Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (33 of 2022)

Schedule 1   Amendments

Security of Critical Infrastructure Act 2018

63   At the end of subsection 35BB

Add:

(6) If:

(a) an entity is or was subject to a requirement under subsection (1); and

(b) the entity is or was a member of a related company group;

then:

(c) another member of the related company group is not liable to an action or other proceeding for damages for or in relation to an act done or omitted in good faith for the purposes of ensuring or facilitating compliance with the requirement; and

(d) an officer, employee or agent of another member of the related company group is not liable to an action or other proceeding for damages for or in relation to an act done or omitted in good faith for the purposes of ensuring or facilitating compliance with the requirement.

(7) If:

(a) an entity (the first entity ) is or was subject to a requirement under subsection (1); and

(b) another entity (the contracted service provider ) is or was:

(i) a party to a contract with the first entity; and

(ii) responsible under the contract for the provision of services to the first entity;

then:

(c) the contracted service provider is not liable to an action or other proceeding for damages for or in relation to an act done or omitted in good faith for the purposes of ensuring or facilitating compliance with the requirement; and

(d) an officer, employee or agent of the contracted service provider is not liable to an action or other proceeding for damages for or in relation to an act done or omitted in good faith for the purposes of ensuring or facilitating compliance with the requirement.