Commonwealth Consolidated Acts Commonwealth Consolidated Acts(1) The Secretary may, by written notice given to an entity that is the responsible entity for a system of national significance, determine that the statutory incident response planning obligations apply to the entity in relation to:
(a) the system; and
(b) cyber security incidents.
(2) A determination under this section takes effect at the time specified in the determination.
(3) The specified time must not be earlier than the end of the 30 - day period that began when the notice was given.
(4) In deciding whether to give a notice to an entity under this section in relation to a system of national significance, the Secretary must have regard to:
(a) the costs that are likely to be incurred by the entity in complying with Subdivision B; and
(b) the reasonableness and proportionality of applying the statutory incident response planning obligations to the entity in relation to:
(i) the system; and
(ii) cyber security incidents; and
(c) such other matters (if any) as the Secretary considers relevant.
(5) Before giving a notice to an entity under this section in relation to a system of national significance, the Secretary must consult:
(a) the entity; and
(b) if there is a relevant Commonwealth regulator that has functions relating to the security of that system--the relevant Commonwealth regulator.
(6) A determination under this section is not a legislative instrument.