Page:Cybersecurity Act 2018.pdf/16

Rh Power to obtain information to ascertain if computer, etc., fulfils criteria of critical information infrastructure

8.—(1) This section applies where the Commissioner has reason to believe that a computer or computer system may fulfil the criteria of a critical information infrastructure.

(2) The Commissioner may, by notice given in the prescribed form and manner, require any person who appears to be exercising control over the computer or computer system, to provide to the Commissioner, within a reasonable period specified in the notice, such relevant information relating to that computer or computer system as may be required by the Commissioner for the purpose of ascertaining whether the computer or computer system fulfils the criteria of a critical information infrastructure.

(3) Without affecting the generality of subsection (2), the Commissioner may in the notice require the person who appears to be exercising control over the computer or computer system to provide—
 * (a) information relating to—
 * (i) the function that the computer or computer system is employed to serve; and
 * (ii) the person or persons who is or are, or other computer or computer systems that is or are, served by that computer or computer system;
 * (b) information relating to the design of the computer or computer system; and
 * (c) such other information as the Commissioner may require in order to ascertain whether the computer or computer system fulfils the criteria of a critical information infrastructure.

(4) Any person who, without reasonable excuse, fails to comply with a notice issued under subsection (2) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $100,000 or to imprisonment for a term not exceeding 2 years or to both and, in the case of a continuing offence, to a further fine not exceeding $5,000 for