Critical Infrastructure Protection Act, 2019 (Act No. 8 of 2019)RegulationsInterim Critical Infrastructure Protection Regulations, 202212. Functions of the Critical Infrastructure Protection Regulator |
(1) | The Regulator is responsible for support to the National Commissioner in the performance of functions assigned to him or her in terms of the Act, and more specifically to: |
(a) | maintain the administrative systems and procedures necessary for the implementation and enforcement of the Act; |
(b) | support the National Commissioner in the administration of the Act; and |
(c) | effect cooperation between the South African Police Service, other organs of state and the private sector insofar as it relates to the protection of critical infrastructure. |
(2) | Unless otherwise provided for in these regulations, the Regulator must develop uniform standards, guidelines and protocols for submission to the National Commissioner. |
(3) | The uniform standards, guidelines and protocols referred to in subregulation (2) must include— |
(a) | the manner in which— |
(i) | infrastructure may be identified, categorised and declared critical infrastructure to supplement any regulations made in terms of the Act; |
(ii) | any physical security assessment of critical infrastructure and potential critical infrastructure is conducted and coordinated between officials of the Regulator and officials from any other government department, including the State Security Agency and the National Disaster Management Centre; |
(iii) | information which may be relevant to critical infrastructure protection is shared between the relevant stakeholders; or |
(iv) | any committee or forum referred to in the Act or these regulations must function and report; and |
(b) | structures and mechanisms to facilitate coordination in, and management of, the protection of critical infrastructure. |
(4) | Subject to subregulation (5) and (6), the Regulator must develop uniform standards, guidelines and protocols referred to in subregulation (3)(a)(i) to (iii), after consultation with government departments in the Justice, Crime Prevention and Security Cluster, other relevant government departments, the National Intelligence Co-ordinating Committee or any other person or entity that has an interest in the protection of critical infrastructure. |
(5) | Where any uniform standard, guideline or protocol is of a purely internal administrative nature, the Regulator may dispense with the consultation process contemplated in subregulation (2). |
(6) | Where any uniform standard, guideline or protocol requires to be classified in accordance with the Minimum Information Security Standards, the Head of the Regulator may restrict the consultation to persons or officials in other departments who has the relevant security clearance. |