant under section 100TA; and
(d) the offshore security plan included, or includes, a security assessment; and
(e) the participant is included in a class of offshore industry participants specified in the regulations.
Periodic report
(2) The participant must, within 90 days after the end of the applicable reporting period, give the Secretary a report that:
(a) relates to the applicable reporting period; and
(b) sets out such matters (if any) as are specified in the regulations; and
(c) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the offshore security plan was up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the offshore security plan was not up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(d) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the offshore security plan adequately addressed the relevant requirements under Division 4 of Part 5A at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the offshore security plan did not adequately address the relevant requirements under Division 4 of Part 5A at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(e) is in the form approved, in writing, by the Secretary.
Civil penalty: 150 penalty units.
(3) A matter must not be specified in regulations made for the purposes of paragraph (2)(b) unless the matter relates to:
(a) unlawful interference with maritime transport or offshore facilities; or
(b) safeguarding against unlawful interference with maritime transport or offshore facilities.
(4) A report given by a person under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
Applicable reporting period for a maritime security plan
(5) For the purposes of this section, an applicable reporting period for an offshore security plan is:
(a) if the offshore security plan has been in force for at least 30 months:
(i) the 30‑month period that began when the plan came into force; or
(ii) the remainder of the period for which the plan was in force; or
(b) in any other case—the period when the offshore security plan was in force.
(6) However, an applicable reporting period for an offshore security plan does not include a day that occurred before the commencement of this section.
182E Secretary may require a maritime industry participant to submit report
Scope
(1) This section applies if:
(a) a maritime security plan was, or is, in force for a maritime industry participant; and
(b) the maritime security plan was given to the participant under section 59A.
Notice
(2) The Secretary may, by written notice given to the participant, require the participant to:
(a) give the Secretary a report that:
(i) relates to the period specified in the notice; and
(ii) sets out such matters (if any) as are specified in the regulations; and
(iii) is in the form approved, in writing, by the Secretary; and
(b) do so within 90 days after the notice is given.
(3) The period specified in the notice:
(a) must consist of, or be included in, the period for which the maritime security plan was, or is, in force; and
(b) must end before the notice is given; and
(c) must begin after the commencement of this section.
(4) A matter must not be specified in regulations made for the purposes of subparagraph (2)(a)(ii) unless the matter relates to:
(a) unlawful interference with maritime transport or offshore facilities; or
(b) safeguarding against unlawful interference with maritime transport or offshore facilities.
Compliance
(5) A person must comply with a notice under subsection (2).
Civil penalty: 150 penalty units.
(6) A report given by a person in compliance with a notice under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
182F Secretary may require a ship operator to submit report
Scope
(1) This section applies if:
(a) a ship security plan was, or is, in force for a ship operator for a regulated Australian ship; and
(b) the ship security plan was given to the ship operator under section 78A.
Notice
(2) The Secretary may, by written notice given to the ship operator, require the ship operator to:
(a) give the Secretary a report that:
(i) relates to the period specified in the notice; and
(ii) sets out such matters (if any) as are specified in the regulations; and
(iii) is in the form approved, in writing, by the Secretary; and
(b) do so within 90 days after the notice is given.
(3) The period specified in the notice:
(a) must consist of, or be included in, the period for which the ship security plan was, or is, in force; and
(b) must end before the notice is given; and
(c) must begin after the commencement of this section.
(4) A matter must not be specified in regulations made for the purposes of subparagraph (2)(a)(ii) unless the matter relates to:
(a) unlawful interference with maritime transport or offshore facilities; or
(b) safeguarding against unlawful interference with maritime transport or offshore facilities.
Compliance
(5) A person must comply with a notice under subsection (2).
Civil penalty: 150 penalty units.
(6) A report given by a person in compliance with a notice under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
182G Secretary may require an offshore industry participant to submit report
Scope
(1) This section applies if:
(a) an offshore security plan was, or is, in force for an offshore industry participant; and
(b) the offshore security plan was given to the participant under section 100TA.
Notice
(2) The Secretary may, by written notice given to the participant, require the participant to:
(a) give the Secretary a report that:
(i) relates to the period specified in the notice; and
(ii) sets out such matters (if any) as are specified in the regulations; and
(iii) is in the form approved, in writing, by the Secretary; and
(b) do so within 90 days after the notice is given.
(3) The period specified in the notice:
(a) must consist of, or be included in, the period for which the offshore security plan was, or is, in force; and
(b) must end before the notice is given; and
(c) must begin after the commencement of this section.
(4) A matter must not be specified in regulations made for the purposes of subparagraph (2)(a)(ii) unless the matter relates to:
(a) unlawful interference with maritime transport or offshore facilities; or
(b) safeguarding against unlawful interference with maritime transport or offshore facilities.
Compliance
(5) A person must comply with a notice under subsection (2).
Civil penalty: 150 penalty units.
(6) A report given by a person in compliance with a notice under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
91 Subsection 184(2)
After “has”, insert “, or is capable of obtaining,”.
92 After Part 10
Insert:
Part 10A—Use and disclosure of protected information
Division 1—Simplified outline of this Part
185A Simplified outline of this Part
The making of a record, or the use or disclosure, of protected information is authorised in particular circumstances but is otherwise an offence.
Division 2—Authorised use and disclosure
185B Authorised use and disclosure—performing functions etc.
(1) A person may make a record of, use or disclose protected information if the person makes the record, or uses or discloses the information, for the purposes of:
(a) exercising the person’s powers, or performing the person’s functions or duties, under this Act; or
(b) otherwise ensuring compliance with a provision of this Act.
Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
(2) A person may make a record of, use or disclose protected information if the person makes the record, or uses or discloses the information, for purposes in connection with the administration or execution of this Act.
Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
185C Authorised use and disclosure—other person’s functions etc.
(1) The Secretary may:
(a) disclose protected information to a person mentioned in subsection (2); and
(b) make a record of or use protected information for the purpose of that disclosure;
for the purposes of enabling or assisting the person to exercise the person’s powers or perform the person’s functions or duties.
Note: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
(2) The persons to whom the Secretary may disclose protected information are the following:
(a) a Minister of the Commonwealth who has responsibility for any of the following:
(i) national security;
(ii) law enforcement;
(iii) foreign investment in Australia;
(iv) taxation policy;
(v) industry policy;
(vi) promoting investment in Australia;
(vii) defence;
(viii) customs;
(ix) immigration;
(x) transport;
(xi) health;
(xii) biosecurity;
(xiii) emergency management;
(xiv) the regulation or oversight of maritime safety;
(xv) the regulation or oversight of safety in relation to offshore facilities;
(xvi) a matter specified in an instrument made under subsection (3);
(b) a Minister of a State, the Australian Capital Territory, or the Northern Territory, who has responsibility for any of the following:
(i) emergency management;
(ii) transport;
(iii) health;
(iv) law enforcement;
(v) a matter specified in an instrument made under subsection (4);
(c) a person employed as a member of staff of a Minister mentioned in paragraph (a) or (b);
(d) the head of an agency (including a Department) administered by a Minister mentioned in paragraph (a) or (b), or an officer or employee of that agency.
(3) The Minister may, by legislative instrument, specify one or more matters for the purposes of subparagraph (2)(a)(xvi).
(4) The Minister may, by legislative instrument, specify one or more matters for the purposes of subparagraph (2)(b)(v).
185D Authorised disclosure relating to law enforcement
The Secretary may disclose protected information to an enforcement body (within the meaning of the Privacy Act 1988) for the purposes of one or more enforcement related activities (within the meaning of that Act) conducted by or on behalf of the enforcement body.
Note: This section is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
185E Authorised disclosure—instrument made by Secretary
(1) A person may disclose protected information to another person for a particular purpose if:
(a) the other person is specified in an instrument under subsection (2); and
(b) the purpose is specified in the instrument in relation to the other person.
Note 1: This subsection is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
Note 2: For record‑keeping requirements, see section 185K.
(2) The Secretary may, by legislative instrument, specify:
(a) one or more persons for the purposes of subsection (1); and
(b) for each of those persons—one or more purposes in relation to the person concerned.
185F Secondary use and disclosure of protected information
A person may make a record of, use or disclose protected information if:
(a) the person obtains the information under this Division (including this section); and
(b) the person makes the record, or uses or discloses the information, for the purposes for which the information was disclosed to the person.
Note: This section is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
Division 3—Offence for unauthorised use or disclosure
185G Offence for unauthorised use or disclosure of protected information
A person commits an offence if:
(a) the person obtains information; and
(b) the information is protected information; and
(c) the person:
(i) makes a record of the information; or
(ii) discloses the information to another person; or
(iii) otherwise uses the information; and
(d) the making of the record, or the disclosure or use, is not authorised by this Act.
Penalty: Imprisonment for 2 years or 120 penalty units, or both.
185H Exceptions to offence for unauthorised use or disclosure
Required or authorised by law
(1) Section 185G does not apply if the making of the record, or the disclosure or use, of the protected information is required or authorised by or under:
(a) a law of the Commonwealth; or
(b) a law of a State or Territory prescribed by the regulations.
Good faith
(2) Section 185G does not apply to a person to the extent that the person makes a record of, discloses or otherwise uses protected information in good faith and in purported compliance with this Act.
Person to whom the protected information relates
(3) Section 185G does not apply to a person if:
(a) the person discloses protected information to the person to whom the information relates; or
(b) the person is the person to whom the protected information relates; or
(c) the making of the record, or the disclosure or use, of the protected information is in accordance with the express or implied consent of the person to whom the information relates.
Note: A defendant bears an evidential burden in relation to the matters in this section (see subsection 13.3(3) of the Criminal Code).
185J No requirement to provide information
(1) A person is not (subject to subsections (2) and (3)) to be required to disclose protected information, or produce a document containing protected information, to:
(a) a court; or
(b) a tribunal, authority or person that has the power to require the answering of questions or the production of documents.
(2) Subsection (1) does not prevent a person from being required to disclose protected information, or to produce a document containing protected information, if it is necessary to do so for the purposes of giving effect to this Act.
(3) Subsection (1) does not prevent a person from being required to disclose protected information, or to produce a document containing protected information, in a judicial review proceeding before:
(a) the High Court of Australia; or
(b) the Federal Court; or
(c) the Federal Circuit and Family Court of Australia (Division 2).
Division 4—Record‑keeping
185K Record‑keeping requirements
(1) If:
(a) a person (the first person) discloses protected information to another person (the recipient); and
(b) the disclosure is covered by section 185E;
the first person must:
(c) make a record of:
(i) the disclosure; and
(ii) the identity of the recipient; and
(d) keep the record for 90 days.
(2) A person commits an offence if:
(a) the person is subject to a requirement under subsection (1); and
(b) the person engages in conduct; and
(c) the conduct breaches the requirement.
Penalty for contravention of this subsection: 50 penalty units.
93 Section 186 (paragraph beginning “To ensure”)
After “criminal offences”, insert “or civil penalties”.
94 Section 186 (paragraph beginning “To ensure”)
After “criminal prosecution”, insert “or civil penalty proceedings”.
95 Section 186 (paragraph beginning “The enforcement options”)
Repeal the paragraph, substitute:
The enforcement options (and the relevant Divisions) are as follows:
(a) infringement notices (Division 2);
(b) improvement notices (Division 2A);
(c) enforcement orders (Division 3);
(d) ship enforcement orders (Division 4);
(e) injunctions (Division 5);
(f) demerit points system (Division 6).
96 After Division 2 of Part 11
Insert:
Division 2A—Improvement notices
187A Improvement notices
Scope
(1) This section applies if a maritime security inspector reasonably believes that a maritime industry participant:
(a) is contravening a provision of this Act; or
(b) has contravened a provision of this Act in circumstances that make it likely that the contravention will continue or be repeated; or
(c) is likely to contravene a provision of this Act.
Improvement notice
(2) The maritime security inspector may give the maritime industry participant a written notice requiring the participant to:
(a) remedy the contravention; or
(b) prevent the likely contravention from occurring; or
(c) remedy the things or operations causing the contravention or likely contravention.
(3) A notice under subsection (2) is to be known as an improvement notice.
187B Contents of improvement notices
(1) An improvement notice given to a maritime industry participant by a maritime security inspector must state:
(a) that the inspector reasonably believes that the participant:
(i) is contravening a provision of this Act; or
(ii) has contravened a provision of this Act in circumstances that make it likely that the contravention will continue or be repeated; or
(iii) is likely to contravene a provision of this Act; and
(b) the provision the inspector believes is being, has been, or is likely to be, contravened; and
(c) briefly, how the provision is being, has been, or is likely to be, contravened; and
(d) the period within which the participant must comply with the notice.
(2) The improvement notice may include directions concerning the measures to be taken to:
(a) remedy the contravention; or
(b) prevent the likely contravention from occurring; or
(c) remedy the things or operations causing the contravention or likely contravention.
(3) The period stated for compliance with the improvement notice must be reasonable in all the circumstances.
187C Compliance with improvement notice
(1) A person commits an offence if:
(a) the person is:
(i) a port operator; or
(ii) a port facility operator; or
(iii) the ship operator for a regulated Australian ship; or
(iv) an offshore facility operator; and
(b) the person is given an improvement notice; and
(c) the person engages in conduct; and
(d) the person’s conduct breaches the improvement notice.
Penalty: 200 penalty units.
(2) Subsection (1) is an offence of strict liability.
(3) A person commits an offence if:
(a) the person is a maritime industry participant other than:
(i) a port operator; or
(ii) a port facility operator; or
(iii) the ship operator for a regulated Australian ship; or
(iv) an offshore facility operator; and
(b) the person is given an improvement notice; and
(c) the person engages in conduct; and
(d) the person’s conduct breaches the improvement notice.
Penalty: 100 penalty units.
(4) Subsection (3) is an offence of strict liability.
187D Extension of time for compliance with improvement notices
Scope
(1) This section applies if a person has been given an improvement notice.
Extension of compliance period
(2) A maritime security inspector may, by written notice given to the person, extend the compliance period for the improvement notice.
(3) However, the maritime security inspector may extend the compliance period only if the period has not ended.
(4) In this section, compliance period means the period stated in the improvement notice under section 187B, and includes that period as extended under this section.
187E Variation of improvement notices
Scope
(1) This section applies if a person has been given an improvement notice.
Changes
(2) A maritime security inspector may, by written notice given to the person, vary the notice.
(3) A maritime security inspector may also, in accordance with section 187D, extend the compliance period for an improvement notice.
187F Revocation of improvement notices
(1) If:
(a) a person has been given an improvement notice; and
(b) at a time during the compliance period for the notice, a maritime security inspector forms a reasonable belief that the notice is no longer required for the purposes of requiring the person to:
(i) remedy a contravention of this Act; or
(ii) prevent a likely contravention of this Act from occurring; or
(iii) remedy the things or operations causing a contravention, or likely contravention, of this Act;
the inspector must, by written notice given to the person, revoke the notice.
(2) In this section, compliance period means the period stated in the improvement notice under section 187B, and includes that period as extended under section 187D.
187G Formal irregularities or defects in improvement notices
An improvement notice is not invalid only because of:
(a) a formal defect or irregularity in the notice unless the defect or irregularity causes or is likely to cause substantial injustice; or
(b) a failure to use the correct name of the person to whom the notice is issued if the notice sufficiently identifies the person.
97 At the end of Part 11
Add:
Division 7—Civil penalties
200B Civil penalty provision
Enforceable civil penalty provision
(1) A civil penalty provision in this Act is enforceable under Part 4 of the Regulatory Powers (Standard Provisions) Act 2014.
Note: Part 4 of the Regulatory Powers (Standard Provisions) Act 2014 allows a civil penalty provision to be enforced by obtaining an order for a person to pay a pecuniary penalty for the contravention of the provision.
Authorised applicant
(2) For the purposes of Part 4 of the Regulatory Powers (Standard Provisions) Act 2014, the Secretary is an authorised applicant in relation to a civil penalty provision in this Act.
Relevant court
(3) For the purposes of Part 4 of the Regulatory Powers (Standard Provisions) Act 2014, the Federal Court of Australia and the Federal Circuit and Family Court of Australia (Division 2) are relevant courts in relation to a civil penalty provision in this Act.
Extension to external Territories etc.
(4) Part 4 of the Regulatory Powers (Standard Provisions) Act 2014, as it applies in relation to a civil penalty provision in this Act, extends to every external Territory.
98 Before section 201
Insert:
Division 1—External review
99 After paragraph 201(d)
Insert:
(daa) to give a maritime industry participant a maritime security plan under section 59A (including a revised maritime security plan as referred to in section 59E); or
(dab) to cancel a maritime security plan under section 59E; or
(dac) to refuse to cancel a maritime security plan under section 59G; or
(dad) to give a ship operator a ship security plan under section 78A (including a revised ship security plan as referred to in section 78D); or
(dae) to cancel a ship security plan under section 78D; or
(daf) to refuse to cancel a ship security plan under section 78F; or
(dag) to give an offshore industry participant an offshore security plan under section 100TA (including a revised offshore security plan as referred to in section 100TE); or
(dah) to cancel an offshore security plan under section 100TE; or
(dai) to refuse to cancel an offshore security plan under section 100TG; or
100 At the end of section 201
Add:
; or (l) under section 201D (internal review).
101 At the end of Part 12
Add:
Division 2—Internal review
201B Which decisions are internally reviewable
The following table sets out:
(a) decisions made under this Act that are internally reviewable in accordance with this Division (internally reviewable decisions); and
(b) who is eligible to apply for review of an internally reviewable decision (the eligible person).
| Internally reviewable decisions |
| Item | Provision under which internally reviewable decision is made | Eligible person in relation to internally reviewable decision |
| 1 | Section 187A (giving an improvement notice). | The person to whom the notice was given. |
| 2 | Section 187D (extension of time for compliance with improvement notice). | The person to whom the notice was given. |
| 3 | Section 187E (variation of improvement notice). | The person to whom the notice was given. |
201C Application for internal review
(1) An eligible person in relation to an internally reviewable decision may apply to the Secretary for review (an internal review) of the decision within:
(a) the prescribed time after the day on which the decision first came to the eligible person’s notice; or
(b) such longer period as the Secretary allows.
(2) The application must be made in the manner and form required by the Secretary.
(3) For the purposes of this section, the prescribed time is:
(a) in the case of a decision to give an improvement notice—the period specified in the notice for compliance with the notice or 14 days, whichever is the lesser; and
(b) in any other case—14 days.
201D Decision on internal review
(1) The Secretary must:
(a) review the internally reviewable decision; and
(b) make a decision:
(i) as soon as is reasonably practicable; and
(ii) in any event, within 14 days after the application for internal review is received.
(2) The decision may be:
(a) to confirm or vary the internally reviewable decision; or
(b) to set aside the internally reviewable decision and substitute another decision that the Secretary considers appropriate.
(3) If the Secretary seeks further information from the applicant, the 14‑day period ceases to run until the applicant provides the information to the Secretary.
(4) The applicant must provide the further information within the time (being not less than 7 days) specified by the Secretary in the request for information.
(5) If the applicant does not provide the further information within the required time, the decision is taken to have been confirmed by the Secretary at the end of that time.
(6) If the internally reviewable decision is not varied or set aside within the 14‑day period, the decision is taken to have been confirmed by the Secretary.
201E Notification of decision on internal review
As soon as practicable after reviewing the decision, the Secretary must give the applicant in writing:
(a) the decision on the internal review; and
(b) the reasons for the decision.
201F Stays of internally reviewable decisions
(1) If an application is made for an internal review of a decision to issue an improvement notice, the Secretary may stay the operation of the decision pending a decision on the internal review.
(2) A stay of the operation of a decision pending a decision on an internal review continues until whichever of the following is the earlier:
(a) the end of the period for applying to the Administrative Appeals Tribunal for review of the decision made on the internal review;
(b) an application is made to the Administrative Appeals Tribunal for review of the decision made on the internal review.
102 Subsection 202(1)
After “this Act”, insert “(other than powers or functions under Division 2 of Part 12)”.
103 Paragraph 202(1)(c)
Omit “that carries on activities that relate to national security”.
104 Subsection 202(1A)
After “the delegation”, insert “in writing”.
105 Subsection 202(2)
After “Part 11”, insert “or Division 2 of Part 12”.
106 After subsection 202(2)
Insert:
(2A) The Secretary may, by writing, delegate all or any of the Secretary’s powers and functions under Division 2 of Part 12 to an SES employee who holds, or performs the duties of, an SES Band 2 position, or an SES Band 3 position, in the Department.
107 After subsection 208(2)
Insert:
(2A) This Act also has the effect that it would have if:
(a) each reference to a maritime industry participant were expressly confined to a maritime industry participant that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(b) each reference to a port operator were expressly confined to a port operator that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(c) each reference to a port facility operator were expressly confined to a port facility operator that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(d) each reference to a ship operator were expressly confined to a ship operator that is a corporation to which paragraph 51(xx) of the Constitution applies; and
(e) each reference to an offshore industry participant were expressly confined to an offshore industry participant that is a corporation to which paragraph 51(xx) of the Constitution applies.
Division 2—Application provisions
108 Application—security directions
The amendments of section 33 of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a security direction given after the commencement of this item.
109 Application—maritime security plans
(1) The amendments of section 47 of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a maritime security plan for a maritime industry participant if:
(a) the participant gives the plan to the Secretary under section 50 of that Act after the commencement of this item; or
(b) the participant gives a copy of the plan to the Secretary under section 54 of that Act after the commencement of this item; or
(c) the participant gives the program to the Secretary in compliance with a notice that was given under section 55 of that Act after the commencement of this item.
(2) Despite subitem (1), in determining, for the purposes of sections 53, 55 and 57 of the Maritime Transport and Offshore Facilities Security Act 2003, whether a maritime security plan adequately addresses the relevant requirements under Division 4 of Part 3 of that Act, assume that the amendment of section 47 of that Act made by this Part applies in relation to the plan.
110 Application—ship security plans
(1) The amendments of section 66 of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a ship security plan for a regulated Australian ship if:
(a) the ship operator gives the plan to the Secretary under section 69 of that Act after the commencement of this item; or
(b) the ship operator gives a copy of the plan to the Secretary under section 73 of that Act after the commencement of this item; or
(c) the ship operator gives the plan to the Secretary in compliance with a notice that was given under section 74 of that Act after the commencement of this item.
(2) Despite subitem (1), in determining, for the purposes of sections 72, 74 and 76 of the Maritime Transport and Offshore Facilities Security Act 2003, whether a ship security plan adequately addresses the relevant requirements under Division 4 of Part 4 of that Act, assume that the amendment of section 66 of that Act made by this Part applies in relation to the plan.
111 Application—offshore security plans
(1) The amendments of section 100G of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to an offshore security plan for an offshore industry participant if:
(a) the participant gives the plan to the Secretary under section 100J of that Act after the commencement of this item; or
(b) the participant gives a copy of the plan to the Secretary under section 100N of that Act after the commencement of this item; or
(c) the participant gives the program to the Secretary in compliance with a notice that was given under section 100O of that Act after the commencement of this item.
(2) Despite subitem (1), in determining, for the purposes of sections 100M, 100O and 100Q of the Maritime Transport and Offshore Facilities Security Act 2003, whether an offshore security plan adequately addresses the relevant requirements under Division 4 of Part 5A of that Act, assume that the amendment of section 100G of that Act made by this Part applies in relation to the plan.
112 Application—security incidents
The amendments of Part 9 of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a security incident that occurs after the commencement of this item.
112A Application—requests for further information
(1) The amendments of section 51 of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a notice given under subsection 51(5) of that Act after the commencement of this item.
(2) The amendments of section 52A of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a notice given under subsection 52A(8) of that Act after the commencement of this item.
(3) The amendments of section 70 of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a notice given under subsection 70(5) of that Act after the commencement of this item.
(4) The amendments of section 71A of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a notice given under subsection 71A(7) of that Act after the commencement of this item.
(5) The amendments of section 100K of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a notice given under subsection 100K(5) of that Act after the commencement of this item.
(6) The amendments of section 100LA of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a notice given under subsection 100LA(8) of that Act after the commencement of this item.
Part 2—Other amendments
Division 1—Amendments
Maritime Transport and Offshore Facilities Security Act 2003
113 Subsection 3(1)
After “facilities”, insert “or operational interference with maritime transport or offshore facilities”.
114 Section 4 (paragraph beginning “This Act establishes”)
After “facilities”, insert “and operational interference with maritime transport or offshore facilities”.
115 Section 10
Insert:
critical maritime industry participant has the meaning given by section 17CA.
operational interference with maritime transport or offshore facilities has the meaning given by section 11A.
relevant interference has the meaning given by section 10D.
116 After Division 4A of Part 1
Insert:
Division 4B—Relevant interference
10D Meaning of relevant interference
(1) Each of the following is a relevant interference with an asset:
(a) interference (whether direct or indirect) with the availability of the asset;
(b) interference (whether direct or indirect) with the integrity of the asset;
(c) interference (whether direct or indirect) with the reliability of the asset;
(d) interference (whether direct or indirect) with the confidentiality of:
(i) information about the asset; or
(ii) if information is stored in the asset—the information; or
(iii) if the asset is computer data—the computer data.
(2) Each of the following is a relevant interference with the operation of a maritime industry participant:
(a) interference (whether direct or indirect) with the availability of the operation of the participant;
(b) interference (whether direct or indirect) with the integrity of the operation of the participant;
(c) interference (whether direct or indirect) with the reliability of the operation of the participant;
(d) interference (whether direct or indirect) with the confidentiality of information relating to the operation of the participant.
117 After Division 5 of Part 1
Insert:
Division 5A—Operational interference with maritime transport or offshore facilities
11A Meaning of operational interference with maritime transport or offshore facilities
(1) For the purposes of this Act, operational interference with maritime transport or offshore facilities means:
(a) committing, or attempting to commit, an act that results in a relevant interference with the operation of a maritime industry participant; or
(b) committing, or attempting to commit, an act that results in a relevant interference with an asset that is:
(i) used in connection with the operation of a maritime industry participant; and
(ii) owned or operated by a maritime industry participant; or
(c) the occurrence of a hazard that results in a relevant interference with the operation of a maritime industry participant; or
(d) the occurrence of a hazard that results in a relevant interference with an asset that is:
(i) used in connection with the operation of a maritime industry participant; and
(ii) owned or operated by a maritime industry participant.
(2) However, operational interference with maritime transport or offshore facilities does not include any of the following:
(a) unlawful interference with maritime transport or offshore facilities;
(b) lawful advocacy, protest, dissent or industrial action.
118 After Division 7A of Part 1
Insert:
Division 7AA—Critical maritime industry participants
17CA Minister may declare critical maritime industry participants
(1) The Minister may, by writing, declare that a specified maritime industry participant is a critical maritime industry participant for the purposes of this Act.
(2) A declaration under subsection (1) is not a legislative instrument.
(3) Subsection 33(3AB) of the Acts Interpretation Act 1901 does not apply to subsection (1) of this section.
Note: Subsection 33(3AB) of the Acts Interpretation Act 1901 deals with specification by class.
(4) The Minister must not specify a maritime industry participant under subsection (1) unless the Minister is satisfied that:
(a) the participant is critical to:
(i) the social or economic stability of Australia or its people; or
(ii) the defence of Australia; or
(iii) national security (within the meaning of the Security of Critical Infrastructure Act 2018); and
(b) there is a risk, in relation to the participant, that may be prejudicial to security (within the meaning of the Australian Security Intelligence Organisation Act 1979).
(5) In making a declaration under subsection (1), the Minister must have regard to:
(a) such matters (if any) as are specified in the regulations; and
(b) such other matters (if any) as the Minister considers relevant.
Class of maritime industry participants
(6) The Minister may, by legislative instrument, declare that each maritime industry participant included in a specified class of maritime industry participants is a critical maritime industry participant for the purposes of this Act.
(7) The Minister must not specify a class of maritime industry participants under subsection (6) unless the Minister is satisfied that:
(a) each maritime industry participant in the class is critical to:
(i) the social or economic stability of Australia or its people; or
(ii) the defence of Australia; or
(iii) national security (within the meaning of the Security of Critical Infrastructure Act 2018); and
(b) there is a risk, in relation to each maritime industry participant in the class, that may be prejudicial to security (within the meaning of the Australian Security Intelligence Organisation Act 1979).
(8) In making a declaration under subsection (6), the Minister must have regard to:
(a) such matters (if any) as are specified in the regulations; and
(b) such other matters (if any) as the Minister considers relevant.
119 After paragraph 33(1)(b)
Insert:
(ba) both of the following apply:
(i) a specific threat of operational interference with maritime transport or offshore facilities is made or exists;
(ii) the Secretary is satisfied that giving a direction under this subsection is an appropriate response to the threat; or
(bb) both of the following apply:
(i) there is a change in the nature of an existing general threat of operational interference with maritime transport or offshore facilities;
(ii) the Secretary is satisfied that giving a direction under this subsection is an appropriate response to the threat; or
120 After subsection 38(1A)
Insert:
(1B) A security direction covered by paragraph 33(1)(ba) must be revoked when the specific threat no longer exists.
121 Section 48
Before “The regulations”, insert “(1)”.
122 At the end of section 48
Add:
(2) The regulations may prescribe matters that:
(a) relate to safeguarding against operational interference with maritime transport or offshore facilities; and
(b) must be dealt with in each maritime security plan for a critical maritime industry participant.
(3) Subsection (2) does not limit subsection (1).
123 After subsection 59B(2)
Insert:
(2A) A maritime security plan that is given to a maritime industry participant under section 59A may set out the activities or measures to be undertaken or implemented by the participant under the plan for the purposes of safeguarding against operational interference with maritime transport or offshore facilities.
124 Section 67
Before “The regulations”, insert “(1)”.
125 At the end of section 67
Add:
(2) The regulations may prescribe matters that:
(a) relate to safeguarding against operational interference with maritime transport or offshore facilities; and
(b) must be dealt with in each ship security plan for a regulated Australian ship where the ship operator is a critical maritime industry participant.
(3) Subsection (2) does not limit subsection (1).
126 After subsection 78B(1A)
Insert:
(1B) A ship security plan that is given to a ship operator under section 78A may set out the activities or measures to be undertaken or implemented by the ship operator under the plan for the purposes of safeguarding against operational interference with maritime transport or offshore facilities.
129 After subsection 100TB(1A)
Insert:
(1B) An offshore security plan that is given to an offshore industry participant under section 100TA may set out the activities or measures to be undertaken or implemented by the participant under the plan for the purposes of safeguarding against operational interference with maritime transport or offshore facilities.
130 Subsection 105(1)
After “facilities”, insert “or safeguarding against operational interference with maritime transport or offshore facilities”.
131 Subsection 106(2)
After “facilities”, insert “or from operational interference with maritime transport or offshore facilities”.
132 Subsection 109(1)
After “facilities”, insert “or safeguarding against operational interference with maritime transport or offshore facilities”.
133 Subsection 113(1)
After “facilities”, insert “or safeguarding against operational interference with maritime transport or offshore facilities”.
134 Subsection 113D(1)
After “facilities”, insert “or safeguarding against operational interference with maritime transport or offshore facilities”.
135 Section 182A (before paragraph beginning “Certain”)
Insert:
Critical maritime industry participants are required to submit periodic reports.
136 After section 182A
Insert:
182AA Critical maritime industry participants must submit periodic reports
Scope
(1) This section applies if:
(a) a maritime security plan was, or is, in force for a critical maritime industry participant; and
(b) an applicable reporting period for the maritime security plan has ended.
Periodic report
(2) The participant must, within 90 days after the end of the applicable reporting period, give the Secretary a report that:
(a) relates to the applicable reporting period; and
(b) sets out such matters (if any) as are specified in the regulations; and
(c) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the maritime security plan was up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the maritime security plan was not up to date immediately before the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(d) if the participant has a board, council or other governing body—includes whichever of the following statements is applicable:
(i) if the maritime security plan adequately addressed the relevant requirements under Division 4 of Part 3 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect;
(ii) if the maritime security plan did not adequately address the relevant requirements under Division 4 of Part 3 at the end of the applicable reporting period—a statement by the board, council or other governing body to that effect; and
(e) is in the form approved, in writing, by the Secretary.
Civil penalty: 150 penalty units.
(3) A matter must not be specified in regulations made for the purposes of paragraph (2)(b) unless the matter relates to:
(a) unlawful interference with maritime transport or offshore facilities; or
(b) safeguarding against unlawful interference with maritime transport or offshore facilities; or
(c) operational interference with maritime transport or offshore facilities; or
(d) safeguarding against operational interference with maritime transport or offshore facilities.
(4) A report given by a person under subsection (2) is not admissible in evidence against the person in:
(a) criminal proceedings for an offence against this Act; or
(b) civil proceedings relating to a contravention of a civil penalty provision of this Act (other than this section).
Applicable reporting period for a maritime security plan
(5) For the purposes of this section, an applicable reporting period for a maritime security plan is:
(a) if the maritime security plan was in force for the whole of a financial year—the financial year; or
(b) if the maritime security plan was in force for a part of a financial year—the part of the financial year.
(6) However, an applicable reporting period for a maritime security plan does not include a day that occurred before the commencement of this section.
137 Section 182B (heading)
After “participants”, insert “(other than critical maritime industry participants)”.
138 Paragraph 182B(1)(a)
After “participant”, insert “(other than a critical maritime industry participant)”.
139 At the end of subsection 182B(3)
Add:
; or (c) operational interference with maritime transport or offshore facilities; or
(d) safeguarding against operational interference with maritime transport or offshore facilities.
140 At the end of subsection 182C(3)
Add:
; or (c) operational interference with maritime transport or offshore facilities; or
(d) safeguarding against operational interference with maritime transport or offshore facilities.
143 At the end of subsection 182D(3)
Add:
; or (c) operational interference with maritime transport or offshore facilities; or
(d) safeguarding against operational interference with maritime transport or offshore facilities.
144 At the end of subsection 182E(4)
Add:
; or (c) operational interference with maritime transport or offshore facilities; or
(d) safeguarding against operational interference with maritime transport or offshore facilities.
145 At the end of subsection 182F(4)
Add:
; or (c) operational interference with maritime transport or offshore facilities; or
(d) safeguarding against operational interference with maritime transport or offshore facilities.
146 At the end of subsection 182G(4)
Add:
; or (c) operational interference with maritime transport or offshore facilities; or
(d) safeguarding against operational interference with maritime transport or offshore facilities.
147 Paragraph 189(2)(b)
Repeal the paragraph, substitute:
(b) it is necessary to make the order to:
(i) safeguard against unlawful interference with maritime transport or offshore facilities; or
(ii) safeguard against operational interference with maritime transport or offshore facilities.
148 Subsection 191(2)
After “facilities”, insert “or safeguard against operational interference with maritime transport or offshore facilities”.
149 Paragraph 191(3)(a)
After “facilities”, insert “or adequately safeguards against operational interference with maritime transport or offshore facilities”.
150 Paragraph 195(3)(b)
Repeal the paragraph, substitute:
(b) the ship enforcement order is necessary to:
(i) safeguard against unlawful interference with maritime transport or offshore facilities; or
(ii) safeguard against operational interference with maritime transport or offshore facilities.
Division 2—Application provisions
151 Application—maritime security plans
The amendments of section 48 of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a maritime security plan for a maritime industry participant if:
(a) the participant gives the plan to the Secretary under section 50 of that Act after the commencement of this item; or
(b) the participant gives a copy of the plan to the Secretary under section 54 of that Act after the commencement of this item; or
(c) the participant gives the program to the Secretary in compliance with a notice that was given under section 55 of that Act after the commencement of this item.
152 Application—ship security plans
The amendments of section 67 of the Maritime Transport and Offshore Facilities Security Act 2003 made by this Part apply in relation to a maritime security plan for a regulated Australian ship if:
(a) the ship operator gives the plan to the Secretary under section 69 of that Act after the commencement of this item; or
(b) the ship operator gives a copy of the plan to the Secretary under section 73 of that Act after the commencement of this item; or
(c) the ship operator gives the plan to the Secretary in compliance with a notice that was given under section 74 of that Act after the commencement of this item.
Schedule 3—Amendment of the Security of Critical Infrastructure Act 2018
Part 1—Aviation transport
Security of Critical Infrastructure Act 2018
1 Section 5
Insert:
aviation industry participant has the same meaning as in the Aviation Transport Security Act 2004.
1A Section 5 (definition of critical aviation asset)
Repeal the definition, substitute:
critical aviation asset means an asset that:
(a) is owned or operated by a critical aviation industry participant; and
(b) is used in connection with the operation of the participant in the participant’s capacity as an aviation industry participant.
Note: The rules may prescribe that a specified critical aviation asset is not a critical infrastructure asset (see section 9).
1B Section 5
Insert:
critical aviation industry participant has the same meaning as in the Aviation Transport Security Act 2004.
2 Paragraphs 12L(21)(a), (b) and (c)
Repeal the paragraphs, substitute:
(a) the critical aviation industry participant referred to in paragraph (a) of the definition of critical aviation asset in section 5; or
Part 2—Maritime transport
Security of Critical Infrastructure Act 2018
3 Section 5
Insert:
critical maritime asset means an asset that:
(a) is owned or operated by a critical maritime industry participant; and
(b) is used in connection with the operation of the participant in the participant’s capacity as a maritime industry participant.
Note: The rules may prescribe that a specified critical maritime asset is not a critical infrastructure asset (see section 9).
critical maritime industry participant has the same meaning as in the Maritime Transport and Offshore Facilities Security Act 2003.
4 Section 5 (definition of critical port)
Repeal the definition.
5 Section 5
Insert:
maritime industry participant has the same meaning as in the Maritime Transport and Offshore Facilities Security Act 2003.
6 Section 5 (definition of operator)
Repeal the definition, substitute:
operator, of an asset, means an entity that operates the asset or part of the asset.
Note: For some assets, an operator of the asset is also the responsible entity for the asset.
7 Paragraph 8E(10)(a)
Omit “critical port”, substitute “critical maritime asset”.
8 Paragraph 9(1)(dm)
Omit “critical port”, substitute “critical maritime asset”.
9 Paragraph 9(2)(q)
Omit “critical port”, substitute “critical maritime asset”.
10 Section 11
Repeal the section.
11 Subsection 12L(17)
Repeal the subsection, substitute:
Critical maritime asset
(17) The responsible entity for a critical maritime asset is:
(a) the critical maritime industry participant referred to in paragraph (a) of the definition of critical maritime asset in section 5; or
(b) if another entity is prescribed by the rules in relation to the critical maritime asset—that other entity.