On 28 November 2019 the President of the Republic assented to the Critical Infrastructure Protection Act, 2019 (“the CIP Act”). The CIP Act recognises that certain infrastructure is critical for public safety, national security and the continuous provision of basic public services. As such, the CIP Act stipulates that adequate measures should be identified and put in place to protect and secure critical infrastructure.
The CIP Act provides that infrastructure is considered critical infrastructure if:
- the functioning of such infrastructure is essential for the economy, national security, public safety and the continuous provision of basic public services; and
- the loss, damage, disruption or immobilisation of such infrastructure may severely prejudice the functioning or stability of the Republic, the public interest with regard to safety and the maintenance of law and order and national security.
The CIP Act repeals and replaces the National Key Points Act, 1980. Any National Key Point or National Key Point Complex declared under the National Key Points Act must be deemed to be a critical infrastructure until the Minister of Police has decided whether or not to declare it as a critical infrastructure in terms of the CIP Act, which must be done within a period of 60 days after coming into operation of the CIP Act (which will be end of January 2020).
The CIP Act establishes a Critical Infrastructure Council whose responsibilities include considering and making recommendations in respect of applications to be designated as critical infrastructure, approving various guidelines, and reporting to the Minister of Police in respect of all matters relating to the CIP Act. The Minister of Police in turn must then on a bi-annual basis table a report in Parliament on the activities of the Critical Infrastructure Council.
The CIP Act further provides that the National Commissioner of the South African Police Service attend to the administration of the Act. The CIP Act allows the National Commissioner to appoint police officials as inspectors who have the authority to conduct inspections at critical infrastructure to ensure compliance with the Act.
A person in control of infrastructure can apply to have such infrastructure designated as critical infrastructure. Once designated as critical infrastructure, the owner thereof is required to, amongst other things, secure the critical infrastructure, as prescribed, at its own expense, appoint an employee as a security manager of the critical infrastructure, and notify persons who enter the premises that such infrastructure is critical infrastructure. Should an owner fail to secure the critical infrastructure the Minister of Police may order the owner to do so, failing which the Minister of Police may take steps to secure the critical infrastructure itself and recover any costs in doing so from the owner.
Furthermore, any person who commits an offence in terms of the CIP Act is liable on conviction to a fine or imprisonment not exceeding 3 to 20 years, or both, depending on the offence.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.