[13 March 2022] The President has proclaimed the commencement of certain sections of the Act, determining 30 April 2022 as the date on which sections 1, 2, 3, 4, 5, 6, 7(1)(b), 7(3), 7(4), 7(5), 8, 9(1), 9(2), 12, 14(5), 14(6), 14(7), 15 and sections 27(1), 27(5), 27(7) and 27(8) will come into force.

Proclamation of commencement of specified sections of the Critical Infrastructure Protection Act 2019


Critical Infrastructure Protection Act 8 of 2019


[15 November 2017] The deadline for submissions on the Critical Infrastructure Protection Bill has been extended to 24 November 2017.


[5 November 2017] The Portfolio Committee on Police will undertake a clause-by-clause vote on the Critical Infrastructure Protection Bill [B22-2017] on 30 November 2017 and intends to vote on its adoption on 1 December 2017.


[23 September 2017] The Minister of Police published a revised draft Critical Infrastructure Protection Bill with accompanying explanatory memorandum on 18 September 2017, stating his intention to introduce the Bill into Parliament for consideration. A previous version was approved by Cabinet in March 2016 and made available for public comment thereafter.__

Critical Infrastructure Protection Bill (September 2017)

Explanatory Memorandum Critical Infrastructure Protection Bill 2017

The Bill makes specific provision for “information and communication technology infrastructure”, defined broadly to mean any data, computer data storage medium, computer device, database, computer network, electronic communications network, electronic communications infrastructure or any part thereof or any facility or equipment associated therewith”.

In terms of the Bill the Minister will have the power to declare any infrastructure as “critical infrastructure” on receipt of an application by the National Commissioner of Police or the person in control of the infrastructure. The Minister can also declare that infrastructure is part of a “critical infrastructure complex”.

Factors to be considered when deciding on a declaration as “critical infrastructure” include:

  • whether the loss, damage, disruption or immobilisation of the infrastructure may prejudice significant economic operations; or the public interest with regard to safety and the maintenance of law and order; or the provision of goods or services essential for the daily operations, economic activity, livelihood or well-being of the public; or national security.
  • Any prescribed guidelines for identification of “critical infrastructure”.
  • Recommendations of a Critical Infrastructure Council to be formed.

With regard to “information and communications infrastructure” as contemplated in the Cybercrimes and Cybersecurity Bill 2017, this Bill provides that the Minister must consult with the Minister of State Security before infrastructure, which “partly consists of, incorporates or houses any information and communications infrastructure” is declared to be “critical infrastructure’.

The Minister of State Security will be required to decide whether the infrastructure in question should be dealt with under the Cybercrimes and Cybersecurity Act. If he or she decides it should not, then the question of whether to declare as “critical infrastructure” would be decided under the Critical Infrastructure Protection Act.