Page:Cybersecurity Act 2018.pdf/15

16 : system, nor the ability or right to carry out changes to the computer or computer system; and


 * (b) another person has effective control over the operations of the computer or computer system and the ability and right to carry out changes to the computer or computer system.

(5) If the Commissioner is satisfied that the conditions mentioned in subsection (4)(a) and (b) are met, the Commissioner may amend the notice issued to the person under subsection (1), and address and send that amended notice to the person mentioned in subsection (4)(b).

(6) During the period when a notice amended under subsection (5) is in effect, the provisions of this Part apply to the person mentioned in subsection (4)(b) as if every reference to the owner of a critical information infrastructure is a reference to the person mentioned in subsection (4)(b).

(7) Where—
 * (a) a notice issued under this section and amended under subsection (5) is addressed and sent to the person mentioned in subsection (4)(b); and
 * (b) the person mentioned in subsection (4)(b) then ceases to have the control, ability and right mentioned in that provision,

the owner of the critical information infrastructure must notify the Commissioner of this without delay.

(8) Where a critical information infrastructure is owned by the Government and operated by a Ministry, the Permanent Secretary allocated to the Ministry who has responsibility for the critical information infrastructure is treated as the owner of the critical information infrastructure for the purposes of this Act.

(9) A notice issued under this section need not be published in the Gazette.