Critical Infrastructure Protection Act, 2019 (Act No. 8 of 2019)

Chapter 5 : Offences and Penalties

26. Offences and penalties

Purchase cart Previous page Return to chapter overview Next page

 

(1) Any person who unlawfully—
(a) furnishes, disseminates or publishes in any manner whatsoever information relating to the security measures applicable at or in respect of a critical infrastructure other than in accordance with the Protected Disclosures Act, 2000 (Act No. 26 of 2000), the Prevention and Combating of Corrupt Activities Act, 2004 (Act No. 12 of 2004) or any other Act of Parliament that provides for the lawful disclosure of information;
(b) takes or records, or causes to take or record, an analog or digital photographic image, video or film of the security measures at a critical infrastructure;
(c) hinders, obstructs or disobeys a person in control of a critical infrastructure in taking any steps required or ordered in terms of this Act in relation to the security of any critical infrastructure;
(d) hinders, obstructs or disobeys any person while performing a function or in doing anything required to be done in terms of this Act;
(e) enters or gains access to critical infrastructure without the consent of the security manager or person in control of that critical infrastructure;
(f) enters or gains access to critical infrastructure in contravention of the notice contemplated in section 24(8) or 25(8);
(g) damages, endangers or disrupts a critical infrastructure or threatens the safety or security at a critical infrastructure or part thereof;
(h) threatens to damage critical infrastructure; or
(i) colludes with or assists another person in the commission, performance or carrying out of an activity referred to in paragraphs (a) to (h), commits an offence and is, subject to subsection (3) and (4), liable on conviction to a fine or to imprisonment for a period not exceeding three years, or to both a fine and imprisonment.

 

(2) For purposes of subsection (1)(a) and subsection (1)(b), ‘‘security measures’’ means those security measures at critical infrastructure that are not clearly visible to the public or in the public domain.

 

(3) If the evidence on a charge for any offence in subsection (1)(a) to (i) proves that the activity referred to was carried out with the intention to cause damage or substantial harm to critical infrastructure, a court may, in the case of critical infrastructure categorised as—
(a) low-risk, impose a fine or imprisonment for a period not exceeding three years or both a fine and imprisonment;
(b) medium-risk, impose a fine or imprisonment for a period not exceeding five years, or both a fine and imprisonment; or
(c)high-risk, impose a fine or imprisonment for a period not exceeding seven years, or both a fine and imprisonment.

 

(4) If the evidence on a charge for any offence in subsection (1)(a) to (i) proves that the activity referred to in fact caused damage, substantial harm or loss of property to the critical infrastructure in question, the court may in the case of critical infrastructure categorised as—
(a) low-risk, impose a fine or imprisonment for a period not exceeding 10 years, or both a fine and imprisonment;
(b) medium-risk, impose a fine or imprisonment for a period not exceeding 15 years, or both a fine and imprisonment;
(c) high-risk, impose a fine or imprisonment for a period not exceeding 20 years, or both a fine and imprisonment.

 

(5) Any person in control of a critical infrastructure who—
(a) knowingly furnishes false or incorrect information on an application for declaration as critical infrastructure;
(b) refuses or fails to comply with a notice issued in terms of section 11(3) or 11(4);
(c) refuses or fails to take the steps specified in the notice contemplated in section 20(2);
(d) refuses or fails to take the steps specified in the notice contemplated in section 20(2) within the period specified in the notice;
(e) refuses or fails to comply with section 24(8) in circumstances where compliance would not severely threaten the security at the critical infrastructure concerned; or
(f) refuses or fails to comply with section 25(8), commits an offence and is liable on conviction to a fine or to imprisonment for a period not exceeding five years, or to both a fine and imprisonment or, in the case of a corporate body as contemplated in section 332 of the Criminal Procedure Act, 1977 (Act No. 51 of 1977), a fine not exceeding R10 million.

 

(6) Whenever a court convicts any person of an offence in terms of this Act where damage to or loss of property related to a critical infrastructure was caused, the prosecutor must direct the attention of the person in control of that critical infrastructure to the provisions of section 300 of the Criminal Procedure Act, 1977 (Act No. 51 of 1977), and inform the court accordingly.