Section 30EB - Security of Critical Infrastructure Act 2018 - Responsible entity’s obligation to protect critical telecommunications assets

30EBResponsible entity’s obligation to protect critical telecommunications assets

Start here

Get a plain-English read of 30EB

Turn the raw legal text into a practical explanation grounded in Security of Critical Infrastructure Act 2018.

#### 30EB Responsible entity’s obligation to protect critical telecommunications assets (1) This section applies to a critical telecommunications asset that is prescribed by the rules for the purposes of this subsection. > Note: For specification by class, see subsection 13(3) of the Legislation Act 2003. (2) For the purposes of security and the protection of a critical telecommunications asset from any hazard where there is a material risk that the occurrence of the hazard could have a relevant impact on the asset, the responsible entity for the asset must, so far as it is reasonably practicable to do so, protect the asset to ensure: (a) the confidentiality of communications (as defined in the Telecommunications Act 1997) carried on, and of information contained on, the asset; and (b) the availability and integrity of the asset. > Note: Security has the same meaning as in the Australian Security Intelligence Organisation Act 1979: see the definition of security in section 5 of this Act. Civil penalty: 1,500 penalty units. (3) Without limiting subsection (2), the responsible entity’s obligation under that subsection in respect of the critical telecommunications asset includes complying with the following: (a) any requirements that apply to the entity and the asset under Part 2A (critical infrastructure risk management programs); (b) the requirement to maintain competent supervision of, and effective control over, the asset; (c) any other requirements prescribed by the rules for the purposes of this paragraph. (4) An entity is not liable to an action or other proceeding for damages for or in relation to an act done or omitted in good faith in performance of the obligation imposed by subsection (2). (5) An officer, employee or agent of an entity is not liable to an action or other proceeding for damages for or in relation to an act done or omitted in good faith in connection with an act done or omitted by the entity as mentioned in subsection (4).