The Minister may require a reporting entity for, or an operator of, a critical infrastructure asset to do, or refrain from doing, an act or thing, if the Minister is satisfied that there is a risk of an act or omission that would be prejudicial to security.

The Minister may give the direction only if particular criteria are met and certain consultation has been undertaken.