Commonwealth of Australia Explanatory Memoranda Commonwealth of Australia Explanatory Memoranda[Index] [Search] [Download] [Bill] [Help]
2019-2020-2021-2022
THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA
HOUSE OF REPRESENTATIVES
TRANSPORT SECURITY AMENDMENT (CRITICAL INFRASTRUCTURE) BILL
2022
EXPLANATORY MEMORANDUM
(Circulated by authority of the Minister for Home Affairs,
the Honourable Karen Andrews MP)
Transport Security Amendment (Critical Infrastructure) Bill 2022
OUTLINE
The Australian Government is committed to protecting the safety, security and resilience of
the aviation and maritime transport sectors. As the threats and risks to Australia's critical
transport infrastructure evolve, so too must our approach to ensuring the ongoing security and
resilience of these sectors.
The main purpose of the Aviation Transport Security Act 2004 (the Aviation Act) and the
Maritime Transport and Offshore Facilities Security Act 2003 (the Maritime Act), is to
establish a regulatory framework to safeguard against unlawful interference with aviation and
maritime transport, and offshore facilities. The purpose of the Transport Security Amendment
(Critical Infrastructure) Bill 2022 (the Bill) is to amend the Aviation Act and the Maritime
Act, to align these acts with the Australian Government's commitment to protecting
Australia's critical infrastructure.
The amendments will work to ensure that the entities regulated by the Aviation and Maritime
Acts adopt a proactive approach to identifying hazards and minimising or eliminating any
material risk, including in relation to the significant threat posed by cyber and systems
attacks.
As noted above, the main purpose of the Aviation and Maritime Acts relates to safeguarding
against unlawful interference with aviation and maritime transport, and offshore facilities.
The Bill will amend the definition of unlawful interference in both the Aviation and Maritime
Acts. Specifically, the Bill will:
• amend the Aviation and Maritime Acts to expand the definition of unlawful
interference to capture cyber security incidents;
• amend the Aviation Act to expand the definition of unlawful interference to capture
incidents that affect the safe operation of an airport and occur away from the airport in
question;
• amend the Aviation Act to remove a limitation that information needs to be
misleading or false to cause damage;
• amend the Aviation Act to expand the definition of unlawful interference to include
any act committed in relation to an aircraft that puts the aircraft or anyone on the
aircraft or anyone outside the aircraft at risk, committing acts or causing damage that
put the safe operations of an aviation industry participant at risk;
• amend the Maritime Act to expand the definition of unlawful interference to capture
attempted acts of unlawful interference and not just those that are successful, bringing
the Maritime Act in line with the Aviation Act; and
• amend the Maritime Act to expand the definition of unlawful interference to include
the protection of ships systems, removing the limitation that information needs to be
false or misleading in order to cause damage.
2
The Bill will also establish an additional purpose, under both the Aviation and Maritime Acts,
of safeguarding against operational interference. This will require critical industry
participants to safeguard against a range of hazards and threats that could impact or interfere
with the availability, integrity, reliability and/or confidentiality of the industry participant's
information, operations or assets. Specifically, the Bill will:
• insert a new purpose, in the Aviation and Maritime Acts, of safeguarding against
operational interference, that will, as an example, have implications for the threats and
risks that industry participants will need to consider for security plans and programs;
and
• expand the existing security direction power in both the Aviation and Maritime Acts
to include the power to make security directions in relation to a specific threat, or a
change in a general threat, of operational interference.
Certain aviation and maritime industry participants play more significant roles within the
aviation and maritime sectors, and have the potential to more significantly impact Australia's
critical transport infrastructure. In recognition of this, the Bill provides for a power for the
Minister to declare critical industry participants under the Aviation and Maritime Acts, with
additional requirements for those participants that are declared to be critical.
Both the Aviation and Maritime Acts require that an industry participant establish and
maintain a security plan or program, whichever is relevant to the particular type of industry
participant. The Security Legislation Amendment (Critical Infrastructure Protection) Bill
2022 as part of the broader critical infrastructure reforms proposes a requirement for
responsible entities of specified critical infrastructure assets to adopt and maintain a "critical
infrastructure risk management program". The critical infrastructure risk management
programs will require those responsible entities to take an all-hazards approach when
identifying and understanding risks.
The Bill will make a number of changes to the requirements relating to security plans and
programs to ensure they more closely align with the requirements in relation to critical
infrastructure risk management programs. Specifically the Bill will:
• amend the Aviation Act to require that security programs include a security
assessment that identifies risks to security and details how those risks will be
mitigated;
• amend the Maritime Act to include a requirement that addresses how participants will
respond to security incidents;
• amend both the Aviation and Maritimes Acts to include a power that the Secretary
may require a participant to regularly review their program or plan; and
• include a requirement in the Aviation and Maritime Acts that certain industry
participants must submit a periodic report on their program or plan.
The Bill will also introduce a framework governing the use and disclosure of protected
information, and related offences. Aviation and maritime security inspectors currently have
3
powers to conduct oversight of compliance with obligations under the relevant Act and
associated regulations. As an example, these powers enable an inspector to enter, inspect and
make records in a facility that is controlled by an industry participant. Under the Bill, the
powers of aviation and maritime inspectors will be further expanded to enable compliance
activities to be undertaken in relation to the new obligations established by the Bill.
Specifically, the Bill will:
• amend the Maritime Act to introduce powers for security systems testing, including
the power to test a security system using a "test weapon", aligning the Maritime Act
with the Aviation Act;
• amend the Maritime Act to ensure that the powers of maritime security inspectors can
be used to operate equipment that is located on a vehicle or vessel;
• introduce a power into the Aviation and Maritime Acts, to operate and connect a
device to equipment at a location operated by an industry participant for the purpose
of testing the equipment;
• introduce a power into both the Aviation and Maritime Acts that would empower a
security inspector to issue a written notice requiring a participant to produce certain
information, if the inspector has reason to believe that the information would be
necessary to them exercising their powers;
• amend the existing provisions in the Aviation and Maritime Acts that empower
inspectors to request security compliance information that the participant has, to also
empower inspectors to request information that the participant is capable of obtaining;
• introduce a power for inspectors to request specified assistance from an industry
participant or their employee; and
• amend existing provisions in the Aviation and Maritimes Acts, relating to accessing
documents and records, to clarify that it is immaterial whether or not the document or
record is onsite or offsite.
Additionally, in relation to the powers of aviation and maritime security inspectors, the Bill
will introduce the concept of "improvement notices" into both the Aviation and Maritime
Acts. The improvement notice regime will provide for the issuing of notices by security
inspectors to encourage, and where necessary enforce, compliance with the relevant Act.
Where a security inspector reasonably believes there has been a contravention - or that a
contravention is likely to occur - they may issue an improvement notice to the industry
participant, requiring them to remedy the contravention or prevent a likely contravention
from occurring.
The Bill will also trigger Part 3 of the Regulatory Powers (Standard Provisions) Act 2014
(the Regulatory Powers Act), which relates to investigation powers, providing a framework
for gathering material that relates to the contravention of offence provisions and civil penalty
provisions. The Bill will also trigger Part 4 of the Regulatory Powers Act, which creates a
framework for the use of civil penalties to enforce civil penalty provisions.
4
The Aviation and Maritime Acts currently provide for certain decisions to be deemed to be
decisions to refuse if the industry participant fails to provide certain information within a set
timeframe. The Bill will repeal those mandated timeframes, allowing the industry participant
additional time to provide the required information, and the Secretary with additional time to
consider the issue at hand.
The Security Legislation Amendment (Critical Infrastructure) Act 2021 introduced a
mandatory requirement for prescribed critical infrastructure assets to report cyber security
incidents. This is an important component of protecting Australia's critical infrastructure as it
assists the Australian Cyber Security Centre and law enforcement agencies to disrupt cyber
crime operations and cyber security threats. While the Aviation and Maritime Acts already
include reporting requirements in relation to aviation and maritime security incidents, the Bill
seeks to extend this to include mandatory cyber security incidents, consistent with the broader
critical infrastructure security reforms and to ensure Australia's aviation and maritime sector
is protected against all hazard threats. The new reporting requirements align with the Security
Legislation Amendment (Critical Infrastructure) Act 2021 and will work alongside the
existing reporting requirements for other types of aviation and maritime security incidents.
FINANCIAL IMPACT STATEMENT
The financial impact of the amendments to the Bill is low. Any costs will be met from within
existing resources.
STATEMENT OF COMPATIBILITY WITH HUMAN RIGHTS
A Statement of Compatibility with Human Rights has been completed in relation to the
amendments in the Bill. It has been assessed that the amendments are compatible with
Australia's human rights obligations. A copy of the Statement of Compatibility with Human
Rights is at Attachment A.
5
Transport Security Amendment (Critical Infrastructure) Bill 2022
NOTES ON AMENDMENTS
Section 1 Short title
1. Section 1 of the Bill provides that the short title of the Act is the Transport Security
Amendment (Critical Infrastructure) Act 2022.
Section 2 Commencement
2. Section 2 of the Bill sets out the times at which the Act commences once passed by
the Parliament.
3. Subsection 2(1) provides that each provision of the Bill specified in column 1 of the
table commences, or is taken to have commenced, in accordance with column 2 of the table.
Any other statement in column 2 has effect according to its terms.
4. The table following subsection 2(1) provides for commencement.
5. Table item 1 provides that sections 1 to 3 and anything in the Act not covered
elsewhere in the table commences on the day the Act receives the Royal Assent.
6. Table item 2 and table item 4 provide that Part 1 of Schedule 1 and Part 1 of
Schedule 2 will commence on a single day to be fixed by proclamation. However, if the
provisions do not commence within the period of 12 months beginning on the day this Act
receives the Royal Assent, they commence on the day after the end of that period.
7. Table item 3 and table item 6 provide that Part 2 of Schedule 1 and Part 1 of
Schedule 3 will commence immediately after the commencement of the provisions covered
by table item 2.
8. Table item 5 and table item 7 provide that Part 2 of Schedule 2 and Part 2 of
Schedule 3 will commence immediately after the commencement of the provisions covered
by table item 4.
9. The note following the table reminds the reader that this table relates only to the
provisions of this Act as originally enacted. The table will not be amended to deal with any
later amendments of this Act.
10. Subsection 2(2) provides that any information in column 3 of the table is not part of
this Act. Information may be inserted in this column, or information in it may be edited, in
any published version of this Act.
6
Section 3 Schedules
11. Section 3 provides that legislation that is specified in a Schedule to the Bill is
amended or repealed as set out in the applicable items in the Schedule concerned. In addition,
this clause provides that any other item in a Schedule to this Act has effect according to its
terms.
12. There are three schedules to the Bill, with each schedule containing two parts.
Schedule 1 will amend the Aviation Transport Security Act 2004 (the Aviation Act).
Schedule 2 will amend the Maritime Transport and Offshore Facilities Security Act 2003.
Schedule 3 will amend the Security of Critical Infrastructure Act 2018.
Schedule 1 Amendment of the Aviation Transport Security Act 2004
Part 1 General amendments
Division 1 Amendments
Aviation Transport Security Act 2004
Item 1 Section 4 (after paragraph beginning "Part 6")
13. Section 4 of the Aviation Act is a simplified outline of the Act. This item inserts a
new paragraph in the simplified outline to provide for new Part 6A that will be introduced by
this Bill. New part 6A deals with the submission of reports by aviation industry participants,
known consignors and regulated agents. Further information about the new Part 6A can be
found below at item 47.
Item 2 Section 4 (after paragraph beginning "Part 7")
14. This item inserts a new paragraph in the simplified outline to provide for new Part 7A
that will be introduced by this Bill. The new paragraph provides that Part 7A will deal with
the use and disclosure of protected information. More detail on the new Part 7A can be found
below at item 49.
Item 3 Section 4 (after paragraph beginning "Part 8")
15. This item will amend an existing paragraph of the simplified outline. The current
paragraph provides that Part 8 deals with a range of enforcement mechanisms including
infringement notices, enforcement orders, enforceable undertakings, injunctions and a
demerit points system. This item inserts a reference to "improvement notices", a measure that
is to be introduced by item 53 of this Bill.
Item 4 Section 6
16. Section 6 of the Aviation Act deals with geographical jurisdiction of the act. This item
inserts "(1)" at the beginning of the provision. This amendment is mechanical in nature and is
7
necessary to separate section 6 into subsections, and is a consequence of the amendment in
item 6 below, which introduces a new subsection 6(2).
Item 5 Section 6
17. This item inserts the words "other than section 112E" at the end of the current
section 6, which will be amended to subsection 6(1), see item 4 above. Section 112E will
have a different geographical jurisdiction, which is provided for under item 49 below.
Item 6 At the end of section 6
18. This item inserts a new subsection (2) into section 6 of the Aviation Act. The new
subsection notes that section 15.1 of the Criminal Code (extended geographical jurisdiction -
category A) applies to an offence against section 112E. The extension of geographical
jurisdiction under section 15.1 of the Criminal Code requires the offending conduct to have a
connection with Australia.
19. There may be occasions where a person should be liable under Australian law for
conduct that occurred outside Australia, due to the impact that conduct might have on
aviation security in Australian territory.
Item 7 Section 9
20. This item will introduce a number of new definitions for terms that facilitate the
amendments being made to the Aviation Act by the Bill.
21. A number of terms are defined by reference to other acts. For terms defined in this
manner, it is intended that the term in this Act has the meaning as it appears from time to time
in the act referred to.
22. In this explanatory memorandum those terms have been described according to how
they are defined in their individual acts at the time of the introduction of the Bill.
Definition of Access
23. Access in relation to a computer program, is defined to mean the execution of the
computer program. The purpose of this definition is to differentiate between instances in the
Bill where access has its ordinary meaning, and instances where its use relates to accessing a
computer program that is installed on a computer.
Definition of access to computer data
24. The definition of the term access to computer data has been separated into three
paragraphs to provide for the different methods by which data may be regarded as being
accessed depending on how it is held. Paragraph (a) provides that access to computer data
means, in a case where the computer data is held in a computer, the display of the data by the
computer or any other output of the data from the computer.
8
25. Paragraph (b) provides that access to computer data alternatively means, in the case
where the computer data is held in a computer, the copying or moving of the data to any other
location in the computer, another computer or a data storage device.
26. Paragraph (c) provides that access to computer data alternatively means, in the case
where the computer data is held in a storage device, the copying or moving of the data to a
computer or to another data storage device.
Definition of asset
27. The definition of asset contains a non-exhaustive list and is intended to clarify the
types of physical and electronic things that can be considered to be an asset. Asset is defined
to include:
• a system; and
• a network; and
• a facility; and
• a computer; and
• a computer device; and
• a computer program; and
• computer data; and
• premises; and
• any other thing.
Definition of computer
28. This definition is drafted broadly to provide that computer is all, or parts of:
• one or more computers;
• one or more computer systems;
• one or more a computer networks;
• or any combination of these.
29. The intention of the broad definition is to provide certainty to industry by making
clear that computer means all or part of one individual device, system or network, or of a
collection of devices, systems or networks, or any combination of those things, with the
capability to store or process data; or that can be used to monitor, control or do anything else
that is connected to the functioning of an asset.
30. For example, a Supervisory Control and Data Acquisition (SCADA) system is a
computer for the purposes of this definition.
9
Definition of computer data
31. This definition of computer data provides that the term means any data held in a
computer or a data storage device.
32. Data held in a computer or data storage device would be computer data irrespective
of the form in which that data exists.
Definition of connected
33. This definition provides that, in relation to equipment, connected includes connection
otherwise than by means of physical contact, for example, a connection by means of radio
communication.
Definition of cyber security incident
34. This definition is a signpost in section 9 to direct the reader to section 9B in which
cyber security incident is defined. Section 9B is introduced into the Aviation Act by item 10
below.
Definition of data
35. The term data is defined in a non-exhaustive manner to include information in any
form.
Definition of data storage device
36. This definition provides that data storage device means a thing (for example, a disk or
file server) containing (whether temporarily or permanently), or designed to contain (whether
temporarily or permanently), data for use by a computer.
37. This definition would cover a re-writable disk used to store data.
Definition of electronic communication
38. This definition provides that electronic communication means a communication of
information in any form by means of guided or unguided electromagnetic energy.
Definition of impairment of electronic communication to or from a computer
39. This term is defined non-exhaustively to include the prevention of any such
communication, and the impairment of any such communication on an electronic link or
network used by the computer, but does not include a mere interception of any such
communication.
40. For example, this would include an action that disabled the ability for a computer to
connect with the internet, irrespective of whether that action involved access to the computer
itself.
10
Definition of improvement notice
41. This definition provides that improvement notice means a notice issued under
subsection 117A(2) of the Aviation Act.
42. Subsection 117A(2) is a new subsection is introduced by item 53 of the Bill.
Definition of lawful advocacy, protest, dissent or industrial action
43. This definition provides that lawful advocacy, protest, dissent or industrial action
does not include a cyber security incident. The term cyber security incident will be defined in
new section 9B, introduced by item 10 below.
Definition of modification
44. Modification is defined in reference to two scenarios. This definition provides that
modification, in respect of computer data, means either the alteration or removal of the data
or an addition to the data. Modification in respect of a computer program, means the
alteration or removal of the program or an addition to the program.
Item 8 Section 9 (definition of national security)
45. This item will repeal the definition of national security from the dictionary in
section 9 of the Aviation Act. Currently, the only reference to national security in the
Aviation Act is in paragraph 127(1)(b), which refers to "an Agency that carries on activities
that relate to national security". Item 59, below, removes the words "an Agency that carries
on activities that relate to national security" from paragraph 127(1)(b).
46. As a result of that amendment, a definition for national security is no longer required.
Item 9 Section 9
47. This item inserts further definitions relevant to the amendments in the Bill.
Definition of operation of an aviation industry participant
48. This definition provides that operation of an aviation industry participant means the
operation of the participant in their capacity as an aviation industry participant.
Definition of protected information
49. Protected information is defined to means information that:
• is obtained by a person in the course of exercising powers or performing duties or
functions under the Aviation Act;
• is security compliance information (defined in subsection 109(1) of the Aviation
Act);
11
• is aviation security information (defined in subsection 111(1) of the Aviation
Act); or
• if a transport security program for an aviation industry participant is in force,
information about the content of the program.
50. The term protected information is relevant to new Part 7A of the Aviation Act
(introduced by item 49, below) which will deal with the use and disclosure of protected
information.
Definition of relevant impact
51. This definition is a signpost in section 9 to direct the reader to section 9D of the
Aviation Act in which relevant impact is defined. Section 9D is introduced by item 10,
below.
Definition of technical assistance notice
52. This definition provides that the term technical assistance notice has the same
meaning as in Part 15 of the Telecommunications Act 1997.
53. At the time of introduction of the Bill, the term was defined in that Act as meaning a
notice that has been issued under section 317L of the Telecommunications Act 1997.
Definition of technical assistance request
54. This definition provides that the term technical assistance request has the same
meaning as in Part 15 of the Telecommunications Act 1997. At the time of introduction of the
Bill, the term was defined in that Act as meaning a request made under paragraph 317G(1)(a)
of the Telecommunications Act 1997.
Definition of technical capability notice
55. This definition provides that the term technical capability notice has the same
meaning as in Part 15 of the Telecommunications Act 1997. At the time of introduction of the
Bill, the term was defined in that Act as meaning a notice given under section 317T of the
Telecommunications Act 1997.
Definition of unauthorised access, modification or impairment
56. This definition is a sign post in section 9 to direct the reader to section 9C of the
Aviation Act that is introduced by item 10 below.
Item 10 After Division 4 of Part 1
57. Item 10 inserts a new Division 4A into the Aviation Act. This new Division deals
with defining terms relevant to cyber security incidents.
12
Division 4A Cyber Security Incidents
Section 9B Meaning of cyber security incident
58. New section 9B will define the term cyber security incident. Under the amendments
made by the Bill, there will be obligations on certain aviation industry participants in relation
to such incidents.
59. This section provides that a cyber security incident is one or more acts, events or
circumstances involving any of the following:
• unauthorised access to computer data or a computer program (paragraph (a))
• unauthorised modification of computer data or a computer program
(paragraph (b)),
• unauthorised impairment of electronic communication to or from a computer
(paragraph (c)), or
• unauthorised impairment of the availability, reliability, security or operation of a
computer, computer data or a computer program (paragraph (d)).
60. Some common examples of a cyber security incident include:
• Malware - Any software intentionally designed to cause damage to a computer,
server, client, or computer network. A wide variety of malware types exist,
including computer viruses, worms, trojan horses, ransomware, spyware, adware,
and others.
• Phishing - Fraudulent attempts to obtain sensitive information or data, such as
usernames, passwords and credit card details, by disguising communications
(through emails and other formats) as to appear to have been sent by a recognised
or trusted source.
• Denial of service - This form of attack is where a perpetrator seeks to make a
machine or network resource unavailable to its intended users by temporarily or
indefinitely disrupting services. Denial of service is typically accomplished by
flooding the targeted machine or resource with superfluous requests in an attempt
to overload systems and prevent some or all legitimate requests from being
fulfilled.
• Cross-site scripting - This is where an attacker injects malicious scripts into
otherwise benign and trusted websites. The victim's web browser executes those
scripts thinking they are legitimate, allowing the attacker to bypass the victim's
access controls.
13
Section 9C Meaning of unauthorised access, modification or impairment
61. New section 9C provides the definition for "unauthorised access, modification or
impairment". Under subsection 9C(1) of this definition, the following conduct is
unauthorised if the person is not entitled to cause that access, modification or impairment:
• access to computer data or a computer program (paragraph (a))
• modification of computer data or a computer program (paragraph (b))
• impairment of electronic communications to or from a computer (paragraph (c)),
or
• the impairment of the availability, reliability, security or operation of a computer,
computer data or a computer program (paragraph (d)).
62. For the conduct to be unauthorised, it must have occurred without authority,
irrespective of whether that authority is drawn from, for example, legislation or contractual
arrangements.
63. Subsection 9C(2) provides that it is immaterial whether the person can be identified.
64. Subsection 9C(3) operates to provide for circumstances in which a person is entitled
to cause the access, modification or impairment. If a person causes any access, modification
or impairment of a kind mentioned in subsection (1); paragraph (3)(b) provides that if the
person does so under the following circumstances, they were entitled to do so:
• under a warrant issued under a law of the Commonwealth, a State or a Territory
(subparagraph (i))
• under an emergency authorisation given to the person under Part 3 of the
Surveillance Devices Act 2004 or under a law of a State or Territory that makes
provision to similar effect (subparagraph (ii))
• under a tracking device authorisation given to the person under section 39 of the
Surveillance Devices Act 2004 (subparagraph (iii))
• in accordance with a technical assistance request (subparagraph (iv))
• in compliance with a technical assistance notice (subparagraph (v)), or
• in compliance with a technical capability notice (subparagraph (vi)).
14
Section 9D Meaning of relevant impact
65. New section 9D will define the term relevant impact in relation to a cyber security
incident on an asset. The term is used in connection with the defining a cyber security
incident as an instance of unlawful interference.
66. The section provides that the relevant impact of a cyber security incident on an asset
is the impact (whether direct or indirect) of the cyber security incident on:
• the availability of the asset (paragraph (a))
• the integrity of the asset (paragraph (b))
• the reliability of the asset (paragraph (c)), or
• the confidentiality of information about the asset, or information stored in the
asset an computer data (paragraph (d)).
67. As an example, an impact on customer service or the quality of the service being
provided will not necessarily be regarded as a relevant impact unless it also impacts the
availability, integrity, reliability or confidentiality of information about the asset.
68. The relevant impact may be direct or indirect. This is intended to focus the definition
on the result of the cyber security incident rather than its source, emphasizing the all hazards
approach taken under the Bill.
Item 11 Paragraph 10(1)(a)
69. Section 10 of the Aviation Act defines the term "unlawful interference with aviation".
Item 11 will repeal the current paragraph 10(1)(a) and substitute a new paragraph. The
current paragraph provides that without lawful authority, taking control of an aircraft by
force, or threat of force, or any other form of intimidation or by any trick or false pretence is
an instance of unlawful interference with aviation, this also includes attempts to do those
things.
70. The new paragraph will be broadly similar to the current paragraph, and provides that,
without lawful authority, taking control of an aircraft in the following circumstances is an act
of unlawful interference with aviation:
• whether by force, or threat of force, or any other form of intimidation
(subparagraph (i)), or
• whether by any trick or false pretence (subparagraph (ii)), or
• whether by any other means (subparagraph (iii).
15
71. Subparagraph (iii) is intentionally broad to include taking control of an aircraft by any
means without lawful authority, this recognises that changes to technology may allow a threat
actor to take control of an aircraft, without using force, a threat of force, intimidation or by
any trick or false pretence. For example using the cyber vector to seize control of an aircraft's
guidance or control systems.
Item 12 Paragraph 10(1)(g)
72. This item omits the words "false or misleading" from paragraph 10(1)(g). Currently
paragraph 10(1)(g) provides that putting the safety of aircraft at risk by communicating false
or misleading information, is unlawful interference with aviation. This item removes the
requirement that the information be false or misleading.
73. The effect is that the communication of any kind of information that puts the safety of
an aircraft at risk, is unlawful interference. The purpose of this amendment is to remove an
unnecessary limitation in the current provision. Under the current provision, information
could be communicated with a clear intention of putting the safety of an aircraft at risk, but if
that information is not false or misleading it may not be considered an act of unlawful
interference with aviation. Removing the words "false or misleading" ensures that the
provision will capture all appropriate behaviour.
Item 13 After Paragraph 10(1)(g)
74. This item inserts two new paragraphs into the definition for unlawful interference
with aviation. New paragraph 10(1)(ga) provides that doing anything in relation to an aircraft
that puts the safety of the aircraft at risk, the safety of a person on board at risk or the safety
of a person outside the aircraft at risk, is unlawful interference with aviation.
75. New paragraph 10(1)(gb) provides that putting the safe operation of an aviation
industry participant at risk, by communicating information, is unlawful interference with
aviation. The term operation of an aviation industry participant is a defined term (see item
9).
Item 14 Paragraph 10(1)(h)
76. Item 14 omits the words "at an airport" from the paragraph 10(1)(h), which currently
provides that committing an act at an airport, or causing any interference or damage, that puts
the safe operation of the airport, or the safety of a person at the airport at risk, is unlawful
interference with aviation.
77. The amendment made by this item has the purpose and effect of removing the
requirement that the act be committed at an airport. The removal of the location requirement
ensures the provision will now capture a more appropriate range of acts. As an example, the
change would mean that a person who interferes with the air traffic control systems by means
of remote computer access may now be considered to have committed an act of unlawful
interference with aviation.
16
Item 15 Paragraph 10(1)(h)
78. The amendment in this item is related to the change above. Currently paragraph
10(1)(h) mentions putting "the safe operation of the airport at risk". Item 15 will change any
mention of "the airport" to "an airport". As paragraph 10(1)(h) is currently drafted, the act in
question would need to be committed at a particular airport and have a consequence at that
same airport.
79. This amendment has the purpose and effect that the act in question can have a
consequence at any airport. As the above item removes the requirement for the act to be
committed at a particular location, it is appropriate to remove the implication that the
consequence also be at that particular location.
Item 16 At the end of subsection 10(1)
80. Item 16 would insert a new paragraph 10(1)(i) following paragraph 10(1)(h). New
paragraph 10(1)(i) will specify that committing an act, or causing any interference or damage,
that puts the safe operation of an aviation industry participant at risk, is an unlawful
interference with aviation. The term operation of an aviation industry participant is defined
as part of the amendments in item 9 of this Bill.
81. Threats to aviation security come not just in the form of physical threats such as
terrorism. Interference with operations of an industry participant can have consequences for
the safety and security of the aviation industry. It is therefore necessary to consider threats
and risks to the operations of industry participants.
82. For example a ransomware attack on an airport operator damaging the systems of that
airport operator and interfering with the operations of the airport operator.
Item 17 At the end of section 10
83. This item inserts a new subsection 10(3) at the end of section 10. New subsection
10(3) would provide that a cyber security incident is an unlawful interference with aviation if
it has a relevant impact on an asset that is:
• used in connection with the operation of an aviation industry participant; and
• owned or operated by an aviation industry participant.
84. The term cyber security incident is defined by the new section 9B, and relevant
impact is defined in new section 9D, see item 9 above.
Item 18 After subsection 16(2)
85. Subsection 16(2) of the Aviation Act prescribes certain content that must be included
in an aviation industry participant's transport security program. As an example, paragraph
17
16(2)(a) provides that a transport security program must set out how the industry participant
will manage and co-ordinate aviation security activities within the participant's operation.
86. This item inserts a further three subsections after subsection 16(2), each of which will
include a requirement for transport security programs in relation to a security assessment.
87. New subsection 16(2A) provides that a transport security program must include a
security assessment for the industry participant's operation. This amendment will bring the
Aviation Act into alignment with the Maritime Act, which requires, at paragraph 47(1)(a),
that a maritime security plan includes a security assessment.
88. New subsection 16(2B) provides that the security assessment mentioned in subsection
16(2A) must take into account any documents required in writing by the Secretary of the
Department of Home Affairs (the Secretary) to be taken into account and address any matters
prescribed in the regulations.
89. As an indication of the type of matters that may be prescribed in the regulations for
subsection 16(2B), regulation 3.05 of the Maritime Regulations provides that a security
assessment must include:
• the date when the assessment was completed or reviewed;
• the scope of the assessment, including assets, infrastructure and operations
assessed;
• a summary of how the assessment was conducted, including details of the risk
management process adopted; and
• the skills and experience of the key persons who completed or participated in the
assessment.
90. The intention is that security assessment requirements prescribed for security
programs for both the Aviation and Maritime sectors align as far as is practicable.
Item 19 Subsection 19(6)
91. This item will repeal subsection 19(6). Broadly speaking, section 19 of the Aviation
Act relates to the Secretary approving or refusing to approve the transport security program
of an aviation industry participant.
92. Subsection 19(5) provides that the Secretary may, by written notice, request an
industry participant provide information specified in the written notice.
93. Subsection 19(6) currently provides that that the written notice must specify a period
of no more than 45 days in which the information can be provided by the aviation industry
participant. If more than one notice is given, the total period over all the notices can be no
more than 45 days.
18
94. The purpose and effect of this amendment is that there is no longer a limitation on the
period in which the aviation industry participant may provide the requested information.
There may be situations where the information requested by the Secretary is complicated and
could take significant amounts of time to prepare. Removing the 45 day limit ensures the
participant will have sufficient time to prepare the information.
Item 20 Paragraph 19(7)(b)
95. Subsection 19(7) defines the "consideration period". This item repeals and replaces
paragraph 19(7)(b) to provide for the consideration period ending at, if the information
requested in that notice was given within the period specified in that notice--the end of the
period of 30 days beginning on the day on which the information requested in that notice was
received by the Secretary (subparagraph (i)); or if the information requested in that notice
was not given within the period specified in that notice--the end of that period (subparagraph
(ii)).
96. Paragraph 19(7)(b) currently provides that the consideration period ends on either:
• the day on which the information requested by the Secretary under subsection
19(5), is received by the Secretary; or
• if the information requested under 19(5) is not given, the last day of the period
specified in the notice.
97. The amendment in this item is consequential to the amendment made in item 19,
above,
98. Under the amendment in item 19, the notice will no longer provide a specified time to
give the information. As a consequence, it is necessary to amend paragraph 19(7)(b).
Item 21 Paragraph 23A(7)(b)
99. Section 23A of the Aviation Act provides for the Secretary either approving or
refusing to approve an alteration to a transport security program.
100. This amendment removes the words "period of 60 days after the request was given"
and substitutes the words "consideration period" in paragraph 23A(7)(b), which currently
operates to provide that the Secretary is taken to have refused to approve the alteration if the
Secretary does not approve, or refuse to approve, the alterations within the period of 60 days
after the request was given.
101. The term "consideration" period is amended by item 20, above. The effect of this
amendment is that applications for approval of alterations will no longer be deemed to have
been refused if action is not taken within 60 days. This amendment, together with the
following item is intended to provide the industry participant with greater opportunity to have
alterations considered.
19
Item 22 At the end of section 23A
102. This item inserts additional subsections into section 23A.
103. New subsection 23A(8) provides that the Secretary may, by written notice given
within the consideration period, request the industry participant give the Secretary additional
specified information relevant to the approval of their amendments.
104. New subsection 23A(9) provides that the notice must specify a reasonable period
within which the information must be given.
105. A "reasonable period" provides the Government the flexibility to specify a time
period appropriate for the amount of information requested. For example, requesting a phone
number would require much less time than the outcome review of a section of a transport
security program.
106. New subsection 23A(10) provides that the Secretary may, if requested to do so by the
industry participant, vary a notice under subsection (8) by extending the period specified in
the notice.
107. This subsection gives the Secretary the discretion to allow the industry participant
additional time, on request, to provide the information in circumstances where the industry
participant needs time to locate, extract, or collate the relevant information from other
sources if necessary.
108. New subsection 23A(11) would provide for the terms of the "consideration period".
The subsection provides that the consideration period is 60 days starting on the day the
Secretary receives the request (to approve an alteration) and, for each notice given under the
new subsection 23A(8), by the number of days falling within a period starting on the day the
notice was given and ending at either:
• if the information requested in that notice was given within the period specified in that
notice--the end of the period of 30 days beginning on the day on which the
information requested in that notice was received by the Secretary; or
• if the information requested in that notice was not given within the period specified in
that notice--the end of that period
109. Currently the time limit in which the Secretary can approve or refuse to approve an
alteration is 60 days. There is no mechanism through which the Secretary may request
additional information to support their decision-making.
110. The purpose and effect of introducing this power for the Secretary to request
additional information is to benefit industry participants by providing them with the
opportunity to better support any proposed alterations to their security program.
20
Item 23 At the end of Division 5 of Part 2
111. Item 23 inserts a new section 26AA into the Aviation Act.
Section 26AA
112. New section 26AA introduces a new offence with a 200 penalty unit penalty for a
failure to conduct regular review of its transport security program if the transport security
program is in force for an aviation industry participant and the program was not given to the
industry participant by the Secretary under section 26B.
Timeframe
113. A definitive timeframe within which the program must be reviewed is not specified in
this section. This is reflective of the different operating environments of the various aviation
industry participants. It is intended that this will allow the different industry participants
greater discretion to determine the frequency with which the reporting should occur,
according to the nature and scope of their operations and any changes to the threat and risk
environment.
Penalty
114. The Guide was consulted when determining the amount of the civil penalty of 200
penalty units for failure to comply with this requirement. The penalty is a proportionate
response based on the infringement, and is designed to deter non-compliance. Failure to
regularly review a transport security plan may result in vulnerabilities in a transport security
plan not being identified, which represents a risk to aviation security.
115. The penalty value is consistent with other maximum penalties in relation to transport
security programs. As an example, under section 14 of the Aviation Act if an airport operator
fails to comply with their transport security program, they can be subject to a maximum
penalty of 200 penalty units. It should also be noted that only aviation industry participants
can be subject to the penalty, and not the general public. In the majority of cases aviation
industry participants are corporations.
116. The penalty value is also consistent with the relevant provision in the Security
Legislation Amendment (Critical Infrastructure Protection) Bill 2022, which this clause was
mirrored on (see item 37 of that Bill, Section 30AE Review of critical infrastructure risk
management program).
Item 24 After subsection 26C(1)
117. Section 26C of the Aviation Act prescribes content that is required to be included in a
transport security program that is given to an industry participant by the Secretary, under
section 26B. This item inserts new subsections (1AA) and (1A) after the existing subsection
(1).
21
118. The content in subsection 26C(1) must be included in each transport security program
given by the Secretary under section 26B. The content in existing subsections 26C(2) and (3)
and the new subsections 26C(1AA) and (1A) may be included in the transport security
programs.
Subsection 26C(1AA)
119. New subsection (1AA) provides that a transport security program that is given to an
aviation industry participant by the Secretary under section 26B may set out the security
activities or measures to be undertaken or implemented by the industry participant under the
program for the purposes of safeguarding against unlawful interference with aviation.
120. This will allow the Secretary to give a low risk industry participant a transport
security program that outlines security activities and measures such as new cyber security
standards and mitigations.
Subsection 26C(1A)
121. The new subsection (1A) provides that a transport security program, given by the
Secretary under section 26B, may include a security assessment for the aviation industry
participant's operations.
122. A security assessment is a document that outlines the industry participant's risk
profile. The security assessment may include a risk assessment and general risk identification
table. This will then be used to identify certain risks to be mitigated within the transport
security program.
Item 25 Section 39 (paragraph beginning "The Matters")
123. Section 39 is a simplified outline for Part 4 and provides that in addition to the
requirements relating to areas and zones that were covered in Part 3 of the Aviation Act,
specific requirements are imposed in relation to a range of other matters. Section 39 then goes
on to broadly list the matters, which includes "examining and clearing" dealt with in
Division 2A of Part 4.
124. This item will remove the words "examining and clearing" and substitute them with
"cargo". The purpose and effect of this change is to reflect the fact that Division 2A may deal
with requirements relating to cargo more generally, rather than simply the examination and
clearing of cargo.
Item 26 Division 2A of Part 4 (heading)
125. The heading of Division 2A of Part 4 of the Aviation Act is currently "Examining and
clearing cargo". This amendment would change that heading to "Cargo".
126. As mentioned in the above item, this is to reflect that the Division may deal with
requirements for cargo more broadly rather than just the examination and clearing of cargo.
22
Item 27 Section 44C (heading)
127. This item will omit the words "for examining and clearing" from the title of
section 44C and substitute those words with "relating to". The title currently reads
"Requirements for examining and clearing cargo". Following the amendment made by this
item it would read "Requirements relating to cargo".
128. As with the above two amendments this change is to ensure the heading more
accurately reflects that the section may deal with content relating to cargo more broadly,
rather than specifically the examination and clearing of cargo.
Item 28 At the end of paragraph 44C(1)(g)
129. Subsection 44C(1) provides for content that may be prescribed in the Aviation
Regulations. Paragraph 44C(1)(g) currently provides that the Aviation Regulations may
prescribe training requirements for employees of all know consignors or regulated agents,
one or more specified classes of known consignors or regulated agents, and one or more
specified known consignors or regulated agents.
130. This item inserts three additional subparagraphs ((iv), (v) and (vi)). These new
paragraphs provides that the Aviation Regulations may prescribe training requirements for
employees of the following:
• all aircraft operators (new subparagraph (iv));
• one or more specified classes of aircraft operators (new subparagraph (v)); or
• one or more specified aircraft operators (new subparagraph (vi)).
131. This change will allow the regulations to prescribe training requirements for cargo
examiners who are covered by an aircraft operator's transport security program. Currently the
Regulations only allow these measures to be prescribed in a Regulated Air Cargo Agents
security program.
132. For example if an aircraft operator plans to examine cargo, they can use their already
established transport security program, to meet the training requirements, instead of
establishing a new independent Regulated Air Cargo Agent security program.
Item 29 After subsection 44C(3A)
133. This item inserts three additional subsections into section 44C. Each of the new
subsections relates to the content of a security program provided under the regulations.
23
New subsection 44C(3B)
134. New subsection 44C(3B) provides that, if a known consignor has been given a
security program under the regulations, then that security program may include a security
assessment for the known consignor's operations.
135. Under regulation 4.41Z of the Aviation Regulations, if the Secretary approves, under
regulation 4.41N, someone as a known consignor then the Secretary must provide that person
with a security program.
136. The purpose and effect of this amendment is to ensure consistency in the content of
the various security programs required under the Aviation Act and Aviation Regulations. As
other amendments within the Bill introduce a requirement for transport security programs to
include a security assessment, it is appropriate that section 44C makes clear that a security
program given to a known consignor under the regulations would permit the inclusion of a
security assessment.
New subsection 44C(3C)
137. New subsection 44C(3C) provides that, if a RACA has been given a security program
under the regulations, then it may include a security assessment for the RACA's operations.
138. Regulation 4.46 of the Aviation Regulations provides that if the Secretary designates
a person as a Regulated Air Cargo Agent (RACA) under regulation 4.43A, then the Secretary
must provide them with a security program.
139. Similarly to new subsection 44C(3B), the purpose and effect of this amendment is to
ensure consistency in the content of the various security programs required under the
Aviation Act and Aviation Regulations. As other amendments within the Bill introduce a
requirement for transport security programs to include a security assessment, it is appropriate
that section 44C makes clear that a security program given to a RACA under the regulations
would permit the inclusion of a security assessment.
New subsection 44C(3D)
140. New subsection 44C(3D) provides that, if an AACA has been given a security
program under the regulations, then it may include a security assessment for the AACA's
operations.
141. Regulation 4.51F of the Aviation Regulations provides that if the secretary accredits a
person as an Accredited Air Cargo Agent (AACA) then they must provide them with a
security program.
142. As above, the purpose and effect of this amendment is to ensure consistency in the
content of the various security programs required under the Aviation Act and Aviation
Regulations. As other amendments within the Bill introduce a requirement for transport
24
security programs to include a security assessment, it is appropriate that section 44C makes
clear that a security program given to an AACA under the regulations would permit the
inclusion of a security assessment.
Item 30 Subsection 67(1)
143. This item repeals and replaces subsection 67(1) of the Aviation Act. New subsection
67(1) operates to enable the Secretary to direct, in writing, that additional security measures
be taken or complied with if:
• a specific threat of unlawful interference with aviation is made or exists and the
Secretary is satisfied that giving a direction that additional security measures be
taken or complied with are appropriate response to the threat (paragraph 67(1)(a)),
or
• there is a change in the nature of an existing general threat of unlawful
interference with aviation and the Secretary is satisfied that giving a direction that
additional security measures be taken or complied with are appropriate response
to the threat (paragraph 67(1)(b)); or
• a national emergency declaration (within the meaning of the National Emergency
Declaration Act 2020) is in force, and the Secretary is satisfied that giving a
direction is appropriate to support the national emergency declaration (paragraph
67(1)(c)),
144. New subsection 67(1) also provides that the Secretary may, in writing, direct that a
specified act or thing be done, or that a specified act or thing not be done.
145. This amendment introduces a threshold for the use of the Secretary's direction power
in relation to a specific threat or an existing threat of unlawful interference with aviation.
Previously, the threshold only applied in relation to security measures being appropriate to
support a national emergency declaration.
146. This amendment will unify the different kinds of Special Security Directions using
consistent language and purposive limitations. This will provide industry and the public a
clearer understanding of these powers. In addition to adding a threshold for each of the
circumstances, this item amends the subsection to provide that not only may the Secretary
may direct that an act or thing be done, the Secretary may also direct that an act or thing not
be done. This is to clarify previous drafting, noting that it may be safer to stop certain actions
from taking place instead of imposing additional security measures.
147. A decision to give a special security direction will not be subject to a merits review.
This is an extraordinary power, that is used as a last resort to respond to specific threat, that
goes beyond the bounds of the current legislation and what industry is able to respond to
themselves. For example extraordinary measures were introduced in the wake of operation
SILVES to uplift the baseline of aviation security screening nationally as a result of the
25
increased terrorist threat. These directions generally must be issued urgently to respond to
probable or imminent threats to aviation or the traveling public.
Item 31 After subsection 70(4)
148. Item 31 inserts a new subsection (4A) into section 70 of the Aviation Act (which
deals with when a special security direction is in force) to provide that the Secretary may, by
writing, revoke a special security direction.
149. The purpose and effect of this amendment is that it will allow the Secretary to end the
special security direction, before the period noted in the original notice, should the specific or
general threat subside.
Item 32 After paragraph 79(2)(g)
150. Subsection 79(2), in paragraphs (a) to (h), lists the particular powers that an aviation
security inspector may use. This item would insert two new paragraphs, (ga) and (gb).
151. New paragraph (ga) operates to provide that an aviation security inspector may
operate equipment at a place mentioned in paragraph (2)(a) or (2)(b) for the purpose of
testing the equipment.
152. New paragraph (gb) operates to provide that an aviation security inspector may
connect equipment to equipment (the relevant equipment) at the place mentioned in
paragraph (2)(a) or (2)(b) for the purpose of testing the relevant equipment.
153. As an example this will allow an aviation security inspector to connect an appropriate
diagnostics tool to test cyber security settings.
154. Other than for the power in 79(2)(h), it is an offence (under subsection 79(5)) of strict
liability (under subsection 79(7)) for a person to engage in conduct that hinders or obstructs
an aviation security inspector in the exercise of a power mentioned in subsection 79(2).
155. It should be noted that "engages in conduct" is defined in the Aviation Act to have the
same meaning as in the Criminal Code. Subsection 4.1(2) of the Criminal Code defines
"engage in conduct" to mean to do an act, or omit to perform an act.
156. It is imperative that aviation security inspectors are able to carry out their duties
without being hindered to ensure that the integrity of aviation security is maintained within
Australia, as a consequence the Guide was considered in relation to introducing these new
paragraphs in a provision that carried an existing strict liability offence.
157. A vulnerability in aviation security being exploited could have serious consequences
for both the immediate health and safety of Australians, as well as for more longer-term
problems such as food security or the ability to rapidly disperse imported medical supplies. It
is therefore vitally important that aviation security inspectors are able to carry out the
26
activities necessary to perform their role, without interference or hindrance. This is true
whether the interference is intentional or unintentional.
158. Aviation security inspectors, are operational compliance staff given a range of powers
to work with industry to determine whether a person or industry participant is complying with
the Aviation Act. Each aviation security inspector must hold an identity card, and undergo
appropriate training. Aviation security inspectors work with industry through education,
compliance and enforcement to safeguard against unlawful interference in aviation.
159. In line with the Guide, the existing strict liability offence is not punishable by
imprisonment and has a maximum penalty of 50 penalty units. The penalty is appropriate in
the circumstances because:
• the offence and its penalty operate to prohibit the particular activity of engaging in
conduct that that hinders or obstructs an aviation security inspector in the exercise
of a power mentioned in subsection 79(2), and is imposed for the purposes of
safeguarding against unlawful interference with aviation;
• the penalty for this offence is similar to others imposed within the Aviation Act,
and are commensurate with the risk to aviation security that hindering or
obstructing an aviation security inspector performing their duty poses;
• this is a reasonable penalty to impose, as it has a necessary element of deterrence
whilst not being a manifestly excessive penalty for a strict liability offence.
160. In consideration of the guidance within the Guide for offences of strict liability, it is
noted that, as strict liability applies to all of the physical elements of this offence:
• the absence of the element of fault is justified as it allows the Government to
maintain a robust sanctions system which acts as a deterrent against a person
committing this type of act;
• the offence is not punishable by imprisonment, and is not dependent upon a
subjective or community standard;
• the offence is punishable by a fine which does not exceed similar thresholds set
out in the Aviation act ;
• there is a strong element of specific and general deterrence to the offence, and to
require proof of intention would undermine the effectiveness of this provision and
the purpose for which it was enacted as a means of safeguarding against unlawful
interference with aviation;
• not engaging in conduct that hinders or obstructs an aviation security inspector is
such common practice for aviation industry participants, that it should be an easily
discharged matter;
• in this circumstance, penalising these persons in the absence of proof of fault is
appropriate to apply because the purpose of the exercise of an aviation security
inspectors powers is necessary to safeguard against an unlawful interference with
aviation, and engaging in hindering or obstructive conduct poses a serious risk to
aviation security; and
27
• the defence of honest and reasonable mistake of fact is still available for defendants
under section 9.2 of the Criminal Code Act 1995 (the Criminal Code), outlined in
Schedule 1 to the Criminal Code.
Item 33 After subsection 79(2)
161. Item 33 inserts new subsections 79(2AA) and 79(2AB) to deal with the documents
and record mentioned in paragraph 79(2)(g). Paragraph 79(2)(g) provides that an aviation
security inspector may operate equipment at a location mentioned in paragraphs 79(2)(a) or
(b) for the purposes of gaining access to a document or record made or kept by an aviation
industry participant.
162. New subsection (2AA) provides that for the purposes of paragraph 79(2)(g) it is
immaterial whether a document or record in electronic form is held:
• at a place mentioned in paragraph (2)(a) or (b), those places being a security
controlled airport, any area or building or vehicle under the control of an aviation
industry participant, or if the aviation industry participant operates from a
residence then that part of the residence; or
• at another place inside Australia or outside Australia.
163. New subsection (2AB) provides that new subsection (2AA) is being enacted for the
avoidance of doubt.
164. The purpose and effect of these amendments is to explicitly include documents and
records that are not stored on a physical device. Increasingly, electronic records and
information are being stored using cloud technology, rather than using a physical device such
as a hard drive. As noted in the new subsection (2AB), these amendments make clear that the
records and documents that can be accessed by an aviation security inspector when exercising
their section 79 powers include not only those held on a physical device at one of the
locations mentioned in paragraphs 79(2)(a) or (b), but also those stored elsewhere, such as
cloud data storage.
Item 34 At the end of Division 2 of Part 5
165. Item 34 inserts new sections 80A to 80E into the Aviation Act to trigger the exercise
of additional powers under the Regulatory Powers (Standard Provisions) Act 2014 and to
make provisions in relation to those powers.
Section 80A Investigation Powers
166. New section 80A triggers the use of investigation powers under Part 3 of the
Regulatory Powers (Standard Provisions) Act 2014 (Regulatory Powers Act). Part 3 of the
Regulatory Powers Act creates a framework for gathering material that relates to a
contravention of an Act, in this case the Aviation Act.
28
167. To safeguard against unlawful interference with aviation, it is necessary for persons
with investigation powers to have a full suite of appropriate powers to investigate possible
non-compliance with the Aviation Act, including the additional obligations introduced by the
Bill. The triggering of the investigation power under the Regulatory Powers Act provides an
accepted baseline of investigation powers to fulfil their role effectively.
New subsection 80A(1) Provisions subject to investigation
168. New subsection (1) provides that a provision is subject to the investigation powers in
Part 3 of the Regulatory Powers Act if it is an offence against the Aviation Act. This
provision satisfies the requirement under section 38 of the Regulatory Powers Act that an
Act, in this case the Aviation Act, must specifically make provision subject to investigation
powers.
169. The subsection operates as both express authority for the exercise of Part 3
investigation powers and a limit on the powers to offences against the Aviation Act.
New subsection 80A(2) Authorised applicant
170. New subsection (2) provides that, for the purposes of Part 3 of the Regulatory Powers
Act, each of the following persons are an authorised applicant in relation to a provision
mentioned in subsection (1):
• an aviation security inspector (paragraph (2)(a));
• an SES employee of the Department of Home Affairs (the Department) or an
acting SES employee of the Department.
171. The note following subsection 80A(2) identifies that the terms "SES employee" and
"acting SES employee" are defined in section 2B of the Acts Interpretation Act 1901.
172. The purpose and effect of this subsection is to satisfy the requirement in section 41 of
the Regulatory Powers Act that an authorised applicant is identified as such, in the relevant
Act.
New subsection 80A(3) Authorised person
173. New subsection 80A(3) provides that, for the purposes of Part 3 of the Regulatory
Powers Act, an aviation security inspector is an authorised person in relation to evidential
material that relates to the provisions mentioned in subsection (1).
174. The purpose and effect of this subsection is to satisfy the requirement in section 42 of
the Regulatory Powers Act that an authorised person is only so if the Act, in this case the
Aviation Act, provides for them to be an authorised person.
29
New subsection 80A(4) Issuing officer
175. New subsection provides that either a magistrate (paragraph (a)) or a judge of a court
that is a relevant court (paragraph (b)), is an issuing officer for the purposes of the
investigation powers under Part 3 of the Regulatory Powers Act.
176. The purpose and effect of this subsection is to satisfy the requirement in section 44 of
the Regulatory Powers Act. The requirement in section 44 of the Regulatory Powers Act is
that a person or class of persons is only an issuing officer if the relevant Act, in this case the
Aviation Act, identifies them as such.
New subsections 80A(5)-(8) Relevant chief executive
177. New subsections 80A(5)-(8) operate to satisfy the requirement in section 45 of the
Regulatory Powers Act that a person is a relevant chief executive if they are specified in the
relevant Act, in this case the Aviation Act.
178. Subsection 80A(5) provides that the Secretary is the relevant chief executive in
relation to the evidential material that relates to an offence against the Aviation Act.
179. Read together, new subsections 80A(6) and (7) introduce a narrow power of
delegation that enables the Secretary to delegate the Secretary's powers as relevant chief
executive to Senior Executive Service (SES) employees.
180. Subsection 80A(6) provides that the relevant chief executive may delegate any of
their powers and functions mentioned in subsection (7), to an SES employee of the
Department or an acting SES employee of the Department.
181. The delegation to SES employees is appropriate oversight across the various areas of
responsibility throughout the Australian Government and investigation matters.
182. This subsection enables the Secretary to delegate their functions and powers, and
operates as a limit on whom the powers may be delegated to. This power to delegate is
required to assist the Secretary to carry out their functions and allow for the smooth operation
of investigations carried out by the Department of Home Affairs.
183. It would be administratively impossible for the Secretary to exercise the powers and
duties of investigation for all matters or incidents that require such investigation. Delegation
of those powers is an administrative necessity, and restricting the delegation of those powers
only to substantive and acting SES employees is appropriate, as otherwise the ability to
delegate would be of no utility.
184. Subsection 80A(7) would provide that the following powers can be delegated:
• powers under Part 3 of the Regulatory Powers Act in relation to evidential
material that relates to an offence against the Aviation Act; and
30
• powers that are incidental to the above powers.
185. This subsection operates as a limit on the powers that may be delegated to a person
listed in subsection 80A(6).
186. Under new subsection 80A(8) the person to whom the Secretary's powers have been
delegated, must exercise those powers and functions in accordance with any directions of the
Secretary.
187. The effect of subsection 80A(8) is that if the Secretary elects to delegate powers to a
substantive or acting SES employee under subsection 80A(6), the Secretary can accordingly
delegate appropriately with directions tailored to the nature of the function/power delegated,
and the skills/experience of the relevant SES (or acting SES) employee.
New subsections 80A(9) Relevant court
188. Subsection 80A(9) is included for the purposes of Part 3 of the Regulatory Powers
Act, and provides that for the purposes of Federal Court of Australia, the Federal Circuit
Court of Australia and a court of a State or Territory that has jurisdiction in relation to
matters arising under the Aviation Act are relevant courts.
189. The inclusion satisfies the requirements of section 46 of the Regulatory Powers Act.
New subsections 80A(10) Person assisting
190. New subsection 80A(10) satisfies the requirements of section 53 of the Regulatory
Powers Act to provide that an authorised person may be assisted, by another person, in
exercising their Part 3 investigation powers. The subsection also requires that the person have
appropriate skills and expertise to assist the authorised person.
191. Aviation security inspectors currently do not have the expertise to conduct rigorous
compliance activities in regards to cyber security measures. This may mean that the
Department may hire specialist, or contract third party auditors to support the compliance
effort.
New subsections 80A(11) External Territories
192. Subsection 80A(11) confirms that the investigation powers under Part 3 of the
Regulatory Powers Act extend to the external Territories.
193. Subsection 80A(11) is necessary to align with the scope of the Aviation Act.
New subsections 80A(12) Other powers not limited
194. This new subsection clarifies that this section does not, by implication, limit any other
power conferred by the Aviation Act.
31
195. As an example, aviation security inspectors are conferred a number of powers under
section 79 of the Aviation Act. Triggering the Part 3 investigation powers of the Regulatory
Powers Act is in no way intended to limit the powers under section 79.
Section 80B Persons to assist aviation security inspectors
196. Broadly speaking new section 80B ensures that aviation security inspectors will be
appropriately assisted by the relevant industry participant and their staff.
New subsection 80B(1) Scope
197. Subsection 80B(1) provides that if a person is an aviation industry participant or their
employee then an aviation security inspector may by written notice:
• require the person to provide them (the inspector) with specified assistance that is
reasonably necessary to allow them (the inspector) to exercise powers conferred
on the them by the Aviation Act.
198. For example, if a piece of compliance information is available on a locked computer
the aviation security inspector could direct an aviation industry participant to provide the
information. This will mean that the aviation security inspector does not have to access the
computer themselves. The purpose and effect of this amendment is to enable the smooth
operation of an investigation, by making clear that a relevant industry participant and/or their
staff must comply with a written notice requiring specified assistance.
New subsection 80B(2) Compliance with notice
199. Subsection 80B(2) creates an offence for non-compliance with the requirement in
subsection 80B(1). Specifically, it provides that a person must comply with a notice under
subsection 80B(1). Failure to comply may result in a civil penalty of up to 150 penalty units.
200. The Guide was considered in relation to introducing this new offence.
201. Any vulnerability in aviation security being exploited could have serious
consequences for the immediate health and safety of Australians, the aviation industry as a
whole, and the maintenance of the supply chain more generally. It is therefore vitally
important that aviation security inspectors are able to carry out the activities necessary to
perform their role, with any necessary assistance from aviation industry participants or their
staff.
202. In line with the Guide, the offence is not punishable by imprisonment and has a
maximum penalty of 150 penalty units. The penalty is appropriate in the circumstances
because:
• the offence and its penalty operate to prohibit the particular activity of non-
compliance with a written notice to provide specified assistance to an aviation
32
security inspector and is imposed for the purposes of safeguarding against
unlawful interference with aviation;
• there is a strong element of specific and general deterrence to the offence, and to
require proof of intention would undermine the effectiveness of this provision and
the purpose for which it was enacted as a means of safeguarding against unlawful
interference with aviation;
• the penalty for this offence is commensurate with the risk to aviation security that
non-compliance with a written notice to assist an aviation security inspector in
performing their duty poses;
• the offence is punishable by a fine which does not exceed similar thresholds set
out in the Aviation Act;
• the offence is not punishable by imprisonment, and is not dependent upon a
subjective or community standard;
• this is a reasonable penalty to impose, as it has a necessary element of deterrence
whilst not being a manifestly excessive penalty for an offence;
• complying with requirements set out in a written notice is such common practice for
aviation industry participants, that it should be an easily discharged matter;
• in this circumstance, penalising these persons in the absence of proof of fault is
appropriate to apply because the purpose of the exercise of an aviation security
inspectors powers is necessary to safeguard against unlawful interference with
aviation, and non-compliance poses a serious risk to aviation security; and
• the defence of honest and reasonable mistake of fact is still available for defendants
under section 9.2 of the Criminal Code, outlined in Schedule 1 to the Criminal Code.
New subsections 80B(3)-(4) Liability
203. Subsections 80B(3) and (4) operate to limit the liability of persons that provide
assistance as directed under subsection (1).
204. New subsection 80B(3) provides that a person is not liable to an action or other
proceeding for damages for or in relation to an act done or omitted in good faith in
compliance with subsection (1).
205. New subsection 80B (4) provides that an officer, agent or an employee of a person is
also not liable to an action or other proceeding for damages for or in relation to an act done or
omitted in good faith in connection with an act done or omitted by the person mentioned in
subsection (3).
206. To avoid liability there is a requirement that the actions taken, or failures to take an
action, by the person in question be in good faith. In these circumstances, good faith would
require that the person not act dishonestly or in a way that undermines or subverts the
intended purpose, and not to act capriciously or arbitrarily. Included in the concept of good
faith is an obligation to act reasonably and with fair dealing.
207. For an aviation security inspector, acting in good faith is analogous to the APS values
set out in section 10 of the Public Service Act 1999 and aligns with the Code of Conduct set
33
out in section 13 of that Act. Acting in good faith also underpins the directions, guidance,
policies and procedures that dictate the performance of an aviation security inspectors' role
and functions.
208. For an aviation industry participant or a staff member, acting in good faith simply
requires them to undertake their best endeavours to comply with the specified assistance
requested in the written notice.
Section 80C Information gathering direction
209. New Section 80C is an information gathering power and includes a strict liability
offence for failure to comply with a notice given in the exercise of that power.
New subsection 80C(1) Direction
210. New subsection 80C(1) is a discretion for an aviation security inspector to give a
written notice requiring an aviation industry participant (paragraph (a)) or their employee
(paragraph (b)) to provide the inspector with specified assistance that is reasonably necessary
to allow the inspector to exercise powers conferred under the Aviation Act.
211. Under new subsection 80C(1), the notice may be given if the aviation security
inspector has reason to believe the person has or is capable of obtaining information that is
reasonably necessary to allow the inspector to exercise their powers.
212. Under those circumstances, the aviation security inspector may give that person a
notice giving them a direction to:
• give information to the security inspector (paragraph (c)); and
• do so within a period specified in the notice and in a manner also specified in the
notice (paragraph (d)).
213. The words "has or is capable of obtaining" recognise the fact that the person may not
have certain information readily available, or in their physical possession. For example if the
industry participant uses an offsite secure document storage that retains hard copy
documents, then it may not be that the industry participant "has" the information, however
they are "capable of obtaining" it. The use of these words also relates to information in
electronic form. It may be that the person utilises cloud technology to secure some of their
data rather than storing it on a device at a building from which they operate. As with the
example for hard copy documents it may not be that the person "has" the information,
however they are "capable of obtaining" it.
New subsections 80C(2) and 80C(3) Offence
214. Subsections 80C(2) and (3) read together create a strict liability offence for non-
compliance with the requirement in subsection 80C(1).
34
215. Specifically, subsection 80C(2) provides that a person must comply with a notice
under subsection 80C(1). Failure to comply may result in a civil penalty of up to 45 penalty
units.
216. Under subsection 80C(2) a person commits an offence if they are given a notice under
subsection (1) and they then engage in conduct; and that conduct breaches the notice. This
offence would result in a maximum penalty of 45 penalty units.
217. "Engages in conduct" is defined in the Aviation Act to have the same meaning as in
the Criminal Code. Subsection 4.1(2) of the Criminal Code defines "engage in conduct" to
mean to do an act, or omit to perform an act.
218. New subsection (3) provides that this is a strict liability offence.
219. As noted in relation to the power to give a notice to assist an inspector in new section
80B above, any vulnerability in aviation security being exploited could have serious
consequences for the immediate health and safety of Australians, the aviation industry as a
whole, and the maintenance of, and confidence in, the supply chain more generally. It is
therefore vitally important that aviation security inspectors are able to carry out the activities
necessary to perform their role, including being given information from aviation industry
participants or their staff.
220. In line with the Guide, the offence is not punishable by imprisonment and has a
maximum penalty of 45 penalty units. The penalty is appropriate in the circumstances
because:
• the offence and its penalty apply to aviation industry participants and their staff,
but not to the general public;
• the offence and its penalty operate to prohibit the particular activity of non-
compliance with a written notice to provide specified information in a set period
to an aviation security inspector and is imposed for the purposes of safeguarding
against unlawful interference with aviation;
• there is a strong element of specific and general deterrence to the offence, and to
require proof of intention would undermine the effectiveness of this provision and
the purpose for which it was enacted as a means of safeguarding against unlawful
interference with aviation;
• the penalty for this offence is commensurate with the risk to aviation security that
non-compliance with a written notice to give information to an aviation security
inspector in performing their duty poses;
• the offence is punishable by a fine which does not exceed similar thresholds set
out in the Aviation act ;
• the offence is not punishable by imprisonment, and is not dependent upon a
subjective or community standard;
• this is a reasonable penalty to impose, as it has a necessary element of deterrence
whilst not being a manifestly excessive penalty for an offence;
35
• complying with requirements set out in a written notice is such common practice for
aviation industry participants, that it should be an easily discharged matter;
• in this circumstance, penalising these persons in the absence of proof of fault is
appropriate to apply because the purpose of the exercise of an aviation security
inspectors powers is necessary to safeguard against unlawful interference with
aviation, and non-compliance poses a serious risk to aviation security; and
• the defence of honest and reasonable mistake of fact is still available for defendants
under section 9.2 of the Criminal Code, outlined in Schedule 1 to the Criminal Code.
New subsection 80C(4) Other powers not limited
221. New subsection 80C(4) makes clear that this section does not, by implication, limit
any other power conferred by the Aviation Act.
222. As an example, aviation security inspectors are conferred a number of powers under
s79 of the Aviation Act. Triggering the Part 3 investigation powers of the Regulatory Powers
Act is in no way intended to limit the powers under section 79.
Section 80D Self-incrimination
223. New subsection 80D(1) provides that an individual is not excused from giving
information under section 80C on the ground that giving the information might tend to
incriminate them. A note to subsection (1) indicates that a body corporate is not entitled to
claim the privilege against self-exposure to penalty.
224. The privilege against self-incrimination only applies to natural persons and does not
extend to bodies corporate. This note is a reflection of the established common-law principle,
see for example Environment Protection Authority v Caltex Refining Co Pty Ltd (1993) 178
CLR 477 and Trade Practices Commission v Abbco Ice Works Pty Ltd (1994) 123 ALR 503.
225. The purpose of subsection 80D(1) is to expressly override the common-law privilege
against self-incrimination by making clear on the face of the legislation that the privilege
against self-incrimination does not apply to the coercive information-gathering powers
contained in section 80C.
226. In this circumstance, the possibility that giving the information may lead to self-
incrimination does not excuse or exempt a person from giving it. It is acknowledged that
removing the privilege represents a serious loss of personal liberty for persons who are
subject to the requirement, however there is a clear public benefit in the removal of the
principle that outweighs the loss in safeguarding against unlawful interference with aviation
and ensuring compliance of aviation industry participants with regulatory obligations
supports those safeguards.
227. It is appropriate to override the privilege against self-incrimination where its use
could seriously undermine the effectiveness of the aviation security regulatory scheme and
prevent the collection of information that may be relevant to safeguarding against unlawful
interference or other activities that may pose a risk to public confidence in aviation security.
36
Both are situations where overriding the privilege is absolutely necessary, particularly where
the use of that information is constrained.
228. However, the use of incriminatory information cannot be used against the person in
criminal proceedings other than an offence against section 137.1 or 137.2 of the Criminal
Code that relates to giving the information.
229. Subsection 80D(2) expressly limits how that information can be used in relation to the
person that provided it. Specifically, subsection 80D(2) provides that the information given,
giving the information or any information document or thing obtained as a direct or indirect
consequence of giving the information, is not useable against the person in the following
proceedings:
• civil proceedings for the recovery of a penalty; or
• in criminal proceedings, other than a proceeding in relation to an offence against
137.1 or 137.2 of the Criminal Code that relates to the giving of the information.
230. Subsection 80D(2) makes clear that the constraint on the use of the information
applies to information, documents or things obtained both directly and indirectly as a result of
compelling a person to incriminate themselves. It further makes clear that the information,
documents or things obtained cannot be used in specific civil proceedings and any criminal
proceeding other than a proceeding in relation to an offence against 137.1 or 137.2 of the
Criminal Code.
231. Subsection 80D(3) provides that if, at general law, an individual would otherwise be
able to claim the privilege against self-exposure to a penalty (other than a penalty for an
offence) in relation to giving information under section 80C, the individual is not excused
from giving information under that section on that ground. A note to subsection 80D(3)
indicates that a body corporate is not entitled to claim the privilege against self-exposure to
penalty.
232. As above, the note is a reflection of the established common-law principle that the
privilege only applies to a natural person.
233. Similarly to section 80D(1), the purpose of subsection 80D(3) is to make abundantly
clear on the face of the legislation that the common-law privilege against self-incrimination
does not apply to the coercive information-gathering powers contained in section 80C. The
constraint on the direct or indirect use of the information in subsection 80D(2) will apply.
Section 80E Persons assisting aviation security inspectors
234. New section 80E will create the ability for an aviation security inspector to be assisted
by another person in the exercise of their powers under section 79 and section 80.
235. Section 79 of the Aviation Act provides for the general powers of aviation security
inspectors. For example paragraph 79(2)(f) provides that an aviation security inspector may
37
inspect, photograph or copy a document or record made or kept by an aviation industry
participant. Section 80 of the Aviation Act provides aviation security inspectors with powers
specifically in relation to an aircraft. As an example, under paragraph 80(2)(a) an aviation
security inspector may enter and inspect an aircraft operator's aircraft at a security controlled
airport.
New subsections 80E(1)-(2) Aviation Security inspectors may be assisted by other persons
236. New subsection 80E(1) provides that an aviation security inspector may be assisted by
another person in the exercise of their powers under sections 79 and 80, so long as that other
person has appropriate skills and expertise to assist the aviation security inspector.
237. An aviation security inspector exercising investigation powers may encounter an
unanticipated need for physical assistance or an unanticipated need for specialist assistance.
Situations where such assistance may be required include handling heavy or fragile objects,
discovery of dangerous or classified evidentiary material or specialised access to electronic
data from a computer server.
238. For example, a person assisting an aviation security inspector may be required to use
specialised skills to access further secure locations within or on the premises (for example, a
safe or where access is through a locked door). In these situations, this provision means that
an aviation security inspector is able to have the assistance of another person with relevant
skills and experience in relation to such things. For example, a locksmith "person assisting",
as their skill and expertise may be required to assist an aviation security inspector who
encountered a locked cabinet or room, or a cyber security auditor expert could be required for
conducting a review or audit of an industry participant's systems.
239. New subsection 80E(2) makes clear that the term "person assisting" (referred to in
subsection (1)) means a person giving such assistance to the aviation security inspector, this
subsection is included for the avoidance of doubt, and the term operates as a "tag" or simple
identifier for the concept where the term is used in subsections 80E(3) and (4).
New subsections 80E(3)-(5) Powers of a person assisting
240. New subsection 80E(3) makes clear that a person assisting an aviation security
inspector may exercise any of the powers conferred on an aviation security inspector under
section 79 or section 80 of the Aviation Act (see paragraph 80E(3)(a)), and further provides
that the person assisting must exercise the power in accordance with a direction that is given
to them by the aviation security inspector (see paragraph 80E(3)(b)).
241. It is not intended that the person assisting be able to devise their own course of action
in relation to the use of the powers under sections 79 or 80 of the Aviation Act, or to use
those powers for their own or some other purpose.
242. The aviation security inspector is responsible for any powers exercised by the person
assisting, and any function or duty performed is taken to be performed by them. The skills or
38
experience of the authorised person will provide context and guidance for who they seek
assistance from, as well as the directions they give, and the assistance they request from,
those other persons. The assistance required from other persons will often be unanticipated,
and limited in duration and purpose to that which the aviation security inspector requires to
safely and effectively carry out the exercise of their powers. It is not anticipated that other
persons will be routinely used or required on an ongoing basis.
243. Prescribing set training requirements, skills and standards of expertise would be
impracticable in these circumstances and would limit the flexibility intended to be provided
by the "person assisting" provisions
244. New subsection 80E(4) clarifies that the action of a person assisting is for all intents
and purposes an action of the aviation security inspector.
245. New subsection 80E(5) confirms that if a direction under paragraph 80E(3)(b) is
given in writing, then that direction is not a legislative instrument.
246. This is consistent with paragraph 8(6)(a) of the Legislation Act 2003 (Legislation
Act), which provides that if something is declared by an Act, in this case the Aviation Act,
not be a legislative instrument then it is not a legislative instrument.
247. In essence, a direction made under section 80E does not determine the law or alter the
law's content, a direction merely applies section 80E of the Aviation Act. Making clear on
the face of the legislation that a direction made under section 80E is not a legislative
instrument has the effect that such a direction is not published on the Federal Register of
Legislation and is not subject to disallowance. A direction made under section 80E may have
a direct link to safeguarding against an unlawful interference with aviation by detecting an
aviation industry participant's non-compliance with aviation security requirements.
248. It is imperative that all such directions remain out of the public domain so that no use
can be made of them by malicious actors.
Item 35 Paragraph 100(1)(a)
249. Item 35 inserts the words "other than a cyber security incident" after the words
"aviation security incident" in paragraph (1)(a) of section 100 which deals with certain
reporting requirements for aviation industry participants that are airport operators.
250. The amendment made by this item has the effect of limiting the requirement in the
paragraph to any aviation security incidents that are not a cyber security incident.
251. Divisions 3 and 4 of Part 6 of the Aviation Act contain reporting obligations for
various aviation industry participants. Generally speaking, the specified aviation industry
participant is obligated to report an aviation security incident which is defined in section 99
of the Aviation Act as meaning either a threat of unlawful interference with aviation or an
actual unlawful interference with aviation. The term unlawful interference with aviation is
39
defined in section 10 of the Aviation Act. Further, section 99 operates to provide that if an
aviation industry participant fails to report the security incident they can be subject to a
penalty of 200 penalty units.
252. As noted above, item 17 amends section 10 to provide that a cyber security incident is
an unlawful interference with aviation.
253. Cyber security incidents will have their own specific reporting requirements. Items 36
to 46 insert the specific reporting requirements for cyber security incidents and make other
amendments that are consequential to cybersecurity incidents having their own requirements.
Item 36 At the end of section 100
254. This item introduces new reporting requirements for aviation industry participants that
are airport operators. New subsections 100(4) and (5) include a new civil penalty for failure
to report an aviation security incident that is a cyber security incident.
255. New subsection 100(4) operates to provide that if an aviation industry participant is
an airport operator and they become aware of an aviation security incident that is a cyber
security incident then they must report the incident to the Secretary of the Department and to
the Australian Signals Directorate as soon as possible.
256. Failure to comply with this requirement may result in a civil penalty of 50 penalty
units. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement. The penalty is designed to deter non-
compliance with the obligation to report, as a failure to report a cyber security incident may
result in vulnerabilities in the aviation sector cyber security not being identified. The penalty
is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with aviation;
• it has a necessary element of deterrence whilst not being a manifestly excessive
penalty which is similar to others imposed within the Aviation Act;
• an unreported cyber security incident is as commensurate with the risk to aviation
security that any other unreported unlawful interference with aviation poses;
• the penalty applies only to an aviation industry participant that is an airport
operator and not to the public at large.
40
257. Subsection 100(5) operates to provide an exception to the requirement in subsection
(4) if the participant believes, on reasonable grounds, that the person or body is already aware
of the incident or the participant has a reasonable excuse.
258. The note following subsection 100(5) reminds the reader that it is the defendant that
bears the evidential burden in relation to the matters in subsection (5), and refers the reader to
section 96 of the Regulatory Powers Act.
259. Broadly speaking section 96 of the Regulatory Powers Act provides that if a person in
proceedings for a civil penalty wishes to rely on an exception or excuse provisions, then they
bear the evidential burden.
260. In the case of subsection 100(4), there is no criminal responsibility in relation to the
offence. If a defendant wishes to rely on the exception or excuse, the evidential burden can be
discharged if the defendant can adduce or point to evidence suggesting a reasonable
possibility of the existence of an exception or excuse. The defendant no longer bears the
evidential burden in relation to a matter if evidence sufficient to discharge the burden is
adduced. The note following subsection 100(5) is therefore not indicative of a reversal of the
evidential burden, and the legal burden remains on the prosecution.
Item 37 Paragraph 101(1)(a)
261. Item 37 inserts the words "other than a cyber security incident" after the words
"aviation security incident" in paragraph 101(1)(a), which deals with certain reporting
requirements for aviation industry participants that are aircraft operators.
262. As in item 35 above, this amendment has the effect of limiting the requirement in the
paragraph to aviation security incidents that are not a cyber security incident.
Item 38 At the end of section 101
263. This item introduces new subsections 101(4) and (5) which deal with reporting
requirements for aviation industry participants that are aircraft operators, and includes new
civil penalties for failure to report.
264. Similarly to the amendment made by item 36 above, subsection 101(4) provides that
if an aviation industry participant is an aircraft operator and they become aware of an aviation
security incident that is a cyber security incident then they must report the incident to the
41
Secretary of the Department and to the Australian Signals Directorate as soon as possible.
Failure to comply with this requirement may result in a civil penalty of 50 penalty units.
265. The Guide was considered in relation to framing this offence and its penalty. The
penalty is a proportionate, reasonable and appropriate response based on the infringement for
the same reasons to those identified in relation to item 36, above.
266. Subsection 101(5) operates to provide an exception to the requirement in subsection
(4), with the effect that subsection 101(4) does not apply if the participant believes, on
reasonable grounds, that the person or body is already aware of the incident; or the participant
has a reasonable excuse.
267. The note to subsection 101(5) reminds the reader that it is the defendant that bears the
evidential burden in relation to the matters in subsection (5). It also refers the reader to
section 96 of the Regulatory Powers Act, which broadly provides that if a person in
proceedings for a civil penalty wishes to rely on an exception or excuse provisions then they
bear the evidential burden.
268. Similar to item 36, there is no criminal responsibility in relation to the offence in
subsection 101(4). If a defendant wishes to rely on the exception or excuse, the evidential
burden can be discharged if the defendant can adduce or point to evidence suggesting a
reasonable possibility of the existence of an exception or excuse. The defendant no longer
bears the evidential burden in relation to a matter if evidence sufficient to discharge the
burden is adduced. The note following subsection 101(5) is also not indicative of a reversal of
the evidential burden, and the legal burden remains on the prosecution.
Item 39 Paragraph 102(1)(a)
269. Item 39 inserts the words "other than a cyber security incident" after the words
"aviation security incident" in paragraph 102(1)(a), which deals with requirements for
persons with incident reporting responsibilities.
270. This amendment has the effect of limiting the requirement in paragraph 102(1)(a) to
aviation security incidents that are not a cyber security incident.
Item 40 After subsection 102(3)
271. This item introduces reporting requirements for persons with incident reporting
responsibilities in new subsections 102(3A) and (3B), and includes new civil penalties for
failure to report.
272. New subsection 102(3A) provides that if a person is a person with incident reporting
responsibilities and they become aware of an aviation security incident that is a cyber security
42
incident then they must report the incident to the Secretary of the Department and the
Australian Signals Directorate as soon as possible.
273. Failure to comply with this requirement may result in a civil penalty of 50 penalty
units.
274. This amendment has a similar effect as items 36 and 38, other than that section 102
applies to persons with incident reporting responsibilities. The Guide was considered in
relation to framing this offence and its penalty. The penalty is a proportionate, reasonable and
appropriate response based on the infringement for similar reasons to those identified in items
36 and 38 above, except to the extent that the offence applies to persons with incident
reporting responsibilities.
275. New subsection 102(3B) operates to provide an exception to the requirement in
subsection (3A), and states that subsection (3A) does not apply if the person with reporting
responsibilities believes, on reasonable grounds, that the other person or body is already
aware of the incident; or the person with reporting responsibilities has a reasonable excuse.
276. "Reasonable grounds" in this circumstance means that the person on acting on good
faith as part of their role, should know that the person has already reported the incident.
277. The note to subsection 102(3B) reminds the reader that it is the defendant that bears
the evidential burden in relation to the matters in subsection (3B). It also refers the reader to
section 96 of the Regulatory Powers Act. Broadly, section 96 of the Regulatory Powers Act
provides that if a person in proceedings for a civil penalty, wishes to rely on an exception or
excuse provisions then they bear the evidential burden.
278. This note also does not indicate a reversal of the evidential burden in relation to
reliance on the exception or excuse in subsection 102(3B) for the same reasons identified in
the explanations for items 36 and 38 above.
Item 41 Before subsection 102(4)
279. Item 41 inserts a subheading before subsection 102(4) that reads "Persons with
incident reporting responsibilities".
280. The purpose and effect of this amendment is to aid in readability and clearly identify
that the provision following the subheading is about persons with incident reporting
responsibilities.
Item 42 Paragraph 103(1)(a)
281. Item 42 inserts the words "other than a cyber security incident" after the words
"aviation security incident" in paragraph 103(1)(a), which deals with certain reporting
requirements for employees of aviation industry participants. This will have the effect of
43
limiting the requirement in paragraph 103(1)(a) for employees of aviation industry
participants to report on aviation security incidents that are not a cyber security incident.
Item 43 At the end of section 103
282. This item introduces new subsections 103(4) and (5) to deal with cyber security
incident reporting requirements for employees of aviation industry participants, and includes
new civil penalties for failure to report.
283. New subsection 103(4) operates to provide that if an a person is an employee of an
aviation industry participant and they become aware of an aviation security incident that is a
cyber security incident then they must report the incident to the Secretary of the Department
and the Australian Signals Directorate as soon as possible.
284. Failure to comply with this requirement may result in a civil penalty of 50 penalty
units.
285. This amendment has a similar effect as items 36, 38 and 40, above, other than that
section 103 applies to persons who are employees of an aviation industry participant. The
Guide was consulted in relation to framing this offence and its penalty. The penalty is a
proportionate, reasonable and appropriate response based on the infringement for similar
reasons to those identified in items 36, 38 and 40 above, except to the extent that the offence
applies to persons who are employees of an aviation industry participant.
286. New subsection 103(5) provides an exception to the requirement in subsection 103(4),
and states that subsection (4) does not apply if the employee believes, on reasonable grounds,
that the person or body is already aware of the incident or the employee has a reasonable
excuse.
287. "Reasonable grounds" are the same as those identified in relation to item 40, above.
288. The note to subsection (5) reminds the reader that it is the defendant that bears the
evidential burden in relation to the matters in subsection (5). It also refers the reader to
section 96 of the Regulatory Powers Act. Broadly speaking, section 96 of the Regulatory
Powers Act provides that if a person in proceedings for a civil penalty, wishes to rely on an
exception or excuse provisions then they bear the evidential burden.
289. This note also does not indicate a reversal of the evidential burden in relation to
reliance on the exception or excuse in subsection 103(5) for the same reasons identified in the
explanations for item 36, above.
Item 44 Subsection 104(1)
290. Item 44 inserts the words "other than a cyber security incident" after the words
"aviation security incident" in subsection 104(1), which deals with the manner in which
aviation industry participants who are airport operators, must report on aviation security
44
incidents. This will have the effect of limiting the application of section 104 to aviation
security incidents that are not a cyber security incident.
Item 45 Subsection 105(1)
291. Item 45 inserts the words "other than a cyber security incident" after the words
"aviation security incident" in subsection 105(1), which deals with the manner in which
aviation industry participants, who are aircraft operators, must report on aviation security
incidents. This will have the effect of limiting the application of the section to aviation
security incidents that are not a cyber security incident.
Item 46 Subsection 106(1)
292. Item 46 inserts the words "other than a cyber security incident" after the words
"aviation security incident" in subsection 106(1), which deals with the manner in which
persons with incident reporting responsibilities must report on aviation security incidents.
This will have the effect of limiting the application of the section to aviation security
incidents that are not a cyber security incident.
Item 47 After Part 6
293. This item will introduce a new Part 6A after the current Part 6 of the Aviation Act.
New Part 6A relates to reporting requirements for aviation industry participants, known
consignors and regulated agents.
Section 107A - Simplified outline of this part
294. New section 107A is the simplified outline for the new Part 6A, which provides in
simple terms what the new Part deals with.
295. The first paragraph of the simplified outline explains that certain aviation industry
participants will be required to submit periodic reports. The second paragraph provides that if
an aviation industry participant has been given a transport security program then the
Secretary may require the participant to submit a report.
296. Paragraphs three, four and five note the same requirement as in paragraph two, but in
relation to a known consignor (defined in section 9) being provided with a known consignor
security program, a regulated cargo agent (defined in section 9, and shortened to RACA) has
been provided with a RACA security program, and an accredited air cargo agent (defined in
section 9, and shortened to AACA) has been provided with an AACA security program. In
each of those circumstances, the Secretary may require the known consignor or agent to
submit a report.
297. The simplified outline is not intended to be comprehensive, and is merely intended to
assist readers.
45
Section 107B - Certain aviation industry participants must submit periodic report
298. New section 107B is the mandatory reporting requirement for the relevant aviation
industry participant, and provides the scope for the application of section 107B.
New subsection 107B(1) - Scope
299. New subsection 107B(1) provides the scope for application of section 107B. In
particular, it provides that section 107B applies if a transport security program was or is in
force for an aviation industry participant, an applicable reporting period for the transport
security program has ended, the transport security program was not given to the participant
by the Secretary under s26B of the Aviation Act, the transport security program includes a
security assessment, and the participant is in a class of aviation participant specified in the
regulations. The term "applicable reporting period" is defined in new subsection 107B(5), see
further below.
300. The effect of subsection 107B(1) is that the requirements provided for in section 107B
will not apply unless the participant is in a class specified in the regulations and the transport
security program meets the criteria listed in paragraphs 107B(1)(a) to (d).
New subsection 107B(2)-(4) Periodic report
301. New subsections (2) to (4) provide the detail for the content of a periodic report and
for the imposition of the civil penalty.
302. New subsection 107B(2) sets out the time frame in which a written report in the
approved form is required and the matters that the report must provide details on, including
setting out any matters specified in the regulations and, if there is a board, council or other
governing body - a statement from that body detailing the currency of the transport security
program and whether the program adequately addressed the requirements under Division 4 of
Part 2 at the end of the applicable reporting period.
303. The provision also includes a new civil penalty of 150 penalty units for failure to
submit the required report within the timeframe specified, which is 90 days after the
applicable reporting period.
304. The Guide was considered when determining the amount of this penalty. The penalty
is a proportionate response based on the infringement, and is designed to deter non-
compliance. A failure to report on a review of a transport security plan may result in
vulnerabilities in a transport security plan not being identified, which represents a risk to
aviation security.
305. The penalty value is consistent with other maximum penalties in relation to transport
security programs. As an example, under section 14 of the Aviation Act if an airport operator
fails to comply with their transport security program, they can be subject to a maximum
penalty of 200 penalty units. Only aviation industry participants that meet the criteria in
46
subsection 107B(1) can be subject to the penalty, and not all aviation industry participants or
the general public. In the majority of cases aviation industry participants are corporations.
306. The penalty is appropriate and reasonable in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with aviation by ensuring that the currency and adequacy of
a transport security program, and other specified matters, is reported on;
• the penalty for this offence is similar to, and does not exceed, others imposed
within the Aviation Act, and is commensurate with the risk to aviation security
that a failure to report on findings of regular reviews of a transport security
program report on findings and non-compliance with related requirements poses;
and
• it provides a necessary deterrent effect and incentive to comply, whilst not being a
manifestly excessive penalty.
307. The purpose and effect of subsection 107B(2) is to specify a timeframe for mandatory
reporting, and the matters to be included in the reports, for aviation industry participants and
to impose a penalty for non-compliance with the requirement to make a report.
New subsection 107B(3)
308. New subsection 107B(3) will act as a limitation on the content that can be prescribed
in the Aviation Regulations under new paragraph 107B(2)(b). It provides that a matter cannot
be prescribed in the Aviation Regulations in relation to paragraph 107B(2)(b) unless it relates
to unlawful interference with aviation or safeguarding against unlawful interference with
aviation.
309. This limitation has the effect of precluding the Aviation Regulations prescribing any
other matters for the purposes of the mandatory reporting requirement.
New subsection 107B(4)
310. New subsection 107B(4) will act as a limitation on the use of the information
contained within a periodic report. It provides that the report cannot be used as evidence in
either a criminal proceeding for an offence against the Aviation Act; or in a civil proceeding
in relation to a contravention of a civil penalty provision of the Aviation Act, other than in
relation to section 107B.
311. This amendment puts beyond doubt that information provided in their mandatory
reports by an aviation industry participant that was given on a transport security program that
meets the criteria in subsection 107B(1) will not be used as evidence in those proceedings. It
is intended to provide reassurance to aviation industry participants, and encourage full
disclosure in making a mandatory report under section 107B.
47
New subsections 107B(5)-(6) Applicable reporting period for a transport security program
312. New subsections 107B(5) and (6) operate together to provide meaning for the concept
of the "applicable reporting period for a transport security program".
313. The majority of transport security programs are issued for a period of 5 years.
However, there are circumstances in which a transport security program can be issued for a
period of less than 5 years. The intention is that, at a minimum, industry participants should
be reporting on their program every two and a half years (30 months). This would mean that
the majority of participants would report half way through the validity period of their
program, and again at the end of their program.
314. For clarity, paragraph (5)(a) provides that if a transport security program has been in
force for at least 30 months then the applicable reporting period is either the 30 month period
that began when the program came into force; or the remainder of the period for which the
program is in force.
315. Further, paragraph (5)(b) provides that in any other case, the applicable reporting
period is the period when the transport security program was in force.
316. For the avoidance of doubt, new subsection (6) makes clear that a day that occurs
before section 107B commences, is not included in an applicable reporting period.
317. For example, if a transport security program is to be in force for two years, and comes
into force six months before section 107B commences, the relevant reporting period is for the
18 months the transport security program is in force after section 107B commences.
318. Some 'itinerant' aircraft operators are given transport security programs for two years,
should there be a reason that this type of industry participant must provide a report, the report
would be given at the end of the two-year period.
319. The purpose and effect of these subsections is to provide certainty to aviation industry
participants about when a reporting period does or does not apply in relation to a transport
security program, and how often a report must be made.
Section 107C Secretary may require an aviation industry participant to submit
report
320. New section 107C introduces a discretion for the Secretary to require an aviation
industry participant to submit a periodic report if the transport security program is in force
and the participant was given a transport security program under section 26B. The provision
will also include a new civil penalty for non-compliance with a requirement to submit the
report.
321. This subsection applies to an aviation industry participant not covered by section
107B.
48
New subsection 107C(1) Scope
322. New subsection 107C(1) provides the scope for the application of section 107C. In
particular, it provides that section 107C applies if a transport security program was or is in
force for the aviation industry participant and the transport security program was given to the
participant under s26B of the Aviation Act.
323. The effect of subsection 107C(1) is that the requirements provided for in section 107C
will not apply to an aviation industry participant unless the transport security program given
to the participant was given by the Secretary under section 26B, and the transport security
program was or is in force at the end of the reporting period.
New subsections 107C(2)-(4) Notice
324. New subsections 107C(2) to (4) operate together to provide for the giving of a notice
requiring the participant to deliver a report.
325. New subsection (2) operates to provide that the Secretary may, by giving a written
notice to the aviation industry participant, require the participant to give the Secretary a
report that relates to the period that the Secretary specifies in the notice, sets out the matters
that are specified in the Aviation Regulations, if there are any, is in the form that the
Secretary has approved, and is made within 90 days after the notice is given.
326. It should be noted that paragraph 133(1)(a) of the Aviation Act provides that the
Governor-General may make regulations that are required or permitted by the Aviation Act to
be prescribed. New subparagraph 107C(2)(a)(ii) will permit matters to be prescribed in the
Aviation Regulations.
327. The purpose and effect of subsection 107C(2) is to provide for an approved form for
the report, and to specify a timeframe for mandatory reporting, and the matters to be included
in the reports, for aviation industry participants.
328. New subsection 107C(3) provides that the period specified in the notice that must be
reported on, must consist of the period for which the security program was in force, or be
within the period which the program was in force, must end before the notice is given to the
aviation industry participant, and must begin after the commencement of section 107C.
329. This limitation has the effect of limiting the time period for the purposes of the
mandatory reporting requirement. This provision makes clear that mandatory reporting
relates only to the period that a transport security program is in force (or was in force, if the
report is required after the end of that period). It is also made clear that the mandatory
reporting does not apply to the period before section 107C comes into effect.
330. New subsection 107C(4) will act as a qualifier for any regulations that are made under
subparagraph 107C(2)(a)(ii). Specifically, new subsection 107C(4) provides that a matter
49
should not be specified in the Aviation Regulations unless it relates to unlawful interference
with aviation or safeguarding against unlawful interference with aviation.
331. This limitation has the effect of precluding the Aviation Regulations prescribing any
other matters for the purposes of the mandatory reporting requirement.
New subsections 107C(5)-(6) Compliance
332. New subsection 107C(5) operates to provide that an aviation industry participant must
comply with a notice given under subsection 107C(2) to produce a report, or be subject to a
civil penalty of 150 penalty units.
333. The Guide was considered when determining the amount of this penalty. The penalty
is a proportionate response based on the infringement, and is designed to deter non-
compliance. A failure to report on a review of a transport security plan may result in
vulnerabilities in a transport security plan not being identified, which represents a risk to
aviation security.
334. The penalty value is consistent with other maximum penalties for non-compliance in
relation to transport security programs. As noted above, under section 14 of the Aviation Act
if an airport operator fails to comply with their transport security program, they can be
subject to a maximum penalty of 200 penalty units. Only aviation industry participants given
a transport security program by the Secretary under section 26B can be subject to the penalty
in new subsection 107C(5), and not all aviation industry participants or the general public. In
the majority of cases, aviation industry participants are corporations.
335. New subsection 107C(6) will act as a limitation on the use of the information
contained within a report. It provides that the report cannot be used as evidence in either a
criminal proceeding for an offence against the Aviation Act, or in a civil proceeding in
relation to a contravention of a civil penalty provision of the Aviation Act, other than in
relation to section 107C.
336. This amendment puts beyond doubt that information provided in their mandatory
reports by an aviation industry participant that was given a transport security program under
section 26B will not be used as evidence in those proceedings. It is intended to provide
reassurance to aviation industry participants, and encourage full disclosure in making a
mandatory report under section 107C.
Section 107D Secretary may require a known consignor to submit report
337. New section 107D introduces a discretion for the Secretary to require a known
consignor to submit a periodic report. The provision will also include a new civil penalty for
failure to submit the required report.
50
New subsection 107D(1) - Scope
338. New subsection 107D(1) provides the scope for the application of section 107D. In
particular, it provides that section 107D applies if a known consignor security program was
or is in force, and the security program was given to the known consignor under the
Regulations.
339. The effect of subsection 107D(1) is that the requirements provided for in section
107D will not apply to a known consignor unless the security program was given to the
known consignor under the Aviation Regulations, and the security program was or is in force
at the end of the reporting period.
New subsections 107D(2)-(4) - Notice
340. New subsections 107D(2) to (4) read together provide for the giving of a notice
requiring a known consignor to deliver a report.
341. New subsection 107D(2) provides that the Secretary may, by giving a written notice,
require a known consignor to give the Secretary a report that relates to the period that the
Secretary specifies in the notice, sets out the matters that are specified in the Aviation
Regulations, if there are any, is in the form that the Secretary has approved, and is made
within 90 days after the notice is given.
342. As above, it is noted that paragraph 133(1)(a) of the Aviation Act provides that the
Governor-General may make regulations that are required or permitted by the Aviation Act to
be prescribed. New subparagraph 107D(2)(a)(ii) will permit matters to be prescribed in the
Aviation Regulations.
343. The purpose and effect of subsection 107D(2) is to provide for an approved form for
the report, and to specify a timeframe for reporting, and the matters to be included in the
reports, for known consignors.
344. New subsection 107D(3) provides some limitations on the period that can be specified
in the notice given under subsection 107D(2). It operates to provide that the period specified
in the notice, that must be reported on, must consist of the period for which the security
program was in force, or be within the period which the program was in force, must end
before the notice is given to the known consignor, and must begin after the commencement of
section 107D.
345. This limitation has the effect of limiting the time period for the purposes of the
reporting requirement. This provision makes clear that reporting relates only to the period
that a known consignor security program is in force (or was in force, if the report is required
after the end of that period). It is also made clear that reporting does not apply to the period
before section 107D comes into effect.
51
346. New subsection 107D(4) will act as a qualifier for any regulations that are made under
subparagraph 107D(2)(a)(ii). Specifically, new subsection 107D(4) provides that a matter
should not be specified in the Aviation Regulations unless it relates to unlawful interference
with aviation, or safeguarding against unlawful interference with aviation.
347. This limitation has the effect of precluding the Aviation Regulations prescribing any
other matters for the purposes of the reporting requirement.
New subsections 107D(5)-(6) - Compliance
348. New subsection 107D(5) operates to provide that a known consigner must comply
with a notice to produce a report given under subsection 107D(2), or be subject to a civil
penalty of 150 penalty units.
349. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement, and is designed to deter non-compliance.
A failure to report on a security plan may result in vulnerabilities in the security plan not
being identified, which represents a risk to aviation security.
350. The penalty value is consistent with other maximum penalties for non-compliance in
relation to security programs. Only known consignors given a security program by the
Secretary can be subject to the penalty in new subsection 107D(5), and not all known
consignors, other aviation industry participants or the general public.
351. Known Consigners generally are exposed to significantly less risk than other aviation
industry participants, due to having less direct interaction with the aviation transport supply
chain. Known Consigners also have a wider disparity between large and small operators. The
penalty value is consistent with other penalties within the Aviation Act.
352. New subsection 107D(6) will act as a limitation on the use of the information
contained within a report. It provides that the report cannot be used as evidence in either a
criminal proceeding for an offence against the Aviation Act, or in a civil proceeding in
relation to a contravention of a civil penalty provision of the Aviation Act, other than in
relation to section 107D.
353. This amendment puts beyond doubt that information provided in their reports by an
known consignor that was given a transport security program will not be used as evidence in
those proceedings. It is intended to provide reassurance to known consignors, and encourage
full disclosure in making a report under section 107D.
Section 107E Secretary may require a regulated air cargo agent to submit report
354. Section 107E introduces a new discretion for the Secretary to require a regulated air
cargo agent to submit a periodic report. The provision will also include a new civil penalty
for failure to submit the required report if required to do so.
52
New subsection 107E(1) Scope
355. New subsection 107E(1) provides the scope for application of section 107E. In
particular, it provides that section 107E applies if a regulated air cargo agent security
program was or is in force; and the security program was given to the regulated air cargo
agent under the Aviation Regulations.
356. The effect of subsection 107E(1) is that the requirements provided for in section 107E
will not apply to a regulated air cargo agent unless the security program was given to the
regulated air cargo agent under the Aviation Regulations, and the security program was or is
in force at the end of the reporting period.
New subsections 107E(2)-(4) Notice
357. New subsections 107E(2) to (4) read together provide for the giving of a notice
requiring the regulated air cargo agent to deliver a report.
358. New subsection 107E(2) provides that the Secretary may, by giving a written notice,
require a regulated air cargo agent to give the Secretary a report that relates to the period that
the Secretary specifies in the notice, sets out the matters that are specified in the Aviation
Regulations, if there are any, is in the form that the Secretary has approved, and is made
within 90 days after the notice is given.
359. As above, it is noted that paragraph 133(1)(a) of the Aviation Act provides that the
Governor-General may make regulations that are required or permitted by the Aviation Act to
be prescribed. New subparagraph 107E(2)(a)(ii) will permit matters to be prescribed in the
Aviation Regulations.
360. The purpose and effect of subsection 107E(2) is to provide for an approved form for
the report, and to specify a timeframe for reporting, and the matters to be included in the
reports, for regulated air cargo agents.
361. New subsection 107E(3) provides some limitations on the period that can be specified
in the notice given under subsection 107E(2). It provides that the period specified in the
notice, that must be reported on, must consist of the period for which the security program
was in force, or be within the period which the program was in force, must end before the
notice is given to the regulated air cargo agent, and must begin after the commencement of
section 107E.
362. This limitation has the effect of limiting the time period for the purposes of the
reporting requirement. This provision makes clear that reporting relates only to the period
that a regulated air cargo agent security program is in force (or was in force, if the report is
required after the end of that period). It is also made clear that reporting does not apply to the
period before section 107E comes into effect.
53
363. New subsection 107E(4) will act as a qualifier for any regulations that are made under
subparagraph 107E(2)(a)(ii). Specifically, new subsection 107E(4) provides that a matter
should not be specified in the Aviation Regulations unless it relates to unlawful interference
with aviation, or safeguarding against unlawful interference with aviation.
364. This limitation has the effect of precluding the Aviation Regulations prescribing any
other matters for the purposes of the reporting requirement.
New subsections 107E(5)-(6) Compliance
365. New subsection 107E(5) operates to provide that a regulated air cargo agent must
comply with a notice to produce a report, or be subject to a civil penalty of 150 penalty units.
366. The Guide was consulted when determining the amount of this penalty. The penalty
is a proportionate response based on the infringement, and is designed to deter non-
compliance. A failure to report on a regulated air cargo agent security plan may result in
vulnerabilities in the security plan not being identified, which represents a risk to aviation
security.
367. The penalty value is consistent with other maximum penalties for non-compliance in
relation to security programs. Only a regulated air cargo agent given a security program by
the Secretary can be subject to the penalty in new subsection 107E(5), and not all regulated
air cargo agents, other aviation industry participants or the general public.
368. New subsection 107E(6) will act as a limitation on the use of the information
contained within a report. It provides that the report cannot be used as evidence in either a
criminal proceeding for an offence against the Aviation Act, or in a civil proceeding in
relation to a contravention of a civil penalty provision of the Aviation Act, other than in
relation to section 107E.
369. This amendment puts beyond doubt that information provided in their reports by a
regulated air cargo agent that was given a transport security program will not be used as
evidence in those proceedings. It is intended to provide reassurance to regulated air cargo
agents, and encourage full disclosure in making a report under section 107E.
Section 107F Secretary may require an accredited air cargo agent to submit
report
370. Section 107F introduces a new discretion for the Secretary to require an accredited air
cargo agent to submit a periodic report. The provision will also include a new civil penalty
for failure to submit the required report.
New subsection 107F(1) Scope
371. Subsection (1) provides the scope for application of section 107F. In particular, it
provides that section 107F applies if an accredited air cargo agent security program was or is
54
in force; and the security program was given to the accredited air cargo agent under the
Aviation Regulations.
372. The effect of subsection 107F(1) is that the requirements provided for in section 107F
will not apply to an accredited air cargo agent unless the security program was given to the
regulated air cargo agent under the Aviation Regulations, and the security program was or is
in force at the end of the reporting period.
New subsections 107F(2)-(4) Notice
373. New subsections 107F(2) to (4) read together provide for the giving of a notice
requiring the regulated air cargo agent to deliver a report.
374. New subsection 107F(2) provides that the Secretary may, by giving a written notice,
require an accredited air cargo agent to give the Secretary a report that relates to the period
that the Secretary specifies in the notice, sets out the matters that are specified in the Aviation
Regulations, if there are any, is in the form that the Secretary has approved, and is made
within 90 days after the notice is given.
375. As above, it is noted that paragraph 133(1)(a) of the Aviation Act provides that the
Governor-General may make regulations that are required or permitted by the Aviation Act to
be prescribed. New subparagraph 107F(2)(a)(ii) will permit matters to be prescribed in the
Aviation Regulations.
376. The purpose and effect of subsection 107F(2) is to provide for an approved form for
the report, and to specify a timeframe for reporting, and the matters to be included in the
reports, for accredited air cargo agents.
377. New subsection 107F(3) provides some limitations on the period that can be specified
in the notice given under subsection 107F(2). It provides that the period specified in the
notice, that must be reported on, must consist of the period for which the security program
was inforce, or be within the period which the program was in force, must end before the
notice is given to the accredited air cargo agent, and must begin after the commencement of
section 107F.
378. This limitation has the effect of limiting the time period for the purposes of the
reporting requirement. This provision makes clear that reporting relates only to the period
that an accredited air cargo agent security program is in force (or was in force, if the report is
required after the end of that period). It is also made clear that reporting does not apply to the
period before section 107F comes into effect.
379. New subsection 107F(4) will act as a qualifier for any regulations that are made under
subparagraph 107F(2)(a)(ii). Specifically new subsection 107F(4) provides that a matter
should not be specified in the Aviation Regulations unless it relates to unlawful interference
with aviation, or safeguarding against unlawful interference with aviation.
55
380. This limitation has the effect of precluding the Aviation Regulations prescribing any
other matters for the purposes of the reporting requirement.
New subsections 107F(5)-(6) - Compliance
381. New subsection 107F(5) operates to provide that an accredited air cargo agent must
comply with a notice to produce a report, or be subject to a civil penalty of 150 penalty units.
382. The Guide was consulted when determining the amount of this penalty. The penalty
is a proportionate response based on the infringement, and is designed to deter non-
compliance. A failure to report on an accredited air cargo agent security plan may result in
vulnerabilities in the security plan not being identified, which represents a risk to aviation
security.
383. The penalty value is consistent with other maximum penalties for non-compliance in
relation to security programs. Only an accredited air cargo agent given a security program by
the Secretary can be subject to the penalty in new subsection 107F(5), and not all accredited
air cargo agents, other aviation industry participants or the general public.
384. New subsection 107F(6) will act as a limitation on the use of the information
contained within a report. It provides that the report cannot be used as evidence in either a
criminal proceeding for an offence against the Aviation Act, or in a civil proceeding in
relation to a contravention of a civil penalty provision of the Aviation Act, other than in
relation to section 107F.
385. This amendment puts beyond doubt that information provided in their reports by an
accredited air cargo agent that was given a transport security program will not be used as
evidence in those proceedings. It is intended to provide reassurance to accredited air cargo
agents, and encourage full disclosure in making a report under section 107F.
Item 48 Subsection 109(2)
386. This item amends section 109 to insert the words "or is capable of obtaining" after the
word "has" in subsection 109(2). Section 109 of the Aviation Act empowers the Secretary to
collect security compliance information from aviation industry participants. This information
can be used to assess an industry participant's compliance or noncompliance with their
transport security programs or other security obligations under the Aviation Act. This allows
the Secretary to assess the status of security compliance within the aviation industry, and
enables the Secretary to recognize potential weaknesses and rectify problems before the
safety of the industry and the public is compromised.
387. Subsection 109(2), currently provides that if the Secretary believes on reasonable
grounds that the aviation industry participant has security compliance information (defined in
subsection 109(1)), then the Secretary may request that information by a written notice.
56
388. The words "has or is capable of obtaining" are being inserted in recognition of the
fact that the person may not have certain information readily available. For example if the
industry participant uses an offsite secure document storage, that retains hard copy
documents, then it may not be that the industry participant "has" the information, however
they are "capable of obtaining" it.
389. The use of these words also relates to information in electronic form. It may be that
the person utilises cloud technology to secure some of their data rather than storing it on a
device at a building from which they operate. As with the example for hard copy documents
it may not be that the person "has" the information, however they are "capable of obtaining"
it.
390. Subsection 109(2) is an existing offence provision which imposes a penalty of 45
penalty units for a failure to comply with a notice. Complying with that requirement is
common practice for aviation industry participants, and is an easily discharged matter.
Item 49 After Part 7
391. Item 49 introduces a new Part 7A after the current Part 7 of the Aviation Act. This
new Part will deal with the use and disclosure of protected information. The definition for the
term "protected information" will be introduced into section 9 of the Aviation Act by item 9.
Division 1 Simplified outline of this Part
Section 112AA Simplified outline
392. New section 112AA is a simplified outline for the new Part 7A. It provides that the
making of a record, or the use or disclosure, of protected information is authorised in
particular circumstances but is otherwise an offence.
393. The simplified outline is not intended to be comprehensive, and is merely intended to
assist readers.
Division 2 Authorised use and disclosure
Section 112A Authorised use and disclosure--performing functions etc.
394. New subsections 112A(1) and (2) operate to provide that a person may make a record
of, use or disclose protected information if the person makes the record or uses or discloses
the information for the purpose of exercising their powers or performing their functions or
duties under the Aviation Act, the purpose of otherwise ensuring compliance with the
Aviation Act, or purposes in connection with the administration or execution of the Aviation
Act.
395. For example, an aviation industry participant may share information about exercises
and drills with an appropriate government agency to meet their obligations to conduct
57
exercises under the Aviation Act, this will be an authorised disclosure of protected
information.
396. A note following both subsection 112A(1) and subsection 112A(2) clarifies that each
subsection is an authorisation for the purposes of other laws, including the Australian Privacy
Principles. Relevantly, Australian Privacy Principle 6.2 provides that the disclosure of
personal information is permitted where the disclosure is required or authorised by or under
Australian law. Personal information may be relevant to security compliance information or
aviation security information about an individual and would fall within the definition of
protected information.
397. The purpose and effect of section 112A is to expressly permit a person to use and/or
disclose protected information where doing so is required or authorised by or under
Australian law in order to acquit the functions or duties of the persons" role, or where they
are ensuring compliance with, or otherwise administering or executing, the Aviation Act, and
without the risk that doing so may be an offence, or may be in breach of privacy or non-
disclosure obligations in the Aviation Act or other legislation.
Section 112B Authorised use and disclosure--other person's functions etc.
398. New subsection 112B(1) introduces a new discretion for the Secretary to disclose
protected information to the persons listed in subsection 112B(2), and make a record of or use
protected information for the purpose of that disclosure. The exercise of the discretion is
permitted for the purposes of enabling or assisting the person, to whom the information is
disclosed, to exercise their powers or performs their functions or duties.
399. A note following subsection 112B(1) clarifies that the subsection is an authorisation
for the purposes of other laws, including the Australian Privacy Principles. Relevantly,
Australian Privacy Principle 6.2 provides that the disclosure of personal information is
permitted where the disclosure is required or authorised by or under Australian law. Personal
information may be relevant to security compliance information or aviation security
information about an individual and would fall within the definition of protected information.
400. Subsection 112B(2) lists the persons to whom a disclosure can be made, these
include:
• a Minister of the Commonwealth who has responsibility for any of the following:
national security, law enforcement, foreign investment in Australia, taxation policy,
industry policy, promoting investment in Australia, defence, customs, immigration,
transport, health, biosecurity, emergency management, the regulation or oversight of
aviation safety (subparagraphs 112B(2)(a)(i)-(xiv)); or a matter that is specified in an
instrument that is made under subsection (3) (subparagraph 112B(2)(a)(xv));
• a Minister of a State, the Australian Capital Territory or the Northern Territory who
has responsibility for any of the following: emergency management, transport, health,
58
law enforcement (subparagraphs 112B(2)(b)(i)-(iv), or a matter that is specified in an
instrument that is made under subsection 112B(4) (subparagraph 112B(2)(b)(v);
• a person that is employed as a member of staff by one of the persons mentioned in
paragraphs (a) or (b) (paragraph 112B(2)(c)); or
• the head of an agency, including a department, that is administered by the Minister
referred to in paragraphs (a) or (b) (paragraph 112B(2)(d)).
401. The matters relating to Ministerial responsibility relate broadly to the physical,
financial, health, and productivity safety and security of Australia and its people. The purpose
of listing relevant Ministers and their staff, and agency heads to whom a disclosure of
protected information may be made is to cater for circumstances where the protected
information is relevant to one or more of the Commonwealth, State or Territory portfolios
listed, is so that the relevant Minister can be advised or fully briefed by staff to make a safety
or security decision, or so that an agency head may arrange for operational or administrative
responses to occur.
402. Subsection 112B(3) creates a power for the Minister to make a legislative instrument
that specifies one or more matters for the purpose of subparagraph 112B(2)(a)(xv). Similarly,
subsection 112B(4) creates a power for the Minister to make a legislative instrument that
specifies one or more matters for the purpose of subparagraph 112B(2)(b)(v).
403. Changes to the risk and threat matrix after the commencement of section 112B may
make it necessary to rapidly provide for additional persons to whom protected information
may be disclosed. The inclusion of subsections 112B(3) and (4) will enable the Minister to
make a rapid provision for additional persons, should the need arise.
404. Any instruments made under subsections 112B(3) and (4) would be legislative
instruments, and would therefore be subject to committee scrutiny and disallowance.
Section 112C Authorised disclosure relating to law enforcement
405. New section 112C introduces a new discretion for the Secretary to disclose protected
information to an enforcement body, within the meaning of the Privacy Act 1988 (Privacy
Act), for the purpose of enforcement related activities, within the meaning of the Privacy Act,
that are conducted by or on behalf of that enforcement body. The Privacy Act defines
"enforcement body" and "enforcement related activity" in section 6 of that Act.
406. A note following the section clarifies that the section is an authorisation for the
purposes of other laws, including the Australian Privacy Principles. Relevantly, Australian
Privacy Principle 6.2 provides that the disclosure of personal information is permitted where
the disclosure is required or authorised by or under Australian law. Personal information may
be relevant to security compliance information or aviation security information about an
individual and would fall within the definition of protected information.
59
407. The purpose of permitting a disclosure of protected information to an enforcement
body, is so that enforcement related activities can be undertaken in relation to the
information, should the need arise. Security compliance information or aviation security
information, or information about a transport security plan may relate to an offence that
requires an enforcement response.
Section 112CA Authorised disclosure--instrument made by Secretary
408. New subsection 112CA(1) introduces an express permission for a person to make a
disclosure of protected information to a person specified in an instrument made under
subsection 112CA(2) for a purpose specified in the instrument.
409. The effect of subsection 112CA(1) is that where the Secretary has identified a person
to whom a disclosure can be made and specified them in an instrument, subsection 112CA is
the clear legislative authority for a person to make a disclosure to a specified person if the
disclosure is for one or more of the purposes specified for the specified person.
410. However, subsection 112CA(1) does not provide authority for a person to make a
disclosure of protected information to a specified person that is not for the purpose, or one of
the purposes, specified for that individual, see also section 112E, below.
411. There are two guidance notes following subsection 112CA(1). Note 1 clarifies that the
subsection is an authorisation for the purposes of other laws, including the Australian Privacy
Principles. Relevantly, Australian Privacy Principle 6.2 provides that the disclosure of
personal information is permitted where the disclosure is required or authorised by or under
Australian law. Note 2 directs the reader to section 112H for record keeping requirements.
Section 112H is a new section introduced by this Bill (see further, below) that specifies
record keeping requirements for disclosures under section 112CA.
412. New subsection 112CA(2) introduces a new discretion for the Secretary to make a
legislative instrument that specifies one or more persons to whom protected information may
be disclosed and, to specify for each person the purpose or purposes for which the disclosure
may be made .
413. Any instruments made under subsection 112CA(2) would be legislative instruments,
and therefore are subject to committee scrutiny and disallowance.
Section 112D Secondary use and disclosure of protected information
414. New section 112D provides for a secondary use or disclosure of protected information
by permitting a person to record, use or disclose protected information if they obtain
information under Division 2 of Part 7A (including this section), and they record, use or
disclose the information for the purpose for which it was disclosed to them.
415. The effect of section 112D is that where a permitted disclosure has been made, the
person who received the disclosed information may make a record or use or further disclose
60
the information if the disclosure is for one of the purposes that the information was originally
disclosed.
416. For example, the Department may share threat information given to the department,
by an industry participant to other aviation industry participants that the threat information
may be relevant to. This would be an authorised secondary use and disclosure of protected
information.
417. However, subsection 112D does not provide authority for a person to make a record,
use, or further disclose protected information if it is not for the purpose, or one of the
purposes, the information was originally disclosed to them, see also section 112E, below.
418. The guiding note following the section clarifies that the section is an authorisation for
the purposes of other laws, including the Australian Privacy Principles. Relevantly,
Australian Privacy Principle 6.2 provides that the disclosure of personal information is
permitted where the disclosure is required or authorised by or under Australian law. Personal
information may be relevant to security compliance information or aviation security
information about an individual and would fall within the definition of protected information.
Division 3 Offence for unauthorised use or disclosure
Section 112E Offence for unauthorised use or disclosure of protected information
419. New section 112E introduces a new offence for the unauthorised disclosure of
protected information. Under section 112E, a person commits an offence if they obtain
information that is protected information, and they record, disclose or otherwise use that
protected information, and doing so is not authorised by the Aviation Act.
420. The penalty for this offence is 2 years imprisonment or 120 penalty units or both.
421. Unauthorised disclosure or use of protected information may pose a significant risk to
aviation security. Any vulnerability in aviation security being exploited could have serious
consequences for the immediate health and safety of Australians, the aviation industry as a
whole, and the maintenance of the supply chain more generally. It is therefore vitally
important that unauthorised disclosures of protected information do not occur or if they do
occur, that the penalty for such an offence is reflective of the significant risk to aviation
security that unauthorised disclosures pose.
422. The Guide was consulted in relation to setting and framing an appropriate penalty for
this offence. The penalties are appropriate because:
• the offence is not dependent upon a subjective or community standard;
• the offence and its penalties operate to deter and punish the commission of the
offence, and reflect the seriousness of the offence within the legislative scheme;
61
• the penalties for this offence are commensurate with the consequences of the
commission of the offence, which have the potential to be particularly dangerous
and damaging to aviation security;
• the offence may be punishable by a fine which does not exceed similar thresholds
set out in the Aviation Act, whilst not being a manifestly excessive penalty for this
offence;
• the offence may be punishable by a term of imprisonment which is consistent with
penalties for existing offences of a similar kind or of a similar seriousness (for
example, the offence in section 122.4 of the Criminal Code which deals with
unauthorised disclosure of information by current and former Commonwealth
officers also carries a penalty of imprisonment for 2 years);
• the offence may be punishable by both a fine and a period of imprisonment which
is adequate for the worst possible case;
• the alternative penalties allow scope for a court to weigh all relevant factors in
determining the penalty in accordance with the sentencing considerations in
section 16A of the Crimes Act 1914.
423. Section 4B of the Crimes Act 1914 provides that if an offence specifies a penalty of
imprisonment but no fine, the maximum fine for an individual is 5 penalty units multiplied by
the maximum prison term in months. Clause 3.1.3 of the Guide cites this formula for
calculating a fine/imprisonment ratio, which was followed for calculating the maximum term
of imprisonment penalty for an offence under section 112E. The ratio of 5 penalty units to 1
month of imprisonment, in the case of section 112E, is 120 penalty units divided by 5 = 24
months. 24 months = 2 years.
Section 112F Exceptions to offence for unauthorised use or disclosure
424. New section 112F provides exceptions to the offence introduced by section 112E,
above.
Subsection 112F(1) - Required or authorised by law
425. New subsection 112F(1) provides an exception to the application of section 112E if
the making of the record, or the disclosure or use of the protected information is authorised
by or under a law of the Commonwealth or a law of a State or Territory prescribed by the
regulations.
426. The effect of subsection 112F(1) is that if a person makes a record, or uses or
discloses protected information, and doing so is authorised by or under a law of the
Commonwealth or a law of a State or Territory prescribed by the regulations, it is an
exception to the offence in section 112E. The purpose of this subsection is to permit a person
to make a record, or use or disclose protected information where it is otherwise permitted by
law.
62
Subsection 112F(2) Good faith
427. Under subsection 112F(2), section 112E does not apply to a person, to the extent that
the persons recording, use or disclosure of protected information was done in good faith and
purportedly in compliance with the Aviation Act.
428. To rely on the exception in subsection 112F(2), there is a requirement that the actions
taken, by the person in question be in good faith and purportedly in compliance with the
Aviation Act. In these circumstances, good faith would require that the person not act
dishonestly or in a way that undermines or subverts the intended purpose, and not to act
capriciously or arbitrarily. Included in the concept of good faith is an obligation to act
reasonably and with fair dealing.
429. For public servants recording, using or disclosing protected information, acting in
good faith and in compliance with legislation is analogous to the APS values set out in
section 10 of the Public Service Act 1999 and aligns with the Code of Conduct set out in
section 13 of that Act. Acting in good faith also underpins the directions, guidance, policies
and procedures that dictate most public servants" roles and functions. Acting in good faith
and in compliance with the Aviation Act therefore should be a normal part of their role.
430. Similar expectations apply to persons employed under the Members of Parliament
(Staff)Act 1984 (and similar State and Territory legislation), under the Statement of
Ministerial Standards for Commonwealth Ministers and the various fundamental principles
and codes of conduct set out in each State and Territory for Ministers of the State or
Territory. Acting in good faith and in compliance with the Aviation Act therefore should also
be a normal part of their role.
431. For an aviation industry participant or a staff member, acting in good faith simply
requires them to undertake their best endeavours and not act dishonestly or in a way that
undermines or subverts the intended purpose, and not to act capriciously or arbitrarily. Acting
in good faith and in compliance with the Aviation Act should be such common practice for
aviation industry participants, that it should be an easily discharged matter.
Subsection 112F(3) Person to whom the protected information relates
432. Under subsection 112F(3), section 112E does not apply to a person, if the information
is disclosed to the person that it relates to, or if the person that is disclosing the information is
the person that the information relates to, or the making of the record, or the use or disclosure
of the information was either expressly or impliedly authorised by the person to whom the
information relates.
433. The guiding note following the section reminds the reader that the evidential burden
in the matters in section 112F is on the defendant, the note refers the reader to subsection
13.3(3) of the Criminal Code. Subsection 13.3(3) of the Criminal code relevantly provides
that a defendant who wishes to rely on any exception provides by the law creating an offence,
63
bears an evidential burden in relation to that matter. In the case of subsection 112F(3), there
is no criminal responsibility in relation to the offence.
434. If a defendant wishes to rely on the exception in subsection 112F(3), the evidential
burden can be discharged if the defendant can adduce or point to evidence suggesting a
reasonable possibility of the existence of the exception applying in the particular case. The
defendant no longer bears the evidential burden in relation to a matter if evidence sufficient
to discharge the burden is adduced. The note following subsection 112F(3) is therefore not
indicative of a reversal of the evidential burden, and the legal burden remains on the
prosecution.
435. A public servant who wishes to rely on this exception with respect to disclosing
information to the person it relates to should find the evidential burden a readily discharged
matter by reference to relevant file notes. The evidential burden should also be a readily
discharged matter for a person about whom the information relates if they then go on to
disclose to another person, for example a legal advisor.
Section 112G No requirement to provide information
436. New subsection 112G(1) provides that, subject to subsections (2) and (3), a person is
not to be required to disclose protected information, or produce a document containing
protected information to either a court, or a tribunal, authority or person that has the power to
require answering of questions or the production of documents.
437. The purpose and effect of subsection 112G(1) is to make clear that, other than in some
specific circumstances, a person is not to be compelled to disclose protected information to a
court or tribunal.
438. However, subsection 112G(2) provides that if it is necessary for the purposes of
giving effect to the Aviation Act then subsection (1) does not prevent a person from being
required to disclose protected information or produce a document that contains protected
information.
439. The purpose and effect of subsection 112G(2) is to make clear that despite subsection
112G(1), a person may still be compelled to disclose protected information or produce a
document that contains protected information if doing so is necessary for the purposes of
giving effect to the Aviation Act.
440. For example, this exception may be relied on if a disclosure of protected information
is necessary where there is a risk of serious damage or danger to aviation. In that case, the
risk of an unlawful interference with aviation is a reason to compel the disclosure of
protected information or a document containing same.
441. Subsection 112G(3) provides that subsection (1) does not prevent a person from being
required to disclose protected information, or produce a document with protected
64
information, if it is for a judicial review proceeding before the High Court of Australia, the
Federal Court or the Federal Circuit Court of Australia.
442. The purpose and effect of subsection 112G(3) is to make clear that subsection (1) is
not intended to limit in any way the ability of the listed courts to exercise their judicial review
jurisdiction.
Division 4 Record keeping
Section 112H Record keeping requirements
443. New section 112H introduces record keeping requirements in relation to a disclosure
made under section 112CA. Broadly speaking, section 112CA provides for the Secretary to
specify in a legislative instruments that certain disclosures of protected information are
authorised. The section also provides for an offence for failing to comply with the record
keeping requirements.
444. Subsection 112H(1) operates to provide that if a person makes a disclosure covered
by section 112CA to another person then they must make a record of the disclosure and the
identity of the person to whom that disclosure was made. They must also keep that record for
a period of 90 days.
445. Subsection (2) creates an offence for a person who engages in conduct that breaches
the requirement in subsection (1). The penalty for the offence is 50 penalty units.
446. In framing this offence and its penalty, the Guide was considered. In line with the
Guide, the penalty is appropriate in the circumstances because:
• the offence and its penalty operate as an incentive to compliance with the general
requirement not to disclose protected information other than where authorised,
and is imposed for the purposes of safeguarding protected information and
recording authorised disclosures;
• the penalty for this offence is similar to others imposed within the Aviation Act,
and is commensurate with the risk to aviation security that unrecorded disclosure
of protected information poses;
• this is a reasonable penalty to impose, as it has a necessary element of deterrence
whilst not being a manifestly excessive penalty for an offence;
• making a record of an authorised disclosure should be a simple matter to
discharge.
65
Item 50 Section 116 (paragraph beginning "to ensure")
447. Item 50 amends section 116 of the Aviation Act, which is a simplified outline for Part
8 of that Act. The words "or civil penalties" will be inserted after the words "criminal
offences" in the first sentence of the outline.
448. The purpose and effect of this amendment is to reflect that Part 8 will now also deal
with civil penalty provisions, see for example section 125A below in relation to the
imposition of civil penalty provisions.
Item 51 Section 116 (paragraph beginning "To ensure")
449. This item also amends the simplified outline for Part 8 in section 116. Part 8 of the
Aviation Act deals with the different enforcement options that can be used as an alternative to
criminal prosecution or civil penalty proceedings. This item amends the second sentence of
the simplified outline to insert the words "or civil penalty proceedings" after the words
"criminal prosecution".
450. As with the amendment made by item 50 above, the purpose of this amendment is
reflect that Part 8 will deal with the civil penalty provisions of the Regulatory Powers Act,
see new section 125A below for more information on those provisions.
Item 52 Section 116 (paragraph beginning "The enforcement")
451. This item also amends the simplified outline for Part 8 in section 116. Item 52 repeals
the final paragraph of the simplified outline that lists the various divisions in Part 8 that
represent the enforcement options available under the Aviation Act. The paragraph will then
be replaced by the updated list of divisions that will include the new Division 2A for the
improvement notices and the new Division 6 for the civil penalty provisions.
452. The updated list provides that the enforcement options (and the relevant Divisions)
are as follows: (a) infringement notices (Division 2); (b) improvement notices (Division 2A);
(c) enforcement orders (Division 3); (d) enforceable undertakings (Division 3A); (e)
injunctions (Division 4); (f) demerit points system (Division 5).
453. The purpose and effect of the updated list is to aid the reader to locate the relevant
enforcement options by reference to a division in Part 8.
Item 53 After Division 2 of Part 8
454. Item 53 introduces a new Division 2A into Part 8 of the Aviation Act. New division
2A provides for the issuing of improvement notices as one of the available alternatives to
criminal prosecution or civil penalty provisions.
66
Division 2A Improvement notices
Section 117A Improvement notices
455. New section 117A provides the authority for an aviation security inspector to issue an
improvement notice.
Subsection 117A(1) Scope
456. New subsection 117A(1) operates to provide that section 117A will apply if the
aviation security inspector reasonably suspects that an aviation industry participant is
contravening a provision of the Aviation Act, or that an aviation industry participant has
contravened the Aviation Act in circumstances that make it likely that the contravention will
continue or be repeated, or that an aviation industry participant is likely to contravene a
provision of the Aviation Act.
457. "Reasonably suspects" in this circumstance means that the aviation security inspector
has observed or has identified acts or omissions, or practices or behaviour that indicate that
an aviation industry participant is, has, or may contravene requirements under the Aviation
Act with which they must comply.
458. The purpose of issuing the improvement notices is to provide aviation industry
participants with the opportunity to improve the situation rather than immediately imposing a
penalty for wrongdoing, although there will be a penalty for failure to comply with the
improvement notice. The circumstances described in subsection 117A(1) are all
circumstances in which the issuing of an improvement notice has the potential to improve an
ongoing or future circumstance of non-compliance with Aviation Act requirements. While
paragraph 117A(1)(b) refers to a contravention that has already occurred, it is qualified by the
words "in circumstances that make it likely that the contravention will continue or be
repeated".
Subsection (2) Improvement Notice
459. New subsection 117A(2) operates to provide that if section 117A applies, then the
aviation security inspector has the discretion to issue a written improvement notice that
requires that requires the aviation industry participant to remedy the contravention, prevent
the likely contravention from occurring, or remedy things or operations causing the
contravention or likely contravention.
460. The purpose of subsection 117A(2) is to introduce a new power for an aviation
security inspector to exercise a discretion to issue an improvement notice to an aviation
industry participant who is reasonably suspected of contravening, or having contravened, one
or more requirements under the Aviation Act.
461. New subsection 117A(3) makes clear that such a notice is to be known as an
"improvement notice".
67
462. The purpose of new subsection 117A(3) is to put beyond doubt that a notice issued
by an aviation security inspector to an aviation industry participant who is reasonably
suspected of contravening, or having contravened, one or more requirements under the
Aviation Act under subsection 117A(2) is to be known as an "improvement notice".
Section 117B Contents of improvement notices
463. New section 117B provides for the content that must be included in an improvement
notice and the content that may be included in an improvement notice.
464. Subsection 117B(1) operates to provide that an improvement notice must include the
following content:
• a statement of what circumstance the inspector reasonably believes exists,
specifically which of the circumstances in subsection 117A(1);
• the specific provision that the inspection believes is being, has been or will be
contravened by the participant;
• briefly how the specific provision is being contravened; and
• the period in which the participant must comply with the notice.
465. The purpose and effect of this provision is to set the mandatory content for an
improvement notice. This gives certainty to aviation industry participants and to aviation
security inspectors alike.
466. New subsection 117B(2) operates to provide an aviation security inspector with the
discretion to include directions in the improvement notice that the aviation industry
participant must take to remedy the contravention, or prevent the likely contravention, or
remedy the things or operations causing the contravention or likely contravention.
467. The purpose and effect of this provision is to permit an aviation security inspector to
direct an aviation industry participant to correct an existing or potential defect in practice or
procedure rather than immediately issue a notice with respect to a breach of
468. New subsection 117B(3) operates to provide that that period of time be reasonable in
all the circumstances.
469. As noted above, an improvement notice given to an aviation industry participant must
state the period of time in which the participant is to comply with the notice.
470. The period of time that is "reasonable in all the circumstances" would depend on the
nature of the defect to be remedied and the risk to aviation security that the defect poses, the
nature of the remedy itself and the tasks that must be undertaken to remedy the defect
68
Section 117C Compliance with improvement notices
471. Section 117C introduces a strict liability offence failure to comply with an
improvement notice given under section 117B.
472. Specifically, subsection 117C(1) creates a strict liability offence for a person who is
an aviation industry participant that is either an airport operator or aircraft operator.
Subsection 117C(1) operates to provide that if a person who is that particular type of aviation
industry participant is given an improvement notice and then goes on to engage in conduct
that breaches the improvement notice, they have committed a strict liability offence that
carries a 200 penalty unit penalty.
473. It is subsection 117C(2) that makes clear that an offence under subsection (1) is an
offence of strict liability. The imposition of the 200 penalty unit penalty and the reasoning for
making this a strict liability offence is discussed below.
474. The term "person", as it relates to an aviation industry participant who is either an
airport operator or aircraft operator, generally refers to the corporate entity that operates an
airport or aircraft rather than a natural person (that is, an individual). The term "engages in
conduct" is defined in the Aviation Act to have the same meaning as in the Criminal Code.
Subsection 4.1(2) of the Criminal Code defines "engage in conduct" to mean to do an act, or
omit to perform an act.
475. Subsection 117C(3) creates an offence for aviation industry participants other than an
airport operator or aircraft operator. Similarly to the offence in subsection 117C(1),
subsection 117C(3) operates to provide that if an aviation industry participant other than an
airport operator or aircraft operator is given an improvement notice and then goes on to
engage in conduct that breaches the improvement notice, they have committed a strict
liability offence that carries a 100 penalty unit penalty. Subsection 117C(4) makes clear that
an offence under subsection (3) is an offence of strict liability.
476. The Guide was considered with respect to framing these offences and their penalties.
In considering that guidance, it was determined that the penalties imposed on aviation
industry participants that are airport operators or aircraft operators and all other aviation
industry participants should be different amounts, which is consistent with the approach taken
for similar penalties imposed under the Aviation Act.
477. Generally, as noted above, airport operators and aircraft operators are large corporate
entities (or bodies corporate) while other aviation industry participants may be natural
persons. The body corporate multiplier rule set out in subsection 4B(3) of the Crimes Act
provides that the maximum penalty that can be imposed on a body corporate (by a court) is
five times higher than the penalty that can be imposed on a natural person. The only
exception to this rule is where, as a matter of law, only a corporation can commit an offence
in which case the multiplier does not apply and a correspondingly higher penalty should be
specified.
69
478. In part, the purpose of subsection 117C(1) is to avoid the possible imputation that a
maximum fine five times the amount imposable on a natural person could be imposed on
airport operators and aircraft operators, therefore a higher penalty is set for airport operators
and aircraft operators. This gives airport operators and aircraft operators a level of certainty
with respect to the penalty for a failure to comply with an improvement notice given under
section 117B.
479. An additional purpose is to recognise the seriousness of the risk of damage or danger
to aviation security in particular, and the aviation infrastructure or aircraft operated by those
participants more generally, that a failure to comply with an improvement notice may pose.
Compliance with an improvement notice will assist to protect and safeguard the aviation
infrastructure or aircraft operated by those participants against harm.
480. Non-compliance with an improvement notice is a similarly serious risk to aviation
security if committed by any other aviation industry participant, but may not directly expose
aviation infrastructure or aircraft to a similar level of danger or damage.
481. It is for this reason the penalty for airport operators and aircraft operators is set at 200
penalty units, but for all other aviation industry participants the penalty is 100 penalty units.
Both offences and their penalties are commensurate with the risks that may arise from non-
compliance with an improvement notice.
482. The difference in penalty value between airport operators and aircraft operators, and
other aviation industry participants, is consistent with other similar penalties within the
Aviation Act.
483. In considering the Guide, imposing strict liability offences for non-compliance with
subsections 117C(1) and (3) is appropriate in the circumstances because:
• the offences and their penalties each operate as a general deterrent to non-
compliance and as an incentive to comply with an improvement notice;
• the penalties for these offence are similar to others imposed within the Aviation
Act, and are commensurate with the risk to aviation security that non-compliance
poses;
• these penalties are reasonable penalties to impose, as they each have a necessary
element of deterrence whilst they are each not a manifestly excessive penalty for a
strict liability offence.
484. In consideration of the guidance within the Guide for offences of strict liability, it is
noted that, as strict liability applies to all of the physical elements of the offences:
• the absence of the element of fault in each offence is justified as it allows the
Government to maintain a robust sanctions system which acts as both a deterrent
against a person committing this type offence and as an incentive to comply;
70
• the offences are not punishable by imprisonment, and are not dependent upon a
subjective or community standard;
• the offences are punishable by a fine which do not exceed similar thresholds set
out in the Aviation act;
• there is a strong element of specific and general deterrence to the offences, and to
require proof of intention would undermine the effectiveness of this provision and
the purpose for which it was enacted as a means of safeguarding against unlawful
interference with aviation;
• not engaging in conduct that breaches the improvement notice is similar to other
requirements to comply with notices given under the Aviation Act which is
common practice for aviation industry participants, that it should therefore be an
easily discharged matter;
• in these circumstances, penalising these persons in the absence of proof of fault is
appropriate to apply because giving an improvement notice is necessary to
safeguard against an unlawful interference with aviation, and engaging in non-
compliant conduct poses a serious risk to aviation security; and
• the defence of honest and reasonable mistake of fact is still available for
defendants under section 9.2 of the Criminal Code, outlined in Schedule 1 to
the Criminal Code.
Section 117D Extension of time for compliance with improvement notices
485. New section 117D introduces a new power to enable an aviation security inspector to
extend the period of time the aviation industry participant has to comply with the
improvement notice.
Subsection 117D(1) Scope
486. New subsection 117D(1) provides that section 117D applies if a person has been
given an improvement notice. This provision makes clear that the power to extend the
compliance timeframe only applies in circumstances where an improvement notice has
already been given, rather than at the time the improvement notice is given.
Subsections 117D(2)-(4) Extension of compliance period
487. New subsection 117D(2) provides that an aviation security inspector may extend the
compliance period for an improvement notice by issuing a written notice to the person. The
purpose and effect of subsection 117D(2) is to specify how an extension of the compliance
period may be given.
71
488. New subsection 117D(3) provides that such a notice may only be issued before a
compliance period has ended. The purpose and effect of subsection 117D(3) is to specify
when an extension of the compliance period may be given.
489. New subsection 117D(4) provides that in section 117D "compliance period" means
the period that is specified in the notice under 117B and any extension granted under this
section. The purpose and effect of subsection 117D(4) is to define the term "compliance
period" only for section 117D. The term is given a different meaning in section 117F.
Section 117E Variation of improvement notices
490. New section 117E provides for the variation of an improvement notice.
Subsection 177E(1) Scope
491. New subsection 117E(1) provides that the section applies if a person has been issued
an improvement notice. The purpose and effect of this provision is to make clear that the
power to vary the improvement notice only applies after an improvement notice has already
been given.
Subsections 117E(2)-(3) Changes
492. New subsection 117E(2) provides that an aviation security inspector may, by written
notice given to the person, vary the notice. This provision enables an aviation security
inspector to make a variation on an improvement notice, by issuing another notice. The
purpose and effect of subsection 117E(2) is to specify how an extension of the compliance
period may be given
493. New subsection 117E(3) provides that an aviation security inspector may also, in
accordance with section 117D, extend the compliance period for an improvement notice.
494. The purpose and effect of subsection 117E(3) is to permit an extension of the time
period given in the variation notice so that the recipient has sufficient time to comply with the
variation, and aligns with the similar power to extend the compliance period set out in section
117D, above.
Section 117F Revocation of improvement notices
495. New section 117F introduces a requirement that aviation security inspector must
revoke an improvement notice in certain circumstances.
496. New subsection 117F(1) operates to provide than an aviation security inspector must
revoke an improvement notice if the aviation security inspector has a reasonable belief that it
is no longer required for the purposes of requiring a person to remedy a contravention of the
Aviation Act, or prevent a likely contravention of this Act from occurring; or remedy the
things or operations causing a contravention, or likely contravention, of the Aviation Act. The
revocation of an improvement notice must be by written notice.
72
497. The purpose and effect of subsection 117F(1) is to specify in which circumstances it
is mandatory for an aviation security inspector to revoke an improvement notice, and how
that revocation must be effected.
498. New subsection 117F(2) provides that in section 117F "compliance period" means the
period that is specified in the improvement notice given under 117B and any extension of the
period granted under section 117D. The purpose and effect of subsection 117F(4) is to define
the term "compliance period" only for section 117F, the term has a different meaning in
section 117D. This provision takes into account any extension of the original compliance
period and any extension to that period.
Section 117G Formal irregularities or defects in improvement notices
499. New section 117G provides that an improvement notice is not invalid simply because
of a formal defect or irregularity, unless that defect or irregularity causes or is likely to cause
substantial injustice. The section also provides that an improvement notice is not invalid
simply because of a failure to use the correct name of the person, as long as the notice still
sufficiently identifies the person. For example, if two letters of the person's name are
transposed, or if the name is recorded as "MacDonald" when it should be "McDonald".
500. However, the notice's validity would not be preserved if the defect or irregularity in
the notice causes or is likely to cause substantial injustice. For example, if an improvement
notice is given to an aviation participant who does not operate or control the matter referred
to in the notice, the defect would be likely to cause substantial injustice.
501. The purpose and effect of this provision is to preserve the validity of an improvement
notice despite a failure to strictly adhere to the requirements set out in the relevant
improvement notice provision.
Item 54 At the end of Part 8
502. This item inserts a new Division 6 at the end of Part 8 of the Aviation Act that will
trigger the use of the civil penalty provisions in Part 4 of the Regulatory Powers Act, which
creates a framework for the use of civil penalties to enforce civil penalty provisions.
Division 6 Civil Penalties
Section 125A Civil penalty provisions
Subsection 125A(1) Enforceable civil penalty provision
503. New subsection 125A(1) states that a civil penalty provision in the Aviation Act is
enforceable under Part 4 of the Regulatory Powers Act.
504. The note following subsection (1) reminds the reader that Part 4 of the Regulatory
Powers Act allows a civil penalty to be enforced by obtaining an order for a person to pay a
pecuniary penalty for the contravention of the relevant provision.
73
505. The Regulatory Powers Act is an Act of general application and there is no express
requirement to trigger its provisions. However, the standard provisions of the Regulatory
Powers Act represent best practice in relation to regulatory powers, providing a standard
baseline of regulatory powers while protecting important common law privileges.
Consequently, as this Bill introduces new monitoring, investigation and enforcement powers
of the kind available under the Regulatory Powers Act this division is introduced into the
Aviation Act to trigger the relevant provisions of the Regulatory Powers Act.
506. The purpose and effect of subsection 125A(1) is to satisfy a requirement in section 79
of the Regulatory Powers Act that a provision is enforceable under Part 4 of the Regulatory
Powers Act if an Act provides that the civil penalty is enforceable under Part 4.
Subsection 125A(2) Authorised applicant
507. New subsection 125A (2) specifies that for the purpose of Part 4 of the Regulatory
Powers Act the Secretary is an authorised applicant in relation to a civil penalty provision in
the Aviation Act .
508. This provision will ensure the Secretary is empowered to exercise the relevant powers
under Part 4 of the Regulatory Powers Act. Most relevantly, this includes applying to a court
for an order that a person, who is alleged to have contravened a civil penalty provision, pay
the Commonwealth a pecuniary penalty.
509. The purpose and effect of subsection 125A(1) is to satisfy a requirement in section 80
of the Regulatory Powers Act, that for someone to be an authorised applicant, the relevant act
must specify that they are an authorised applicant.
Subsection 125A(3) Relevant Court
510. New subsection 125A(3) specifies that for the purposes of Part 4 of the Regulatory
Powers Act, the Federal Court of Australia and the Federal Circuit Court of Australia are
relevant courts.
511. The purpose and effect of subsection 125A(3) is to satisfy a requirement in section 81
of the Regulatory Powers Act that a court is a relevant court only if it is specified in the act
that is triggering the Part 4 powers.
Subsection 125A(4) Extension to external Territories etc.
512. New subsection 125A(4) confirms that the civil penalty provisions under Part 4 of the
Regulatory Powers Act extends to the external Territories.
513. The inclusion of this subsection is required to align the use of civil penalties with the
scope of the Aviation Act which extends to the external Territories.
74
Item 55 Before section 126
514. Item 55 inserts the heading "Division 1 External Review" before section 126, and is
consequential to other changes to Part 9 of the Aviation Act described below.
515. Currently Part 9 of the Aviation Act is comprised solely of section 126, which deals
with review of decisions by the Administrative Appeals Tribunal.
516. Amendments introduced below expand the content of Part 9 to also deal with internal
review of decisions. This item coupled with amendments below, will have the effect and
purpose of dividing Part 9 into two divisions, Division 1 dealing with external reviews and
Division 2 dealing with internal reviews.
Item 56 At the end of subsection 126(1)
517. This item inserts a new paragraph (g) at the end of subsection 126(1) to provide for a
decision made under the new internal review power in section 126D (introduced in item 57,
below). An application may be made for review by the Administrative Appeals Tribunal of
an internal review decision made by the Secretary under section 126D.
518. The effect of including this additional paragraph is that any decision made by the
Secretary under new section 126D, can be the subject of an application for review by the
Administrative Appeal Tribunal.
Item 57 At the end of Part 9
519. This item inserts a new Division 2 in Part 9, which introduces a new framework for
conducting internal reviews of certain decisions related to improvement notices. The new
framework specifies which decisions are internally reviewable, how an application for
internal review can be made and by whom, what the Secretary must do in relation to an
application for internal review, when and how notice of an internal review decision must be
given, and provides the Secretary with a discretion to stay the operation of a decision related
to improvement notices.
Division 2 Internal review
Section 126B Which decisions are internally reviewable
520. New section 126B specifies which decisions are internally reviewable decisions for
Division 2 of Part 9 and who is eligible to apply for a review of an internally reviewable
decision. This section also creates 'tags' for the terms "internally reviewable decision" and
"eligible person", which are used throughout Division 2.
521. The table in section 126B provides that a decision in relation to giving an
improvement notice under section 117A, a decision in relation to the extension of the time
period for compliance under section 117D, and a decision in relation to variation of an
improvement notice under section 117E are the only decisions made under the Aviation Act
75
that are internally reviewable in accordance with Division 2 (internally reviewable decisions).
In each case, the person who was given the notice is the person who is eligible (eligible
person) to make an application for internal review.
522. The purpose and effect of this section is to limit which decisions may be internally
reviewed and who is eligible to make an application for internal review.
Section 126C Application for internal review
523. New section 126C provides for an eligible person to make an application for internal
review, how and in what form the application must be made, and when an application may be
made.
524. The effect of section 126C is that an eligible person may apply to the Secretary, in the
manner and form required by the Secretary, for an internal review of a decision referred to in
the table in section 126B. The application must be made within the prescribed time after the
day that the decision first came to the eligible person's notice, or such longer period as the
Secretary allows.
525. The "prescribed time" for an application regarding a decision to give an improvement
notice as set out in subsection 126C(3), is either the period specified in the notice for
compliance with the notice or 14 days, whichever is the lesser; and for any other application
is 14 days.
526. The purpose of section 126C is to make clear that an eligible person may make an
application for internal review, and to specify how and in what form the application must be
made, and when an application may be made
Section 126D Decision on internal review
527. New section 126D provides for what must occur when the Secretary receives an
application for an internal review of an internally reviewable decision from an eligible
person.
528. New subsection 126D(1) operates to provide that the Secretary must review an
internally reviewable decision and make a decision in relation to it as soon as is reasonably
practicable, but in any event the decision must be made within 14 days after the application is
received.
529. The effect of this subsection is to make clear that it is mandatory that applications for
internal review are reviewed and a decision must be made in relation to the application in a
timely manner, no later than 14 days after the application was received.
530. New subsection 126D(2) operates to provide that the decision the Secretary may make
may be to confirm or vary the internally reviewable decision or, if the Secretary considers it
appropriate, to set aside the internally reviewable decision and substitute a different decision.
76
531. The effect of this subsection is to specify the types of decisions that are available to
the Secretary when making a decision in relation to an internally reviewable decision.
532. New subsection 126D(3) operates to provide that the Secretary's 14 day decision
period ceases to run if the Secretary seeks further information from the person who made the
application. The 14 day period would recommence when the information is provided.
533. The effect of this subsection is to permit an applicant the necessary time to provide
requested information to support their application without reducing the time that the
Secretary has to make a decision.
534. New subsection 126D(4) operates to provide that the applicant must provide the
further information within the time specified by the Secretary in the request for information.
The time that the Secretary specifies must not be less than 7 days.
535. The effect of this subsection is to make clear that the applicant will be given a
timeframe to respond with the requested information, and that the timeframe must not be less
than 7 days. This means that the Secretary may specify a longer time period when making the
request for further information, noting that the time period in which the Secretary must make
a decision on the application does not restart until the information is provided.
Section 126E Notification of decision on internal review
536. New section 126E provides for when notification of a decision about an internally
reviewable decision must be given to the applicant and manner in which it must be given.
537. The effect of this section is to make it mandatory for the Secretary to give an
applicant written notice of the decision the Secretary has made and the reasons for that
decision.
Section 126F Stays of internally reviewable decisions
538. New section 126F introduces a discretionary power for the Secretary to "stay the
operation of a decision", when an application for internal review has been made.
539. The effect of this section is that if an application is made for an internal review of a
decision the Secretary may apply a temporary stop, pending the outcome of the internal
review, to the operation of a decision in relation to an improvement notice.
Item 58 Subsection 127(1)
540. This item amends subsection 127(1) to insert "(other than powers or functions under
Division 2 of Part 9)" after the words "this Act". This amendment is required as a
consequence of the introduction of new Division 2 of Part 9.
541. Subsection 127(1) currently permits the delegation of certain of the Secretary's
Aviation Act powers to an SES employee, or acting SES employee, in the Department or to
77
the Agency Head of an Agency that carries on activities that relate to national security. This
specification is amended by item 59, below.
542. The effect of this amendment is that the Secretary's powers in new Division 2 of Part
9 of the Aviation Act cannot be delegated to those persons.
Item 59 Paragraph 127(1)(b)
543. This item amends paragraph 127(1)(b) to remove the words "that carries on activities
that relate to national security".
544. The effect of this section is that the Secretary's Aviation Act powers, other than
powers or functions under Division 2 of Part 9, can be delegated to an SES employee, or
acting SES employee, in the Department or to the Agency Head of an Agency.
545. This change reflects the change in the purpose of the Aviation Act to include
operational interference. This will allow delegating certain powers to agencies that are
stakeholders during a significant event or incident. As an example this could allow certain
powers to be delegated to an agency responsible for biosecurity at airports.
Item 60 Subsection 127(1A)
546. This item amends subsection 127(1A) to insert the words "in writing" after the words
"the delegation".
547. The effect of this section is to require any Agency Head delegated the Secretary's
powers under paragraph 127(1)(b) to agree to the delegation in writing. This written
agreement will act as a record of that agreement.
Item 61 After paragraph 127(2)(b)
548. This item amends paragraph 127(2)(b) to insert "or (c) Division 2 of Part 9;".
549. The effect of this amendment is to prevent the delegation of the Secretary's internal
review powers to an APS employee in the Department.
Item 62 After subsection 127(2A)
550. This item introduces a new subsection 127(2B) that permits the Secretary, by writing,
delegate all or any of the Secretary's powers and functions under Division 2 of Part 9 to an
SES employee who holds, or performs the duties of, an SES Band 2 position, or an SES Band
3 position, in the Department.
551. This delegation is consistent with other similar delegations within the Aviation Act.
Internal reviews are delegated to the SES Band 2 level to maintain a level ofoperational
flexibility, while providing a level of impartiality.
78
Item 63 After subsection 132(2)
552. This item introduces a new subsection 132(2A) in the severability provision to deal
with the additional effect of the Act.
553. New subsection 132(2A) provides that this Act also has the effect that it would have
if:
• each reference to an aviation industry participant were expressly confined to an
aviation industry participant that is a corporation to which paragraph 51(xx) of the
Constitution applies,
• each reference to an airport operator were expressly confined to an airport
operator that is a corporation to which paragraph 51(xx) of the Constitution
applies; and
• each reference to an aircraft operator were expressly confined to an aircraft
operator that is a corporation to which paragraph 51(xx) of the Constitution
applies; and
• each reference to a known consignor were expressly confined to a known
consignor that is a corporation to which paragraph 51(xx) of the Constitution
applies; and
• each reference to a regulated air cargo agent were expressly confined to a
regulated air cargo agent that is a corporation to which paragraph 51(xx) of the
Constitution applies; and
• each reference to an accredited air cargo agent were expressly confined to an
accredited air cargo agent that is a corporation to which paragraph 51(xx) of the
Constitution applies; and
• each reference to a regulated agent were expressly confined to a regulated agent
that is a corporation to which paragraph 51(xx) of the Constitution applies.
554. The purpose of new subsection 132(2A) is to provide, in effect, that if any part of this
Bill is held to be unconstitutional, the remainder shall not be affected.
Division 2 Application provisions
Item 64 Application--transport security programs
555. Subitem 64(1) provides that the amendment of section 16 of the Aviation Act made
by this Part applies in relation to a transport security program for an aviation industry
participant if:
79
• the participant gives the program to the Secretary under section 18 of that Act
after the commencement of this item; or
• the participant gives a copy of the program to the Secretary under section 22 of
that Act after the commencement of this item; or
• the participant gives the program to the Secretary in compliance with a notice that
was given under section 23 of that Act after the commencement of this item.
556. Subitem 64(2) provides that despite subitem (1), in determining, for the purposes of
sections 21, 23, 23A and 25 of the Aviation Act, whether a transport security program
adequately addresses the relevant requirements under Division 4 of Part 2 of that Act, assume
that the amendment of section 16 of that Act made by this Part applies in relation to the
program.
557. Subitem 64(3) provides that the amendment of section 26C of the Aviation Act made
by this Part applies in relation to a transport security program if the program is given to an
aviation industry participant under section 26B of that Act after the commencement of this
item.
558. The purpose and effect of Item 64 is to provide for the application of amendments in
relation to transport security programs.
Item 65 Application--known consignor security programs
559. Subitem 65(1) provides that subsection 44C(3B) of the Aviation Act (as amended by
this Part) applies in relation to a known consignor security program if the program is given
to a known consignor under the regulations after the commencement of this item.
560. Subitem 65(2) provides that for the purposes of this item, regulations means
regulations made under the Aviation Act.
561. The purpose and effect of Item 65 is to provide for the application of amendments in
relation to known consignor security programs.
Item 66 Application--RACA security programs
562. Subitem 66(1) provides that subsection 44C(3C) of the Aviation Act (as amended by
this Part) applies in relation to a RACA security program if the program is given to a
regulated cargo agent under the regulations after the commencement of this item.
563. Subitem 66(2) provides that or the purposes of this item, regulations means
regulations made under the Aviation Act.
564. The purpose and effect of item 66 is to provide for the application of amendments in
relation to RACA security programs.
80
Item 67 Application--AACA security programs
565. Item 67 deals with the application of amendments in relation to AACA security
programs.
566. Subitem 67(1) provides that subsection 44C(3D) of the Aviation Act (as amended by
this Part) applies in relation to an AACA security program if the program is given to an
accredited cargo agent under the regulations after the commencement of this item.
567. Subitem 67(2) provides that or the purposes of this item, regulations means
regulations made under the Aviation Act.
568. The purpose and effect of Item 67 is to provide for the application of amendments in
relation to AACA security programs.
Item 68 Application--security directions
569. Item 68 provides that the amendment of section 67 of the Aviation Act made by this
Part applies in relation to a special security direction given after the commencement of this
item.
570. The purpose and effect of Item 68 is to provide for the application of amendments in
relation to a special security direction given after commencement
Item 68A Application--request for further information
571. Item 68A provides that the amendments of section 19 of the Aviation Act made by
this Part apply in relation to a notice given under subsection 19(5) of that Act after the
commencement of this item.
572. The purpose and effect of Item 68A is to provide for the application of amendments in
relation to a notice given under subsection 19(5) of the Aviation Act.
Item 68B Application--deemed refusal of request for alterations of a transport security
program
573. Item 68B provides that the amendment of subsection 23A(7)(b) of the Aviation Act
made by this Part applies in relation to a request given by an aviation industry participant
after the commencement of this item.
574. The purpose and effect of Item 68A is to provide for the application of amendment in
relation to a request given by an aviation industry participant under section 23 of the Aviation
Act.
81
Part 2 Other amendments
Division 1 Amendments
Aviation Transport Security Act 2004
Item 69 Subsection 3(1)
575. This item amends subsection 3(1) to insert "and operational interference with
aviation" after the word "aviation".
576. Currently, subsection 3(1) provides that the main purpose of the Aviation Act is to
establish a regulatory framework to safeguard against unlawful interference with aviation.
577. The purpose and effect of this amendment is to extend the main purpose of the Act
described in subsection 3(1), to establish a regulatory framework to safeguard against
operational interference with aviation.
Item 70 Subsection 3(2)
578. This item amends subsection 3(2) to omit the word security where it first occurs.
579. Currently, subsection 3(2) operates to provide that to achieve the purpose specified in
subsection 3(1), the Aviation Act establishes minimum security requirements for civil
aviation in Australia by imposing obligations on persons engaged in civil aviation related
activities. In particular, it obliges certain aviation industry participants to develop, and
comply with, aviation security programs.
580. The effect and purpose of this amendment is to make clear that to achieve the main
purpose of the Aviation Act as amended by item 69 above, the minimum requirements
established by the Aviation Act for civil aviation in Australia are no longer solely in relation
to security.
Item 71 Section 4 (paragraph beginning "The Act establishes")
581. Section 4 is the simplified overview of the Aviation Act. This item amends the
introductory sentence of the simplified overview to add "and operational interference with
aviation" after the word "aviation". This amendment is consequential to the amendment made
by item 69 above.
582. The effect of this amendment is that the guidance offered to the reader in the
introductory sentence of the simplified overview is that the Aviation Act establishes a
number of mechanisms to safeguard against unlawful aviation and operational interference
with aviation.
82
Item 72 Section 4 (paragraph beginning "Part 2")
583. This item amends the paragraph in the simplified overview that gives guidance in
relation to Part 2 of the Aviation to add "and may also deal with safeguarding against
operational interference with aviation" after the word "operations". This amendment is
consequential to the amendment made by item 69 above.
584. The effect of this amendment is that the guidance offered to the reader in this
paragraph of the simplified overview provides that Part 2 requires aviation industry
participants to have in place approved transport security programs. Such programs must set
out how the participants will manage security for their operations and may also deal with
safeguarding against operational interference with aviation.
Item 73 Section 9
585. This item inserts new definitions in section 9 for "critical aviation industry
participant", "operational interference with aviation" and "relevant interference".
586. The term "critical aviation industry participant" is defined to have the meaning given
by section 10B, the term "operational interference with aviation" is defined to have the
meaning given by section 10B and the term "relevant interference" has the meaning given by
section 9E.
587. These new definitions act as signposts in the definition section for terms which are
defined or given meaning elsewhere. Section 9E is introduced by item 74 below, and section
10B is introduced by item 76 below.
Item 74 After Division 4A of Part 1
588. This item inserts new Division 4B in Part 1, which deals with the meaning of the term
"relevant interference" in relation to an asset.
Division 4B Relevant interference
Section 9E Meaning of relevant interference
589. New subsection 9E(1) gives the meaning for the term "relevant interference" in
relation to an asset, by providing that each of the following is a relevant interference with an
asset:
• interference (whether direct or indirect) with the availability of the asset;
• interference (whether direct or indirect) with the integrity of the asset;
• interference (whether direct or indirect) with the reliability of the asset;
• interference (whether direct or indirect) with the confidentiality of:
83
o information about the asset; or
o if information is stored in the asset--the information; or
o if the asset is computer data--the computer data.
590. The purpose and effect of subsection 9E(1) is to specify what types of interference
with an asset is "relevant interference".
591. New subsection 9E(2) gives the meaning for the term "relevant interference" with the
operation of an aviation industry participant, by providing that each of the following is a
relevant interference with the operation of an aviation industry participant:
• interference (whether direct or indirect) with the availability of the operation of
the participant;
• interference (whether direct or indirect) with the integrity of the operation of the
participant;
• interference (whether direct or indirect) with the reliability of the operation of the
participant;
• interference (whether direct or indirect) with the confidentiality of information
relating to the operation of the participant.
592. For instance, the relevant interference of a hazard on an asset could be an extreme
weather event (e.g. heatwave, severe storm) resulting in grounding of an airline's fleet. This
amounts to a 'relevant interference' because the availability of the air service has been
compromised, such that the public does not have access to air movements, or the frequency is
unreliable. This would lead to considerable disruption to interconnected networks that rely on
air cargo and air transport, impacting their integrity, reliability and availability.
593. The relevant interference of a ransomware attack on the systems of an airport operator
could have a relevant interference on the ability of the airport to operate or on the
confidentiality of the information stored by the airport operator.
594. The purpose and effect of subsection 9E(2) is to specify what types of interference
with the operation of an aviation industry participant is "relevant interference".
Item 75 After Division 5 of Part 1
595. Item 75 introduces a new Division 5A in Part 1 of the Aviation Act to deal with
operational interference with aviation.
84
Division 5A Operational interference with aviation
Section 10AA Meaning of operational interference with aviation
596. New section 10AA gives meaning for the term "operational interference with
aviation" for the purposes of the Aviation Act.
597. The effect of subsection 10AA(1) is that "operational interference" means
committing, or attempting to commit, an act that results in a relevant interference with the
operation of an aviation industry participant or an act that results in a relevant interference
with an asset that is used in connection with operation of an aviation industry participant; and
is owned or operated by an aviation industry participant.
598. Section 10AA also has the effect that "operational interference" also means the
occurrence of a hazard. This applies in circumstances where the hazard results in a relevant
interference with the operation of an aviation industry participant or in a relevant interference
with an asset that is used in connection with operation of an aviation industry participant; and
is owned or operated by an aviation industry participant.
599. The effect of subsection 10AA(2) is to make clear that unlawful interference with
aviation is not an "operational interference" and nor is lawful advocacy, protest, dissent or
industrial action.
600. The purpose of section 10AA is to make clear which events, actions or omissions are
"operational interference", and which are not.
Item 76 At the end of Part 1
601. Item 76 introduces a new Division 7 in Part 1 of the Aviation Act to deal with critical
aviation industry participants. Subsections 10B(1) to (5) deal with declaring specified
individual aviation industry participant as a critical aviation industry participant, and
subsections 10B(6) to (8) deal with declaring classes of aviation industry participants as
critical aviation industry participants.
602. New subsection 10B(1) has the effect of empowering the Minister with a discretion,
exercisable in writing, to declare a specified aviation industry participant as a critical aviation
industry participant for the purposes of the Aviation Act.
603. New subsection 10B(2) makes clear that a declaration made under subsection 10B(1)
is not a legislative instrument, which means that such a declaration is not a public document
and, because it is not a legislative instrument it would not be subject to disallowance and
would not be published on the Federal Register of Legislation.
604. New subsection 10B(3) has the effect that a declaration made under subsection
10B(1) cannot be made to specify a class of aviation industry participants.
85
605. New subsection 10B(4) has the effect of limiting the circumstances in which the
Minister can specify an aviation industry participant as a critical aviation industry participant.
In order to lawfully exercise the discretion in relation to an aviation industry participant, the
Minister must be satisfied that the participant is critical to the social or economic stability or
Australia or its people, the defence of Australia, or national security within the meaning of
the Security of Critical Infrastructure Act 2018. The Minister must also be satisfied that there
is a risk, in relation to the particular aviation industry participant, that may be prejudicial to
security within the meaning of the Australian Security Intelligence Organisation Act 1979.
606. New subsection 10B(5) has the effect of making it a requirement that, in exercising
the discretion to make a declaration the Minister must have regard to matters that are
specified in the regulations if any are, and other matters that the Minister considers relevant.
607. To ensure that the additional regulatory requirements to mitigate against operational
interference only apply to industry participants that if unable to operate would have a
detrimental impact to Australia's economic and social wellbeing, and the national security or
defence. This recognises the critical role that the aviation sector plays in Australia's key
supply chain network and economy.
608. New subsection 10B(6) has the effect of empowering the Minister with a discretion,
exercisable in writing, to declare a that each individual aviation industry participant in a class
of aviation industry participants is a critical aviation industry participant for the purposes of
the Aviation Act.
609. New subsection 10B(6) makes clear that a declaration made under subsection 10B(5)
is a legislative instrument, which means that such a declaration is a public document, is
subject to parliamentary scrutiny and disallowance and must be published on the Federal
Register of Legislation.
610. Similarly to subsection 10B(4), new subsection 10B(7) has the effect of limiting the
circumstances in which the Minister can specify a class of aviation industry participants as
critical aviation industry participants. In order to lawfully exercise the discretion in relation to
a class of aviation industry participants, the Minister must be satisfied that each aviation
industry participant in the class is critical to the social or economic stability or Australia or its
people, the defence of Australia, or national security within the meaning of the Security of
Critical Infrastructure Act 2018. The Minister must also be satisfied that there is a risk, in
relation to each aviation industry participant in the class, that may be prejudicial to security
within the meaning of the Australian Security Intelligence Organisation Act 1979.
611. For example should there be a shared criteria that critical aviation industry
participants share, it would be more transparent to have a declaration using the shared criteria
as the impetus for the instrument. This could include but is not limited to shared high-risk
activities, unique facilities, significant quantities of throughput etc.
86
612. Similarly to subsection 10B(5), new subsection 10B(8) has the effect of making it a
requirement that, in exercising the discretion to make a declaration the Minister must have
regard to matters that are specified in the regulations if any are, and other matters that the
Minister considers relevant.
Item 77 At the end of section 16
613. Item 76 introduces a new subsection (4) at the end of section 16, which deals with the
content of transport security programs, to provide that the regulations may prescribe matters
that relate to safeguarding against operational interference with aviation, and may prescribe
matters that must be dealt with in each transport security program for a critical industry
participant.
614. The purpose and effect of this amendment is to introduce a clear power to prescribe
matters in the regulations for safeguarding against operational interference with aviation.
New subsection 16(4) is consistent with, and expands on, existing subsection 16(3), which is
a power to prescribe matters in the regulations in relation to transport security programs for
each aviation industry participant or for types of participants or for classes of participants.
Item 78 After subsection 26C(1AA)
615. Item 78 introduces a new subsection 26C(1AB) to provide for a transport security
program that is given to an aviation industry participant under section 26B of the Aviation
Act.
616. New subsection 26C(1AB) has the effect that in those circumstances, a transport
security program may set out the activities or measures to be undertaken or implemented by
the participant under the transport security program for the purposes of safeguarding against
operational interference with aviation.
Item 79 Subsection 35(1)
617. This item amends subsection 35(1) to insert "or safeguarding against operational
interference with aviation" after the word "aviation". This amendment is required as a
consequence of the amendment made by item 69 above.
618. Currently, subsection 35(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with aviation, prescribe requirements in relation to
the airside area of a security-controlled airport.
619. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with aviation.
87
Item 80 Subsection 36(1)
620. This item amends subsection 36(1) to insert "or safeguarding against operational
interference with aviation" after the word "aviation". This amendment is required as a
consequence of the amendment made by item 69 above.
621. Currently, subsection 36(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with aviation, prescribe requirements in relation to
each type of airside security zone.
622. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with aviation.
Item 81 Subsection 36A(1)
623. This item amends subsection 36A(1) to insert "or safeguarding against operational
interference with aviation" after the word "aviation". This amendment is required as a
consequence of the amendment made by item 69 above.
624. Currently, subsection 36A(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with aviation, prescribe requirements in relation to
each type of airside event zone.
625. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with aviation.
Item 82 Subsection 37(1)
626. This item amends subsection 37(1) to insert "or safeguarding against operational
interference with aviation" after the word "aviation". This amendment is required as a
consequence of the amendment made by item 69 above.
627. Currently, subsection 37(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with aviation, prescribe requirements in relation to
the landside area of a security controlled airport.
628. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with aviation.
Item 83 Subsection 38(1)
629. This item amends subsection 38(1) to insert "or safeguarding against operational
interference with aviation" after the word "aviation". This amendment is required as a
consequence of the amendment made by item 69 above.
88
630. Currently, subsection 38(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with aviation, prescribe requirements in relation to
each type of landside security zone.
631. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with aviation.
Item 84 Subsection 38A(1)
632. This item amends subsection 38A(1) to insert "or safeguarding against operational
interference with aviation" after the word "aviation". This amendment is required as a
consequence of the amendment made by item 69 above.
633. Currently, subsection 38(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with aviation, prescribe requirements in relation to
each type of landside event zone.
634. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with aviation.
Item 85 Subsection 44C(1)
635. This item amends the chapeau of subsection 44C(1) to insert "or safeguarding against
operational interference with aviation" after the word "aviation". This amendment is required
as a consequence of the amendment made by item 69 above.
636. Subsection 44C(1) deals with the matters that may be prescribed in the regulations.
The effect of the amendment made by item 85 is that regulations may prescribe matters for
the purposes of both safeguarding against unlawful interference with aviation or for
safeguarding against operational interference with aviation.
Item 86 After paragraph 67(1)(b)
637. This item amends subsection 67(1), which permits the Secretary to give special
security declarations, to add two new paragraphs,(ba) and (bb) to provide for additional
circumstances in which the Secretary can give special security declarations if circumstances
arise that require additional security measures beyond those otherwise required under the
Aviation Act. This amendment is necessary as a consequence of the amendment made by
item 69, above, to permit special security directions to be given in relation to threats of
operational interference with aviation.
638. The effect of new paragraph 67(1)(ba) is that the Secretary may, in writing, direct that
additional security measures be taken or complied with if both a specific threat of operational
interference with aviation is made or exists and the Secretary is satisfied that giving a
direction under subsection 67(1) is an appropriate response to the threat.
89
639. The effect of new paragraph 67(1)(bb) is that the Secretary may, in writing, direct that
additional security measures be taken or complied with if there is an change in the nature of
an existing threat of operational interference with aviation and the Secretary is satisfied that
giving a direction under subsection 67(1) is an appropriate response to the threat.
640. Paragraphs 67(1)(ba) and (bb) are alternatives to each other and alternatives to
existing paragraphs 67(1)(a) and (b).
Item 87 After subsection 70(5)
641. This item amends section 70, which deals with when a special security declaration is
in force, to introduce a new subsection 70(5A) to provide that a special security direction
made under paragraph 67(1)(ba) must be revoked when the specific threat no longer exists.
642. This amendment is consistent with, and is intended to mirror, existing subsection
70(5) which provides for when a special security direction made under paragraph 67(1)(a)
must be revoked.
643. The purpose and effect of this amendment is to align with an existing revocation
provision and to provide for when a special security direction made under paragraph
67(1)(ba) must be revoked.
Item 88 Section 107A (before paragraph beginning "Certain")
644. This item amends the simplified outline for Part 6A introduced by item 47 above, to
insert a new introductory paragraph at the beginning of the outline.
645. The new paragraph provides that critical aviation participants are required to submit
periodic reports. As noted above, the simplified outline is intended to provide guidance to the
reader and is not intended to be comprehensive in relation to the content of Part 6A.
646. This amendment is required to cater for the introduction of a requirement critical
aviation participants are required to submit periodic reports.
Item 89 After section 107A
647. This item introduces new section 107AA to insert a mandatory requirement that for
critical aviation industry participants to submit periodic reports.
Section 107AA Critical aviation industry participants must submit periodic reports
648. New section 107AA is the mandatory reporting requirement for the relevant aviation
industry participant, and provides the scope for the application of section 107AA.
New subsection 107AA(1) - Scope
90
649. New subsection 107AA(1) provides the scope for application of section 107AA. In
particular, it provides that section 107AA applies if a transport security program was or is in
force for an aviation industry participant, an applicable reporting period for the transport
security program has ended, the transport security program was not given to the participant
by the Secretary under s26B of the Aviation Act, the transport security program includes a
security assessment, and the participant is in a class of aviation participant specified in the
regulations. The term "applicable reporting period" is defined in new subsection 107AA(5),
see further below.
650. The effect of subsection 107AA(1) is that the requirements provided for in section
107B will not apply unless the participant is in a class specified in the regulations and the
transport security program meets the criteria listed in paragraphs 107AA(1)(a) to (e).
New subsection 107AA(2)-(4) Periodic report
651. New subsections 107AA(2) to (4) provide the detail for the content of a periodic
report and for the imposition of the civil penalty.
652. New subsection 107AA(2) sets out the time frame in which a written report in the
approved form is required and the matters that the report must provide details on, including
setting out any matters specified in the regulations and, if there is a board, council or other
governing body - a statement from that body detailing the currency of the transport security
program and whether the program adequately addressed the requirements under Division 4 of
Part 2 at the end of the applicable reporting period.
653. The provision also includes a new civil penalty of 150 penalty units for failure to
submit the required report within the timeframe specified, which is 90 days after the
applicable reporting period.
654. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement, and is designed to deter non-compliance.
A failure to report on a review of a transport security plan may result in vulnerabilities in a
transport security plan not being identified, which represents a risk to aviation security.
655. The penalty value is consistent with other maximum penalties in relation to transport
security programs. As an example, under section 14 of the Aviation Act if an airport operator
fails to comply with their transport security program, they can be subject to a maximum
penalty of 200 penalty units. Only aviation industry participants that meet the criteria in
subsection 107AA(1) can be subject to the penalty, and not all aviation industry participants
or the general public. In the majority of cases aviation industry participants are corporations.
656. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with aviation by ensuring that the currency and adequacy of
a transport security program, and other specified matters, is reported on;
91
• the penalty for this offence is similar to, and does not exceed, others imposed
within the Aviation Act, and is commensurate with the risk to aviation security
that a failure to report on findings of regular reviews of a transport security
program report on findings and non-compliance with related requirements poses;
and
• it provides a necessary element of deterrence and incentive to comply whilst not
being a manifestly excessive penalty.
657. The purpose and effect of subsection 107AA(2) is to specify a timeframe for
mandatory reporting, and the matters to be included in the reports, for aviation industry
participants and to impose a penalty for non-compliance with the requirement to make a
report.
New subsection 107AA(3)
658. New subsection 107B(3) will act a limitation on the content that can be prescribed in
the Aviation Regulations under new paragraph 107AA(2)(b). It provides that a matter cannot
be prescribed in the Aviation Regulations in relation to 107AA(2)(b) unless it relates to
unlawful interference with aviation or safeguarding against unlawful interference with
aviation.
659. This limitation has the effect of precluding the Aviation Regulations prescribing any
other matters for the purposes of the mandatory reporting requirement.
New subsection 107AA(4)
660. New subsection 107AA(4) will act as a limitation on the use of the information
contained within a periodic report. It provides that the report cannot be used as evidence in
either a criminal proceeding for an offence against the Aviation Act; or in a civil proceeding
in relation to a contravention of a civil penalty provision of the Aviation Act, other than in
relation to section 107AA.
661. This amendment puts beyond doubt that information provided in their mandatory
reports by an aviation industry participant that was given a transport security program that
meets the criteria in subsection 107AA(1) will not be used as evidence in those proceedings.
It is intended to provide reassurance to aviation industry participants, and encourage full
disclosure in making a mandatory report under section 107AA.
New subsections 107AA(5)-(6)Applicable reporting period for a transport security program
662. New subsections 107AA(5) and (6) operate together to provide meaning for the
concept of the "applicable reporting period for a transport security program".
663. The intention is that critical aviation industry participants should be reporting on the
validity of their program every financial year (12 months).
92
664. Further, paragraph 107AA(5)(b) provides that in any other case, the applicable
reporting period is the period when the transport security program was in force.
665. For the avoidance of doubt, new subsection 107AA(6) makes clear that a day that
occurs before section 107AA commences, is not included in an applicable reporting period.
666. For example, if a transport security program is to be in force for two years, and comes
into force six months before section 107AA commences, the relevant reporting period is for
the 18 months the transport security program is in force after section 107AA commences.
667. Some 'itinerant' aircraft operators are given transport security programs under,
Section 26B of the Aviation Act, for two years, should there be a reason that the industry
participant is a critical aviation industry participant and must provide a report, the report
would be given at the end of the two-year period.
668. The purpose and effect of these subsections is to provide certainty to aviation industry
participants about when a reporting period does or does not apply in relation to a transport
security program, and how often a report must be made.
Item 90 Section 107B (heading)
669. This item inserts "(other than critical aviation industry participants)" after
"participants" in the heading of section 107B which deals with certain aviation industry
participants must submit periodic reports.
670. The purpose and effect of this amendment is to make clear that the requirements in
section 107B do not apply to critical aviation industry participants.
Item 91 Paragraph 107B(1)(a)
671. This item inserts "(other than critical aviation industry participants)" after
"participants" in paragraph 107B(1)(a).
672. The purpose and effect of this amendment is to make clear that the requirements in
paragraph 107B(1)(a) does not apply to critical aviation industry participants.
Item 92 At the end of subsection 107B(3)
673. This item inserts two new paragraphs in subsection 107B(3) to provide for additional
matters that may be specified in regulations made for the purposes of paragraph 107(2)(b).
674. The two new paragraphs 107B(4)(c) and (d) will expand on the limited matters that
can be prescribed in the Aviation Regulations under new paragraph 107B(2)(b).
675. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the Aviation Regulations in relation to 107B(2)(b) unless it relates to unlawful
interference with aviation or safeguarding against unlawful interference with aviation,
93
operational interference with aviation, or safeguarding against operational interference with
aviation.
676. These expanded circumstances have the effect of precluding the Aviation Regulations
prescribing any other matters for the purposes of the mandatory reporting requirement.
Item 93 At the end of subsection 107C(4)
677. This item inserts two new paragraphs in subsection 107C(4) to provide for additional
matters that may be specified in regulations made for the purposes of paragraph
107C(2)(a)(ii).
678. The two new paragraphs 107C(4)(c) and (d) will expand on the limited matters that
can be prescribed in the Aviation Regulations under new paragraph 107C(2)(a)(ii).
679. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the Aviation Regulations in relation to 107C(2)(a)(ii) unless it relates to
unlawful interference with aviation or safeguarding against unlawful interference with
aviation, operational interference with aviation, or safeguarding against operational
interference with aviation.
Item 94 At the end of subsection 107D(4)
680. This item inserts two new paragraphs in subsection 107D(4) to provide for additional
matters that may be specified in regulations made for the purposes of paragraph
107D(2)(a)(ii).
681. New subsection 107D(4) will expand on the limited matters that can be prescribed in
the Aviation Regulations under new paragraph 107D(2)(a)(ii).
682. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the Aviation Regulations in relation to 107D(2)(a)(ii) unless it relates to
unlawful interference with aviation or safeguarding against unlawful interference with
aviation, operational interference with aviation, or safeguarding against operational
interference with aviation.
Item 95 At the end of subsection 107E(4)
683. This item inserts two new paragraphs in subsection 107E(4) to provide for additional
matters that may be specified in regulations made for the purposes of paragraph
107E(2)(a)(ii).
684. New subsection 107E(4) will expand on the limited matters that can be prescribed in
the Aviation Regulations under new paragraph 107E(2)(a)(ii).
685. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the Aviation Regulations in relation to 107E(2)(a)(ii) unless it relates to
94
unlawful interference with aviation or safeguarding against unlawful interference with
aviation, operational interference with aviation, or safeguarding against operational
interference with aviation.
Item 96 At the end of subsection 107F(4)
686. This item inserts two new paragraphs in subsection 107F(4) to provide for additional
matters that may be specified in regulations made for the purposes of paragraph
107F(2)(a)(ii).
687. New subsection 107F(4) will expand on the limited matters that can be prescribed in
the Aviation Regulations under new paragraph 107F(2)(a)(ii).
688. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the Aviation Regulations in relation to 107F(2)(a)(ii) unless it relates to
unlawful interference with aviation or safeguarding against unlawful interference with
aviation, operational interference with aviation, or safeguarding against operational
interference with aviation.
Item 97 After paragraph 111(2)(d)
689. This item inserts a new paragraph 111(2)(da) in subsection 111(2) to provide for
additional kinds of information that may be prescribed by regulations made under
subsection 111(1).
690. The purpose and effect of new paragraph 111(2)(da) is that regulations made under
subsection 111(1) may prescribe information about activities undertaken, or to be undertaken,
at an airport for the purposes of safeguarding against operational interference with aviation;
as aviation security information.
Item 98 Paragraph 119(2)(b)
691. This item repeals and replaces paragraph 119(2)(b) to provide for circumstances
where it is necessary to make an enforcement order to safeguard against unlawful
interference with aviation; or safeguard against operational interference with aviation.
692. The effect of new paragraph 119(2)(b) is that the circumstances in which the
Secretary may exercise a discretion to make an enforcement order are expanded so that the
Secretary may only make an enforcement order if he or she reasonably believes that the
aviation industry participant named in the enforcement order has contravened the Aviation
Act, and to safeguard against unlawful interference with aviation, or safeguard against
operational interference with aviation.
693. The purpose of new paragraph 119(2)(b) is to expand the circumstances in which the
Secretary may exercise a discretion to make an enforcement order.
95
Item 99 Subsection 121(2)
694. This item amends subsection 121(2) to insert "or safeguarding against operational
interference with aviation" after the word "aviation". This amendment is required as a
consequence of the amendment made by item 69 above.
695. Currently, subsection 121(2) operates to provide that the Secretary must revoke the
enforcement order (after reviewing periodically under subsection 121(1)) unless he or she is
satisfied that the order is still needed to safeguard against unlawful interference with aviation.
696. The purpose and effect of this amendment is to make it mandatory for the Secretary to
revoke the enforcement order (after reviewing periodically under subsection 121(1)) unless
he or she is satisfied that the order is still needed to safeguard against unlawful interference
with aviation or safeguard against operational interference with aviation.
Item 100 Paragraph 121(3)(a)
697. This item amends paragraph 121(3)(a) to insert "or adequately safeguards against
operational interference with aviation" after the word "aviation". This amendment is required
as a consequence of the amendment made by item 69 above.
698. Currently, paragraph 121(3)(a) operates to provide that the Secretary must not vary
the enforcement order (after reviewing periodically under subsection 121(1)) unless he or she
is satisfied that the order as varied adequately safeguards against unlawful interference with
aviation.
699. The purpose and effect of this amendment is to make clear that the Secretary must not
vary the enforcement order unless he or she is satisfied that the order as varied adequately
safeguards against unlawful interference with aviation or adequately safeguards against
operational interference with aviation.
Division 2 Application provisions
Item 101 Application--transport security programs
700. This item inserts item 101, which is the application provision for Part 2 of Schedule 1
of the Bill.
701. Subitem 101(1) operates to provide for three circumstances in which the amendment
of section 16 of the Aviation Act made by Part 2 of Schedule 1 of the Bill applies in relation
to a transport security program for an aviation industry participant.
702. In effect, section 16 as amended applies in circumstances where:
• the participant gives the program to the Secretary under section 18 of the Aviation Act
after the commencement of this item; or
96
• the participant gives a copy of the program to the Secretary under section 22 of the
Aviation Act after the commencement of this item; or
• the participant gives the program to the Secretary in compliance with a notice that was
given under section 23 of the Aviation Act after the commencement of this item.
703. Subitem 101(2) operates to provide that, despite subitem 101(1), in determining, for
the purposes of sections 21, 23, 23A and 25 of the Aviation Act, whether a transport security
program adequately addresses the relevant requirements under Division 4 of Part 2 of
Aviation Act, an aviation industry participant should assume that the amendment of section
16 of the Aviation Act applies in relation to the program.
704. Subitem 101(3) operates to provide that the amendment of section 26C of the
Aviation Act made by this Part applies in relation to a transport security program if the
program is given to an aviation industry participant under section 26B of the Aviation Act
after the commencement of item 101.
705. The purpose of item 101is to provide both clarity and certainty to aviation industry
participants in relation to the circumstances in which the amendments to the relevant
provisions made in part 2 of Schedule 1 to the Bill will apply in relation to their transport
security program.
Schedule 2 Amendment of the Maritime Transport and Offshore Facilities Security
Act 2002
Part 1 General amendments
Division 1 Amendments
Maritime Transport and Offshore Facilities Security Act 2003
Item 1 Title
706. This item amends the title of the Maritime Act to omit "related" and substitute
"other". The long title will now read "An Act to safeguard against unlawful interference with
maritime transport and offshore facilities, and for other purposes. This amendment reflects
the expansion of the scope of the Maritime Act to include acts beyond unlawful interference
to the Maritime Act.
Item 2 Section 4 (after paragraph beginning "Part 9")
707. This item amends the Simplified Overview of the Maritime Act to insert a reference
to new Part 9A which is being inserted by item 90 in Part 1 of Schedule 2 to the Bill. Part 9A
deals with the submission of reports by maritime industry participants, ship operators and
offshore industry participants.
97
Item 3 Section 4 (after paragraph beginning "Part 10")
708. This item amends the Simplified Overview of the Maritime Act to insert a reference
to new Part 10A which is being inserted by item 92 of Part 1 of Schedule 2 to the Bill. Part
10A contains provisions dealing with the making of a record of, or the use or disclosure of,
protected information.
Item 4 Section 4 (paragraph beginning "Part 11")
709. This item amends the Simplified Outline of the Maritime Act to inserting a reference
to improvement notices in the paragraph relating to Part 11 of the Maritime Act. This reflects
the insertion of new Division 2A into Part 11 of the Maritime Act by item 96 of Part 1 of
Schedule 2 to the Bill, which deals with improvement notices.
Item 5 Subsection 6(1)
Item 6 At the end of section 6
710. Items 5 and 6 amend section 6 of the Maritime Act, which sets out the geographical
jurisdiction under the Criminal Code in relation to offences under the Maritime Act. Item 6
inserts new subsection 6(3) which provides that section 15.1 of the Criminal Code (extended
geographical jurisdiction-category A) applies to an offence against section 185G. This is the
narrowest form of extended jurisdiction under the Criminal Code.
711. New section 185G will be inserted by item 92 of Part 1 of Schedule 2 to the Bill and
contains the new offence in relation to the unauthorised use or disclosure of protected
information.
Item 7 Definitions
712. Item 1 of Schedule 1 to the Bill provides a number of definitions for terms that
facilitate the amendments being made to the Maritime Act being made by the Bill. A number
of terms are defined by reference to other acts, for terms defined in this manner it is intended
that the term in this Act has the meaning as it appears from time to time in the act referred to.
713. In this explanatory memorandum, those terms have been described according to how
they are defined in their individual acts at the time of the introduction of the Bill.
access
714. Access in relation to a computer program, means the execution of the computer
program. The purpose of this definition is to differentiate between instances in the Bill where
access has its ordinary meaning, and instances where its use relates to accessing a computer
program that is installed on a computer.
98
access to computer data
715. This definition has been separated into three paragraphs reflecting the different
methods data may be regarded as being accessed depending on how it is held. Paragraph (a)
provides that access to computer data means, in a case where the computer data is held in a
computer, the display of the data by the computer or any other output of the data from the
computer.
716. Paragraph (b) defines access to computer data to also mean, in the case where the
computer data is held in a computer, the copying or moving of the data to any other location
in the computer, another computer or a data storage device. Paragraph (c) also defines access
to computer data as meaning, in the case where the computer data is held in a storage device,
the copying or moving of the data to a computer or to another data storage device.
asset
717. The definition of "asset" is non-exhaustive and is intended to clarify the types of
physical and electronic things that can be considered to be an "asset". This is particularly
relevant for the definition of "critical infrastructure asset" at section 9 of the SOCI Act (see
items 22-29 of Schedule 1 to the Bill, below). The term "asset" is also used in the definition
of "critical infrastructure sector asset" at new section 8E of the Bill.
718. The use of "asset", including in the definition of "critical infrastructure asset" and
"critical infrastructure sector asset", may refer to individual components of infrastructure or a
collection of components of infrastructure, which while individually could be regarded as
assets, as a collection interact to provide, or support the provision of, a service or thing.
Commonwealth body
719. This term means a body established by a law of the Commonwealth.
computer
720. The meaning of "computer" is intended to capture all or parts of an individual
computer, a collection of computers that form a network or system, or any combination of
these. A "computer" has the capability to store or process data, or be used to monitor, control
or do anything else that is connected to the functioning of an asset. For example, a
Supervisory Control and Data Acquisition (SCADA) system is considered to be a
"computer".
99
computer data
721. Means any data held in a computer or a data storage device, irrespective of the form
in which that data exists.
connected
722. This term, in relation to equipment, includes connection otherwise than by means of
physical contact, for example, a connection by means of radio communication.
cyber security incident
723. This term is defined in the new section 10A of the Maritime Act.
data
724. "Data" is defined in a non-exhaustive manner to include information in any form.
data storage device
725. Means a thing (for example, a disk or file server) containing (whether temporarily or
permanently), or designed to contain (whether temporarily or permanently), data for use by a
computer.
electronic communication
726. Means a communication of information in any form by means of guided or unguided
electromagnetic energy.
evidential burden
727. In relation to a matter, this means the burden of adducing or pointing to evidence that
suggests a reasonable possibility that a matter exists or does not exist.
impairment of electronic communication to or from a computer
728. This term is defined non-exhaustively to include the prevention of any such
communication, and the impairment of any such communication on an electronic link or
network used by the computer, but does not include a mere interception of any such
communication. For example, this would include an action that disabled the ability for a
computer to connect with the internet, irrespective of whether that action involved access the
computer itself.
improvement notice
729. "Improvement notice" means a notice issued under subsection 187A(2) of the
Maritime Act.
100
lawful advocacy. protest, dissent or industrial action
730. The definition of "lawful advocacy, protest, dissent or industrial action" does not
include a cyber security incident. The term "cyber security incident" is defined in section 9B.
Item 8 Definition of maritime transport or offshore facility security incident
731. This item repeals
Item 9 Section 10
modification
732. "Modification" is defined in reference to two scenarios. In respect of computer data, it
means either the alteration or removal of the data or an addition to the data. In respect of a
computer program is means the alteration or removal of the program or an addition to the
program.
Item 10 Definition of national security
733. This item repeals the definition of national security. The scope of the protections
required to ensure maritime security has broadened and deepened and is no longer tied to
national security.
Item 11 Definitions
734. This item inserts further definitions relevant to the amendments in the Bill.
operation of a maritime industry participant
735. "Operation of a maritime industry participant" means the operation of the participant
in their capacity as a maritime industry participant.
operation of an offshore industry participant
736. "Operation of an offshore industry participant" means the operation of the participant
in their capacity as an offshore industry participant.
protected information
737. This term is defined as meaning the following types of information:
• information obtained by a person in the course of exercising powers or performing
duties or functions under the Maritime Act;
• information that is security compliance information, as defined in subsection 184(1) of
the Maritime Act;
101
• if a maritime security plan, ship security plan or an offshore security plan for a
maritime industry participant is inforce, information about that plan.
relevant impact
738. This term has the meaning given by the new section 10C of the Maritime Act.
technical assistance notice
739. This term has the same meaning as in Part 15 of the Telecommunications Act. At the
time of introduction of the Bill, the term was defined in that Act as meaning a notice that has
been issued under section 317L of the Telecommunications Act.
technical assistance request
740. This term has the same meaning as in Part 15 of the Telecommunications Act. At the
time of introduction of the Bill, the term was defined in that Act as meaning a request made
under paragraph 317G(1)(a) of the Telecommunications Act.
technical capability notice
741. This term has the same meaning as in Part 15 of the Telecommunications Act. At the
time of introduction of the Bill, the term was defined in that Act as meaning a notice given
under section 317T of the Telecommunications Act.
test weapon
742. A test weapon is a weapon of a kind that is a replica or an imitation of another
weapon. This term is relevant to new provisions in the Maritime Act that will allow a
maritime security inspector to test a security system (see items 52, 56 and 61 below)
unauthorised access, modification or impairment
743. Has the meaning given by the new section 10B of the Maritime Act
Item 12 After Division 4 of Part 1
744. Item 5 inserts a new Division 4A into the Maritime Act. This new Division deals with
defining terms relevant to cyber security incidents.
Division 4A Cyber Security Incidents
Section 10A Meaning of cyber security incident
745. New section 10A defines the term "cyber security incident". Under the amendments
made by the Bill, there will be obligations for certain maritime industry participants in
relation to such incidents.
102
746. This section provides that a cyber security incident is one or more acts, events or
circumstances involving any of the following:
• unauthorised access to computer data or a computer program (paragraph (a))
• unauthorised modification of computer data or a computer program (paragraph (b)),
• unauthorised impairment of electronic communication to or from a computer
(paragraph (c)), or
• unauthorised impairment of the availability , reliability, security or operation of a
computer, computer data or a computer program (paragraph (d)).
747. Some common examples of a cyber security incident include:
• Malware - Any software intentionally designed to cause damage to a computer,
server, client, or computer network. A wide variety of malware types exist, including
computer viruses, worms, trojan horses, ransomware, spyware, adware, and others.
• Phishing - Fraudulent attempts to obtain sensitive information or data, such as
usernames, passwords and credit card details, by disguising communications (through
emails and other formats) as trustworthy.
• Denial of service - This form of attack is where a perpetrator seeks to make a machine
or network resource unavailable to its intended users by temporarily or indefinitely
disrupting services. Denial of service is typically accomplished by flooding the
targeted machine or resource with superfluous requests in an attempt to overload
systems and prevent some or all legitimate requests from being fulfilled.
• Cross-site scripting - This is where an attacker injects malicious scripts into otherwise
benign and trusted websites. The victim's web browser executes those scripts thinking
they are legitimate, allowing the attacker to bypass the victim's access controls.
Section 10B Meaning of unauthorised access, modification or impairment
748. New section 10B provides the definition for "unauthorised access, modification or
impairment". Under subsection (1) of this definition, the following conduct is unauthorised if
the person is not entitled to cause that access, modification or impairment:
• access to computer data or a computer program (paragraph (a))
• modification of computer data or a computer program (paragraph (b))
• impairment of electronic communications to or from a computer (paragraph (c)), or
• the impairment of the availability, reliability, security or operation of a computer,
computer data or a computer program (paragraph (d)).
103
749. For the conduct to be unauthorised, it must have occurred without authority,
irrespective of whether that authority is drawn from for example, legislation or contractual
arrangements.
750. Subsection (2) provides that it is immaterial if the person can be identified or not.
Subsection (3) provides circumstances in which a person is entitled to cause the access,
modification or impairment. Paragraph (3)(b) provides that if the person does so under the
following circumstances, they were entitled to do so:
• under a warrant issued under a law of the Commonwealth, a State or a Territory
(subparagraph (i))
• under an emergency authorisation given to the person under Part 3 of the Surveillance
Devices Act 2004 or under a law of a State or Territory that makes provision to
similar effect (subparagraph (ii))
• under a tracking device authorisation given to the person under section 39 of the
Surveillance Devices Act 2004 (subparagraph (iii))
• in accordance with a technical assistance request (subparagraph (iv))
• in compliance with a technical assistance notice (subparagraph (v)), or
• in compliance with a technical capability notice (subparagraph (vi)).
Section 10C Meaning of relevant impact
751. New section 10C defines the term "relevant impact" in relation to a cyber security
incident on an asset. The term is used in connection with the defining a cyber security
incident as an instance of unlawful interference.
752. As an example, an impact on customer service or the quality of the service being
provided will not necessarily be regarded as a relevant impact unless it also impacts the
availability, integrity, reliability or confidentiality of information about the asset.
753. The relevant impact may be direct or indirect. This is intended to focus the definition
on the result of the cyber security incident rather than its source, emphasizing the all hazards
approach taken under the Bill. The section provides that the relevant impact of a cyber
security incident on an asset is the impact (whether direct or indirect) of the cyber security
incident on:
• the availability of the asset (paragraph (a))
• the integrity of the asset (paragraph (b))
• the reliability of the asset (paragraph (c)), or
104
• the confidentiality of information about the asset, information stored in the asset an
computer data (paragraph (d)).
Item 13 Subsection 11(1)
754. Section 11 of the Maritime Act specifies the actions when done without lawful
authority that are an unlawful interference with maritime transport or offshore facilities. This
item will amend subsection 11(1) so that this provision applies where the specified actions
are attempted to be done.
Item 14 Paragraph 11(1)(g)
755. Paragraph 11(1)(g) specifies the action of putting the safety of ships at risk by
interfering with, damaging or destroying navigational aids, communications systems or
security systems. This item will amend paragraph 11(1)(g) to include a reference to "other
systems".
Item 15 Paragraph 11(1)(h)
Paragraph 11(1)(h) specifies the action of putting the safety of ships at risk by
communicating false information. This item will amend paragraph 11(1)(h) by omitting the
reference to "false" so that this paragraph will apply in relation to the communication of any
information.
Item 16 At the end of section 11
756. This item will add new subsection 11(3), which will specify the circumstances in
which a cyber security incident will be an unlawful interference with maritime transport or
offshore facilities.
Item 17 After subsection 22(3)
757. Section 22 sets out the circumstances in which the Secretary may declare that
maritime security level 3 or 4 is in force for certain places, persons or operations, or a
regulated foreign ship. However, such a declaration must not be made unless it is appropriate
for it be put into place because a heightened risk to maritime transport or offshore facilities
has been identified. This item will insert new subsection 22(3A) which provides that a
heightened risk to maritime transport or offshore facilities may involve a cyber security
incident. However, new subsection 22(3B) will make it clear that new subsection 22(3A)
does not limit subsection 22(3).
Item 18 Subsection 33(1)
758. Section 33 of the Maritime Act enables the Secretary to direct, in writing, that
additional security measures be implemented or complied with. Currently it provides that the
Secretary must not make such a direction unless:
105
• it is appropriate to do so because an unlawful interference with maritime transport or
offshore facilities is probable or imminent(paragraph 33(3)(a)); or
• a national emergency declaration (within the meaning of the National Emergency
Declaration Act 2020) is in force, and the Secretary is satisfied that additional security
measures are appropriate to support the national emergency declaration (paragraph
33(3)(b)).
759. The Maritime Act differs from the Aviation Act as it does not include the option of
issuing a security direction if there is a "change in the nature of an existing general threat.
Similar to the Aviation Act however it is currently only the circumstance in paragraph
33(3)(b) (in relation to a declaration of a national emergency) that includes a threshold for the
use of this direction power. It requires that the Secretary be satisfied that additional security
measures are appropriate to support the national emergency declaration.
760. This item amends subsection 33(1) to align it with the circumstances listed in section
67 of the Aviation Act and include a threshold for the use of the direction power in all of the
circumstances listed in the subsection. By aligning the requirements for the issuing of a
security direction between the Aviation and Maritime Acts, a consistent, streamlined and
clear administrative process will be created.
761. In addition to adding a threshold for each of the circumstances, this item would
amend the subsection to provide that not only may the Secretary may direct that things be
done they may also provide that thing not be done. This will provide the Secretary the
flexibility to request an industry participant implements extra measures or ceases undertaking
measures to ensure the continued security of the industry participant. For example, should
threat information be received that hints as vulnerabilities in existing security practices, the
Secretary would be able to issue a security direction requesting an industry participant stops
using that security measure while the vulnerability exists.
762. Subsection 33(1) as amended would provide that the Secretary may give a direction
under subsection 33(1) if:
• a specific threat of unlawful interference with maritime transport of offshore facilities
is made or exists and the Secretary is satisfied that giving a direction is an appropriate
response to the threat (paragraph (a));
• there is a change in the nature of an existing general threat of unlawful interference
with maritime transport and offshore facilities and the Secretary is satisfied that the
giving of a direction is an appropriate response to the threat (paragraph (b)); or
• a national emergency declaration (within the meaning of the National Emergency
Declaration Act 2020) is in force, and the Secretary is satisfied that the giving of a
direction is appropriate to support the national emergency declaration (paragraph (c)).
106
763. Subsection 33(1) as amended would also provide that the Secretary may direct, in
writing, that a specified act or thing be done (paragraph (d)), or not be done (paragraph (e)).
764. This is an extraordinary power, which is used as a last resort to respond to a specific
threat, that goes beyond the bounds of the current legislation and what industry has in place
under the Maritime Security Level measures. For example, if a port is facing a probably or
imminent attack that cannot be adequately addressed by the security controls in their security
plan, the Secretary could issue a security direction to ensure the port could address the threat.
While security directions have not been used to date under the Maritime Act, their Aviation
Act equivalent were utilised in the wake of operational SILVES to uplift the baseline of
aviation security screening nationally as a response to an increased terrorist threat.
Item 19 Subsection 33(3)
765. This item is repealing subsection 33(3) Maritime Act, this is consequential to the
change to section 33(1) of the Maritime Act. This subsection will no longer be necessary
following the amendments under item 20 above.
Item 20 Paragraph 37(3)(c)
766. This item amend paragraph 33(3)(c) to omit the reference to paragraph 33(3)(b) and
substitutes a reference to paragraph 33(1)(c) a consequence of the amendments to section 33
above.
Item 21 Subsection 38(1)
767. This item repeals and substitutes subsection 38(1), which deals with the revocation of
security directions. New subsection 38(1) provides that the Secretary may by writing revoke a
security direction. New subsection 38(1A) provides that a security direction covered by new
paragraph 33(1)(a) must be revoked when the specific threat no longer exists.
Maritime Security Plans, Ship Security Plans and Offshore Security Plans
768. The Bill proposes to amend the Maritime Act to allow the Secretary to give a
maritime security plan, a ship security plan or an offshore security plan to an industry
participant. In practice, a participant would be given a plan if the risk environment is
appropriate to do so and may cover one or all of the maritime industry participants operations
if deemed appropriate to do so. Risk assessments are informed by intelligence and the
characteristics of industry participants, such as: location; proximity to iconic or critical
infrastructure; or the types of services provided.
769. This approach recognises the different level of risk and the disproportionately high
costs for lower risk industry participants. It will uphold security outcomes while reducing
costs to industry.
107
770. Lower risk industry participants can direct their resources towards implementing and
maintaining robust security measures, and meeting the plan requirements, rather than
documenting their security measures for the Government.
Item 22 At the end of section 41
771. This item adds a new paragraph to the Simplified Outline to Part 3 of the Maritime
Act that refers to maritime security plans that may be given by the Secretary under new
Division 6 of Part 3 (to be inserted by item 31 below).
Item 23 Before section 47
This item inserts new section 46A in Division 4 of Part 3, and provides that Division 4
applies to maritime security plans other than those given by the Secretary under new Division
6. Item 24 After paragraph 47(1)(a)
772. This item inserts two new paragraphs into subsection 47(1) to insert two new
requirements that must be included in a plan given under Division 4, being how will a
participant address the results of a security assessment in the plan, and how will a participant
respond to maritime security incidents
Item 25 Before section 50
This item inserts new section 49A in Division 5 of Part 3 and provides that the Division
applies to such plans other than those given by the Secretary under new Division 6.
Item 26 Subsection 51(6)
773. This item repeals and substitutes subsection 51(6) to set out new requirements in
relation to responding to a request by the Secretary for specified information relevant to the
approval of a maritime security plan.
Item 27 Paragraph 51(7)(b)
774. This item repeals and substitutes paragraph 51(7)(b) to amend the factors that
determine the end of the consideration period for the purposes of subsection 51(5), which
relates to the power of the Secretary to request specified information.
Item 28 Subsection 52A(9)
775. This item repeals and substitutes subsection 52A(9) to set out new requirements in
relation to responding to a request by the Secretary for specified information relevant to a
variation to a maritime security plan.
108
Item 29 Paragraph 52A(10)(b)
776. This item repeals and substitutes paragraph 52A(10)(b) to amend the factors that
determine the end of the consideration period for the purposes of subsection 52A(8), which
relates to the power of the Secretary to request specified information.
Item 30 At the end of Division 5 of Part 3
Section 59AA Reviewing maritime security plans
777. This item inserts new section 59AA which provides that if a maritime security plan
for a participant is in force, and the plan was not given under section 59A, the participant
must review the plan on a regular basis. Failure to comply attracts a civil penalty of 200
penalty units.
Item 31 At the end of Part 3
778. This items inserts new Division 6 in Part 3, headed "Maritime Security Plans given by
the Secretary". This item inserts new sections 59A, 59B, 59C, 59D, 59G and 59G,
Division 6 Maritime security plans given by the Secretary
Section 59A Secretary may give participants a maritime security plan
779. New section 59A provides that the Secretary may, by written notice, give a maritime
security plan to a maritime industry participant referred to subsection 42(1) of the Act. This
section also provides that the Secretary may only give a participant a plan where it is
appropriate to do so, taking into account existing circumstances as they relate to maritime
security.
780. The decision by the Secretary to give an industry participant a maritime security plan
under new section 59A will be reviewable by the Administrative Appeals Tribunal in
accordance with the new paragraph 201(d)(daa) (see item 99 below).
Section 59B Content of maritime security plans
781. New section 59B provides that a plan given by the Secretary must deal with any other
matter required to be dealt with in the program by regulations, and be appropriate for the
participant's operations or locations covered by the plan.
782. New section 59B also provides that the plan may include other specified matters,
including that it may include a security assessment for the participant's operation.
783. Section 59B also provides that the regulations may prescribe other matters that are to
be dealt with in a plan given by the Secretary under section 59A.
109
Section 59C When a maritime security plan is in force
784. New section 59C provides that a plan given by the Secretary to a maritime industry
participant comes into force at the time specified in the notice giving the plan. A plan
remains in force until the earliest of the following times: the time it ceases to be in force as
set out in the notice; the time it is replaced or the time it is cancelled.
Section 59D Relationship with Division 5
785. Section 59D provides that if a plan given under section 59A is in force, a participant
must not give the Secretary another plan under Division 5 unless the Secretary has given the
participant written permission to do so.
Section 59E Secretary may revise or cancel inadequate maritime security plan
786. New section 59E sets out when the Secretary may revise or cancel a plan given under
section 59A. The Secretary may give an maritime industry participant another plan or cancel
the existing plan where they are no longer satisfied that the existing plan is appropriate
because there has been a change in the circumstances that relate to, or could impact on
maritime security; or for some other reason.
787. A decision by the Secretary to cancel or to give an aviation industry participant a
revised plan will be reviewable by the Administrative Appeals Tribunal in accordance with
new paragraph 201(d)(dab) (see item 99 below).
Section 59G Cancelling maritime security plans on request
788. New section 59G provides that a maritime industry participant may request, in
writing, the Secretary to cancel a plan given under section 59A. The participant must set out
the reasons for making the request and the Secretary has 60 days to accept or refuse the
request. Should the Secretary not cancel or refuse to cancel the plan within that timeframe,
the Secretary is taken to have refused to cancel the plan.
789. Refusal by the Secretary to cancel the plan will be reviewable by the Administrative
Appeals Tribunal in accordance with new paragraph 201(d)(dac) (see item 99 below).
Item 32 Section 60 (after paragraph beginning "The approval")
This item adds a new paragraph to the Simplified Outline to Part 4 of the Maritime Act,
which deals with ship security plans and provides that the Secretary may give a ship security
plan to a ship operator for a regulated Australian ship under new Division 5A of Part 4.
Item 33 Before section 66
This item inserts new section 65A in Division 4 of Part 4 and provides that Division 4 applies
to ship security plans other than those given by the Secretary under new Division 5A.
110
Item 34 After paragraph 66(1)(a)
790. This item inserts two new paragraphs into subsection 66(1) to insert two new
requirements that must be included in a plan given under Division 4, being how will a ship
operator address the results of a security assessment in the plan, and how will a ship operator
respond to maritime security incidents
Item 35 Before section 69
791. This item inserts new section 68A into Division 5 of Part 4 and provides that the
Division applies to such plans other than those given by the Secretary under new Division
5A.
Item 36 Subsection 70(6)
792. This item repeals and substitutes subsection 70(6) to set out new requirements in
relation to responding to a request by the Secretary for specified information relevant to the
approval of a ship security plan.
Item 37 Paragraph 70(7)(b)
793. This item repeals and substitutes paragraph 70(7)(b) to amend the factors that
determine the end of the consideration period for the purposes of subsection 70(5), which
relates to the power of the Secretary to request specified information.
Item 38 Subsection 71A(8)
794. This item repeals and substitutes subsection 71A(8) to set out new requirements in
relation to responding to a request by the Secretary for specified information relevant to a
variation to a ship security plan.
Item 39 Paragraph 71A(9)(b)
795. This item repeals and substitutes paragraph 71A(9)(b) to amend the factors that
determine the end of the consideration period for the purposes of subsection 71A(7), which
relates to the power of the Secretary to request specified information.
Item 40 At the end of Division 5 of Part 4
Section 78AA Reviewing of security plans
796. This item inserts new section 78AA which provides that if a ship security plan for a
regulated Australian ship is in force, and the plan was not given under section 78A, the ship
operator must review the plan on a regular basis. Failure to comply attracts a civil penalty of
200 penalty units.
111
Item 41 After Division 5 of Part 4
797. This items inserts new Division 5A in Part 4, headed "Ship Security Plans given by
the Secretary". This item inserts new sections 78A, 78B, 78C, 78D and 78F,
Division 5A Ship security plans given by the Secretary
Section 78A Secretary may give ship operators a ship security plan
798. New section 78A provides that the Secretary may, by written notice, give a ship
security plan to a ship operator of a regulated Australian ship. The plan must relate to the
regulated Australian ship. This section also provides that the Secretary may only give a ship
operator such a plan where it is appropriate to do so, taking into account existing
circumstances as they relate to maritime security.
799. The decision by the Secretary to give an ship operator a ship security plan under new
section 78A will be reviewable by the Administrative Appeals Tribunal in accordance with
the new paragraph 201(d)(dad) (see item 99 below).
Section 78B Content of ship security plans
800. New section 78B provides that a plan given by the Secretary must deal with any other
matter required to be dealt with in the plan by regulations, and be appropriate for the
operations or locations covered by the plan.
801. New section 78B also provides that the plan may include other specified matters,
including that it may include a security assessment for the ship concerned.
802. Section 78B also provides that the regulations may prescribe other matters that are to
be dealt with in a plan given by the Secretary under section 78A.
Section 78C When a ship security plan is in force
803. New section 78C provides that a plan given by the Secretary to a ship operator comes
into force at the time specified in the notice giving the plan. A plan remains in force until the
earliest of the following times: the time it ceases to be in force as set out in the notice; the
time it is replaced or the time it is cancelled.
Section 78D Secretary may revise or cancel inadequate ship security plan
804. New section 78D sets out when the Secretary may revise or cancel a plan given under
section 78A. The Secretary may give an ship operator another plan or cancel the existing plan
where they are no longer satisfied that the existing plan is appropriate because there has been
a change in the circumstances that relate to, or could impact on maritime security; or for
some other reason. A decision by the Secretary to cancel or to give an ship operator a revised
plan will be reviewable by the Administrative Appeals Tribunal in accordance with new
paragraphs 201(d)(dad) and (dae) (see item 99 below).
112
Section 78F Cancelling ship security plan on request
805. New section 78F provides that a ship operator may request, in writing, the Secretary
to cancel a plan given under section 78A. The participant must set out the reasons for making
the request and the Secretary has 60 days to accept or refuse the request. Should the Secretary
not cancel or refuse to cancel the plan within that timeframe, the Secretary is taken to have
refused to cancel the plan.
806. Refusal by the Secretary to cancel the plan will be reviewable by the Administrative
Appeals Tribunal in accordance with new paragraph 201(d)(daf) (see item 99 below).
Item 42 At the end of section 100A
807. This item adds a new paragraph to the Simplified Outline to Part 5A of the Maritime
Act, which deals with offshore security plans and provides that the Secretary may give an
offshore security plan to an offshore industry participant under new Division 6 of Part 5A.
Item 43 Before section 100G
808. This item inserts new section 100FA in Division 4 of Part 5A and provides that
Division 4 applies to offshore security plans other than those given by the Secretary under
new Division 6.
Item 44 After paragraph 100G(1)(a)
809. This item inserts two new paragraphs into subsection 100G(1) to insert two new
requirements that must be included in a plan given under Division 4, being how will an
offshore industry participant address the results of a security assessment in the plan, and how
will a participant respond to maritime security incidents
Item 45 Before section 100J
810. This item inserts new section 100IA into Division 4 of Part 5A, and provides that the
Division applies to such plans other than those given by the Secretary under new Division 6.
Item 46 Subsection 100K(6)
811. This item repeals and substitutes subsection 100K(6) to set out new requirements in
relation to responding to a request by the Secretary for specified information relevant to the
approval of an offshore security plan.
Item 47 Paragraph 100K(7)(b)
812. This item repeals and substitutes paragraph 100K(7)(b) to amend the factors that
determine the end of the consideration period for the purposes of subsection 100K(5), which
relates to the power of the Secretary to request specified information.
113
Item 48 Subsection 100LA(9)
813. This item repeals and substitutes subsection 100LA(9) to set out new requirements in
relation to responding to a request by the Secretary for specified information relevant to a
variation to an offshore security plan.
Item 49 Paragraph 100LA(10)(b)
814. This item repeals and substitutes paragraph 100LA(10)(b) to amend the factors that
determine the end of the consideration period for the purposes of subsection 100LA(8), which
relates to the power of the Secretary to request specified information.
Item 50 At the end of Division 5 of Part 5A
Section 100TAA Reviewing offshore security plans
815. This item inserts new section 100TAA which provides that if an offshore security
plan for an offshore industry participant is in force, and the plan was not given under section
100TA, the industry participant must review the plan on a regular basis. Failure to comply
attracts a civil penalty of 200 penalty units.
816. The Guide was consulted when determining the amount of the civil penalty of 200
penalty units for failure to comply with this requirement. The penalty is a proportionate
response based on the infringement, and is designed to deter non-compliance. Failure to
regularly review a transport security plan may result in vulnerabilities in a transport security
plan not being identified, which represents a risk to aviation security.
817. The penalty value is consistent with other maximum penalties in relation to maritime
security plans in the maritime sector. As an example, under section 4 of the Maritime Act if a
port operator fails to comply with their maritime security plan, they can be subject to a
maximum penalty of 200 penalty units. It should also be noted that only maritime industry
participants can be subject to the penalty, and not the general public. In the majority of cases,
maritime industry participants are corporations.
818. The penalty value is also consistent with the relevant provision in the Security
Legislation Amendment (Critical Infrastructure Protection) Bill 2022, which this clause was
based off (Item 37, Section 30AE Review of critical infrastructure risk management
program).
Item 51 At the end of Part 5A
819. This item inserts new Division 6 in Part 5A, headed "Offshore Security Plans given
by the Secretary". This item inserts new sections 100TA, 100TB, 100TC, 100TD, 100TE and
100TG.
114
Division 6 Offshore security plans given by the Secretary
Section 100TA Secretary may give offshore industry participants an offshore
security plan
820. New section 100TA provides that the Secretary may, by written notice, give an
offshore security plan to an offshore industry participant. This section also provides that the
Secretary may only give a participant such a plan where it is appropriate to do so, taking into
account existing circumstances as they relate to maritime security.
821. The decision by the Secretary to give an offshore industry participant an offshore
security plan under new section 100TA will be reviewable by the Administrative Appeals
Tribunal in accordance with the new in accordance with new paragraph 201(d)(dag) (see item
99 below).
Item 42 At the end of section 100A
822. This item adds a new paragraph to the Simplified Outline to Part 5A of the Maritime
Act, which deals with offshore security plans and provides that the Secretary may give an
offshore security plan to an offshore industry participant under new Division 6 of Part 5A.
Section 100TB Content of offshore security plans
823. New section 100TB provides that a plan given by the Secretary must deal with any
other matter required to be dealt with in the plan by regulation, and be appropriate for the
operations or locations covered by the plan.
824. New section 100TB also provides that the plan may include other specified matters,
including that it may include a security assessment for the offshore industry participant's
operations.
825. Section 100TB also provides that the regulations may prescribe other matters that are
to be dealt with in a plan given by the Secretary under section 100TA.
Section 100TC When an offshore security plan is in force
826. New section 100TC provides that a plan given by the Secretary to an offshore
industry participant comes into force at the time specified in the notice giving the plan. A
plan remains in force until the earliest of the following times: the time it ceases to be in force
as set out in the notice; the time it is replaced or the time it is cancelled.
Section 100TD Relationship with Division 5
827. Section 100TD provides that if a plan given under section 100TA is in force, a
participant must not give the Secretary another plan under Division 5 of Part 5A unless the
Secretary has given the participant written permission to do so.
115
Section 100TE Secretary may revise or cancel inadequate offshore security plan
828. New section 100TE sets out when the Secretary may revise or cancel a plan given
under section 100TA. The Secretary may give an offshore industry participant another plan or
cancel the existing plan where they are no longer satisfied that the existing plan is appropriate
because there has been a change in the circumstances that relate to, or could impact on
maritime transport of offshore facility security, or for some other reason. A decision by the
Secretary to cancel or to give an ship operator a revised plan will be reviewable by the
Administrative Appeals Tribunal in accordance with new in accordance with new paragraph
201(d)(dag) and (dah) (see item 99 below).
Section 100TG Cancelling offshore security plans on request
829. New section 100TG provides that an offshore industry participant may request, in
writing, the Secretary to cancel a plan given under section 100TA. The participant must set
out the reasons for making the request and the Secretary has 60 days to accept or refuse the
request. Should the Secretary not cancel or refuse to cancel the plan within that timeframe,
the Secretary is taken to have refused to cancel the plan.
830. Refusal by the Secretary to cancel the plan will be reviewable by the Administrative
Appeals Tribunal in accordance with new paragraph 201(d)(dai) (see item 99 below).
Item 52 At the end of subsection 139(2)
831. Maritime security inspectors play a pivotal role in ensuring Australia's maritime
security systems remain resilient against terrorist attacks. These amendments in items 52 to
63 amend Division 2 of Part 8 of the Maritime Act to allow maritime security inspectors, as
part of their duties, to conduct compliance activities to assess if security obligations set out in
the Maritime Act are being met by the maritime industry. Covert testing of an maritime
industry participant's security system using items and methods that may be used in an attack
allows the Department and industry to probe for potential weak points in maritime security
arrangements, which a person intent on causing harm may wish to exploit.
832. This item amends subsection 139(2) of the Maritime Act to insert three additional
powers that a maritime security inspector may exercise in relation to security regulated ships
in order the determine if a person or ship is complying with the Maritime Act, or to
investigate a possible contravention of the Maritime Act.
Item 53 After subsection 139(2)
833. One of the new powers inserted by item 52 is the power to test a security system in a
restricted access area of a ship in accordance with any prescribed requirements. This items
inserts a provision to make it clear that this power cannot be exercised unless regulations
have been made prescribing requirements and the regulations are in force
116
834. This item also includes a new provision for the purposes of existing paragraph
139(2)(f), which contains a power to access documents or records relating to the ship. This
new provision will put beyond doubt that it is immaterial where an electronic record is held.
Item 54 At the end of section 139
835. This item inserts new subsection 139(4), which confers an immunity on a maritime
security inspector from civil or criminal liability under a law of the Commonwealth, a State
or a Territory in relation to the exercise of the new power to test a security system in a
restricted access area of a ship in accordance with any prescribed requirements. The
immunity applies where the exercise of the power is in good faith, does not seriously
endanger the health or safety of any person and does not result in significant loss of, or
serious damage to, property.
836. Under subsection 13.3 of the Criminal Code, in relation to criminal liability, the
defendant bears the evidential burden of proof in relation to this immunity. New subsection
139(5) will replicate this provision in relation to a civil proceeding.
837. Similarly to the Aviation Act, this will allow for maritime security inspectors to
conduct systems tests in the knowledge that they are not at risk of breaking other laws, such
as those relating the bomb hoaxes. This is as long as the maritime security inspector is
conducting the test in good faith, and the test does not seriously endanger the health or safety
of any person or result in significant loss of, or damage to, property.
Item 55 Paragraph 140(2)(a)
838. This item makes a minor amendment to paragraph 140(2)(a), which relates to the
exercise of powers under section 138 or 139 of the Maritime Act in the private living area of
a security regulated ship, to ensure consistency in the wording in subsection 140(2).
Item 56 At the end of subsection 140A(2)
839. This item amends subsection 140A(2) of the Maritime Act to insert three additional
powers that a maritime security inspector may exercise in in relation to security regulated
offshore facilities order the determine if a person or ship is complying with the Maritime Act,
or to investigate a possible contravention of the Maritime Act.
Item 57 After subsection 140A(2)
840. One of the new powers inserted by item 56 is the power to test a security system in a
restricted access area of an offshore facility in accordance with any prescribed requirements.
This items inserts a provision to make it clear that this power cannot be exercised unless
regulations have been made prescribing requirements and the regulations are in force
841. This item also includes a new provision for the purposes of existing paragraph
140A(2)(f), which contains a power to access documents or records relating to the offshore
117
facility. This new provision will put beyond doubt that it is immaterial where an electronic
record is held.
Item 58 At the end of section 140A
842. This item inserts new subsection 140A(4) which confers an immunity on a maritime
security inspector from civil or criminal liability under a law of the Commonwealth, a State
or a Territory in relation to the exercise of the new power to test a security system in a
restricted access area of an offshore facility in accordance with any prescribed requirements.
The immunity applies where the exercise of the power is in good faith, does not seriously
endanger the health or safety of any person and does not result in significant loss of, or
serious damage to, property.
843. Under subsection 13.3 of the Criminal Code, in relation to criminal liability, the
defendant bears the evidential burden of proof in relation to this immunity. New subsection
139(5) will replicate this provision in relation to a civil proceeding.
Item 59 Paragraph 140B(2)(a)
844. This item makes a minor amendment to paragraph 140B(2)(a) which relates to the
exercise of powers under section 138 or 140A of the Maritime Act in the private living area
of a security regulated offshore facility, to ensure consistency in the wording in subsection
140B(2).
Item 60 Paragraph 141(2)(f)
845. This item amends paragraph 141(2)(f) to extend its operation to a vehicle or vessel of
a maritime industry participant. This power allows a maritime security inspector to access
documents or records made or kept by a maritime industry participant. Extending its
operation to vehicles and vessels will make this power consistent with other powers under
subsection 141(2) exercisable by an inspector in relation to a maritime industry participant.
Item 61 At the end of subsection 141(2)
846. This item amends subsection 141(2) of the Maritime Act to insert three additional
powers that a maritime security inspector may exercise in in relation to maritime industry
participant order the determine if a person or ship is complying with the Maritime Act, or to
investigate a possible contravention of the Maritime Act.
Item 62 After subsection 141(2)
847. One of the new powers inserted by item 61 is the power to test a security system in a
place, vehicle or vessel under the control of a participant, or a residence from which the
participant operates, in accordance with any prescribed requirements. This items inserts a
provision to make it clear that this power cannot be exercised unless regulations have been
made prescribing requirements and the regulations are in force
118
848. This item also includes a new provision for the purposes of existing paragraph
141(2)(f), which contains a power to access documents or records relating to a participant.
This new provision will put beyond doubt that it is immaterial where an electronic record is
held.
Item 63 At the end of section 141
849. This item inserts new subsection 141(4) which confers an immunity on a maritime
security inspector from civil or criminal liability under a law of the Commonwealth, a State
or a Territory in relation to the exercise of the new power to test a security system in a place
vehicle or vessel under the control of a participant, or a residence from which a participant
operates, in accordance with any prescribed requirements. The immunity applies where the
exercise of the power is in good faith, does not seriously endanger the health or safety of any
person and does not result in significant loss of, or serious damage to, property.
850. Under subsection 13.3 of the Criminal Code, in relation to criminal liability, the
defendant bears the evidential burden of proof in relation to this immunity. New subsection
139(5) will replicate this provision in relation to a civil proceeding.
Item 64 At the end of Division 2 of Part 8
851. This item inserts new sections 145BA to 145BE into the Maritime Act to trigger the
exercise of additional powers under the Regulatory Powers Act and to make provisions in
relation to those powers.
Section 145BA Investigation powers
852. New section 145BA triggers the use of investigation powers under Part 3 of the
Regulatory Powers Act. Part 3 of the Regulatory Powers Act creates a framework for
gathering material that relates to a contravention of an Act, in this case the Maritime Act.
853. Noting that this Bill is introducing additional obligations to the robust regulatory
regime of which the Maritime Act is a part, it is important that the Secretary has appropriate
powers to investigate possible non-compliance with the Maritime Act. The triggering of the
investigation power under the Regulatory Powers Act provides an accepted baseline of
investigation powers to effectively fulfil their role.
New subsection 145BA(1) Provisions subject to investigation
854. New subsection (1) provides that a provision is subject to the investigation powers in
Part 3 of the Regulatory Powers Act if it is an offence against the Maritime Act. This
provision satisfies the requirement under section 38 of the Regulatory Powers Act that an
Act, in this case the Maritime Act, must specifically make provision subject to investigation
powers.
119
New subsection 145BA(2) Authorised applicant
855. New subsection (2) provides that the following persons are an authorised applicant in
relation to the provision mentioned in subsection (1):
• a maritime security inspector (paragraph (2)(a));
• an SES employee of the Department or an acting SES employee of the
Department (paragraph (2)(b)).
856. The note to subsection (2) identifies that the terms "SES employee" and "acting SES
employee" are defined in section 2B of the Acts Interpretation Act. This subsection satisfies
the requirement in section 41 of the Regulatory Powers Act that an authorised applicant is
identified as such, in the relevant Act.
New subsection 145BA(3) Authorised person
857. The new subsection (3) provides that a maritime security inspector is an authorised
person in relation to evidentiary material that relates to the provisions mentioned in
subsection (1). This subsection satisfies the requirement in section 42 of the Regulatory
Powers Act that an authorised person is only so if the Act, in this case the Maritime Act,
provides for them to be an authorised person.
New subsection 145BA(4) Issuing officer
858. This new subsection would provide that either a magistrate (paragraph (a)) or a judge
of a court that is a relevant court (paragraph (b)), is an issuing officer for the purposes of the
investigation powers under Part 3 of the Regulatory Powers Act. This subsection is satisfying
the requirement in section 44 of the Regulatory Powers Act. The requirement in section 44 of
the Regulatory Powers Act is that a person or class of persons is only an issuing officer if the
relevant Act, in this case the Maritime Act, identifies them as such.
New subsections 145BA(5)-(8) Relevant chief executive
859. Together the new subsections (5)-(8) satisfy the requirement in section 45 of the
Regulatory Powers Act that a person is a relevant chief executive if they are specified in the
relevant Act, in this case the Maritime Act. Subsection (5) provides that the Secretary is the
relevant chief executive in relation to the evidential material that relates to an offence against
the Maritime Act.
860. Together new subsections (6) and (7) enable the Secretary to delegate their powers as
relevant chief executive. Subsection (6) provides that the relevant chief executive may
delegate any of their powers and functions mentioned in subsection (7), to an SES employee
of the Department or an acting SES employee of the Department. Subsection (7) would
provide that the following powers can be delegated:
120
• powers under Part 3 of the Regulatory Powers Act in relation to evidential
material that relates to an offence against the Maritime Act; and
• powers that are incidental to the above powers.
861. Under the new subsection (8) the person to whom the Secretary's powers have been
delegated, must exercise those powers and functions in accordance with any directions of the
Secretary.
862. The delegation to SES employees is appropriate oversight across the various areas of
responsibility throughout the Australian Government and investigation matters.
New subsections 145BA(9) Relevant court
863. Subsection (9) is included for the purpose of section 46 of the Regulatory Powers Act,
and provides that Federal Court of Australia, the Federal Circuit Court of Australia and a
court of a State or Territory that has jurisdiction in relation to matters arising under the
Maritime Act are relevant courts.
New subsections 145BA(10) Person assisting
864. New subsection (10) triggers section 53 of the Regulatory Powers Act to provide that
an authorised person may be assisted, by another person, in exercising their Part 3
investigation powers. The subsection also requires that the person have appropriate skills and
expertise to assist the authorised person.
865. Maritime security inspectors currently do not have the expertise to conduct rigorous
compliance activities in regards to cyber security measures. This may mean that the
Department may hire specialist, or contract third party auditors to support the compliance
effort.
866. For Example, a person assisting a maritime security inspector may be required to use
specialised skills to access further secure locations within or on the premises (for example, a
safe or where access is through a locked door). In these situations, this provision means that a
maritime security inspector is able to have the assistance of another person with relevant
skills and experience in relation to such things. For example, a locksmith "person assisting",
as their skill and expertise may be required to assist a maritime security inspector who
encountered a locked cabinet or room, or an cyber security auditor expert could be required
for conducting a review or audit of an industry participant's systems.
New subsections 145BA(11) External territories
867. Subsection (11) confirms that the investigation powers under Part 3 of the Regulatory
Powers Act extend to the external Territories. This is necessary to align with the scope of the
Maritime Act.
121
New subsections 80A(12) Other powers not limited
868. This new subsection clarifies that this section does not, by implication, limit any other
power conferred by the Maritime Act. As an example, aviation security inspectors are
conferred a number of powers under section 139 of the Maritime Act. Triggering Part 3 of the
Regulatory Powers Act is in no way intended to limit the powers under section 139.
Section 145BB Persons to assist maritime security inspectors
869. Broadly speaking new section 145BB is being included to ensure that maritime
security inspectors will be appropriately assisted by the industry participant and their staff.
New subsection 145BB(1) Scope
870. Subsection (1) provides that if a person is a maritime industry participant or their
employee then a maritime security inspector may by written notice require the person to
provide them (the inspector) with specified assistance that is reasonably necessary to allow
them (the inspector) to exercise powers conferred on the them by the Maritime Act.
871. For example, if a piece of compliance information is available on a locked computer,
the maritime security inspector could direct a maritime industry participant to provide the
information. This will mean that the maritime security inspector does not have access to the
computer themselves. The purpose and effect of this amendment is to enable the smooth
operation of an investigation, by making it clear that a relevant industry participant and/or
their employees must comply with a written notice requiring specific assistance.
New subsection 145BB(2) Compliance with notice
872. Subsection (2) creates an offence for non-compliance with the requirement in
subsection (1). Specifically it provides that a person must comply with a notice under
subsection (1). Failure to comply may result in a civil penalty of up to 150 penalty units.
873. The Guide was considered with respect to framing this offence and penalty. In
considering that guidance, it was determined that the penalty imposed for non-compliance in
this matter be consistent with the approach taken for similar penalties imposed under the
Maritime Act.
874. The Guide was considered when determining the amount of this penalty. The penalty
is a proportionate response based on the infringement, and is designed to deter non-
compliance. A failure to comply with a notice may result in vulnerabilities in a transport
security plan not being identified, which represents a risk to aviation security.
875. The penalty value is consistent with other maximum penalties for non-compliance in
relation to complying with a notice.
122
New subsections 145BB(3)-(4) Liability
876. Subsections 145BB(3) and (4) operate to limit the liability of persons that provide
assistance as directed under subsection (1). Subsection (3) provides that a person is not liable
to an action or other proceeding for damages for or in relation to an act done or omitted in
good faith in compliance with subsection (1).
877. Subsection 145BB(4) provides that an officer, agent or an employee of a person is
also not liable to an action or other proceeding for damages for or in relation to an act done or
omitted in good faith in connection with an act done or omitted by the person mentioned in
subsection (3).
878. There is a requirement that the actions taken by the person in question be in good
faith. Included in the concept of good faith is an obligation to act reasonably and with fair
dealing.
879. For a maritime industry participant or a staff member, acting in good faith simply
requires them to undertake their best endeavours and not act dishonestly or in a way that
undermines or subverts the intended purpose, and not to act capriciously or arbitrarily. Acting
in good faith and in compliance with the Maritime Act should be such common practice for
maritime industry participants, that it should be an easily discharged matter.
Section 145BC Information gathering direction
880. New Section 145BC will be an information gathering power and will also include a
strict liability offence for failure to comply with an exercise of that power.
New subsection 145BC(1) Direction
881. Under subsection (1) if a:
• person is either a maritime industry participant or their employee (paragraph (a));
and
• a maritime security inspector has reason to believe the person has or is capable of
obtaining information that is reasonably necessary to allow the inspector to
exercise their powers (paragraph (b)).
882. Then the maritime security inspector may give that person a notice giving them a
direction to:
• give information to the security inspector (paragraph (c)); and
• do so within a period specified in the notice and in a manner also specified in the
notice (paragraph (d)).
123
883. The words "has or is capable of obtaining" in paragraph (b) have been used in
recognition of the fact that the person may not have certain information readily available. For
example if the industry participant uses an offsite secure document storage, that retains hard
copy documents, then it may not be that the industry participant "has" the information,
however they are "capable of obtaining" it. The use of these words also relates to information
in electronic form. It may be that the person utilises cloud technology to secure some of their
data rather than storing it on a device at a building from which they operate. As with the
example for hard copy documents it may not be that the person "has" the information,
however they are "capable of obtaining" it.
New subsections 145BC(2)-(3) Offence
884. Subsections (2) and (3) create a strict liability offence for failing to comply with a
notice issued under subsection (1). Under subsection (2) a person commits an offence if:
• they are given a notice under subsection (1);
• they then engage in conduct; and
• that conduct breaches the notice.
885. This offence would result in a maximum penalty of 45 Penalty units. Subsection (3)
provides that this is a strict liability offence. It should be noted that "engages in conduct" is
defined in the Maritime Act to have the same meaning as in the Criminal Code. Subsection
4.1(2) of the Criminal Code defines "engage in conduct" to mean to do an act, or omit to
perform an act.
886. In considering the Guide, imposing strict liability offences for non-compliance with
subsections 145BC(1) and (3) is appropriate in the circumstances because:
• the offences and their penalties each operate as a general deterrent to non-
compliance and as an incentive to comply with an improvement notice;
• the penalties for these offence are similar to others imposed within the Maritime
Act, and are commensurate with the risk to maritime security that non-compliance
poses;
• these penalties are reasonable penalties to impose, as they each have a necessary
element of deterrence whilst they are each not a manifestly excessive penalty for a
strict liability offence.
887. In consideration of the guidance within the Guide for offences of strict liability, it is
noted that, as strict liability applies to all of the physical elements of the offences:
• the absence of the element of fault in each offence is justified as it allows the
Government to maintain a robust sanctions system which acts as both a deterrent
against a person committing this type offence and as an incentive to comply;
124
• the offences are not punishable by imprisonment, and are not dependent upon a
subjective or community standard;
• the offences are punishable by a fine which do not exceed similar thresholds set
out in the Maritime act;
• there is a strong element of specific and general deterrence to the offences, and to
require proof of intention would undermine the effectiveness of this provision and
the purpose for which it was enacted as a means of safeguarding against unlawful
interference with maritime transport and offshore facilities;
• not engaging in conduct that breaches the improvement notice is similar to other
requirements to comply with notices given under the Maritime Act which is
common practice for maritime industry participants, that it should therefore be an
easily discharged matter;
• in these circumstances, penalising these persons in the absence of proof of fault is
appropriate to apply because giving an improvement notice is necessary to
safeguard against an unlawful interference with maritime transport and offshore
facilities, and engaging in non-compliant conduct poses a serious risk to maritime
transport and offshore facility security; and
• the defence of honest and reasonable mistake of fact is still available for
defendants under section 9.2 of the Criminal Code, outlined in Schedule 1 to
the Criminal Code.
New subsection 145BC(4) Other powers not limited
888. This new subsection clarifies that this section does not, by implication, limit any other
power conferred by the Maritime Act. As an example, maritime security inspectors are
conferred a number of powers under Division 2 of Part 8 of the Maritime Act. Triggering the
Part 3 investigation powers of the Regulatory Powers Act is in no way intended to limit the
powers under Division 2 of Part 8.
Section 145BD Self-incrimination
889. New section 145BD of the Maritime Act provides that an individual is not excused
from giving information under section 145BC even if that information might tend to
incriminate them. A note to subsection (1) indicates that a body corporate is not entitled to
claim the privilege against self-incrimination.
890. The privilege against self-incrimination only applies to natural persons and does not
extend to bodies corporate. This note is a reflection of the established common-law principle,
see for example Environment Protection Authority v Caltex Refining Co Pty Ltd (1993) 178
CLR 477 and Trade Practices Commission v Abbco Ice Works Pty Ltd (1994) 123 ALR 503.
125
891. Subsection (2) however limits how that information can be used in relation to the
person that provided it. Specifically it provides that the information given, giving the
information or any information document or thing obtained as a direct or indirect
consequence of giving the information, is not useable against the person in the following
proceedings:
• civil proceedings for the recovery of a penalty; or
• in criminal proceedings, other than a proceeding in relation to an offence against
137.1 or 137.2 of the Criminal Code that relates to the giving of the information.
892. Subsection 145BD(3) provides that if an individual would ordinarily be able to claim
the privilege against self-exposure to a penalty in relation to giving information under
section 145BC, the individual is not excused from giving information under that section on
that ground. A note to subsection (3) indicates that a body corporate is not entitled to claim
the privilege against self-exposure to penalty.
893. As above, the note is a reflection of the established common-law principle that the
privilege only applies to a natural person.
894. In this circumstance, the possibility that giving the information may lead to self-
incrimination does not excuse or exempt a person from giving it. It is acknowledged that
removing the privilege represents a serious loss of personal liberty for persons who are
subject to the requirement, however there is a clear public benefit in the removal of the
principle that outweighs the loss in safeguarding against unlawful interference with maritime
transport and offshore facilities and ensuring compliance of maritime industry participants
with regulatory obligations supports those safeguards.
895. It is appropriate to override the privilege against self-incrimination where its use
could seriously undermine the effectiveness of the maritime security regulatory scheme and
prevent the collection of information that may be relevant to safeguarding against unlawful
interference or other activities that may pose a risk to public confidence in maritime transport
security. Both are situations where overriding the privilege is absolutely necessary,
particularly where the use of that information is constrained.
896. However, the use of incriminatory information cannot be used against the person in
criminal proceedings other than an offence against section 137.1 or 137.2 of the Criminal
Code that relates to giving the information.
Section 145BE Persons assisting maritime security inspectors
897. Sections 138, 139, 140A and 141 of the Maritime Act provides for the powers of
maritime security inspectors. For example paragraph 140A(2)(f) provides that, in relation to
security regulated offshore facilities, a maritime security inspector may operate equipment on
the facility for the purposes of gaining access to a document or record relating to the facility.
126
898. New section 145BE will create the ability for a maritime security inspector to be
assisted by another person in the exercise of their powers under sections 138, 139, 140A and
141.
New subsections 145BE(1)-(2)Maritime Security inspectors may be assisted by other persons
899. New subsection (1) provides that a maritime security inspector may be assisted by
another person in the exercise of their powers under sections 138, 139, 140A and 141, so long
as that other person has appropriate skills and expertise to assist the aviation security
inspector.
900. A maritime security inspector exercising investigation powers may encounter an
unanticipated need for physical assistance or an unanticipated need for specialist assistance.
Situations where such assistance may be required include handling heavy or fragile objects,
discovery of dangerous or classified evidentiary material or specialised access to electronic
data from a computer server.
901. For Example, a person assisting a maritime security inspector may be required to use
specialised skills to access further secure locations within or on the premises (for example, a
safe or where access is through a locked door). In these situations, this provision means that
the maritime security inspector is able to have the assistance of another person with relevant
skills and experience in relation to such things. For example, a locksmith "person assisting",
as their skill and expertise may be required to assist a maritime security inspector who
encountered a locked cabinet or room, or an cyber security auditor expert could be required
for conducting a review or audit of an industry participant's systems.
902. Subsection (2) is clarifying that the term "person assisting" means a person referred to
in subsection (1).
New subsections 145BE(3)-(5) Powers of a person assisting
903. Subsection (3) makes clear that a person assisting a maritime security inspector may
exercise any of the powers under sections 138, 139, 140A and 141 of the Maritime Act (see
paragraph (3)(a)). Paragraph (3)(b) provides that the person assisting must exercise the power
in accordance with a direction that is given by the maritime security inspector.
904. It is not intended that the person assisting be able to devise their own course of action
in relation to the use of the powers under sections 138, 139, 140A and 141 of the Maritime
Act, or to use those powers for their own or some other purpose.
905. New subsection (4) clarifies that the action of a person assisting is for all intents and
purposes an action of the maritime security inspector. Subsection (5) is confirming that if a
direction under paragraph (3)(b) is given in writing, then that direction is not a legislative
instrument. Paragraph 8(6)(a) of the Legislation Act provides that if something is declared by
an Act, in this case it would be the Maritime Act as amended by this Bill, not to be a
legislative instrument then it is not a legislative instrument.
127
906. This is consistent with paragraph 8(6)(a) of the Legislation Act 2003 (Legislation
Act), which provides that if something is declared by an Act, in this case the Aviation Act,
not be a legislative instrument then it is not a legislative instrument.
907. In essence, a direction made under section 145BE does not determine the law or alter
the law's content, a direction merely applies section 145BE of the Aviation Act. Making clear
on the face of the legislation that a direction made under section 145BE is not a legislative
instrument has the effect that such a direction is not published on the Federal Register of
Legislation and is not subject to disallowance. A direction made under section 145BE may
have a direct link to safeguarding against an unlawful interference with aviation by detecting
an aviation industry participants" non-compliance with aviation security requirements.
908. It is imperative that all such directions remain out of the public domain so that no use
can be made of them by malicious actors.
Item 65 At the end of subsection 148(2)
909. This item introduces two new paragraphs, 148(2)(e) and (f), to expand the powers that
a duly authorised officer may exercise in operational areas of security-regulated ships
for the purposes of subsection 148(1) of the Maritime Act to determine whether a
person or a ship is complying with this Act.
910. New paragraphs 148(2)(e) and (f) have the operative effect that, in conjunction with
the powers in paragraphs 148(2)(a) to (d), a duly authorised officer may also operate
equipment in the operational area of a security regulated ship for the purposes of testing the
equipment; and connect equipment to equipment in the operational area of a security
regulated ship for the purposes of testing the last-mentioned equipment.
Item 66 After subsection 148(2)
911. This item introduces two new subsections, 148(2A) and (2B),to provide additional
context for existing paragraph148(2)(d), which empowers a duly authorised officer to operate
equipment in the operational area of a security regulated ship for the purposes of gaining
access to a document or record relating to the ship.
912. New subsection 148(2A) has the operative effect that, for the purposes of operating
equipment to access a document or a record, it is immaterial whether a document in
electronic form, or a record in electronic form, is held on a security regulated ship; or at a
place that is in Australia or outside Australia.
913. New subsection 148(2B) provides that new subsection (2A) is enacted for the
avoidance of doubt.
914. The purpose of the new subsections is to place beyond doubt that a duly authorised
officer has the power to operate equipment in the operational area of a security regulated ship
for the purposes of gaining access to a document or record relating to the ship, and that it is
128
immaterial whether a document in electronic form, or a record in electronic form, is held on a
security regulated ship; or at a place that is in Australia or outside Australia.
Item 67 At the end of subsection 148A(2)
915. This item introduces two new paragraphs, 148A(2)(f) and (g), to expand the powers
that a duly authorised officer may exercise in operational areas of security regulated offshore
facilities for the purposes of subsection 148A(1) of the Maritime Act to determine whether a
person or a ship is complying with this Act.
916. New paragraphs 148A(2)(f) and (g) have the operative effect that, in conjunction with
the powers in paragraphs 148A(2)(a) to (e), a duly authorised officer may also operate
equipment in the operational area of a security regulated offshore facility for the purposes of
testing the equipment; and connect equipment to equipment in the operational area of a
security regulated offshore facility for the purposes of testing the last-mentioned equipment.
Item 68 After subsection 148A(2)
917. This item introduces two new subsections, 148A(2A) and (2B),to provide additional
context for existing paragraph148(2)(d), which empowers a duly authorised officer to operate
equipment in the operational area of a security regulated offshore facility for the purposes of
gaining access to a document or record relating to the ship.
918. New subsection 148A(2A) has the operative effect that, for the purposes of operating
equipment to access a document or a record, it is immaterial whether a document in
electronic form, or a record in electronic form, is held on a security regulated offshore
facility; or at a place that is in Australia or outside Australia.
919. New subsection 148A(2B) provides that new subsection (2A) is enacted for the
avoidance of doubt.
920. The purpose of the new subsections is to place beyond doubt that a duly authorised
officer has the power to operate equipment in the operational area of a security regulated
offshore facility for the purposes of gaining access to a document or record relating to the
ship, and that it is immaterial whether a document in electronic form, or a record in electronic
form, is held on a security regulated offshore facility; or at a place that is in Australia or
outside Australia.
Item 69 Section 170
Section 170 Meaning of maritime transport or offshore facility security incident
921. This item repeals and replaces section 170 to provide that a threat of unlawful
interference with maritime transport or offshore facilities or an unlawful interference with
maritime transport or offshore facilities are each a "maritime transport or offshore facility
security incident".
129
922. Currently, section 170 links threats of unlawful interference with acts of terrorism.
923. The purpose and effect of this amendment is to remove the linkage to terrorist acts,
and to support the new main purpose of the Maritime Act.
Item 70 Paragraph 171(1)(a)
924. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 171(1)(a), which
deals with reporting requirements for maritime industry participants that are port operators.
925. This amendment has the effect of limiting the scope of the offence, by making clear
that a failure to report maritime transport or offshore facility security incidents that are not a
cyber security incident is an offence under paragraph 171(1)(a).
Item 71 At the end of section 171
926. This item introduces new reporting requirements for maritime industry participants
that are port operators. New subsections 171(4) and (5) will be inserted by this item, and they
include a new civil penalty.
927. New subsection 171(4) has the effect that if port operator becomes aware of a
maritime transport or offshore facility security incident that is a cyber security incident then
they must report the incident to the Secretary of the Department and the Australian Signals
Directorate; and they must report the security incident as soon as possible.
928. A failure to comply with this requirement may result in a civil penalty of 50 penalty
units. The Guide was considered when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement. The penalty is designed to deter non-
compliance with the obligation to report, as a failure to report a cyber security incident may
result in vulnerabilities in the maritime transport sector should cyber incidents security not
being identified.
929. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport;
• it has a necessary element of deterrence whilst not being a manifestly excessive
penalty which is similar to others imposed within the Maritime Act;
• an unreported cyber security incident is as commensurate with the risk to maritime
transport security that any other unreported unlawful interference with maritime
transport poses;
• the penalty applies only to an maritime industry participant that is an port operator
and not to the public at large.
130
930. New subsection 171(5) creates an exception to the requirement in subsection 171(4),
by providing that subsection (4) does not apply if the participant believes, on reasonable
grounds, that the person or body is already aware of the incident; or the participant has a
reasonable excuse.
931. The guiding note following subsection 171(5) reminds the reader that it is the
defendant that bears the evidential burden in relation to the matters in subsection (5). It also
refers the reader to section 96 of the Regulatory Powers Act. Broadly speaking, section 96 of
the Regulatory Powers Act provides that if a person in proceedings for a civil penalty, wishes
to rely on an exception or excuse provisions then they bear the evidential burden.
932. In the case of subsection 171(4), there is no criminal responsibility in relation to the
offence. If a defendant wishes to rely on the exception or excuse, the evidential burden can be
discharged if the defendant can adduce or point to evidence suggesting a reasonable
possibility of the existence of an exception or excuse. The defendant no longer bears the
evidential burden in relation to a matter if evidence sufficient to discharge the burden is
adduced. The note following subsection 171(5) is therefore not indicative of a reversal of the
evidential burden, and the legal burden remains on the prosecution.
Item 72 Paragraph 172(1)(a)
933. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 172(1)(a), which
deals with reporting requirements for maritime industry participants that are ship masters.
934. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 73 At the end of section 172
935. This item inserts new subsections 172(4) and (5), which introduce reporting
requirements for maritime industry participants that are ship masters. New subsection 172(4)
includes a new civil penalty.
936. New subsection 172(4) provides that if master of a security regulated ship or a ship
regulated as an offshore facility, becomes aware of a maritime transport or offshore facility
security incident that is a cyber security incident then they must report the incident to the
Secretary of the Department and the Australian Signals Directorate, and they must report the
security incident as soon as possible.
937. A failure to comply with this requirement may result in a civil penalty of 50 penalty
units. The Guide was considered when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement. The penalty is designed to deter non-
compliance with the obligation to report, as a failure to report a cyber security incident may
result in vulnerabilities in the maritime transport sector should cyber incidents security not
being identified. The penalty is appropriate in the circumstances because:
131
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport or offshore facilities;
• it has a necessary element of deterrence whilst not being a manifestly excessive
penalty which is similar to others imposed within the Maritime Act;
• an unreported cyber security incident is as commensurate with the risk to maritime
transport security that any other unreported unlawful interference with maritime
transport and offshore facilities poses;
• the penalty applies only to a maritime industry participant that is a master of a
security-regulated ship or a ship regulated as an offshore facility and not to the
public at large.
938. New subsection 172(5) creates an exception to the requirement in subsection 172(4),
by providing that subsection (4) does not apply if the participant believes, on reasonable
grounds, that the person or body is already aware of the incident; or the participant has a
reasonable excuse.
939. The guiding note following subsection 172(5) reminds the reader that it is the
defendant that bears the evidential burden in relation to the matters in subsection (5). It also
refers the reader to section 96 of the Regulatory Powers Act. Broadly speaking, section 96 of
the Regulatory Powers Act provides that if a person in proceedings for a civil penalty, wishes
to rely on an exception or excuse provisions then they bear the evidential burden.
940. In the case of subsection 172(4), there is no criminal responsibility in relation to the
offence. If a defendant wishes to rely on the exception or excuse, the evidential burden can be
discharged if the defendant can adduce or point to evidence suggesting a reasonable
possibility of the existence of an exception or excuse. The defendant no longer bears the
evidential burden in relation to a matter if evidence sufficient to discharge the burden is
adduced. The note following subsection 172(5) is therefore not indicative of a reversal of the
evidential burden, and the legal burden remains on the prosecution.
Item 74 Paragraph 173(1)(a)
941. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 173(1)(a).
942. This has the effect of limiting the requirement in the paragraph to reporting on
maritime transport or offshore facility security incidents that are not a cyber security incident.
Item 75 At the end of section 173
943. This item inserts new subsections 173(4) and (5), which introduce reporting
requirements for maritime industry participants that are ship operators for security regulated
ships. New subsection 173(4) includes a new civil penalty.
132
944. New subsection 173(4) provides that if a ship operator for a security-regulated ship
becomes aware of a maritime transport or offshore facility security incident that is a cyber
security incident then they must report the incident to the Secretary of the Department and the
Australian Signals Directorate, and they must report the security incident as soon as possible.
945. A failure to comply with this requirement may result in a civil penalty of 50 penalty
units. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement. The penalty is designed to deter non-
compliance with the obligation to report, as a failure to report a cyber security incident may
result in vulnerabilities in the maritime transport sector should cyber security incidents not
being identified. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport or offshore facilities;
• it has a necessary element of deterrence whilst not being a manifestly excessive
penalty which is similar to others imposed within the Maritime Act;
• an unreported cyber security incident is as commensurate with the risk to maritime
transport security that any other unreported unlawful interference with maritime
transport and offshore facilities poses;
• the penalty applies only to a maritime industry participant that is a ship operator
for a security-regulated ship and not to the public at large.
946. New subsection 173(5) creates an exception to the requirement in subsection 173(4),
by providing that subsection (4) does not apply if the participant believes, on reasonable
grounds, that the person or body is already aware of the incident; or the participant has a
reasonable excuse.
947. The guiding note following subsection 173(5) reminds the reader that it is the
defendant that bears the evidential burden in relation to the matters in subsection (5). It also
refers the reader to section 96 of the Regulatory Powers Act. Broadly speaking, section 96 of
the Regulatory Powers Act provides that if a person in proceedings for a civil penalty, wishes
to rely on an exception or excuse provisions then they bear the evidential burden.
948. In the case of subsection 173(4), there is no criminal responsibility in relation to the
offence. If a defendant wishes to rely on the exception or excuse, the evidential burden can be
discharged if the defendant can adduce or point to evidence suggesting a reasonable
possibility of the existence of an exception or excuse. The defendant no longer bears the
evidential burden in relation to a matter if evidence sufficient to discharge the burden is
adduced. The note following subsection 173(5) is therefore not indicative of a reversal of the
evidential burden, and the legal burden remains on the prosecution.
133
Item 76 Paragraph 174(1)(a)
949. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 174(1)(a), which
deals with reporting requirements for maritime industry participants that are port facility
operators.
950. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 77 At the end of section 174
951. This item inserts new subsections 174(4) and (5), which introduce reporting
requirements for maritime industry participants that are port facility operators. New
subsection 174(4) includes a new civil penalty.
952. New subsection 174(4) provides that if a port facility operator becomes aware of a
maritime transport or offshore facility security incident that is a cyber security incident then
they must report the incident to the Secretary of the Department and the Australian Signals
Directorate, and they must report the security incident as soon as possible.
953. A failure to comply with this requirement may result in a civil penalty of 50 penalty
units. The Guide was considered when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement. The penalty is designed to deter non-
compliance with the obligation to report, as a failure to report a cyber security incident may
result in vulnerabilities in the maritime transport sector should cyber security incidents not
being identified. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport;
• it has a necessary element of deterrence whilst not being a manifestly excessive
penalty which is similar to others imposed within the Maritime Act;
• an unreported cyber security incident is as commensurate with the risk to maritime
transport security that any other unreported unlawful interference with maritime transport
poses;
• the penalty applies only to an maritime industry participant that is a port facility
operator and not to the public at large.
954. New subsection 174(5) creates an exception to the requirement in subsection 174(4),
by providing that subsection (4) does not apply if the participant believes, on reasonable
grounds, that the person or body is already aware of the incident; or the participant has a
reasonable excuse.
134
955. The guiding note following subsection 174(5) reminds the reader that it is the
defendant that bears the evidential burden in relation to the matters in subsection (5). It also
refers the reader to section 96 of the Regulatory Powers Act. Broadly speaking, section 96 of
the Regulatory Powers Act provides that if a person in proceedings for a civil penalty, wishes
to rely on an exception or excuse provisions then they bear the evidential burden.
956. In the case of subsection 174(4), there is no criminal responsibility in relation to the
offence. If a defendant wishes to rely on the exception or excuse, the evidential burden can be
discharged if the defendant can adduce or point to evidence suggesting a reasonable
possibility of the existence of an exception or excuse. The defendant no longer bears the
evidential burden in relation to a matter if evidence sufficient to discharge the burden is
adduced. The note following subsection 174(5) is therefore not indicative of a reversal of the
evidential burden, and the legal burden remains on the prosecution.
Item 78 Paragraph 174A(1)(a)
957. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 174A(1)(a), which
deals with reporting requirements for maritime industry participants that are offshore facility
operators.
958. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 79 At the end of section 174A
959. This item inserts new subsections 174A(4) and (5), which introduce reporting
requirements for maritime industry participants that are offshore facility operators. New
subsection 174A(4) includes a new civil penalty.
960. New subsection 174A(4) provides that if an offshore facility operators becomes aware
of a maritime transport or offshore facility security incident that is a cyber security incident
then they must report the incident to the Secretary of the Department and the Australian
Signals Directorate, and they must report the security incident as soon as possible.
961. A failure to comply with this requirement may result in a civil penalty of 50 penalty
units. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement. The penalty is designed to deter non-
compliance with the obligation to report, as a failure to report a cyber security incident may
result in vulnerabilities in the maritime transport sector should cyber security incidents not
being identified. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport and offshore facilities;
135
• it has a necessary element of deterrence whilst not being a manifestly excessive
penalty which is similar to others imposed within the Maritime Act;
• an unreported cyber security incident is as commensurate with the risk to maritime
transport security that any other unreported unlawful interference with maritime
transport and offshore facilities poses;
• the penalty applies only to a maritime industry participant that is an offshore
facility operator and not to the public at large.
962. New subsection 174A(5) creates an exception to the requirement in subsection
174A(4), by providing that subsection (4) does not apply if the participant believes, on
reasonable grounds, that the person or body is already aware of the incident; or the participant
has a reasonable excuse.
963. The guiding note following subsection 174A(5) reminds the reader that it is the
defendant that bears the evidential burden in relation to the matters in subsection (5). It also
refers the reader to section 96 of the Regulatory Powers Act. Broadly speaking, section 96 of
the Regulatory Powers Act provides that if a person in proceedings for a civil penalty, wishes
to rely on an exception or excuse provisions then they bear the evidential burden.
964. In the case of subsection 174A(4), there is no criminal responsibility in relation to the
offence. If a defendant wishes to rely on the exception or excuse, the evidential burden can be
discharged if the defendant can adduce or point to evidence suggesting a reasonable
possibility of the existence of an exception or excuse. The defendant no longer bears the
evidential burden in relation to a matter if evidence sufficient to discharge the burden is
adduced. The note following subsection 174A(5) is therefore not indicative of a reversal of
the evidential burden, and the legal burden remains on the prosecution.
Item 80 Paragraph 175(1)(a)
965. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 175(1)(a), which
deals with reporting requirements for maritime industry participants that are offshore facility
operators.
966. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 81 After subsection 175(3)
967. This item inserts new subsections 175(4) and (5), which introduce reporting
requirements for maritime industry participants who have reporting requirements under the
Maritime Act. New subsection 175(4) includes a new civil penalty.
136
968. New subsection 175(4) provides that if an who have reporting requirements under the
Maritime Act becomes aware of a maritime transport or offshore facility security incident
that is a cyber security incident then they must report the incident to the Secretary of the
Department and the Australian Signals Directorate, and they must report the security incident
as soon as possible.
969. A failure to comply with this requirement may result in a civil penalty of 50 penalty
units. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement. The penalty is designed to deter non-
compliance with the obligation to report, as a failure to report a cyber security incident may
result in vulnerabilities in the maritime transport sector should cyber incidents security not
being identified. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport and offshore facilities;
• it has a necessary element of deterrence whilst not being a manifestly excessive
penalty which is similar to others imposed within the Maritime Act;
• an unreported cyber security incident is as commensurate with the risk to maritime
transport security that any other unreported unlawful interference with maritime
transport and offshore facilities poses;
• the penalty applies only to a maritime industry participant who has reporting
requirements under the Maritime Act and not to the public at large.
970. New subsection 175(5) creates an exception to the requirement in subsection 175(4),
by providing that subsection (4) does not apply if the participant believes, on reasonable
grounds, that the person or body is already aware of the incident; or the participant has a
reasonable excuse.
971. The guiding note following subsection 175(5) reminds the reader that it is the
defendant that bears the evidential burden in relation to the matters in subsection (5). It also
refers the reader to section 96 of the Regulatory Powers Act. Broadly speaking, section 96 of
the Regulatory Powers Act provides that if a person in proceedings for a civil penalty, wishes
to rely on an exception or excuse provisions then they bear the evidential burden.
972. In the case of subsection 175(4), there is no criminal responsibility in relation to the
offence. If a defendant wishes to rely on the exception or excuse, the evidential burden can be
discharged if the defendant can adduce or point to evidence suggesting a reasonable
possibility of the existence of an exception or excuse. The defendant no longer bears the
evidential burden in relation to a matter if evidence sufficient to discharge the burden is
adduced. The note following subsection 175(5) is therefore not indicative of a reversal of the
evidential burden, and the legal burden remains on the prosecution.
137
Item 82 Paragraph 176(1)(a)
973. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 175(1)(a), which
deals with reporting requirements for employees of maritime industry participants..
974. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 83 At the end of section 176
975. This item inserts new subsections 176(4) and (5), which introduce reporting
requirements for maritime industry participants who are employees of maritime industry
participants under the Maritime Act. New subsection 176(4) includes a new civil penalty.
976. New subsection 176(4) provides that if an employee of maritime industry participant
who has reporting requirements under the Maritime Act becomes aware of a maritime
transport or offshore facility security incident that is a cyber security incident then they must
report the incident to the Secretary of the Department and the Australian Signals Directorate,
and they must report the security incident as soon as possible.
977. A failure to comply with this requirement may result in a civil penalty of 50 penalty
units. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement. The penalty is designed to deter non-
compliance with the obligation to report, as a failure to report a cyber security incident may
result in vulnerabilities in the maritime transport sector should cyber security incidents not
being identified. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport and offshore facilities;
• it has a necessary element of deterrence whilst not being a manifestly excessive
penalty which is similar to others imposed within the Maritime Act;
• an unreported cyber security incident is as commensurate with the risk to maritime
transport security that any other unreported unlawful interference with maritime
transport and offshore facilities poses;
• the penalty applies only to an employee of maritime industry participant who has
reporting requirements under the Maritime Act and not to the public at large.
978. New subsection 176(5) creates an exception to the requirement in subsection 176(4),
by providing that subsection (4) does not apply if the participant believes, on reasonable
grounds, that the person or body is already aware of the incident; or the participant has a
reasonable excuse.
138
979. The guiding note following subsection 176(5) reminds the reader that it is the
defendant that bears the evidential burden in relation to the matters in subsection (5). It also
refers the reader to section 96 of the Regulatory Powers Act. Broadly speaking, section 96 of
the Regulatory Powers Act provides that if a person in proceedings for a civil penalty, wishes
to rely on an exception or excuse provisions then they bear the evidential burden.
980. In the case of subsection 176(4), there is no criminal responsibility in relation to the
offence. If a defendant wishes to rely on the exception or excuse, the evidential burden can be
discharged if the defendant can adduce or point to evidence suggesting a reasonable
possibility of the existence of an exception or excuse. The defendant no longer bears the
evidential burden in relation to a matter if evidence sufficient to discharge the burden is
adduced. The note following subsection 176(5) is therefore not indicative of a reversal of the
evidential burden, and the legal burden remains on the prosecution.
Item 84 Subsection 177(1)
981. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 177(1)(a), which
deals with reporting requirements for maritime industry participants who are port operators.
982. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 85 Subsection 178(1)
983. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 178(1)(a), which
provides the detail for reporting requirements for maritime industry participants that are ship
masters.
984. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 86 Subsection 179(1)
985. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 179(1)(a), which
deals with reporting requirements for maritime industry participants that are ship operators.
986. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 87 Subsection 179A(1)
987. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in paragraph 179A(1)(a), which
139
provides the detail for reporting requirements for maritime industry participants that are
offshore facility operators.
988. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 88 Subsection 180(1)
989. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in subsection 180(1), which
provides the detail for reporting requirements for maritime industry participants that are port
facility operators.
990. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 89 Subsection 181(1)
991. This item inserts the words "other than a cyber security incident" after the words
"maritime transport and offshore facility security incident" in subsection 181(1), which
provides the detail for reporting requirements for maritime industry participants who are
persons with reporting responsibilities
992. This has the effect of limiting the requirement in the paragraph to maritime transport
or offshore facility security incidents other than a cyber security incident.
Item 90 After Part 9
993. This item inserts a new Part 9A after the current Part 9 of the Maritime Act. Part 9A
will relate to reporting requirements for maritime industry participants, ship operators and
offshore industry participants.
Part 9A Reports by maritime industry participants, ship operators and
offshore industry participants
Section 182A Simplified outline of this Part
994. New section 182A will be the simplified outline for the new Part 9A. The first
paragraph will explain that certain maritime industry participants will be required to submit
periodic reports. The second paragraph provides that if a maritime industry participant has
been given a maritime security plan then the Secretary may require the participant to submit a
report
995. Paragraphs three and four note the same requirement as in paragraph two, but in
relation to ship operators and offshore industry participants.
140
Section 182B Certain maritime industry participants must submit periodic
reports
996. Section 182B provides that certain maritime industry participants must submit a
periodic report. The provision will also include a new civil penalty for failure to submit the
required report.
New subsection 182B(1) Scope
997. Subsection (1) provides the scope for application of section 182B. Particularly it
provides that section 182B applies if:
• a maritime security plan was or is in force for a maritime industry participant
(paragraph (a));
• an applicable reporting period for the maritime security plan has ended (paragraph
(b));
• the maritime security plan was not given to the participant by the Secretary under
section 59A of the Maritime Act (paragraph (c));
• the maritime security plan included or includes a security assessment (paragraph
(d)); and
• the participant is in a class of maritime participant specified in the regulations
(paragraph (e)).
998. The term "applicable reporting period" used in paragraph (b) above, is defined in new
subsection 182B(5). The effect of subsection (1) is that the requirements provided for in
section 182B will not apply unless the participant is in a class specified in the regulations and
the maritime security plan meets the criteria listed in paragraphs (a) to (d) above.
New subsection 182B(2)-(4) Periodic report
999. New subsections (2) to (4) provide the detail for the content of a periodic report and
for the imposition of the civil penalty.
1000. Subsection (2) provides that if section 182B applies, as provided for under subsection
(1), then the participant must, within 90 days of the applicable reporting period ending, give
the Secretary a report. Subsection (2) also provides that:
• the report must relate to the applicable reporting period (paragraph (a));
• the report must set out such matters (if any) that are in the Maritime Regulations
(paragraph (b));
141
• if the participant has a board or a council or some other type of governing body,
then the report must include a statement from the board, council or governing
body, that states that the maritime security plan was up to date
(subparagraph (c)(i)), or that the maritime security plan was not up to date
(subparagraph (c)(ii)) at the end of the reporting period;
• if the participant has a board or a council or some other type of governing body,
then the report must include a statement from the board, council or governing
body, that states that the maritime security plan adequately addressed
(subparagraph (d)(i)), or that it did not adequately address (subparagraph (d)(ii))
the requirements under Division 4 of Part 3 of the Maritime Act, at the end of the
reporting period; and
• the report is to be in the form that has been approved by the Secretary in writing.
1001. There is a civil penalty of 150 penalty units for failure to comply with these
requirements. The Guide was consulted when determining the amount of this penalty. The
penalty is a proportionate response based on the infringement, and is designed to deter non-
compliance. A failure to report on a review of a maritime security plan may result in
vulnerabilities in a maritime security plan not being identified, which represents a risk to
maritime transport and offshore facility security.
1002. The penalty value is consistent with other maximum penalties in relation to maritime
security plans, and aligns with penalties imposed in the maritime transport and offshore
facilities sector. As an example, under section 4 of the Maritime Act if a port operator fails to
comply with their maritime security plan, they can be subject to a maximum penalty of 200
penalty units.
1003. Only maritime industry participants that meet the criteria in subsection 182B(1) can
be subject to the penalty, and not all maritime industry participants or the general public. In
the majority of cases maritime industry participants are corporations.
1004. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport by ensuring that the currency and
adequacy of a maritime security plan, and other specified matters, is reported on;
• the penalty for this offence is similar to, and does not exceed, others imposed
within the Maritime Act, and is commensurate with the risk to maritime transport
security that a failure to report on findings of regular reviews of a maritime
security plan report on findings and non-compliance with related requirements
poses; and
142
• this is a reasonable penalty to impose, as it has a necessary elements of deterrence
and incentive to comply whilst not being a manifestly excessive penalty.
1005. New subsection 182B(3) will act as a limitation on the content that can be prescribed
in the Maritime Regulations under new paragraph 182B(2)(b). It provides that a matter
cannot be prescribed in the Maritime Regulations in relation to 182B(2)(b) unless it relates to
unlawful interference with maritime transport or offshore facilities or safeguarding against
unlawful interference with maritime transport or offshore facilities.
1006. New subsection 182B(4) will act as a limitation on the use of the information
contained within a periodic report. It provides that the report cannot be used as evidence in
either:
• a criminal proceeding for an offence against the Maritime Act; or
• in a civil proceeding in relation to a contravention of a civil penalty provision of
the Maritime Act (other than this section).
New subsections 182B(5)-(6) Applicable reporting period for a maritime security plan
1007. Together these new subsections provide the definition for "applicable reporting period
for a maritime security plan. The majority of maritime security plans are issued for a period
of 5 years. However there are circumstances in which a maritime security plan can be issued
for a period of less than 5 years. The intention is that, at a minimum, industry participants
should be reporting on their plan every two and a half years (30 months). This would mean
that the majority of participants would report half way through the validity period of their
plan, and again at the end of their plan.
1008. Paragraph (5)(a) provides that if a maritime security plan has been in force for at least
30 months (two and a half years) then the applicable reporting period is either:
• the 30 month period that began when the plan came into force; or
• the remainder of the period for which the plan is in force.
1009. Paragraph (5)(b) provides that in any other case, other than in paragraph (a), the
applicable reporting period is the period which the maritime security plan is in force.
1010. New Paragraph (5)(a) clarifies that a day that occurs before section 182B commences,
is not included in an applicable reporting period.
1011. For example, if a transport security program is to be in force for two years, and comes
into force six months before section 182B commences, the relevant reporting period is for the
18 months the transport security program is in force after section 182B commences.
143
1012. In effect, if a maritime industry participant has an approved maritime security plan for
two years, the industry participant must provide a report, the report would be given at the end
of the two year period.
1013. The purpose and effect of these subsections is to provide certainty to maritime
industry participants about when a reporting period does or does not apply in relation to a
transport security program, and how often a report must be made.
Section 182C Certain ship owners must submit periodic reports
1014. Section 182C provides that certain ship owners must submit a periodic report. The
provision will also include a new civil penalty for failure to submit the required report.
New subsection 182C(1) Scope
1015. Subsection (1) provides the scope for application of section 182C. Particularly it
provides that section 182C applies if:
• a ship security plan was or is in force for a ship operator (paragraph (a));
• an applicable reporting period for the ship security plan has ended (paragraph (b));
• the ship security plan was not given to the participant by the Secretary under
section 78A of the Maritime Act (paragraph (c));
• the ship security plan included or includes a security assessment (paragraph (d));
and
• the ship operator is in a class of ship operators specified in the regulations
(paragraph (e)).
1016. The term "applicable reporting period" used in paragraph (b) above, is defined in new
subsection 182C(5). The effect of subsection (1) is that the requirements provided for in
section 182C will not apply unless the ship operator is in a class specified in the regulations
and the ship security plan meets the criteria listed in paragraphs (a) to (d) above.
New subsection 182C(2)-(4) Periodic report
1017. New subsections (2) to (4) provide the detail for the content of a periodic report and
for the imposition of the civil penalty.
1018. Subsection (2) provides that if section 182C applies, as provided for under subsection
(1), then the ship operator must, within 90 days of the applicable reporting period ending,
give the Secretary a report. Subsection (2) also provides that:
• the report must relate to the applicable reporting period (paragraph (a));
144
• the report must set out such matters (if any) that are in the Maritime Regulations
(paragraph (b));
• if the ship operator has a board or a council or some other type of governing body,
then the report must include a statement from the board, council or governing
body, that states that the ship security plan was up to date (subparagraph (c)(i)), or
that the ship security plan was not up to date (subparagraph (c)(ii)) at the end of
the reporting period;
• if the ship operator has a board or a council or some other type of governing body,
then the report must include a statement from the board, council or governing
body, that states that the ship security plan adequately addressed
(subparagraph (d)(i)), or that it did not adequately address (subparagraph (d)(ii))
the requirements under Division 4 of Part 4 of the Maritime Act, at the end of the
reporting period; and
• the report is to be in the form that has been approved by the Secretary in writing.
1019. There is a civil penalty of 150 penalty units for failure to comply with these
requirements. The Guide was consulted when determining the amount of this penalty. The
penalty is a proportionate response based on the infringement, and is designed to deter non-
compliance. A failure to report on a review of a ship security plan may result in
vulnerabilities in a ship security plan not being identified, which represents a risk to maritime
transport security.
1020. The penalty value is consistent with other maximum penalties in relation to ship
security programs in the maritime sector.
1021. New subsection 182C(3) will act as a limitation on the content that can be prescribed
in the Maritime Regulations under new paragraph 182C(2)(b). It provides that a matter
cannot be prescribed in the Maritime Regulations in relation to 182C(2)(b) unless it relates to
unlawful interference with maritime transport or offshore facilities or safeguarding against
unlawful interference with maritime transport or offshore facilities.
1022. New subsection 182C(4) will act as a limitation on the use of the information
contained within a periodic report. It provides that the report cannot be used as evidence in
either:
• a criminal proceeding for an offence against the Maritime Act; or
• in a civil proceeding in relation to a contravention of a civil penalty provision of
the Maritime Act (other than this section).
New subsections 182C(5)-(6) Applicable reporting period for a ship security plan
1023. Together these new subsections provide the definition for "applicable reporting period
for a ship security plan. The majority of ship security plans are issued for a period of 5 years.
145
However, there are circumstances in which a ship security plan can be issued for a period of
less than or greater than 5 years. The intention is that, at a minimum, ship operators should be
reporting on their plan every two and a half years (30 months). This would mean that the
majority of ship operators would report half way through the validity period of their plan, and
again at the end of their plan.
1024. Paragraph (5)(a) provides that if a ship security plan has been in force for at least 30
months (two and a half years) then the applicable reporting period is either:
• the 30 month period that began when the plan came into force; or
• the remainder of the period for which the plan is in force.
1025. Paragraph (5)(b) provides that in any other case, other than in paragraph (a), the
applicable reporting period is the period which the ship security plan is in force.
1026. New subsection (6) clarifies that a day that occurs before section 182C commences, is
not included in an applicable reporting period.
1027. For example, if a maritime security plan is to be in force for two years, and comes
into force six months before section 182C commences, the relevant reporting period is for the
18 months the maritime security plan is in force after section 182C commences.
1028. In effect, if a maritime industry participant has an approved maritime security plan for
two years, the industry participant must provide a report, the report would be given at the end
of the two year period.
1029. The purpose and effect of these subsections is to provide certainty to maritime
industry participants about when a reporting period does or does not apply in relation to a
maritime security plan, and how often a report must be made.
Section 182D Certain offshore industry participants must submit periodic reports
1030. Section 182D provides that certain offshore industry participants must submit a
periodic report. The provision will also include a new civil penalty for failure to submit the
required report.
New subsection 182D(1) Scope
1031. Subsection (1) provides the scope for application of section 182D. Particularly it
provides that section 182D applies if:
• an offshore security plan was or is in force for an offshore industry participant
(paragraph (a));
• an applicable reporting period for the offshore security plan has ended (paragraph
(b));
146
• the offshore security plan was not given to the participant by the Secretary under
section 100TA of the Maritime Act (paragraph (c));
• the offshore security plan included or includes a security assessment (paragraph
(d)); and
• the offshore industry participant is in a class of offshore industry participant
specified in the regulations (paragraph (e)).
1032. The term "applicable reporting period" used in paragraph (b) above, is defined in new
subsection 182D(5). The effect of subsection (1) is that the requirements provided for in
section 182D will not apply unless the offshore industry participant is in a class specified in
the regulations and the offshore security plan meets the criteria listed in paragraphs (a) to (d)
above.
New subsection 182D(2)-(4) Periodic report
1033. New subsections (2) to (4) provide the detail for the content of a periodic report and
for the imposition of the civil penalty.
1034. Subsection (2) provides that if section 182D applies, as provided for under subsection
(1), then the offshore industry participant must, within 90 days of the applicable reporting
period ending, give the Secretary a report. Subsection (2) also provides that:
• the report must relate to the applicable reporting period (paragraph (a));
• the report must set out such matters (if any) that are in the Maritime Regulations
(paragraph (b));
• if the participant has a board or a council or some other type of governing body,
then the report must include a statement from the board, council or governing
body, that states that the offshore security plan was up to date
(subparagraph (c)(i)), or that the offshore security plan was not up to date
(subparagraph (c)(ii)) at the end of the reporting period;
• if the participant has a board or a council or some other type of governing body,
then the report must include a statement from the board, council or governing
body, that states that the offshore security plan adequately addressed
(subparagraph (d)(i)), or that it did not adequately address (subparagraph (d)(ii))
the requirements under Division 4 of Part 5A of the Maritime Act, at the end of
the reporting period; and
• the report is to be in the form that has been approved by the Secretary in writing.
1035. There is a civil penalty of 150 penalty units for failure to comply with these
requirements.
147
1036. New subsection 182D(3) will act as a limitation on the content that can be prescribed
in the Maritime Regulations under new paragraph 182D(2)(b). It provides that a matter
cannot be prescribed in the Maritime Regulations in relation to 182D(2)(b) unless it relates to
unlawful interference with maritime transport or offshore facilities or safeguarding against
unlawful interference with maritime transport or offshore facilities.
1037. New subsection 182D(4) will act as a limitation on the use of the information
contained within a periodic report. It provides that the report cannot be used as evidence in
either:
• a criminal proceeding for an offence against the Maritime Act; or
• in a civil proceeding in relation to a contravention of a civil penalty provision of
the Maritime Act (other than this section).
New subsections 182D(5)-(6) Applicable reporting period for an offshore security plan
1038. Together these new subsections provide the definition for "applicable reporting period
for an offshore security plan. The majority of offshore security plans are issued for a period
of 5 years. However there are circumstances in which an offshore security plan can be issued
for a period of less than or greater than 5 years. The intention is that, at a minimum, offshore
industry participants should be reporting on their plan every two and a half years (30
months). This would mean that the majority of offshore industry participants would report
half way through the validity period of their plan, and again at the end of their plan.
1039. Paragraph (5)(a) provides that if an offshore security plan has been in force for at least
30 months (two and a half years) then the applicable reporting period is either:
• the 30 month period that began when the plan came into force; or
• the remainder of the period for which the plan is in force.
1040. Paragraph (5)(b) provides that in any other case, other than in paragraph (a), the
applicable reporting period is the period which the offshore security plan is in force.
1041. New subsection (6) clarifies that a day that occurs before section 182D commences, is
not included in an applicable reporting period.
Section 182E Secretary may require a maritime industry participant to submit
report
1042. Section 182E provides that the Secretary may require a maritime industry participant
to submit a periodic report. The provision will also include a new civil penalty for failure to
submit the required report.
148
New subsection 182E(1) Scope
1043. Subsection (1) provides the scope for application of section 182E. Particularly it
provides that section 182E applies if:
• a maritime security plan was or is in force (paragraph (a)); and
• the maritime security plan was given to the participant by the Secretary under
section 59A of the Maritime Act (paragraph (b)).
New subsections 182E(2)-(4) Notice
1044. Together new subsections 182E(2) to (4) provide for the giving of a notice requiring
the participant to deliver a report. Subsection (2) provides that the Secretary may, by giving a
written notice, require an industry participant to give the Secretary a report that:
• relates to the period that the Secretary specifies in the notice (subparagraph (a)(i));
• sets out the matters that are specified in the Maritime Regulations, if there are any
(subparagraph (a)(ii));
• is in the form that the Secretary has approved (subparagraph (a)(iii)); and
• is made within 90 days after the notice is given (paragraph (b)).
1045. New subsection 182E(3) provides some limitations on the period that can be specified
in the notice given under subsection 182E(2). It provides that the period specified in the
notice, that must be reported on, must:
• consist of the period for which the maritime security plan was inforce, or be
within the period which the plan was in force (paragraph (a));
• end before the notice is given to the maritime industry participant; and
• must begin after the commencement of section 182E.
1046. Paragraph 209(1)(a) of the Maritime Act provides that the Governor-General may
make regulations that are required or permitted by the Maritime Act to be prescribed. The
new subparagraph 182E(2)(a)(ii) as described above, will permit matters to be prescribed in
the Maritime Regulations. New subsection 182E(4) will act as a qualifier for any regulations
that are made under subparagraph 182E(2)(a)(ii). Specifically new subsection 182E(4)
provides that a matter should not be specified in the Maritime Regulations unless it relates to:
• unlawful interference with maritime transport or offshore facilities; or
• safeguarding against unlawful interference with maritime transport or offshore
facilities.
149
New subsections 182E(5)-(6) Compliance
1047. New subsection 182E(5) provides that a maritime industry participant must comply
with a notice to produce a report, or they can be subject to a civil penalty of 150 penalty
units.
1048. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement, and is designed to deter non-compliance.
A failure to provide a report of a transport security plan may result in vulnerabilities in a
transport security plan not being identified, which represents a risk to maritime transport
security.
1049. The penalty value is consistent with other maximum penalties in relation to transport
security programs, across the maritime and aviation sectors. A similar offence and penalty
provision with applies in the aviation sector and is also subject to a maximum penalty of 150
penalty units.
1050. New subsection 182E(6) will act as a limitation on the use of the information
contained within a report. It provides that the report cannot be used as evidence in either:
• a criminal proceeding for an offence against the Maritime Act (paragraph (a)); or
• in a civil proceeding in relation to a contravention of a civil penalty provision of
the Maritime Act, other than this section (paragraph (b)).
1051. This amendment puts beyond doubt that information provided in their mandatory
reports by an aviation industry participant that was given a transport security program that
meets the criteria in subsection 107B(1) will not be used as evidence in those proceedings. It
is intended to provide reassurance to aviation industry participants, and encourage full
disclosure in making a mandatory report under section 107B.
Section 182F Secretary may require a ship operator to submit report
1052. Section 182F provides that the Secretary may require a ship operator to submit a
periodic report. The provision will also include a new civil penalty for failure to submit the
required report.
New subsection 182F(1) Scope
1053. Subsection (1) provides the scope for application of section 182F. Particularly it
provides that section 182F applies if:
• a ship security plan was or is in force (paragraph (a)); and
• the ship security plan was given to the ship operator by the Secretary under
section 78A of the Maritime Act (paragraph (b)).
150
New subsections 182F(2)-(4) Notice
1054. Together new subsections 182F(2) to (4) provide for the giving of a notice requiring
the ship operator to deliver a report. Subsection (2) provides that the Secretary may, by
giving a written notice, require a ship operator to give the Secretary a report that:
• relates to the period that the Secretary specifies in the notice (subparagraph (a)(i));
• sets out the matters that are specified in the Maritime Regulations, if there are any
(subparagraph (a)(ii));
• is in the form that the Secretary has approved (subparagraph (a)(iii)); and
• is made within 90 days after the notice is given (paragraph (b)).
1055. New subsection 182F(3) provides some limitations on the period that can be specified
in the notice given under subsection 182F(2). It provides that the period specified in the
notice, that must be reported on, must:
• consist of the period for which the ship security plan was inforce, or be within the
period which the plan was in force (paragraph (a));
• end before the notice is given to the ship operator (paragraph (b)); and
• must begin after the commencement of section 182F (paragraph (c)).
1056. Paragraph 209(1)(a) of the Maritime Act provides that the Governor-General may
make regulations that are required or permitted by the Maritime Act to be prescribed. The
new subparagraph 182F(2)(a)(ii) as described above, will permit matters to be prescribed in
the Maritime Regulations. New subsection 182F(4) will act as a qualifier for any regulations
that are made under subparagraph 182F(2)(a)(ii). Specifically new subsection 182F(4)
provides that a matter should not be specified in the Maritime Regulations unless it relates to:
• unlawful interference with maritime transport or offshore facilities; or
• safeguarding against unlawful interference with maritime transport or offshore
facilities.
New subsections 182F(5)-(6) Compliance
1057. New subsection 182F(5) provides that a ship operator must comply with a notice to
produce a report, or they can be subject to a civil penalty of 150 penalty units.
1058. The Guide was consulted when framing this offence and determining the amount of
this penalty. The penalty is a proportionate response based on the infringement, and is
designed to deter non-compliance. A failure to provide a report of a ship security plan may
151
result in vulnerabilities in a ship security plan not being identified, which represents a risk to
maritime security.
1059. The penalty value is consistent with other maximum penalties in relation to maritime
security plans, across the maritime sector. A similar offence and penalty provision with
applies in the aviation sector and is also subject to a maximum penalty of 150 penalty units.
1060. New subsection 182F(6) will act as a limitation on the use of the information
contained within a report. It provides that the report cannot be used as evidence in either:
• a criminal proceeding for an offence against the Maritime Act (paragraph (a)); or
• in a civil proceeding in relation to a contravention of a civil penalty provision of
the Maritime Act, other than this section (paragraph (b)).
Section 182G Secretary may require an offshore participant to submit report
1061. Section 182G provides that the Secretary may require an offshore industry participant
to submit a periodic report. The provision will also include a new civil penalty for failure to
submit the required report.
New subsection 182G(1) Scope
1062. Subsection (1) provides the scope for application of section 182G. Particularly it
provides that section 182G applies if:
• an offshore security plan was or is in force (paragraph (a)); and
• the offshore security plan was given to the participant by the Secretary under
section 100TA of the Maritime Act (paragraph (b)).
New subsections 182G(2)-(4) Notice
1063. Together new subsections 182G(2) to (4) provide for the giving of a notice requiring
the participant to deliver a report. Subsection (2) provides that the Secretary may, by giving a
written notice, require an offshore industry participant to give the Secretary a report that:
• relates to the period that the Secretary specifies in the notice (subparagraph (a)(i));
• sets out the matters that are specified in the Maritime Regulations, if there are any
(subparagraph (a)(ii));
• is in the form that the Secretary has approved (subparagraph (a)(iii)); and
• is made within 90 days after the notice is given (paragraph (b)).
152
1064. New subsection 182G(3) provides some limitations on the period that can be specified
in the notice given under subsection 182G(2). It provides that the period specified in the
notice, that must be reported on, must:
• consist of the period for which the security plan was inforce, or be within the
period which the plan was in force (paragraph (a));
• end before the notice is given to the offshore industry participant (paragraph (b));
and
• must begin after the commencement of section 182G (paragraph (c)).
1065. Paragraph 209(1)(a) of the Maritime Act provides that the Governor-General may
make regulations that are required or permitted by the Maritime Act to be prescribed. The
new subparagraph 182G(2)(a)(ii) as described above, will permit matters to be prescribed in
the Maritime Regulations. New subsection 182G(4) will act as a qualifier for any regulations
that are made under subparagraph 182G(2)(a)(ii). Specifically new subsection 182G(4)
provides that a matter should not be specified in the Maritime Regulations unless it relates to:
• unlawful interference with maritime transport or offshore facilities; or
• safeguarding against unlawful interference with maritime transport or offshore
facilities.
New subsections 182G(5)-(6) Compliance
1066. New subsection 182G(5) provides that an offshore industry participant must comply
with a notice to produce a report, or they can be subject to a civil penalty of 150 penalty
units.
1067. The Guide was consulted when determining the amount of this penalty. The penalty is
a proportionate response based on the infringement, and is designed to deter non-compliance.
A failure to provide a report of an offshore security plan may result in vulnerabilities in a
transport security plan not being identified, which represents a risk to maritime transport and
offshore facility security.
1068. The penalty value is consistent with other maximum penalties in relation to maritime
security plans, across the maritime sector. A similar offence and penalty provision with
applies in the aviation sector and is also subject to a maximum penalty of 150 penalty units.
1069. New subsection 182G(6) will act as a limitation on the use of the information
contained within a report. It provides that the report cannot be used as evidence in either:
• a criminal proceeding for an offence against the Maritime Act (paragraph (a)); or
• in a civil proceeding in relation to a contravention of a civil penalty provision of
the Maritime Act, other than this section (paragraph (b)).
153
Item 91 Subsection 184(2)
1070. This item amends current subsection 184(2), inserting the phrase 'or is capable of
obtaining'. Current subsection 184(2) provides that if the Secretary believes, on reasonable
grounds, that a maritime industry participant has security compliance information, the
Secretary may, by written notice given to the participant, require the participant to give the
information to the Secretary.
1071. The effect of this amendment is to expand the scope of the existing provision, such
that the Secretary may also require a maritime industry participant to give information to the
Secretary where the Secretary forms a belief, on reasonable grounds, that the participant is
capable of obtaining security compliance information. As amended, the scope of subsection
184(2) is therefore not limited to circumstances where the Secretary believes the participant
has that information in their possession.
Item 92 After Part 10
1072. Item 92 inserts a new Part 10A after the current Part 10 of the Maritime Act. This new
Part will deal with the use and disclosure of protected information. Relevantly, the new
defined term "protected information" will also be inserted into section 10 of the Maritime Act
by this Bill.
Part 10A Use and disclosure of protected information
Division 1 Simplified outline of this Part
Section 185A Simplified outline of this Part
1073. New section 185A will be a simplified outline for the new Part 9A. It provides that
the making of a record, or the use or disclosure, of protected information is authorised in
particular circumstances but is otherwise an offence.
Division 2 Authorised use and disclosure
Section 185B Authorised use and disclosure--performing functions etc.
1074. New Section 185B provides that a person may make a record of, use or disclose
protected information if the person makes the record or uses or discloses the information for:
• the purpose of exercising their powers or performing their functions or duties
under the Maritime Act (paragraph (1)(a));
• the purpose of otherwise ensuring compliance with the Maritime Act (paragraph
(1)(b)); or
• purposes in connection with the administration or execution of the Maritime Act
(subsection (2)).
154
1075. A note following both subsection (1) and subsection (2) clarifies that each subsection
is an authorisation for the purposes of other laws, including the Australian Privacy Principles.
Relevantly, Australian Privacy Principle 6.2 provides that the disclosure of personal
information is permitted where the disclosure is required or authorised by or under Australian
law.
Section 185C Authorised use and disclosure--other person's functions etc.
1076. Under subsection 185C(1) the Secretary will be authorised to:
• disclose protected information to the persons listed in subsection 185C(2)
(paragraph (a)); and
• make a record of or use protected information for the purpose of that disclosure
(paragraph (b)).
1077. The Secretary will be authorised to do the above for the purposes of enabling or
assisting the person, to whom the information is disclosed, to exercise their powers or
performs their duties.
1078. A note following subsection (1) clarifies that the subsection is an authorisation for the
purposes of other laws, including the Australian Privacy Principles. Relevantly, Australian
Privacy Principle 6.2 provides that the disclosure of personal information is permitted where
the disclosure is required or authorised by or under Australian law. Personal information may
be relevant to security compliance information or aviation security information about an
individual and would fall within the definition of protected information.
1079. Subsection (2) will list the person to whom a disclosure can be made. Those persons
include a Minister of the Commonwealth who has responsibility for any of the following:
• national security, law enforcement, foreign investment in Australia, taxation
policy, industry policy, promoting investment in Australia, defence, customs,
immigration, transport, health, biosecurity, emergency management, the
regulation or oversight of maritime safety, the regulation or oversight of safety in
relation to offshore facilities (subparagraphs (2)(a)(i)-(xv));
• a matter that is specified in an instrument that is made under subsection (3)
(subparagraph (2)(a)(xvi)).
1080. The persons to whom a disclosure can be made also include a Minister of a State, the
Australian Capital Territory or the Northern Territory who has responsibility for any of the
following:
• emergency management, health transport, law enforcement (subparagraphs
(2)(b)(i)-(iv);
155
• a matter that is specified in an instrument that is made under subsection (4).
1081. Paragraph (c) provides that a disclosure under this section may be made to a person
that is employed as a member of staff by one of the persons mentioned in paragraphs (a) or
(b). Paragraph (d) provides that the head of an agency, including a department, that is
administered by the Minister referred to in paragraphs (a) or (b).
1082. Subsection (3) creates a power for the Minister to make a legislative instrument that
specifies one or more matters for the purpose of subparagraph (2)(a)(xvi). Similarly,
subsection (4) creates a power for the Minister to make a legislative instrument that specifies
one or more matters for the purpose of subparagraph(2)(b)(v). Following the commencement
of this new section it may be appropriate to provide for additional persons to whom protected
information may be disclosed. The inclusion of subsections (3) and (4) enable the Minister to
provide for those additional persons.
1083. The instruments made under subsections (3) and (4) are legislative instruments and
will be disallowable by the Parliament.
Section 185D Authorised disclosure relating to law enforcement
1084. Under section 185D the Secretary will be authorised to disclose protected information
to an enforcement body, within the meaning of the Privacy Act, for the purpose of
enforcement related activities, within the meaning of the Privacy Act, that are conducted by
or on behalf of that enforcement body. The Privacy Act defines "enforcement body" and
"enforcement related activity" in section 6 of that Act.
1085. A note following the section clarifies that the section is an authorisation for the
purposes of other laws, including the Australian Privacy Principles. Relevantly, Australian
Privacy Principle 6.2 provides that the disclosure of personal information is permitted where
the disclosure is required or authorised by or under Australian law.
Section 185E Authorised disclosure--instrument made by Secretary
1086. This new section will provides for a disclosure to be made to a specified person for a
specified purpose. Both the person and the purpose will need to be specified in the relevant
instrument.
1087. Subsection (1) provides that a person (the first person) may disclose protected
information to another person (the second person) for a particular purpose if:
• the second person is specified in an instrument made under subsection (2); and
• the purpose for which the disclosure is being is also specified in an instrument.
1088. Note 1 following the subsection clarifies that the subsection is an authorisation for the
purposes of other laws, including the Australian Privacy Principles. Relevantly, Australian
156
Privacy Principle 6.2 provides that the disclosure of personal information is permitted where
the disclosure is required or authorised by or under Australian law. Personal information may
be relevant to security compliance information or aviation security information about an
individual and would fall within the definition of protected information.
1089. Note 2 following the subsection directs the reader to section 185K for record keeping
requirements. Section 185K is a new section included in this Bill and specifies record
keeping requirements for disclosures under section 185E.
1090. Subsection (2) will enable the Secretary to make a legislative instrument that
specifies:
• one or more persons to whom protected information may be disclosed
(paragraph (a)); and
• for each person, the purpose or purposes for which the disclosure may be made
(paragraph (b)).
1091. The instruments made under subsection (2) are legislative instruments and are subject
to disallowance by the Parliament.
Section 185F Secondary use and disclosure of protected information
1092. This section provides for a secondary use or disclosure of protected information. It
provides that a person is authorised to record, use or disclose protected information if:
• they obtain information under Division 2 of Part 9A (including this section)
(paragraph (a)); and
• they record, use or disclose the information for the purpose for which it was
disclose to them (paragraph (b)).
1093. The note following the section clarifies that the section is an authorisation for the
purposes of other laws, including the Australian Privacy Principles. Relevantly, Australian
Privacy Principle 6.2 provides that the disclosure of personal information is permitted where
the disclosure is required or authorised by or under Australian law.
Division 3 Offence for unauthorised use or disclosure
Section 185G Offence for unauthorised use or disclosure of protected information
1094. This section provides for the offence of unauthorised disclosure of protected
information. It provides that a person commits an offence if:
• they obtain information (paragraph (a));
• that information is protected information(paragraph (b));
157
• they record, disclose or otherwise use that protected information
(paragraph (c)); and
• that recording, use or disclosure is not authorised by the Maritime Act
(paragraph (d)).
1095. The penalty for this offence is 2 years imprisonment or 120 penalty units or both.
1096. Unauthorised disclosure or use of protected information may pose a significant risk to
maritime security. Any vulnerability in maritime transport or offshore facilities security being
exploited could have serious consequences for the immediate health and safety of
Australians, the maritime industry as a whole, and the maintenance of the supply chain more
generally. It is therefore vitally important that unauthorised disclosures of protected
information do not occur or if they do occur, that the penalty for such an offence is reflective
of the significant risk to maritime transport security that unauthorised disclosures pose.
1097. The Guide was consulted in relation to setting and framing an appropriate penalty for
this offence. The penalties are appropriate because:
• the offence is not dependent upon a subjective or community standard;
• the offence and its penalties operate to deter and punish the commission of the
offence, and reflect the seriousness of the offence within the legislative scheme;
• the penalties for this offence are commensurate with the consequences of the
commission of the offence, which have the potential to be particularly dangerous
and damaging to maritime transport security;
• the offence may be punishable by a fine which does not exceed similar thresholds
set out in the Maritime Act, whilst not being a manifestly excessive penalty for
this offence;
• the offence may be punishable by a term of imprisonment which is consistent with
penalties for existing offences of a similar kind or of a similar seriousness (for
example, the offence in section 122.4 of the Criminal Code which deals with
unauthorised disclosure of information by current and former Commonwealth
officers also carries a penalty of imprisonment for 2 years);
• the offence may be punishable by both a fine and a period of imprisonment which
is adequate for the worst possible case;
• the alternative penalties allow scope for a court to weigh all relevant factors in
determining the penalty in accordance with the sentencing considerations in
section 16A of the Crimes Act 1914.
158
1098. Section 4B of the Crimes Act 1914 provides that if an offence specifies a penalty of
imprisonment but no fine, the maximum fine for an individual is 5 penalty units multiplied by
the maximum prison term in months. Clause 3.1.3 of the Guide cites this formula for
calculating a fine/imprisonment ratio, which was followed for calculating the maximum term
of imprisonment penalty for an offence under section 185G. The ratio of 5 penalty units to 1
month of imprisonment, in the case of section 185G, is 120 penalty units divided by 5 = 24
months - 24 months = 2 years.
Section 185H Exceptions to offence for unauthorised use or disclosure
1099. New section 185H provides exceptions to the offence created under section 185G.
Subsection 185H(1) Required or authorised by law
1100. Subsection (1) provides that section 185G does not apply if the making of the record,
the use of or disclosure of the protected information is authorised by a law of the
Commonwealth (paragraph (a)) or a law of a State or Territory prescribed by the regulations
(paragraph (b)).
Subsection 185H(2) Good faith
1101. Under subsection (2), section 185G will not apply to a person, to the extent that the
persons recording, use or disclosure of protected information was done in good faith and
purportedly in compliance with the Maritime Act.
1102. To avoid liability there is a requirement that the actions taken, or failures to take an
action, by the person in question be in good faith. In these circumstances, good faith would
require that the person not act dishonestly or in a way that undermines or subverts the
intended purpose, and not to act capriciously or arbitrarily. Included in the concept of good
faith is an obligation to act reasonably and with fair dealing.
Subsection 185H(3) Person to whom the protected information relates
1103. Subsection (3) provides an exemption to the offence in 185G if the following
circumstances:
• if the information is disclosed to the person that it relates to (paragraph (a));
• if the person that is disclosing the information is the person that the information
relates to (paragraph (b)); or
• the making of the record, or the use or disclosure of the information was either
expressly or impliedly authorised by the person to whom the information relates.
1104. The note to the section reminds the reader that the evidential burden in the matters in
section 185H is on the defendant, the note refers the reader to subsection 13.3(3) of the
Criminal Code. Subsection 13.3(3) of the Criminal code relevantly provides that a defendant
159
who wishes to rely on any exception provides by the law creating an offence, bears an
evidential burden in relation to that matter.
1105. In the case of subsection 185H(3), there is no criminal responsibility in relation to the
offence.
1106. If a defendant wishes to rely on the exception in subsection 185H (3), the evidential
burden can be discharged if the defendant can adduce or point to evidence suggesting a
reasonable possibility of the existence of the exception applying in the particular case. The
defendant no longer bears the evidential burden in relation to a matter if evidence sufficient
to discharge the burden is adduced. The note following subsection 185H (3) is therefore not
indicative of a reversal of the evidential burden, and the legal burden remains on the
prosecution.
Section 185J No requirement to provide information
1107. Section 185J provides, subject to some exceptions in the section, that a person is not
to be required to disclose protected information to a court or tribunal. Specifically subsection
(1) provides that subject to subsections (2) and (3), a person is not to be required to disclose
protected information, or produce a document containing protected information to either a
court, or a tribunal, authority or person that has the power to require answering of questions
or the production of documents.
1108. Subsection (2) however provides that if it is necessary for the purposes of giving
effect to the Aviation Act then subsection (1) does not prevent a person from being required
to disclose protected information or produce a document that contains protected information.
1109. Subsection (3) provides that subsection (1) does not prevent a person from being
required to disclose protected information, or produce a document with protected
information, if it is for a judicial review proceeding before the High Court of Australia, the
Federal Court or the Federal Circuit Court of Australia. Subsection (3) has been included to
make clear that subsection (1) is not intended to limit in any way the ability of the listed
courts to exercise their judicial review jurisdiction.
Division 4 Record keeping
Section 185K Recordkeeping requirements
1110. Section 185K provides for record keeping requirements in relation to a disclosure
made under section 185E. Broadly speaking section 185E provides for the Secretary to
specify in a legislative instrument that certain disclosures of protected information are
authorised. The section also provides for an offence for failing to comply with the record
keeping requirements.
1111. Subsection (1) provides that if a person makes a disclosure under section 185E then
they must make a record of the disclosure and the identity of the person to whom that
160
disclosure was made. They must also keep that record for a period of 90 days. Subsection (2)
creates an offence for engaging in conduct that breaches the requirement in subsection (1).
The penalty for the offence is 50 penalty units.
1112. In framing this offence and its penalty, the Guide was considered. In line with the
Guide, the penalty is appropriate in the circumstances because:
• the offence and its penalty operate as an incentive to compliance with the general
requirement not to disclose protected information other than where authorised,
and is imposed for the purposes of safeguarding protected information and
recording authorised disclosures;
• the penalty for this offence is similar to others imposed within the Maritime Act,
and is commensurate with the risk to maritime transport security that unrecorded
disclosure of protected information poses;
• this is a reasonable penalty to impose, as it has a necessary element of deterrence
whilst not being a manifestly excessive penalty for an offence;
• making a record of an authorised disclosure should be a simple matter to
discharge.
Item 93 Section 186 (paragraph beginning "To ensure")
1113. This item amends section 186 of the Maritime Act, which is a simplified outline for
Part 11 of that Act. The words "or civil penalties" will be inserted after the words "criminal
offences" in the first sentence. This is reflecting that Part 11 will now also deal with civil
penalty provisions, as the Bill is triggering the use of the Regulatory Powers Act civil penalty
provisions.
Item 94 Section 186 (paragraph beginning "To ensure")
1114. This item also amends section 186 of the Maritime Act, the simplified outline for Part
11. Under this item the words "or civil penalty proceedings" will be inserted after the words
"criminal prosecution" in the second sentence of the simplified outline. As with the above
amendment, this is related to the triggering of the civil penalty provisions of the Regulatory
Powers Act. See the new section 200B below for more information on those provisions.
Item 95 Section 186 (paragraph beginning "The enforcement options")
1115. Under this Bill the civil penalty provisions in Part 4 of the Regulatory Powers Act
will be triggered. The Bill will also insert a new Division 2A into Part 11 of the Maritime Act
that provides for the issuing of improvement notices. This item repeals the final paragraph of
the simplified outline that lists the various divisions in Part 11 that represent the enforcement
options available under the Maritime Act. The paragraph will then be replaced by the updated
list of divisions that will include the new Division 2A for the improvement notices and the
new Division 7 for the civil penalty provisions.
161
Item 96 After Division 2 of Part 11
1116. This item inserts a new Division 2A into Part 11 of the Maritime Act. Part 11 of the
Maritime Act deals with the different enforcement options that can be used as an alternative
to criminal prosecution or civil penalty proceedings. Division 2A provides for the issuing of
improvement notices as one of the available alternatives to criminal prosecution or civil
penalty provisions.
Division 2A Improvement notices
Section 187A Improvement notices
1117. Section 187A provides the authority for a maritime security inspector to issue an
improvement notice.
Subsection 187A(1) Scope
1118. Subsection (1) provides that section 187A will apply if the maritime security inspector
reasonably suspects any of the following:
• that a maritime industry participant is contravening a provision of the Maritime
Act (paragraph (a));
• that a maritime industry participant has contravened the Maritime Act in
circumstances that make it likely that the contravention will continue or be
repeated (paragraph (b)); or
• that a maritime industry participant is likely to contravene a provision of the
Maritime Act.
1119. The purpose of issuing the improvement notices is to provide the opportunity to
improve the situation rather than act as a penalty for wrongdoing, although there will be a
penalty for failure to comply. The circumstances described in subsection (1) are all
circumstances in which the issuing of an improvement notice has the potential to improve an
ongoing or future situation. While paragraph (b) refers to a contravention that has already
occurred, it is qualified by the words "in circumstances that make it likely that the
contravention will continue or be repeated".
Subsection (2) Improvement Notice
1120. If the circumstances in subsection (1) exist, meaning section 187A applies, then under
subsection (2) the maritime security inspector may issue an improvement notice. Subsection
(2) provides that the inspector may issue a written notice that requires the maritime industry
participant to:
• remedy the contravention (paragraph (a));
162
• prevent the likely contravention from occurring (paragraph (b)); or
• remedy things or operations causing the contravention or likely contravention
(paragraph (c)).
1121. Subsection (3) clarifies that a notice issued under subsection (2) is to be known as an
"improvement notice".
Section 187B Contents of improvement notices
1122. Section 187B provides for the content that must be included in an improvement notice
and the content that may be included in an improvement notice.
1123. Subsection (1) provides that an improvement notice must include the following
content:
• a statement of what circumstance the inspector reasonably believes exists,
specifically which of the circumstances in subsection 187A(1) (paragraph (a));
• the specific provision that the inspection believes is being, has been or will be
contravened by the participant (paragraph (b));
• briefly how the specific provision is being contravened (paragraph (c)); and
• the period in which the participant must comply with the notice.
1124. Subsection (2) provides that the improvement notice may include directions that the
participant must take to:
• remedy the contravention (paragraph (a));
• prevent the likely contravention (paragraph (b)); or
• remedy the things or operations causing the contravention or likely contravention
(paragraph (c)).
1125. As noted above, the notice given to the participant must state the period of time in
which the participant is to comply with the notice. Subsection (3) requires that that period of
time be reasonable in all the circumstances.
Section 187C Compliance with improvement notice
1126. Section 187C creates a strict liability offence for not complying with an improvement
notice. Specifically subsection (1) creates a strict liability offence for maritime industry
participants that are either port operators, port facility operators, the ship operator for a
regulated Australian ship or an offshore facility operator. It provides that if that particular
type of industry participant is given an improvement notice and then engage in conduct hat
163
breaches the improvement notice, they are guilty of an offence. The penalty for the offence is
200 penalty units. Subsection (2) provides that an offence under subsection (1) is a strict
liability offence.
1127. It should be noted that "engages in conduct" is defined in the Maritime Act to have
the same meaning as in the Criminal Code. Subsection 4.1(2) of the Criminal Code defines
"engage in conduct" to mean to do an act, or omit to perform an act.
1128. Subsection (3) creates an offence for maritime industry participants other than port
operators, port facility operators, the operator for a regulated Australian ship or an offshore
facility operator. As with the offence in subsection (1), subsection (3) provides that if that
particular type of industry participant is given an improvement notice and then engages in
conduct that breaches the improvement notice, they are guilty of an offence. The penalty for
the offence under subsection (3) is 100 penalty units. Subsection (4) provides that a
subsection (3) offence is an offence of strict liability.
1129. Any vulnerability in maritime transport security being exploited could have serious
consequences for the immediate health and safety of Australians, the maritime transport
industry as a whole, and the maintenance of, and confidence in, the supply chain more
generally. The Guide was consulted when framing this offence and the penalties, and making
non-compliance with an improvement notice an offence of strict liability is considered
appropriate. In line with the Guide, the offence is not punishable by imprisonment and has a
maximum penalty of 45 penalty units. The penalty is appropriate in the circumstances
because:
• the offence and its penalty apply to maritime transport industry participants but
not to the general public;
• the offence and its penalty operate to prohibit the particular activity of non-
compliance with a written notice and is imposed for the purposes of safeguarding
against unlawful interference with maritime transport;
• there is a strong element of specific and general deterrence to the offence, and to
require proof of intention would undermine the effectiveness of this provision and
the purpose for which it was enacted as a means of safeguarding against unlawful
interference with maritime transport;
• the penalty for this offence is commensurate with the risk to maritime transport
security that non-compliance with a written notice poses;
• the offence is punishable by a fine which does not exceed similar thresholds set
out in the Aviation act ;
• the offence is not punishable by imprisonment, and is not dependent upon a
subjective or community standard;
164
• this is a reasonable penalty to impose, as it has a necessary element of deterrence
whilst not being a manifestly excessive penalty for an offence;
• complying with requirements set out in a written notice is such common practice
for maritime transport industry participants, that it should be an easily discharged
matter;
• in this circumstance, penalising these persons in the absence of proof of fault is
appropriate to apply because the purpose of giving an improvement notice is
necessary to safeguard against unlawful interference with maritime transport, and
non-compliance poses a serious risk to maritime transport security; and
• the defence of honest and reasonable mistake of fact is still available for
defendants under section 9.2 of the Criminal Code, outlined in Schedule 1 to
the Criminal Code.
Section 187D Extension of time for compliance with improvement notices
1130. Section 187D will enable a maritime security inspector to extend the period of time
the maritime industry participant has to comply with the improvement notice.
Subsection 187D(1) Scope
1131. Subsection (1) provides that section 187D applies if a person has been given an
improvement notice.
Subsections 187D(2)-(4) Extension of compliance period
1132. Subsection (2) provides that a maritime security inspector may extend the compliance
period for an improvement notice by issuing a written notice to the person. Subsection (3)
provides that such a notice may only be issued before a compliance period has ended.
1133. Subsection (4) defines "compliance period" as meaning the period that is specified in
the notice under 187B and any extension granted under this section.
Section 187E Variation of improvement notices
1134. Section 187E provides for the varying of an improvement notice.
Subsection 187E(1) Scope
1135. Subsection (1) provides that the section applies if a person has been issued an
improvement notice.
165
Subsections 187E(2)-(3) Changes
1136. Subsection (2) enables a maritime security inspector to vary an improvement notice.
This is to happen by the issuing of another written notice. Subsection (3) is a reminder that
the maritime security inspector may also extend the time for compliance, in accordance with
section 187D.
Section 187F Revocation of improvement notices
1137. This section provides than an improvement notice must be revoked if the maritime
security inspector has a reasonable belief that it is no longer necessary. Subsection (1)
provides that a maritime security inspector must issue a written notice revoking an
improvement notice if:
• a person has been given an improvement notice; and
• during the compliance period the maritime security inspector has a reasonable
belief that the notice is no longer required.
1138. Subsection (2) defines compliance period as meaning the period of time in the initial
notice issued under section 187B and any extension of time granted under section 187D.
1139. New section 187G provides that an improvement notice is not invalid simply because
of a formal defect or irregularity, unless that defect or irregularity causes or is likely to cause
substantial injustice. The section also provides that an improvement notice is not invalid
simply because of a failure to use the correct name of the person, as long as the notice still
sufficiently identifies the person. For example, if two letters of the person's name are
transposed, or if the name is recorded as "MacDonald" when it should be "McDonald".
1140. However, the notice's validity would not be preserved if the defect or irregularity in
the notice causes or is likely to cause substantial injustice. For example, if an improvement
notice is given to a maritime participant who does not operate or control the matter referred to
in the notice, the defect would be likely to cause substantial injustice.
1141. The purpose and effect of this provision is to preserve the validity of an improvement
notice despite a failure to strictly adhere to the requirements set out in the relevant
improvement notice provision.
Item 97 At the end of Part 11
1142. This item inserts a new Division 7 at the end of Part 11 of the Maritime Act. Division
7 will trigger the use of the civil penalty provisions in Part 4 of the Regulatory Powers Act.
Part 4 of the Regulatory Powers Act creates a framework for the use of civil penalties to
enforce civil penalty provisions.
166
Division 7 Civil penalties
Section 200B Civil penalty provision
Subsection 200B(1) Enforceable civil penalty provision
1143. Subsection (1) states that a civil penalty provision in the Maritime Act is enforceable
under Part 4 of the Regulatory Powers Act. This subsection is satisfying a requirement in
section 79 of the Regulatory Powers Act that a provision is enforceable under Part 4 of that
same Act if an act provides that the civil penalty is enforceable under Part 4.
1144. The note to subsection (1) reminds the reader that Part 4 of the Regulatory Powers
Act allows a civil penalty to be enforced by obtaining an order for a person to pay a
pecuniary penalty for the contravention of the relevant provision.
Subsection 200B(2) Authorised applicant
1145. Subsection (2) specifies that for the purpose of Part 4 of the Regulatory Powers Act
the Secretary is an authorised applicant. This is satisfying a requirement in section 80 of the
Regulatory Powers Act, that for someone to be an authorised applicant, the relevant act must
specify that they are an authorised applicant.
1146. This provision will ensure the Secretary is empowered to exercise the relevant powers
under Part 4 of the Regulatory Powers Act. Most relevantly, this includes applying to a court
for an order that a person, who is alleged to have contravened a civil penalty provision, pay
the Commonwealth a pecuniary penalty.
Subsection 200B(3) Relevant Court
1147. Subsection (3) specifies that for the purpose of Part 4 of the Regulatory Powers Act
the Federal Court of Australia and the Federal Circuit Court of Australia are relevant courts.
This is satisfying the requirement in section 81 of the Regulatory Powers Act that a court is a
relevant court only if it is specified in the act that is triggering the Part 4 powers.
Subsection 200B(4) Extension to external Territories etc.
1148. Subsection (4) confirms that the civil penalty provisions under Part 4 of the
Regulatory Powers Act extend to the external Territories. This is necessary to align with the
scope of the Maritime Act.
Item 98 Division 1 External review
1149. This item inserts the new heading "Division 1 - External Review" in Part 12 of the
Maritime Act. Currently Part 12 only sets out decisions under the Maritime Act that are
subject to external review by the Administrative Appeals Tribunal.
167
1150. Item 101 below will insert provisions dealing with the internal review of decisions
relating to the new improvement notice framework. This new heading therefore indicates
that Part 12 will contain two separate Divisions.
Item 99 After paragraph 201(d)
1151. This item amends section 210 to insert several new decisions that are subject to
review by the Administrative Appeals Tribunal. These decisions relate to the new maritime
security plans, ship security plans and offshore security plans frameworks that have been
identified above in each new framework.
Item 100 At the end of section 201
1152. This item amends section 201 to insert an additional new decision that is subject to
review by the Administrative Appeals Tribunal, being a decision under new section 201D
relating to internal review.
Item 101 At the end of Part 12
1153. This item inserts a new Division 2 in Part 12 of the Maritime Act, which introduces a
new framework for conducting internal reviews of certain decisions related to improvement
notices. The new framework specifies which decisions are internally reviewable, how an
application for internal review can be made and by whom, what the Secretary must do in
relation to an application for internal review, when and how notice of an internal review
decision must be given, and provides the Secretary with a discretion to stay the operation of a
decision related to improvement notices.
Division 2 Internal review
Section 201B Which decisions are internally reviewable
1154. New section 201B specifies which decisions are internally reviewable decisions for
Division 2 of Part 12 of the Maritime Act and who is eligible to apply for a review of an
internally reviewable decision. This section also creates 'tags' for the terms "internally
reviewable decision" and "eligible person", which are used throughout Division 2.
1155. The table in section 201B provides that a decision in relation to giving an
improvement notice under section 187A, a decision in relation to the extension of the time
period for compliance under section 187D, and a decision in relation to variation of an
improvement notice under section 187E are the only decisions made under the Maritime Act
that are internally reviewable in accordance with Division 2 (internally reviewable decisions).
In each case, the person who was given the notice is the person who is eligible (eligible
person) to make an application for internal review.
1156. The purpose and effect of this section is to limit which decisions may be internally
reviewed and who is eligible to make an application for internal review.
168
Section 201C Application for internal review
1157. New section 201C provides for an eligible person to make an application for internal
review, how and in what form the application must be made, and when an application may be
made.
1158. The effect of section 201C is that an eligible person may apply to the Secretary, in the
manner and form required by the Secretary, for an internal review of a decision referred to in
the table in section 201B. The application must be made within the prescribed time after the
day that the decision first came to the eligible person's notice, or such longer period as the
Secretary allows.
1159. The "prescribed time" for an application regarding a decision to give an improvement
notice as set out in subsection 201C(3), is either the period specified in the notice for
compliance with the notice or 14 days, whichever is the lesser; and for any other application
is 14 days.
1160. The purpose of section 201C is to make clear that an eligible person may make an
application for internal review, and to specify how and in what form the application must be
made, and when an application may be made
Section 201D Decision on internal review
1161. New section 201D provides for what must occur when the Secretary receives an
application for an internal review of an internally reviewable decision from an eligible
person.
1162. New subsection 201D(1) provides that the Secretary must review an internally
reviewable decision and make a decision in relation to it as soon as is reasonably practicable,
but in any event the decision must be made within 14 days after the application is received.
1163. The effect of this subsection is to make clear that it is mandatory that applications for
internal review are reviewed and a decision must be made in relation to the application in a
timely manner, no later than 14 days after the application was received.
1164. New subsection 201D(2) provides that the decision the Secretary may make may be
to confirm or vary the internally reviewable decision or, if the Secretary considers it
appropriate, to set aside the internally reviewable decision and substitute a different decision.
1165. The effect of this subsection is to specify the types of decisions that are available to
the Secretary when making a decision in relation to an internally reviewable decision.
1166. New subsection 126D(3) provides that the Secretary's 14 day decision period ceases
to run if the Secretary seeks further information from the person who made the application.
The 14 day period would recommence when the information is provided.
169
1167. The effect of this subsection is to permit an applicant the necessary time to provide
requested information to support their application without reducing the time that the
Secretary has to make a decision.
1168. New subsection 210D(4) provides that the applicant must provide the further
information within the time specified by the Secretary in the request for information. The
time that the Secretary specifies must not be less than 7 days.
1169. The effect of this subsection is to make clear that the applicant will be given a
timeframe to respond with the requested information, and that the timeframe must not be less
than 7 days. This means that the Secretary may specify a longer time period when making the
request for further information, noting that the time period in which the Secretary must make
a decision on the application does not restart until the information is provided.
Section 201E Notification of decision on internal review
1170. New section 201E provides for when notification of a decision about an internally
reviewable decision must be given to the applicant and manner in which it must be given.
1171. The effect of this section is to make it mandatory for the Secretary to give an
applicant written notice of the decision the Secretary has made and the reasons for that
decision.
Section 201F Stays of internally reviewable decisions
1172. New section 201F introduces a discretionary power for the Secretary to stay the
operation of a decision to issue an improvement notice, when an application for internal
review has been made.
1173. The effect of this section is that if an application is made for an internal review of a
decision the Secretary may apply a temporary stop, pending the outcome of the internal
review, to the operation of a decision in relation to an improvement notice.
Item 102 Subsection 202(1)
1174. This item amends subsection 202(1) to insert "(other than powers or functions under
Division 2 of Part 12)" after the words "this Act". This amendment is required as a
consequence of the introduction of new Division 2 of Part 12.
1175. Subsection 202(1) currently permits the delegation of certain of the Secretary's
Aviation Act powers to an SES employee, or acting SES employee, in the Department or to
the Agency Head of an Agency that carries on activities that relate to national security. This
specification is amended by item 103, below.
1176. The effect of this amendment is that the Secretary's powers in new Division 2 of Part
12 of the Maritime Act cannot be delegated to those persons.
170
Item 103 Paragraph 202(1)(c)
1177. This item amends paragraph 202(1)(c) to remove the words "that carries on activities
that relate to national security".
1178. The effect of this section is that the Secretary's Maritime Act powers, other than
powers or functions under Division 2 of Part 12, can be delegated to an SES employee, or
acting SES employee, in the Department or to the Agency Head of an Agency.
Item 104 Subsection 202(1A)
1179. This item amends subsection 202(1A) to insert the words "in writing" after the words
"the delegation".
1180. The effect of this section is to require any Agency Head delegated the Secretary's
powers under paragraph 202(1)(c) to agree to the delegation in writing. This written
agreement will act as a record of that agreement.
Item 105 Subsection 202(2)
1181. This item amends subsection 202(2) to insert "or Division 2 of Part 12; after ""Part
11".
1182. The effect of this amendment is to prevent the delegation of the Secretary's internal
review powers to an APS employee in the Department.
Item 106 Subsection 202(2)
1183. This item introduces a new subsection 202(2A) that permits the Secretary, by writing,
delegate all or any of the Secretary's powers and functions under Division 2 of Part 12 to an
SES employee who holds, or performs the duties of, an SES Band 2 position, or an SES Band
3 position, in the Department.
1184. The effect of this amendment is to prevent the delegation of the Secretary's internal
review powers to an APS employee in the Department.
Item 107 After subsection 208(2)
1185. This item introduces a new subsection 208(2A) in the severability provision to deal
with the additional effect of the Act.
1186. New subsection 208(2A) provides that this Act also has the effect that it would have
if:
• each reference to a maritime industry participant were expressly confined to a
maritime industry participant that is a corporation to which paragraph 51(xx) of
the Constitution applies; and
171
• each reference to a port operator were expressly confined to a port operator that is
a corporation to which paragraph 51(xx) of the Constitution applies; and
• each reference to a port facility operator were expressly confined to a port facility
operator that is a corporation to which paragraph 51(xx) of the Constitution
applies; and
• each reference to a ship operator were expressly confined to a ship operator that is
a corporation to which paragraph 51(xx) of the Constitution applies; and
• each reference to an offshore industry participant were expressly confined to an
offshore industry participant that is a corporation to which paragraph 51(xx) of the
Constitution applies.
1187. The purpose of new subsection 208(2A) is to provide, in effect, that if any part of this
Bill is held to be unconstitutional, the remainder shall not be affected.
Division 2 Application provisions
Item 108 Application--security directions
1188. New Item 108 operates to provide that the amendments of section 33 of the Maritime
Act made by Part 1 of Schedule 2 to the Bill apply in relation to a security direction given
after the commencement of this item.
1189. The purpose and effect of Item 108 is to provide for the application of amendments in
relation to security directions.
Item 109 Application--maritime security plans
1190. Subitem 109(1) provides that the amendment of section 47 of the Maritime Act made by this
Part applies in relation to a maritime security plan for a maritime industry participant if:The
amendments of section 47 of the Maritime Act made by Part 1 of Schedule 2 to the Bill apply
in relation to a maritime security plan for a maritime industry participant if:
• the industry participant gives the plan to the Secretary under section 50 of that Act
after the commencement of this item; or
• the industry participant gives a copy of the plan to the Secretary under section 54
of that Act after the commencement of this item; or
• the industry participant gives the program to the Secretary in compliance with a
notice that was given under section 55 of that Act after the commencement of this
item.
172
1191. Subitem 109(2) operates to provide that despite subitem (1), in determining, for the
purposes of sections 53, 55 and 57 of the Maritime Act, whether a maritime security plan
adequately addresses the relevant requirements under Division 4 of Part 3 of that Act, assume
that the amendment of section 47 of that Act made by Part 1 of Schedule 2 to the Bill applies
in relation to the plan.
1192. The purpose and effect of Item 109 is to provide for the application of amendments in
relation to maritime security programs.
Item 110 Application--ship security plans
1193. Subitem 110(1) operates to provide that the amendments of section 66 of the
Maritime Act made by Part 1 of Schedule 2 to the Bill apply in relation to a ship security plan
for a regulated Australian ship if:
• the ship operator gives the plan to the Secretary under section 69 of that Act after
the commencement of this item; or
• the ship operator gives a copy of the plan to the Secretary under section 73 of that
Act after the commencement of this item; or
• the ship operator gives the plan to the Secretary in compliance with a notice that
was given under section 74 of that Act after the commencement of this item.
1194. Subitem 110(2) operates to provide that, despite subitem (1), in determining,
for the purposes of sections 72, 74 and 76 of the Maritime Act, whether a ship security
plan adequately addresses the relevant requirements under Division 4 of Part 4 of that
Act, assume that the amendment of section 66 of that Act made by Part 2 of Schedule
2 to the Bill applies in relation to the plan.
1195. The purpose and effect of Item 110 is to provide for the application of amendments in
relation to a ship security plan for a ship operator.
Item 111 Application--offshore security plans
1196. Subitem 111(1) operates to provide that the amendments of section 100G of the
Maritime Act made by Part 1 of Schedule 2 to the Bill apply in relation to an offshore
security plan for an offshore industry participant if:
• the industry participant gives the plan to the Secretary under section 100J of that
Act after the commencement of this item; or
• the industry participant gives a copy of the plan to the Secretary under
section 100N of that Act after the commencement of this item; or
173
• the industry participant gives the program to the Secretary in compliance with a
notice that was given under section 100O of that Act after the commencement of
this item.
1197. Subitem 111(2) operates to provide that, despite subitem (1), in determining, for the
purposes of sections 100M, 100O and 100Q of the Maritime Act, whether an offshore
security plan adequately addresses the relevant requirements under Division 4 of Part 5A of
that Act, assume that the amendment of section 100G of that Act made by Part 1 of Schedule
2 to the Bill applies in relation to the plan.
1198. The purpose and effect of Item 111 is to provide for the application of amendments in
relation to offshore security plan for an offshore industry participant.
Item 112 Application--security incidents
1199. Item 112 operates to provide that the amendments of Part 9 of the Maritime Act made
by Part 1 of Schedule 2 to the Bill apply in relation to a security incident that occurs after the
commencement of this item.
1200. The purpose and effect of Item 112 is to provide for the application of amendments in
relation to reporting on security incidents that occur after commencement.
Item 112A Application--requests for further information
1201. Subitem 112A(1) operates to provide that the amendments of section 51 of the
Maritime Act made by Part 1 of Schedule 2 to the Bill apply in relation to a notice given
under subsection 51(5) of that Act after the commencement of this item.
1202. Subitem 112A(2) operates to provide that the amendments of section 52A of the
Maritime Act made by this Part apply in relation to a notice given under subsection 52A(8) of
that Act after the commencement of this item.
1203. Subitem 112A(3) operates to provide that the amendments of section 70 of the
Maritime Act made by this Part apply in relation to a notice given under subsection 70(5) of
that Act after the commencement of this item.
1204. Subitem 112A(4) operates to provide that the amendments of section 71A of the
Maritime Act made by this Part apply in relation to a notice given under subsection 71A(7) of
that Act after the commencement of this item.
1205. Subitem 112A(5) operates to provide that the amendments of section 100K of the
Maritime Act made by this Part apply in relation to a notice given under subsection 100K(5)
of that Act after the commencement of this item.
174
1206. Subitem 112A(6) operates to provide that amendments of section 100LA of the
Maritime Transport Act made by this Part apply in relation to a notice given under subsection
100LA(8) of that Act after the commencement of this item.
1207. The purpose and effect of this item is to provide for the application of amendments in
relation to requests for further information that occur after commencement.
Part 2--Other amendments
Division 1 Amendments
Maritime Transport and Offshore Facilities Security Act 2003
Item 113 Subsection 3(1)
1208. This item amends subsection 3(1) of the Maritime Act to insert "or operational
interference with maritime transport or offshore facilities" after the word "facilities".
1209. Currently, subsection 3(1) provides that the main purpose of the Maritime Act is to
safeguard against unlawful interference with maritime transport or offshore facilities.
1210. The purpose and effect of this amendment is to extend the main purpose of the Act
described in subsection 3(1), to safeguard against operational interference with maritime
transport or offshore facilities.
Item 114 Section 4 (paragraph beginning "This Act establishes")
1211. Section 4 of the Maritime Act contains a simplified overview of that Act. This item
amends the introductory sentence of the simplified overview to add "and operational
interference with maritime transport or offshore facilities" after the word "facilities". This
amendment is consequential to the amendment made by item 113 above.
1212. The effect of this amendment is that the guidance offered to the reader in the
introductory sentence of the simplified overview is that the Maritime Act establishes a
scheme to safeguard against unlawful interference with maritime transport or offshore
facilities and operational interference with maritime transport or offshore facilities.
Item 115 Section 10
1213. This item inserts new definitions in section 10 for "critical maritime industry
participant", "operational interference with maritime transport or offshore facilities" and
"relevant interference".
1214. The term "critical maritime industry participant" is defined to have the meaning given
by section 17CA, the term "operational interference with maritime" is defined to have the
meaning given by section 11A, and the term "relevant interference" has the meaning given by
section 10D.
175
1215. These new definitions act as signposts in the definition section for terms and are
defined or given meaning elsewhere. Section 11A is introduced by item 117 of Part 2 of
Schedule 2 to the Bill; see the clause notes below for that item, and section 10D is introduced
by item 116 of Part 2 of Schedule 2 to the Bill; see the clause notes below for that item.
Item 116 After Division 4A of Part 1
1216. This item inserts new Division 4B in Part 1, which deals with the meaning of the term
"relevant interference" in relation to an asset.
Division 4B Relevant interference
Section 10D Meaning of relevant interference
1217. New subsection 10D(1) gives the meaning for the term "relevant interference" in
relation to an asset, by providing that each of the following is a relevant interference with an
asset:
• interference (whether direct or indirect) with the availability of the asset;
• interference (whether direct or indirect) with the integrity of the asset;
• interference (whether direct or indirect) with the reliability of the asset;
• interference (whether direct or indirect) with the confidentiality of:
o information about the asset; or
o if information is stored in the asset--the information; or
o if the asset is computer data--the computer data.
1218. The purpose and effect of subsection 10D(1) is to specify what types of interference
with an asset is "relevant interference".
1219. New subsection 10D(2) gives the meaning for the term "relevant interference" with
the operation of a maritime industry participant, by providing that each of the following is a
relevant interference with the operation of a maritime industry participant:
• interference (whether direct or indirect) with the availability of the operation of
the industry participant;
• interference (whether direct or indirect) with the integrity of the operation of the
industry participant;
• interference (whether direct or indirect) with the reliability of the operation of
the industry participant;
176
• interference (whether direct or indirect) with the confidentiality of information
relating to the operation of the industry participant.
1220. For instance, the relevant interference of a hazard on an asset could be an extreme
weather event (e.g. severe storm) resulting in ships being unable to safely berth at a port. This
amounts to a 'relevant interference' because the availability of the port's facilities has been
compromised, such that the public does not have access to key supply chains through the
port, or the frequency is unreliable. This would lead to considerable disruption to
interconnected networks that rely on maritime transport, impacting their integrity, reliability
and availability.
1221. The relevant interference of a ransomware attack on the systems of a port facility
operator could impact the availability of the port facilities assets and the confidentiality of the
information held by the port facility operator.
1222. The purpose and effect of subsection 10D(2) is to specify what types of interference
with the operation of a maritime industry participant is "relevant interference".
Item 117 After Division 5 of Part 1
1223. This item introduces a new Division 5A in Part 1 of the Maritime Act to deal with
operational interference with maritime transport and offshore facilities.
Division 5A Operational interference with maritime transport or offshore facilities
Section 11A Meaning of operational interference with maritime transport or offshore
facilities
1224. New section 11A gives meaning for the term "operational interference with maritime
transport or offshore facilities" for the purposes of the Maritime Act.
1225. The effect of subsection 11A(1) is that "operational interference" means committing,
or attempting to commit, an act that results in a relevant interference with the operation of a
maritime industry participant or an act that results in a relevant interference with an asset that
is used in connection with operation of a maritime industry participant; and is owned or
operated by a maritime industry participant.
1226. Section 11A also has the effect that "operational interference" also means the
occurrence of a hazard. This applies in circumstances where the hazard results in a relevant
interference with the operation of a maritime industry participant or in a relevant interference
with an asset that is used in connection with the operation of a maritime industry participant;
and is owned or operated by a maritime industry participant.
1227. The effect of subsection 11A(2) is to make clear that unlawful interference with
maritime transport or offshore facilities is not an "operational interference" and nor is lawful
advocacy, protest, dissent or industrial action.
177
1228. The purpose of section 11A is to make clear which events, actions or omissions are
"operational interference", and which are not.
Item 118 After Division 7A of Part 1
1229. This item introduces a new Division 7AA in Part 1 of the Maritime Act to deal with
critical maritime industry participants.
Division 7AA--Critical maritime industry participants
17CA Minister may declare critical maritime industry participants
1230. Subsections 17CA(1) to (5) deal with declaring specified individual maritime industry
participant as a critical maritime industry participant, and subsections 17CA(6) to (8) deal
with declaring classes of maritime industry participants as critical maritime industry
participants.
1231. New subsection 17CA(1) has the effect of empowering the Minister with a discretion,
exercisable in writing, to declare a specified maritime industry participant as a critical
maritime industry participant for the purposes of the Maritime Act.
1232. New subsection 17CA(2) makes clear that a declaration made under subsection
17CA(1) is not a legislative instrument, which means that such a declaration is not a public
document and, because it is not a legislative instrument it would not be subject to
disallowance and would not be published on the Federal Register of Legislation.
1233. New subsection 17CA(3) has the effect that a declaration made under subsection
17CA(1) cannot be made to specify a class of maritime industry participants.
1234. New subsection 17CA(4) has the effect of limiting the circumstances in which the
Minister can specify a maritime industry participant as a critical maritime industry
participant. In order to lawfully exercise the discretion in relation to a maritime industry
participant, the Minister must be satisfied that the participant is critical to the social or
economic stability or Australia or its people, the defence of Australia, or national security
within the meaning of the Security of Critical Infrastructure Act 2018. The Minister must
also be satisfied that there is a risk, in relation to the particular maritime industry participant,
that may be prejudicial to security within the meaning of the Australian Security Intelligence
Organisation Act 1979.
1235. New subsection 17CA(5) has the effect of making it a requirement that, in exercising
the discretion to make a declaration the Minister must have regard to matters that are
specified in the regulations if any are, and other matters that the Minister considers relevant.
1236. To ensure that the additional regulatory requirements to mitigate against operational
interference only apply to industry participants that, if unable to operate would have a
detrimental impact to Australia's economic and social wellbeing, and the national security or
178
defence. This recognises the critical role that the maritime transport sector plays in
Australia's key supply chain network and economy.
1237. New subsection 17CA(6) has the effect of empowering the Minister with a discretion,
exercisable in writing, to declare a that each individual maritime industry participant in a
class of maritime industry participants is a critical maritime industry participant for the
purposes of the Maritime Act.
1238. New subsection 17CA(6) makes clear that a declaration made under subsection
17CA(6) is a legislative instrument, which means that such a declaration is a public
document, is subject to parliamentary scrutiny and disallowance and must be published on the
Federal Register of Legislation.
1239. Similarly to subsection 17CA(4), new subsection 17CA(7) has the effect of limiting
the circumstances in which the Minister can specify a class of maritime industry participants
as critical maritime industry participants. In order to lawfully exercise the discretion in
relation to a class of maritime industry participants, the Minister must be satisfied that each
maritime industry participant in the class is critical to the social or economic stability or
Australia or its people, the defence of Australia, or national security within the meaning of
the Security of Critical Infrastructure Act 2018. The Minister must also be satisfied that there
is a risk, in relation to each maritime industry participant in the class, that may be prejudicial
to security within the meaning of the Australian Security Intelligence Organisation Act 1979.
1240. For example should there be a shared criteria that critical maritime industry
participants share, it would be more transparent to have a declaration using the shared criteria
as the impetus for the instrument. This could include but is not limited to shared high-risk
activities, unique facilities, significant quantities of throughput etc.
1241. Similarly to subsection 17CA(5), new subsection 17CA(8) has the effect of making it
a requirement that, in exercising the discretion to make a declaration the Minister must have
regard to matters that are specified in the regulations if any are, and other matters that the
Minister considers relevant.
Item 119 After paragraph 33(1)(b)
1242. This item amends subsection 33(1), which permits the Secretary to give security
directions, to add two new paragraphs,(ba) and (bb) to provide for additional circumstances
in which the Secretary can give security directions if circumstances arise that require
additional security measures beyond those otherwise required under the Maritime Act. This
amendment is necessary as a consequence of the amendment made by item 113 of Part 2 of
Schedule 2 to the Bill to permit security directions to be given in relation to threats of
operational interference with maritime transport or offshore facilities.
1243. The effect of new paragraph 33(1)(ba) is that the Secretary may, in writing, direct that
additional security measures be taken or complied with if both a specific threat of operational
interference with maritime transport or offshore facilities is made or exists and the Secretary
179
is satisfied that giving a direction under subsection 33(1) is an appropriate response to the
threat.
1244. The effect of new paragraph 33(1)(bb) is that the Secretary may, in writing, direct that
additional security measures be taken or complied with if there is an change in the nature of
an existing threat of operational interference with maritime transport of offshore facilities and
the Secretary is satisfied that giving a direction under subsection 33(1) is an appropriate
response to the threat.
1245. Paragraphs 33(1)(ba) and (bb) are alternatives to each other and alternatives to
paragraphs 33(1)(a) and (b), inserted by item 18 of Part 1 of Schedule 2 to the Bill.
Item 120 After subsection 38(1A)
1246. This item amends section 38, which deals with when a security direction is in force, to
introduce a new subsection 38(1A) to provide that a security direction made under paragraph
33(1)(ba) must be revoked when the specific threat no longer exists.
1247. This amendment is consistent with, and is intended to mirror, existing subsection
38(1) which provides for when a security direction must be revoked.
1248. The purpose and effect of this amendment is to align with an existing revocation
provision and to provide for when a security direction made under paragraph 33(1)(ba) must
be revoked.
Item 121 Subsection 48(1)
1249. This item contains a technical amendment that is consequential to the amendments
made by item 122 of Part 2 of Schedule 2 to the Bill, which inserts new subsections (2) and
(3) into section 48 of the Maritime Act. Item 121 of Part 2 of Schedule 2 to the Bill will have
effect that existing section 48, concerning the specific matters for which the regulations may
prescribe, is renumbered as subsection 48(1).
Item 122 At the end of section 48
1250. This item adds new subsections (2) and (3) at the end of section 48. New subsection
48(2) deals with the content of maritime security plans, to provide that the regulations may
prescribe matters that relate to safeguarding against operational interference with maritime
transport or offshore facilities, and may prescribe matters that must be dealt with in each
maritime security plan for a critical maritime industry participant.
1251. The purpose and effect of new subsection 48(2) is to introduce a clear power to
prescribe matters in the regulations for safeguarding against operational interference with
maritime transport or offshore facilities. New subsection 48(2) is consistent with, and
expands on, existing section 48, renumbered as subsection 48(1) by item 121 of Part 2 of
Schedule 2 to the Bill, and is a power to prescribe matters in the regulations in relation to
180
maritime security plans for each maritime industry participant or for types of participants or
for classes of participants.
1252. For the avoidance of doubt, new subsection 48(3) provides that new subsection 48(2)
does not limit the operation of subsection 48(1).
Item 123 After subsection 59B(1A)
1253. This item inserts a new subsection 59B(2) to provide for a maritime security plan that
is given to a maritime industry participant under section 59A of the Maritime Act. New
sections 59A and 59B are inserted by item 31 of Part 1 of Schedule 2 to the Bill.
1254. New subsection 59B(2) has the effect that in those circumstances, a maritime security
plan may set out the activities or measures to be undertaken or implemented by the industry
participant under the maritime security plan for the purposes of safeguarding against
operational interference with maritime transport or offshore facilities.
Item 124 Subsection 67(1)
1255. This item contains a technical amendment that is consequential to the amendments
made by item 125 of Part 2 of Schedule 2 to the Bill, which inserts new subsections (2) and
(3) into section 67 of the Maritime Act. Item 124 of Part 2 of Schedule 2 to the Bill will have
effect that existing section 67, concerning the specific matters for which the regulations may
prescribe, is renumbered as subsection 67(1).
Item 125 At the end of section 67
1256. This item adds new subsections (2) and (3) at the end of section 67. New subsection
67(2) deals with the content of ship security plans, to provide that the regulations may
prescribe matters that relate to safeguarding against operational interference with maritime
transport or offshore facilities, and may prescribe matters that must be dealt with in each ship
security plan for a critical maritime industry participant.
1257. The purpose and effect of new subsection 67(2) is to introduce a clear power to
prescribe matters in the regulations for safeguarding against operational interference with
maritime transport or offshore facilities. New subsection 67(2) is consistent with, and
expands on, existing section 67, renumbered as subsection 67(1) by item 124 of Part 2 of
Schedule 2 to the Bill, and is a power to prescribe matters in the regulations in relation to ship
security plans for each maritime industry participant or for types of participants or for classes
of participants.
1258. For the avoidance of doubt, new subsection 67(3) provides that new subsection 67(2)
does not limit the operation of subsection 67(1).
181
Item 126 After 78B(1A)
1259. This item inserts a new subsection 78B(1B) to provide for a ship security plan that is
given to a maritime industry participant under section 78A of the Maritime Act. New sections
78A and 78B are inserted by item 41 of Part 1 of Schedule 2 to the Bill.
1260. New subsection 78B(1B) has the effect that in those circumstances, a ship security
plan may set out the activities or measures to be undertaken or implemented by the
participant under the ship security plan for the purposes of safeguarding against operational
interference with maritime transport or offshore facilities.
Item 129 After subsection 100TB(1A)
1261. This item inserts a new subsection 100TB(1B) to provide for an offshore security plan
that is given to a maritime industry participant under section 100TA of the Maritime Act.
New sections 100TA and 100TB are inserted by item 51 of Part 1 of Schedule 2 to the Bill.
1262. New subsection 100TB(1B) has the effect that in those circumstances, an offshore
security plan may set out the activities or measures to be undertaken or implemented by the
participant under the offshore security plan for the purposes of safeguarding against
operational interference with maritime transport or offshore facilities.
Item 130 Subsection 105(1)
1263. This item amends subsection 105(1) to insert "or safeguarding against operational
interference with maritime transport or offshore facilities" after the word "facilities". This
amendment is required as a consequence of the amendment made by item 113 of Part 2 of
Schedule 2 to the Bill. See the clause notes above for item 113.
1264. Currently, subsection 105(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with maritime transport or offshore facilities,
prescribe requirements in relation to each type of port security zone.
1265. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with maritime
transport and offshore facilities.
Item 131 Subsection 106(2)
1266. This item amends subsection 106(2) to insert "or from operational interference with
maritime transport or offshore facilities" after the word "facilities". This amendment is
required as a consequence of the amendment made by item 113 of Part 2 of Schedule 2 to the
Bill. See the clause notes above for item 113.
1267. Currently, subsection 106(2) provides that the purpose of ship security zones is to
protect ships within those zones from unlawful interference with maritime transport or
offshore facilities.
182
1268. The purpose and effect of this amendment is to extend the purpose such that it is also
the purpose of ship security zones to protect ships within those zones from operational
interference with maritime transport or offshore facilities.
Item 132 Subsection 109(1)
1269. This item amends subsection 109(1) to insert "or safeguarding against operational
interference with maritime transport or offshore facilities" after the word "facilities". This
amendment is required as a consequence of the amendment made by item 113 of Part 2 of
Schedule 2 to the Bill. See the clause notes above for item 113.
1270. Currently, subsection 109(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with maritime transport or offshore facilities,
prescribe requirements in relation to each type of ship security zone.
1271. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with maritime
transport and offshore facilities.
Item 133 Subsection 113(1)
1272. This item amends subsection 113(1) to insert "or safeguarding against operational
interference with maritime transport or offshore facilities" after the word "facilities". This
amendment is required as a consequence of the amendment made by item 113 of Part 2 of
Schedule 2 to the Bill. See the clause notes above for item 113.
1273. Currently, subsection 113(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with maritime transport or offshore facilities,
prescribe requirements in relation to each type of on-board security zone.
1274. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with maritime
transport and offshore facilities.
Item 134 Subsection 113D(1)
1275. This item amends subsection 113D(1) to insert "or safeguarding against operational
interference with maritime transport or offshore facilities" after the word "facilities". This
amendment is required as a consequence of the amendment made by item 113 of Part 2 of
Schedule 2 to the Bill. See the clause notes above for item 113.
1276. Currently, subsection 113D(1) provides that the regulations may, for the purposes of
safeguarding against unlawful interference with maritime transport or offshore facilities,
prescribe requirements in relation to each type of offshore security zone.
183
1277. The purpose and effect of this amendment is to permit regulations to also prescribe
requirements in relation to safeguarding against operational interference with maritime
transport and offshore facilities.
Item 135 Section 182A (before paragraph beginning "Certain")
1278. This item amends the simplified outline for Part 9A introduced by item 90 of Part 1 of
Schedule 2 to the Bill to insert a new introductory paragraph at the beginning of the outline.
1279. The new paragraph provides that critical maritime industry participants will be
required to submit periodic reports. The simplified outline is intended to provide guidance to
the reader and is not intended to be comprehensive in relation to the content of Part 9A.
1280. This amendment is required to cater for the introduction of a requirement for critical
maritime industry participants to submit periodic reports.
Item 136 After section 182A
1281. This item introduces new section 182AA to insert a mandatory requirement for
critical maritime industry participants to submit periodic reports.
Section 182AA Critical maritime industry participants must submit periodic
reports
1282. New section 182AA is the mandatory reporting requirement for the relevant maritime
industry participant, and provides the scope for the application of section 182AA.
New subsection 182AA(1) - Scope
1283. New subsection 182AA(1) provides the scope for application of section 182AA. In
particular, it provides that section 182AA applies if a maritime security plan was or is in
force for a critical maritime industry participant, and an applicable reporting period for the
maritime security plan has ended. The term "applicable reporting period" is defined in new
subsection 182AA(5), see further below.
1284. The effect of subsection 182AA(1) is that the requirements provided for in section
182B will not apply unless the participant is a critical maritime industry participant and the
maritime security plan meets the criteria listed in paragraphs 182AA(1)(a) and (b).
New subsection 182AA(2)-(4) Periodic report
1285. New subsections 182AA(2) to (4) provide the detail for the content of a periodic
report and for the imposition of the civil penalty.
1286. New subsection 182AA(2) sets out the time frame in which a written report in the
approved form is required and the matters that the report must provide details on, including
setting out any matters specified in the regulations and, if there is a board, council or other
184
governing body - a statement from that body detailing the currency of the maritime security
plan and whether the plan adequately addressed the requirements under Division 4 of Part 3
at the end of the applicable reporting period.
1287. The provision also includes a new civil penalty of 150 penalty units for failure to
submit the required report within the timeframe specified, which is 90 days after the
applicable reporting period.
1288. The Guide to Framing Commonwealth Offences was considered when determining
the amount of this penalty. The penalty is a proportionate response based on the infringement,
and is designed to deter non-compliance. A failure to report on a review of a maritime
security plan may result in vulnerabilities in a maritime security plan not being identified,
which represents a risk to maritime transport and offshore facility security.
1289. The penalty value is consistent with other maximum penalties in relation to maritime
security plans. As an example, under section 44 of the Maritime Act if a port operator fails to
comply with their maritime security plan, they can be subject to a maximum penalty of 200
penalty units. Only maritime industry participants that meet the criteria in subsection
182AA(1) can be subject to the penalty, and not all maritime industry participants or the
general public. In the majority of cases maritime industry participants are corporations.
1290. The penalty is appropriate in the circumstances because:
• the offence and its penalty is imposed for the purposes of safeguarding against
unlawful interference with maritime transport and offshore facilities by ensuring
that the currency and adequacy of a maritime security plan, and other specified
matters, is reported on;
• the penalty for this offence is similar to, and does not exceed, others imposed
within the Maritime Act, and is commensurate with the risk to maritime security
that a failure to report on findings of regular reviews of a maritime security plan
report on findings and non-compliance with related requirements poses; and
• this is a reasonable penalty to impose, as it has a necessary element of deterrence
and incentive to comply whilst not being a manifestly excessive penalty.
1291. The purpose and effect of subsection 182AA(2) is to specify a timeframe for
mandatory reporting, and the matters to be included in the reports, for maritime industry
participants and to impose a penalty for non-compliance with the requirement to make a
report.
New subsection 182AA(3)
1292. New subsection 182AA(3) will act a limitation on the content that can be prescribed
in the regulations under new paragraph 182AA(2)(b). It provides that a matter cannot be
prescribed in the regulations in relation to 107AA(2)(b) unless it relates to unlawful
185
interference with maritime transport or offshore facilities, safeguarding against unlawful
interference with maritime transport or offshore facilities, operational interference with
maritime transport or offshore facilities, or safeguarding operational interference with
maritime transport or offshore facilities..
1293. This limitation has the effect of precluding the regulations from prescribing any other
matters for the purposes of the mandatory reporting requirement.
New subsection 182AA(4)
1294. New subsection 182AA(4) will act as a limitation on the use of the information
contained within a periodic report. It provides that the report cannot be used as evidence in
either a criminal proceeding for an offence against the Maritime Act; or in a civil proceeding
in relation to a contravention of a civil penalty provision of the Maritime Act, other than in
relation to section 182AA.
1295. This amendment puts beyond doubt that information provided in their mandatory
reports by a maritime industry participant that was given a maritime security plan that meets
the criteria in subsection 182AA(1) will not be used as evidence in those proceedings. It is
intended to provide reassurance to maritime industry participants, and encourage full
disclosure in making a mandatory report under section 182AA.
New subsections 182AA(5)-(6)Applicable reporting period for a maritime security plan
1296. New subsections 182AA(5) and (6) operate together to provide meaning for the
concept of the "applicable reporting period for a maritime security plan".
1297. The intention is that industry participants should be reporting on the validity of their
program every financial year (12 months).
1298. Further, paragraph 182AA(5)(b) provides that in any other case, the applicable
reporting period is the period when the maritime security plan was in force.
1299. For the avoidance of doubt, new subsection 182AA(6) makes clear that a day that
occurs before section 182AA commences, is not included in an applicable reporting period.
1300. The purpose and effect of these subsections is to provide certainty to maritime
industry participants about when a reporting period does or does not apply in relation to a
maritime security plan, and how often a report must be made.
Item 137 Section 182B (heading)
1301. This item inserts "(other than critical maritime industry participants)" after
"participants" in the heading of section 182B which requires that certain maritime industry
participants must submit periodic reports.
186
1302. The purpose and effect of this amendment is to make clear that the requirements in
section 182B does not apply to critical maritime industry participants.
Item 138 Paragraph 182B(1)(a)
1303. This item inserts "(other than critical maritime industry participants)" after
"participants" in paragraph 182B(1)(a).
1304. The purpose and effect of this amendment is to make clear that the requirements in
paragraph 182B(1)(a) does not apply to critical maritime industry participants.
Item 139 At the end of subsection 182B(3)
1305. This item inserts two new paragraphs into subsection 182B(3) to provide for
additional matters that may be specified in regulations made for the purposes of paragraph
182B(2)(b).
1306. The two new paragraphs 182B(3)(c) and (d) will expand on the limited matters that
can be prescribed in the regulations under new paragraph 182B(2)(b).
1307. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the regulations in relation to 182B(2)(b) unless it relates to unlawful
interference with maritime transport or offshore facilities or safeguarding against unlawful
interference with maritime transport or offshore facilities, operational interference with
maritime transport or offshore facilities, or safeguarding against operational interference with
maritime transport or offshore facilities.
1308. These expanded circumstances have the effect of precluding the regulations
prescribing any other matters for the purposes of the mandatory reporting requirement.
Item 140 At the end of subsection 182C(3)
1309. This item inserts two new paragraphs into subsection 182C(3) to provide for
additional matters that may be specified in regulations made for the purposes of paragraph
182C(2)(b).
1310. The two new paragraphs 182C(3)(c) and (d) will expand on the limited matters that
can be prescribed in the regulations under new paragraph 182C(2)(b).
1311. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the regulations in relation to paragraph 182C(2)(b) unless it relates to unlawful
interference with maritime transport or offshore facilities, safeguarding against unlawful
interference with maritime transport or offshore facilities, operational interference with
maritime transport or offshore facilities, or safeguarding against operational interference with
maritime transport or offshore facilities.
187
Item 143 At the end of subsection 182D(3)
1312. This item inserts two new paragraphs into subsection 182D(3) to provide for
additional matters that may be specified in regulations made for the purposes of paragraph
182D(2)(b).
1313. The two new paragraphs 182D(3)(c) and (d) will expand on the limited matters that
can be prescribed in the regulations under new paragraph 182D(2)(b).
1314. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the regulations in relation to 182D(2)(b) unless it relates to unlawful
interference with maritime transport or offshore facilities or safeguarding against unlawful
interference with maritime transport or offshore facilities , operational interference with
maritime transport or offshore facilities, or safeguarding against operational interference with
maritime transport or offshore facilities.
1315. These expanded circumstances have the effect of precluding the regulations
prescribing any other matters for the purposes of the mandatory reporting requirement.
Item 144 At the end of subsection 182E(4)
1316. This item inserts two new paragraphs into subsection 182E(4) to provide for
additional matters that may be specified in regulations made for the purposes of subparagraph
182E(2)(a)(ii).
1317. The two new paragraphs 182E(4)(c) and (d) will expand on the limited matters that
can be prescribed in the regulations under new subparagraph 182E(2)(a)(ii).
1318. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the regulations in relation to subparagraph 182E(2)(a)(ii) unless it relates to
unlawful interference with maritime transport or offshore facilities, safeguarding against
unlawful interference with maritime transport or offshore facilities, operational interference
with maritime transport or offshore facilities, or safeguarding against operational interference
with maritime transport or offshore facilities.
Item 145 At the end of subsection 182F(4)
1319. This item inserts two new paragraphs into subsection 182F(4) to provide for
additional matters that may be specified in regulations made for the purposes of subparagraph
182F(2)(a)(ii).
1320. The two new paragraphs 182F(4)(c) and (d) will expand on the limited matters that
can be prescribed in the regulations under new subparagraph 182F(2)(a)(ii).
1321. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the regulations in relation to subparagraph 182F(2)(a)(ii) unless it relates to
unlawful interference with maritime transport or offshore facilities, safeguarding against
188
unlawful interference with maritime transport or offshore facilities, operational interference
with maritime transport or offshore facilities, or safeguarding against operational interference
with maritime transport or offshore facilities.
Item 146 At the end of subsection 182G(4)
1322. This item inserts two new paragraphs into subsection 182G(4) to provide for
additional matters that may be specified in regulations made for the purposes of subparagraph
182G(2)(a)(ii).
1323. The two new paragraphs 182G(4)(c) and (d) will expand on the limited matters that
can be prescribed in the regulations under new subparagraph 182G(2)(a)(ii).
1324. The purpose and effect of this amendment is to make clear that a matter cannot be
prescribed in the regulations in relation to subparagraph 182G(2)(a)(ii) unless it relates to
unlawful interference with maritime transport or offshore facilities, safeguarding against
unlawful interference with maritime transport or offshore facilities, operational interference
with maritime transport or offshore facilities, or safeguarding against operational interference
with maritime transport or offshore facilities.
Item 147 Paragraph 189(2)(b)
1325. This item repeals and substitutes paragraph 189(2)(b) to provide for circumstances
where it is necessary to make an enforcement order to safeguard against unlawful
interference with maritime transport or offshore facilities; or safeguard against operational
interference with maritime transport or offshore facilities.
1326. The effect of new paragraph 189(2)(b) is that the circumstances in which the
Secretary may exercise a discretion to make an enforcement order are expanded so that the
Secretary may only make an enforcement order if he or she reasonably believes that the
maritime industry participant named in the enforcement order has contravened the MTOFS
Act, and to safeguard against unlawful interference with maritime transport or offshore
facilities, or safeguard against operational interference with maritime transport or offshore
facilities.
1327. The purpose of new paragraph 189(2)(b) is to expand the circumstances in which the
Secretary may exercise a discretion to make an enforcement order.
Item 148 Subsection 191(2)
1328. This item amends subsection 191(2) to insert "or safeguarding against operational
interference with maritime transport or offshore facilities" after the word "facilities". This
amendment is required as a consequence of the amendment made by item113 of Part 2 of
Schedule 2 to the Bill. See clause notes for item 113 above.
189
1329. Currently, subsection 191(2) operates to provide that the Secretary must revoke the
enforcement order (after reviewing periodically under subsection 191(1)) unless he or she is
satisfied that the order is still needed to safeguard against unlawful interference with
maritime transport or offshore facilities.
1330. The purpose and effect of this amendment is to make it mandatory for the Secretary to
revoke the enforcement order (after reviewing periodically under subsection 191(1)) unless
he or she is satisfied that the order is still needed to safeguard against unlawful interference
with maritime transport or offshore facilities or safeguard against operational interference
with maritime transport or offshore facilities.
Item 149 Paragraph 191(3)(a)
1331. This item amends paragraph 191(3)(a) to insert "or adequately safeguards against
operational interference with maritime transport or offshore facilities" after the word
"facilities". This amendment is required as a consequence of the amendment made by item
113 of Part 2 of Schedule 2 to the Bill. See clause notes for item 113 above.
1332. Currently, paragraph 191(3)(a) operates to provide that the Secretary must not vary
the ship enforcement order (after reviewing periodically under subsection 191(1)) unless he
or she is satisfied that the order as varied adequately safeguards against unlawful interference
with maritime transport or offshore facilities.
1333. The purpose and effect of this amendment is to make clear that the Secretary must not
vary the enforcement order unless he or she is satisfied that the order as varied adequately
safeguards against unlawful interference with maritime transport or offshore facilities or
adequately safeguards against operational interference with maritime transport or offshore
facilities.
Item 150 Paragraph 195(3)(b)
1334. This item repeals and substitutes paragraph 195(3)(b) to provide for circumstances
where it is necessary to make a ship enforcement order to safeguard against unlawful
interference with maritime transport or offshore facilities; or safeguard against operational
interference with maritime transport or offshore facilities.
1335. The effect of new paragraph 195(3)(b) is that the circumstances in which the
Secretary may exercise a discretion to make a ship enforcement order are expanded so that
the Secretary may only make a ship enforcement order if he or she reasonably believes that
the regulated Australian ship named in the ship enforcement order has contravened the
MTOFS Act, and to safeguard against unlawful interference with maritime transport or
offshore facilities, or safeguard against operational interference with maritime transport or
offshore facilities.
1336. The purpose of new paragraph 195(3)(b) is to expand the circumstances in which the
Secretary may exercise a discretion to make a ship enforcement order.
190
Division 2 Application provisions
Item 151 Application--maritime security plans
1337. This item inserts item 151, which is the first of two application provisions for Part 2
of Schedule 2 to the Bill.
1338. Subitem 151(1) operates to provide for three circumstances in which the amendment
of section 48 of the Maritime Act made by Part 2 of Schedule 2 to the Bill applies in relation
to a maritime security plan for a maritime industry participant.
1339. In effect, section 48 as amended applies in circumstances where:
• the industry participant gives the program to the Secretary under section 50 of the
Maritime Act after the commencement of this item; or
• the industry participant gives a copy of the plan to the Secretary under section 54
of the Maritime Act after the commencement of this item; or
• the industry participant gives the plan to the Secretary in compliance with a
notice that was given under section 55 of the Maritime Act after the
commencement of this item.
1340. The purpose of item 151 is to provide both clarity and certainty to maritime industry
participants in relation to the circumstances in which the amendments to the relevant
provisions made in Part 2 of Schedule 2 to the Bill will apply in relation to their maritime
security plan.
Item 152 Application--ship security plans
1341. This item inserts item 152, which is the second of two application provisions for Part
2 of Schedule 2 to the Bill.
1342. Subitem 152(1) operates to provide for three circumstances in which the amendment
of section 67 of the Maritime Act made by Part 2 of Schedule 2 to the Bill applies in relation
to a maritime security plan for a regulated Australian ship.
1343. In effect, section 67 as amended applies in circumstances where:
• the ship operator gives the plan to the Secretary under section 69 of the Maritime
Act after the commencement of this item; or
• the ship operator gives a copy of the plan to the Secretary under section 73 of the
Maritime Act after the commencement of this item; or
191
• the ship operator gives the plan to the Secretary in compliance with a notice that
was given under section 74 of the Maritime Act after the commencement of this
item.
1344. The purpose of item 152 is to provide both clarity and certainty to operators of
regulated Australian ships in relation to the circumstances in which the amendments to the
relevant provisions made in Part 2 of Schedule 2 to the Bill will apply in relation to their ship
security plan.
192
Schedule 3--Amendment of the Security of Critical Infrastructure Act 2018
Part 1--Aviation transport
Security of Critical Infrastructure Act 2018
Item 1 Section 5
1345. This item inserts a new definition.
1346. The term aviation industry participant is defined to have the same meaning as
in the Aviation Transport Security Act 2004.
Item 1A Section 5
1347. This item inserts a new definition.
1348. The term critical aviation asset is defined to mean an asset that:
• is owned or operated by a critical aviation industry participant; and
• is used in connection with the operation of the industry participant in the
industry participant's capacity as an aviation industry participant.
1349. This definition is followed by a guiding note that reminds the reader that the rules
may prescribe that a specified critical aviation asset is not a critical infrastructure asset (see
section 9).
Item 1B Section 5
1350. This item inserts a new definition.
1351. The definition of critical aviation industry participant provides that the term has the
same meaning as in the Aviation Transport Security Act 2004.
1352. These definitions are included to give meaning to the terms used throughout the
Security of Critical Infrastructure Act 2018.
Item 2 Paragraphs 12L(21)(a), (b) and (c)
1353. This item repeals paragraphs 12L(21)(a), (b) and (c) and substitutes a new paragraph
12L(21)(a). Read in conjunction with the other paragraphs in subsection 12L(21), new
paragraph 12L(21)(a) operates to provide that the reference to a critical aviation industry
participant means the critical aviation industry participant referred to in paragraph (a) of the
definition of critical aviation asset in section 5, see the amendment made by item 1 above.
193
Part 2--Maritime transport
Security of Critical Infrastructure Act 2018
Item 3 Section 5
1354. This item amends section 5 of the Security of Critical Infrastructure Act 2018 to insert
new defined terms.
1355. The term critical maritime asset is defined to mean an asset that:
• is owned or operated by a critical maritime industry participant; and
• is used in connection with the operation of the industry participant in the industry
participant's capacity as an maritime industry participant.
1356. This definition is followed by a guiding note that reminds the reader that the rules
may prescribe that a specified critical aviation asset is not a critical infrastructure asset (see
section 9).
1357. The definition of critical maritime industry participant provides that the term has the
same meaning as in the Maritime Transport and Offshore Facilities Security Act 2003.
1358. These definitions are included to give meaning to the terms used throughout the
Security of Critical Infrastructure Act 2018.
Item 4 Section 5 (definition of critical port)
1359. This item amends section 5 to repeal the signpost definition of critical port, which
refers to current section 11. As a consequence of the introduction of the term critical
maritime asset in item 3 above, this definition is no longer required. This is also reflected in
the amendment at item 11 of this Part of Schedule 3, which repeals the substantive definition
of the term critical port.
1360. What was formerly a critical port within this Act is, with the introduction of the
critical maritime asset, an asset that is owned or operated by a critical maritime industry
participant or responsible entity that is a critical maritime industry participant.
Item 5 Section 5
1361. This item amends section 5 to insert a new defined term. The definition of maritime
industry participant provides that the term has the same meaning as in the Maritime
Transport and Offshore Facilities Security Act 2003.
Item 6 Section 5 (definition of operator)
1362. This item repeals the current definition of the term operator, and replaces is with a
new definition for the term. The new definition provides that an operator of an asset means
an entity that operates that asset, or a part of that asset.
194
1363. A note under the new definition clarifies that, for some assets, an operator of the asset
is also the responsible entity for that asset.
Item 7 Paragraph 8E(10)(a)
Item 8 Paragraph 9(1)(dm)
Item 9 Paragraph 9(2)(q)
1364. Items 7, 8 and 9 omit the current term critical port from the paragraph mentioned in
each of the three item titles above, and substitute the new term critical maritime asset (as
defined in amended section 5). These are consequential amendments, reflecting the
amendments by items 3 and 4 of this Part of Schedule 3.
1365. What was formerly a critical port within this Act is, with the introduction of the
critical maritime asset, an asset that is owned or operated by a critical industry participant or
responsible entity that is a critical maritime industry participant.
Item 10 Section 11
1366. This item repeals current section 11, which provides the definition of critical
port.
1367. What was formerly a critical port within this Act is, with the introduction of the
critical maritime asset, an asset that is owned or operated by a critical industry participant or
responsible entity that is a critical maritime industry participant.
Item 11 Subsection 12L(17)
1368. This item repeals current subsection 12L(17) and substitutes a new subsection
12L(17). The effect of this amendment is to establish that, in relation to a critical maritime
asset, the responsible entity for a critical maritime asset is:
• the critical maritime industry participant referred in paragraph (a) of the definition
of critical maritime asset in section 5; or
• if another entity is prescribed by the rules in relation to the critical maritime
asset--that other entity.
195
ATTACHMENT A
Statement of Compatibility with Human Rights
Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011.
Transport Security Amendment (Critical Infrastructure) Bill 2022
The Transport Security Amendment (Critical Infrastructure) Bill 2022 (the Bill) is compatible
with the human rights and freedom recognised or declared in the international instruments
listed in section 3 of Human Rights (Parliamentary Scrutiny) Act 2011.
Overview of the Bill
The Australian Government is committed to protecting the safety, security and resilience of
the aviation and maritime transport sectors. As the threats and risks to Australia's critical
transport infrastructure evolve, so too must our approach to ensuring the ongoing security and
resilience of these sectors.
The main purpose of the Aviation Transport Security Act 2004 (the Aviation Act) and the
Maritime Transport and Offshore Facilities Security Act 2003 (the Maritime Act), is to
establish a regulatory framework to safeguard against unlawful interference with aviation and
maritime transport, and offshore facilities. The purpose of the Transport Security Amendment
(Critical Infrastructure) Bill 2022 (the Bill) is to amend the Aviation Act and the Maritime
Act, to align these Acts with the Australian Government's commitment to protecting
Australia's critical infrastructure.
The amendments will work to ensure that the entities regulated by the Aviation and Maritime
Acts adopt a proactive approach to identifying hazards and minimising or eliminating any
material risk, including in relation to the significant threat posed by cyber and systems
attacks.
As noted above, the main purpose of the Aviation and Maritime Acts relates to safeguarding
against unlawful interference with aviation and maritime transport, and offshore facilities.
The Bill will amend the definition of unlawful interference in both the Aviation and Maritime
Acts. Specifically, the Bill will:
• amend the Aviation and Maritime Acts to expand the definition of unlawful
interference to capture cyber security incidents;
• amend the Aviation Act to expand the definition of unlawful interference to capture
incidents that affect the safe operation of an airport and occur away from the airport in
question;
• amend the Aviation Act to remove a limitation that information needs to be
misleading or false to cause damage;
• amend the Aviation Act to expand the definition of unlawful interference to include
any act committed in relation to an aircraft that puts the aircraft or anyone on the
196
aircraft or anyone outside the aircraft at risk, committing acts or causing damage that
put the safe operations of an aviation industry participant at risk;
• amend the Maritime Act to expand the definition of unlawful interference to capture
attempted acts of unlawful interference and not just those that are successful, bringing
the Maritime Act in line with the Aviation Act; and
• amend the Maritime Act to expand the definition of unlawful interference to include
the protecting ships systems, removing the limitation that information needs to be
false or misleading in order to cause damage.
Certain aviation and maritime industry participants play more significant roles within the
aviation and maritime sectors, and have the potential to more significantly impact Australia's
critical transport infrastructure. In recognition of this, the Bill provides for a power for the
Minister to declare critical industry participants under the Aviation and Maritime Acts, with
additional requirements for those participants that are declared to be critical.
The Bill will also establish an additional purpose, under both the Aviation and Maritime Acts,
of safeguarding against operational interference. This will require critical industry
participants to safeguard against a range of hazards and threats that could impact or interfere
with the availability, integrity, reliability and/or confidentiality of the industry participant's
information, operations or assets. Specifically, the Bill will:
• insert a new purpose, in the Aviation and Maritime Acts, of safeguarding against
operational interference, that will, as an example, have implications for the threats and
risks that industry participants will need to consider for security plans and programs;
and
• expand the existing security direction power in both the Aviation and Maritime Acts
to include the power to make security directions in relation to a specific threat, or a
change in a general threat, of operational interference.
Both the Aviation and Maritime Acts require that an industry participant establish and
maintain a security plan or program, whichever is relevant to the particular type of industry
participant. Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022
(SLACIP Bill) proposes a requirement for responsible entities of specified critical
infrastructure assets to adopt and maintain a "critical infrastructure risk management
program". The Bill is intended to align the aviation and maritime sectors with other critical
infrastructure sectors covered by the SLACIP Bill. The critical infrastructure risk
management programs will require those responsible entities to take an all-hazards approach
when identifying and understanding risks.
The Bill will make a number of changes to the requirements relating to security plans and
programs to ensure they more closely align with the requirements in relation to critical
infrastructure risk management programs. Specifically the Bill will:
197
• amend the Aviation Act to require that security programs include a security
assessment that identifies risks to security and details how those risks will be
mitigated;
• amend the Maritime Act to include a requirement that they address how industry
participants will respond to security incidents;
• amend both the Aviation and Maritimes Acts to include a power that the Secretary
may require an industry participant to regularly review their program or plan; and
• include a requirement in the Aviation and Maritime Acts that certain industry
participants must submit a periodic report on their program or plan.
The Bill will also introduce a framework governing the use and disclosure of protected
information, and related offences. Aviation and maritime security inspectors currently have
powers to conduct oversight of compliance with obligations under the relevant Act and
associated regulations. As an example, these powers enable an inspector to enter, inspect and
make records in a facility that is controlled by an industry participant. Under the Bill, the
powers of aviation and maritime inspectors will be further expanded to enable compliance
activities to be undertaken in relation to the new obligations established by the Bill.
Specifically, the Bill will:
• amend the Maritime Act to introduce powers for security systems testing, including
the power to test a security system using a "test weapon", aligning the Maritime Act
with the Aviation Act;
• amend the Maritime Act to ensure that the powers of maritime security inspectors can
be used to operate equipment that is located on a vehicle or vessel;
• introduce a power into the Aviation and Maritime Acts, to operate and connect a
device to equipment at a location operated by an industry participant for the purpose
of testing the equipment;
• introduce a power into both the Aviation and Maritime Acts that would empower a
security inspector to issue a written notice requiring a participant to produce certain
information, if the inspector has reason to believe that the information would be
necessary to them exercising their powers;
• amend the existing provisions in the Aviation and Maritime Acts that empower
inspectors to request security compliance information that the participant has, to also
empower inspectors to request information that the participant is capable of obtaining;
• introduce a power for inspectors to request specified assistant from an industry
participant or their employee; and
• amend existing provisions in the Aviation and Maritimes Acts, relating to accessing
documents and records, to clarify that it is immaterial whether or not the document or
record is onsite or offsite.
Additionally, in relation to the powers of aviation and maritime security inspectors, the Bill
will introduce the concept of "improvement notices" into both the Aviation and Maritime
Acts. The improvement notice regime will provide for the issuing of notices by security
inspectors to encourage, and where necessary enforce, compliance with the relevant Act.
198
Where a security inspector reasonably believes there has been a contravention - or that a
contravention is likely to occur - they may issue an improvement notice to the industry
participant, requiring them to remedy the contravention or prevent a likely contravention
from occurring.
The Bill will also trigger Part 3 of the Regulatory Powers (Standard Provisions) Act 2014
(the Regulatory Powers Act) that relates to investigation powers, providing a framework for
gathering material that relates to the contravention of offence provisions and civil penalty
provisions. The Bill will also trigger Part 4 of the Regulatory Powers Act, which creates a
framework for the use of civil penalties to enforce civil penalty provisions.
The Aviation and Maritime Acts currently provide for certain decisions to be deemed to be a
decision to refuse if the industry participant fails to provide certain information within a set
timeframe. The Bill will repeal those mandated timeframes, allowing the participant
additional time to provide the required information, and the Secretary with additional time to
consider the issue at hand.
The Security Legislation Amendment (Critical Infrastrucutre) Act 2021 includes mandatory
reporting of cyber security incidents. This will be an important component of continuing to
protect Australia's critical infrastructure. This is equally important in the context of
Australia's critical transport infrastructure and this Bill introduces similar requirements.
While the Aviation and Maritime Acts already include reporting requirements in relation to
aviation and maritime security incidents, the Bill will introduce mandatory reporting
requirements in relation to cyber security incidents. These new reporting requirements will
work alongside the existing reporting requirements for other types of aviation and maritime
security incidents.
Human rights implications
The Bill engages the following rights:
• the right to a fair and public hearing (Article 14 of the International Covenant on
Civil and Political Rights (ICCPR))
• the right to privacy (Article 17 of the ICCPR)
• the right to freedom of expression (Article 19(2) of the ICCPR)
How the Bill engages each of the rights is outlined in detail below.
Right to a fair and public hearing
Article 14 of the ICCPR provides a number of protections relating to justice and a fair
hearing. These rights include that all persons are equal before courts and tribunals and have a
right to a fair and public hearing before a competent, independent and impartial tribunal
established by law. Article 14 also includes the right of protection against self-incrimination
stating that no person shall be 'compelled to testify against himself or confess guilt'.
199
Any limitations to the right of a fair and public hearing under Article 14 are permissible if the
limitations are reasonable, necessary, proportionate and for a legitimate objective.
Both 'aviation industry participant' and 'maritime industry participant', as defined under
section 9 of the Aviation Act and section 10 of the Maritime Act, can include persons and
contractors as well as business operators. To the extent that an aviation or maritime industry
participant is an individual, the rights under Article 14 will be engaged.
Reports and Periodic Reports
The Bill requires aviation and maritime industry participants to submit a 'periodic report', the
frequency and content is based on whether the industry participant is considered critical.
Under proposed 107AA of the Aviation Act and proposed 182AA of the Maritime Act,
critical industry participants will be required to submit periodic reports. Reports are required
for either the whole, or the part, of a financial year in which an industry participant had either
a transport security program (for aviation industry participants) or a maritime security plan
(for maritime industry participants) in force. These timeframe requirements aligns with the
Security Legislation Amendment (Critical Infrastructure) Act 2021. Other industry
participants will be required to submit a periodic report 30 months from the commencement
of their transport security program, security program or maritime security plan (security
program). Industry participants that do not hold a security program or low risk industry
participants that hold a program that is given to them by the Secretary will not be required to
submit a periodic report.
The report will require an industry participant to provide a statement about whether their
security program is up to date and whether the security program adequately addresses their
statutory requirements in relation to unlawful interference and/or operational interference.
The regulations will further prescribe what other matters are to be included in these reports.
If a transport security program or a maritime security plan was, or is, in force for an industry
participant, they may also be required to submit a report to the Secretary in relation to their
Secretary issued security program upon written notice from the Secretary. The content of the
ad hoc reports will address similar requirements to the periodic reports, with the regulations
further prescribing the matters to be included that is appropriate for industry participants who
hold a security program given to them under 26B and 44C of the Aviation Act and 59A, 78A
and 100TA of the Maritime Act, or the relevant regulations.
Proposed subsections 107AA(4), 107B(4), 107C(6), 107D(6), 107E(6), 107F(6) of the
Aviation Act and proposed subsections 182AA(4), 182AB(4), 182B(4), 182C(4), 182D(4),
182E(6), 182F(6), 182G(6) of the Maritime Act provide that the reports are not admissible in
evidence against a person in criminal proceedings for an offence against the Aviation or
Maritime Act, or civil proceedings relating to a contravention of a civil penalty of the
Aviation or Maritime Act, other than in relation to proceedings against the relevant section.
This engages and promotes the right to a fair and public hearing before a court or a tribunal
by ensuring that any report submitted in compliance with these provisions of the Bill can only
200
be used in relation to proceedings relevant to the provision under which it was sought and are
not admissible in evidence in any other proceeding under the Aviation or Maritime Acts.
Internal review
A regime for issuing of improvement notices to industry participants by an aviation or
maritime security inspector will be introduced by the Bill. Under the improvement notices
regime, an industry participant may be directed to take action in relation to a contravention of
the relevant Act. The improvement notice may require the industry participant to remedy a
contravention, prevent a likely contravention from happening or to remedy the thing, or thing
that caused, the contravention.
Under proposed section 126B of the Aviation Act and 201B of the Maritime Act, an eligible
person can apply for an internal review of a decision to issue an improvement notice. Under
proposed section 126(1)(g) of the Aviation Act or section 201(l) of the Maritime Act, internal
review decision are reviewable by the Administrative Appeals Tribunal (AAT). The power to
internally review a decision can only be delegated to SES Band 2 or SES Band 3 officers.
The decisions that may be internally reviewed are outlined in proposed section 126B of the
Aviation Act and section 201B of the Maritime Act, they include:
• the decision to issue improvement notices by an aviation or maritime security
inspector (section 117A of the Aviation Act, and section 187A of the Maritime Act),
• the decision to issue an extension of time for compliance with an improvement notice
(section 117D of the Aviation Act, and section 187D of the Maritime Act), and
• the decision to vary an improvement notice (section 117E of the Aviation Act, and
section 187E of the Maritime Act).
Under proposed subsection 126F(1) of the Aviation Act and proposed subsection 201F(1) of
the Maritime Act, the Secretary may stay the operation of an improvement notice, pending a
decision on an internal review of that notice. A stay will remain in place until the end of the
period of time in which AAT review can be sought, or until an application is made to the
AAT. The purpose of a stay is to allow an industry participant to seek AAT review of the
internal review decision (as per proposed subsection 126(1)(g) of the Aviation Act, and
proposed subsection 201(l) of the Maritime Act).
This engages and promotes the right to a fair and public hearing before a court or a tribunal
by ensuring that industry participants can seek AAT review of an internal decision and that
any action required pursuant to an improvement notice is stayed during that time. This
upholds the industry participants right to review on the merits before a competent,
independent and impartial tribunal established by law, ensuring the industry participants right
to procedural fairness.
Self-incrimination
Article 14(3) provides that in the determination of any criminal charge against them,
everyone is entitled not to be compelled to testify against themselves or to confess guilt.
201
Proposed section 80C of the Aviation Act, and 145BC of the Maritime Act will provide the
aviation or maritime security inspectors with information gathering powers. An aviation or
maritime security inspector may, by written notice given to the person, direct an aviation or
maritime industry participant, or an employee of the aviation or maritime industry participant
to provide information to the inspector. A written notice may be issued where the aviation or
maritime security inspector has reason to believe that the person has, or is capable of
obtaining, information that is reasonably necessary to allow the inspector to exercise powers
conferred on the inspector by the Acts. The written notice can instruct the person to comply
within the period, and in the manner, specified in the notice.
Proposed subsections 80D(1) of the Aviation Act and 145BD(1) of the Maritime Act will
require an individual to comply with a notice under proposed section 80C of the Aviation Act
and section 145BC of the Maritime Act, even if it might incriminate the person in relation to
an offence. However the right to freedom from self-incrimination is not being limited by this
measure, as aviation and maritime security inspectors do not carry out criminal investigations
against persons. Further, there are safeguards in section 80D(2) of the Aviation Act and
section 145BD(2) of the Maritime Act which provide that any information given, the giving
of information, or any information, document or thing obtained as a direct or indirect
consequence of giving the information is not admissible in evidence against the individual in
civil proceedings for the recovery of a penalty or in criminal proceedings, other than
proceedings under sections 137.1 or 137.2 of the Criminal Code Act 1995, which relate to the
giving of information.
Strict Liability Offences
Article 14(2) of the ICCPR provides that everyone charged with a criminal offence shall have
the right to be presumed innocent until proven guilty. Strict liability offences engage and
limit the presumption of innocence because they allow for the imposition of criminal liability
without the prosecution needing to prove fault. There are a number of strict liability
provisions within the Bill. These include:
• proposed subsection 80C(3) of the Aviation Act provides that proposed subsection
80C(2) is an offence of strict liability. Proposed subsection 80C(2) states it is an
offence if a person is given a notice under proposed subsection 80C(1) (information
gathering notice), and the person engages in conduct, and the person's conduct
breaches the notice (Penalty: 45 penalty units).
• proposed subsection 117C(2) of the Aviation Act provides that proposed subsection
117C(1) is an offence of strict liability. Proposed subsection 117C(1) states a person
commits an offence if the person is an aircraft operator, or an airport operator, and the
person is given an improvement notice, and the person engages in conduct, and the
person's conduct breaches the improvement notice (Penalty: 200 penalty units).
• proposed subsection 117C(4) of the Aviation Act provides that proposed subsection
117C(3) is an offence of strict liability. Proposed subsection 117C(3) states a person
commits an offence if the person is an aviation industry participant other than an
aircraft operator, or an airport operator, and the person is given an improvement
202
notice, and the person engages in conduct, and the person's conduct breaches the
improvement notice (Penalty: 100 penalty units).
• proposed subsection 145BC(3) of the Maritime Act provides that proposed subsection
145BC(2) is an offence of strict liability. Proposed subsection 145BC(2) states that a
person commits an offence if the person is given a notice under subsection (1), and
the person engages in conduct, and the person's conduct breaches the notice (Penalty:
45 penalty units).
• proposed subsection 187C(2) of the Maritime Act provides that proposed subsection
187C(1) is an offence of strict liability. Proposed subsection 187C(1) states that a
person commits an offence if the person is a port operator, or a port facility operator,
or the ship operator for a regulated Australian ship, or an offshore facility operator,
and the person is given an improvement notice, and the person engages in conduct,
and the person's conduct breaches the improvement notice (Penalty: 200 penalty
units).
• proposed subsection 187C(4) of the Maritime Act provides that proposed subsection
187C(3) is an offence of strict liability. Proposed subsection 187C(3) states a person
commits an offence if the person is a maritime industry participant other than, a port
operator, or a port facility operator, or the ship operator for a regulated Australian
ship, or an offshore facility operator, and the person is given an improvement notice,
and the person engages in conduct, and the person's conduct breaches the
improvement notice (Penalty: 100 penalty units).
It is reasonable, necessary and proportionate for these offences to be strict liability offences.
For example proposed subsection 80C(1) of the Aviation Act provides that if a person is an
aviation industry participant, or an employee of an aviation industry participant, and an
aviation security inspector has reason to believe that the person has, or is capable of
obtaining, information that is reasonably necessary to allow the inspector to exercise powers
conferred on the inspector by this Act (the Aviation Act), the aviation security inspector may,
by written notice, direct the person to give any information to the aviation security inspector,
and do so within the period, and in the manner, specified in the direction. In line with the
Guide to Framing Commonwealth Offences, Infringement Notices and Enforcement Powers
the strict liability offence is not punishable by imprisonment and has a maximum penalty of
45 penalty units (less than the recommended limit of 60 penalty units). Making the offence
strict liability penalty operates to deter behaviour that would obstruct the activities of an
aviation security inspector and prevent them from obtaining relevant information. It is
appropriate for the offences not to include a fault element to act as a strong deterrent against
engaging in behaviour that hinders or obstructs the exercise of an inspectors powers. The
ability to exercise their powers is necessary to safeguard against unlawful interference in the
aviation and maritime industries and to ensure the integrity of the inspection regime.
It remains incumbent on the prosecution to prove the physical element of each of the offences
beyond reasonable doubt. An accused will always have the defence of honest and reasonable
mistake of fact. If relied upon, this is an evidential burden on the defence to prove, on the
203
balance of probabilities, that the accused had an honest and reasonable mistaken belief of
fact, which, if those facts existed, would not have constituted an offence.
The inclusion of strict liability offences within the Bill followed consultation of the Guide.
This included consideration of the legitimate aim of each proposed subsection to ensure
adherence to the respective notice given, with the penalty being reasonable and proportionate
to that aim. The proposed subsections outlined above are also justified to ensure the integrity
of the Aviation and Maritime regulatory regime, protecting public safety, security and the
economic and social wellbeing of Australia.
Right to privacy
Article 17 of the ICCPR provides that no one shall be subjected to arbitrary or unlawful
interference with his or her privacy, family, home or correspondence, nor to unlawful attacks
on his or her honour or reputation, and that everyone has the right to the protection of the law
against such interference or attacks.
Interferences with privacy may be permissible, provided that they are authorised by law and
not arbitrary. In order for an interference with the right to privacy not to be arbitrary, the
interference must be for a reason consistent with the provisions, aims and objectives of the
ICCPR and be reasonable in the particular circumstances. The United Nations Human Rights
Committee has interpreted 'reasonableness' in this context to mean that 'any interference
with privacy must be proportional to the end sought and be necessary in the circumstances of
any given case'.
The following measures in the Bill engage the right to privacy under Article 17 of the
ICCPR:
• use and disclosure of protected information (new Part 7A of the Aviation Act and new
Part 10A of the Maritime Act);
• the obligation of an industry participant to include, vary or revise their security
assessment as part of their transport security program or maritime security plan or
ship security plan or offshore security plan (amended Part 2, Division 4 of the
Aviation Act and new Part 3, Division 6, amended Part 4, Division 4, and new Part
5A, Division 6 of the Maritime Act);
• the obligation of industry participants to report cyber security incidents (amended Part
6, Division 3 of the Aviation Act and amended Part 9, Division 3 of the Maritime
Act); and
• the obligation of industry participants to provide information to an aviation or
maritime security inspector by written notice (amended Part 5, Division 2 of the
Aviation Act and amended Part 8, Division 2 of the Maritime Act).
204
Use and disclosure of protected information
The information and documents recorded, made or used under the Maritime and Aviation
Acts are protected information and the use and disclosure is closely managed through new
provisions within the Acts. Protected information captured under the Maritime and Aviation
Acts is limited to any information and documents recorded, made or used under the Acts.
This could include, but is not limited to security programs and security plans including
security assessments, security incident reports, cyber security incident reports, periodic and
ad hoc reports, and information requested by aviation and maritime security inspectors by
written notice.
The new provisions enable the authorised use and disclosure of information for the purposes
of exercising or performing functions under the Acts. To the extent that personal information
will be collected under these provisions, and the right to freedom from interference with
privacy under Article 17 engaged, the collection of personal information is limited to names
and contact details of personnel identified in either of the Acts, or associated regulations, as
having key security roles.
The proposed provisions also enable disclosure of information to Ministers within the
Commonwealth or State or Territories who have responsibility for relevant portfolios. The
disclosure of this information is reasonable, necessary and proportionate, as it may provide
critical information to States and Territories in responding to security incidents and
maintaining the ongoing resilience of the aviation and maritime sectors for their jurisdiction.
This acknowledges that the States and Territories, as owners, law enforcement and regulators
of transport critical infrastructure share the responsibility with the Commonwealth
Government to manage national security risks.
The Secretary may also disclose protected information to an enforcement body for the
purposes of one or more enforcement related activities conducted by or on behalf of the
enforcement body. These new provisions also provides criminal penalties to deter the
disclosure of protected information (Sections 112E of the Aviation Act and 185G of the
Maritime Act).
'Protected information' is defined in the Bill as information obtained by a person in the
course of powers, duties or functions under legislation; security compliance information;
aviation security information; or, if a transport security program is in place, information
about that program; or if a maritime security plan, ship security plan or offshore security plan
is in force, the content of that plan.
Any limitation on the right to privacy is no more restrictive than necessary, as the use and
disclosure of information recorded, made or used under the Maritime and Aviation Acts will
be restricted to purposes authorised under the Acts. It is a criminal offence to use or disclose
protected information other than as authorised under Part 7A, Division 2 of the Aviation Act,
and Part 10A, Division 2 of the Maritime Act.
205
Security assessment
The purpose of the security assessment is to identify the risks to security and require the
aviation or maritime industry participant to address or mitigate those risks within the
program. In addition to the Secretary's power to require an aviation or maritime industry
participant to vary or revise their program, new powers will be introduced into the Aviation
and Maritime Acts to require industry participants to regularly review their own security
program.
Regulated air cargo agents, accredited air cargo agents and known consignors may also be
required to conduct a security assessment as part of their security program.
The information collected under these provisions may include limited personal information.
The purpose of collecting this information is related to ensuring industry compliance with the
Aviation and Maritime Acts, and is generally not engaged in regulating the activities of
individuals. The information gathering power is a permissible limitation to the right of
privacy, as the information gathered will be protected information and the use and disclosure
will be restricted in line with provisions at Part 7A, Division 2 of the Aviation Act and Part
10A, Division 2 of the Maritime Act. The two divisions enable disclosure by the Secretary to
a Minister of the Commonwealth or of a State or Territory who has responsibility for such
areas as national security, law enforcement, defence, immigration or emergency management.
Part 7A, Division 3 of the Aviation Act and Part 10A, Division 3 of the Maritime Act
provides criminal penalties to deter the disclosure of protected information.
To the extent that privacy is limited through the collection and disclosure of personal
information, the limitation is reasonable, necessary and proportionate to achieve the
legitimate objective of protecting national security, public order and the rights and freedoms
of others.
Cyber Security Incident
To the extent that personal information may be included in a Cyber Security Incident
notification, this measure may engage the right to privacy under Article 17 of the ICCPR.
The Bill will impose obligations on industry participants to give and notify of cyber security
incidents to the Secretary and the Australian Signals Directorate. The information to be
provided by the industry participant will be a high level report of the incident within a
specified period to the Secretary. Part 6, Division 3 of the Aviation Act and Part 9, Division 3
of the Maritime Act provides civil penalties can be issued for failure to report a cyber security
incident. Information gathered in relation to cyber security incidents are captured within the
protected information provisions at Part 7A, Division 2 of the Aviation Act and Part 10A,
Division 2 of the Maritime Act.
Any personal information included in the Cyber Security Incident will be incidental to the
report that is made, and will only be in relation to the incident itself. To the extent this limits
the right to privacy, the limitation is reasonable, necessary and proportionate to allow the
Secretary and the Australian Signals Directorate to appropriately respond to a Cyber Security
206
Incident. This limited engagement of the right to privacy is to allow for either the Secretary
or the Australian Signals Directorate to contact impacted businesses and individuals who may
have information about the Cyber Security Incident. Generally this information can include
the reporting officer's name and contact details and any relevant individuals who will have
information relevant for reporting or responding to the Cyber Security Incident.
To the extent that privacy is limited through the collection and disclosure of personal
information, the limitation is reasonable, necessary and proportionate to achieve the
legitimate objective of protecting national security, public order and the rights and freedoms
of others.
Power to obtain information or documents
Proposed new section 80C of the Aviation Act and section 145BC of the Maritime Act
empower aviation and maritime security inspectors to require an industry participant, via a
notice, to give certain information to allow the inspector to exercise powers conferred by the
Acts.
The information gathering power is limited to obtaining information or documents that are
reasonably necessary to allow the inspector to exercise powers conferred on the inspector
under Division 2 of Part 5 of the Aviation Act and Division 1 of Part 8 of the Maritime Act.
Any personal information collected is incidental to the key objective of developing a more
detailed understanding of possible failure to comply with measures in set out within the Acts.
The measures outlined within the Bill will be limited to:
• safeguard against unlawful interference, or
• safeguard against operational interference.
The information gathering power will engage the right to privacy in Article 17 of the ICCPR.
However it is a permissible limitation as any engagement will be incidental to ensuring
compliance with the Aviation and Maritime Acts and adequate safeguards exist to prevent
unauthorised disclosure. Proposed sections 112A, 112B, 112C, 112CA and 112D of the
Aviation Act outline the circumstances in which protected information can be disclosed,
while section 112E, subject to section 112F, makes it an offence to use or disclose protected
information in a manner not authorised by the Aviation Act. Similarly, proposed sections
185B, 185C, 185D, 185E and 185F of the Maritime Act outline the circumstance sin which
protected information can be disclosed, while section 185G, subject to exceptions in section
185H, make it an offence to use of disclose protected information in a manner not authorised
by the Maritime Act.
Right to freedom of expression
Article 19 of the ICCPR provides that all persons have the right to hold opinions without
interference, and the right to freedom of expression. This includes the right to freedom to
seek, receive and impart information and ideas of all kinds, regardless of frontiers, either
207
orally, in writing or in print, in the form of art, or through any other media of his or her
choice.
Obligations on aviation and maritime industry participants to safeguard against operational
interference exclude actions which include lawful advocacy, protest, dissent or industrial
action from the definition of 'operational interference with aviation' (section 10AA(2)(b) of
the Aviation Act ) and operational interference with maritime transport or offshore facilities
(section 11A(2)(b) of the Maritime Act). To the extent that these activities are not included in
those definitions, the right to freedom of expression under Article 19 of the ICCPR is not
limited by the measures.
Part 7A and Part 10A of the Bill include offences for unauthorised use or disclosure of
protected information, subject to listed exceptions. An effect of these offences would be to
limit a person's right to communicate certain information. The information will include:
• Information obtained in the course of exercising powers conferred by the Acts, or
• Security compliance information, or
• Aviation security information, or
• The contents of an industry participant's security program.
To the extent that an individual is unable to communicate this information, the right to
freedom of expression in Article 19(2) of the ICCPR is limited. These provisions are
reasonable, necessary and proportionate to achieve the protection of security sensitive and
commercial in confidence information. It is reasonable and proportionate, as 'protected
information' is limited to information obtained in the course of powers, duties or functions
under legislation, security compliance information, aviation security information and the
content of transport security information, and the inclusion of exceptions permitting use or
disclosure where required or authorised by law; made in good faith and purported compliance
with the relevant Act; or is to a person to whom the information relates, or in accordance with
that person's consent, ensures that the information can be communicated where necessary.
Conclusion
The Bill is compatible with Human Rights. To the extent that provisions in the Bill engage
with human rights, any limitation on those rights are reasonable, necessary and proportionate
in achieving the legitimate objective of protecting the safety, security and resilience of the
aviation and maritime transport sectors.
208