AusCheck Legislation Amendment (Critical Infrastructure Background Check) Regulations 2023
I, General the Honourable David Hurley AC DSC (Retd), Governor‑General of the Commonwealth of Australia, acting with the advice of the Federal Executive Council, make the following regulations.
Dated 16 February 2023
David Hurley
Governor‑General
By His Excellency’s Command
Clare O’Neil
Minister for Home Affairs
Contents
1 Name
2 Commencement
3 Authority
4 Schedules
Schedule 1—Amendments
AusCheck Regulations 2017
This instrument is the AusCheck Legislation Amendment (Critical Infrastructure Background Check) Regulations 2023.
(1) Each provision of this instrument specified in column 1 of the table commences, or is taken to have commenced, in accordance with column 2 of the table. Any other statement in column 2 has effect according to its terms.
Commencement information | ||
Column 1 | Column 2 | Column 3 |
Provisions | Commencement | Date/Details |
1. The whole of this instrument | The day after this instrument is registered. | 17 February 2023 |
Note: This table relates only to the provisions of this instrument as originally made. It will not be amended to deal with any later amendments of this instrument.
(2) Any information in column 3 of the table is not part of this instrument. Information may be inserted in this column, or information in it may be edited, in any published version of this instrument.
This instrument is made under the AusCheck Act 2007.
Each instrument that is specified in a Schedule to this instrument is amended or repealed as set out in the applicable items in the Schedule concerned, and any other item in a Schedule to this instrument has effect according to its terms.
AusCheck Regulations 2017
1 Section 4 (after paragraph (b) of the note to the heading)
Insert:
(ba) critical infrastructure risk management program;
2 Section 4 (paragraph (c) of the definitions of Category A identification document, Category B identification document and Category C identification document)
After “an MNE accreditation”, insert “, or for an individual for whom a CIRMP permits a background check”.
3 Section 4 (definition of Category D identification document)
After “an MNE accreditation,”, insert “or for an individual for whom a CIRMP permits a background check,”.
4 Section 4
Insert:
CIRMP is short for critical infrastructure risk management program.
CIRMP criminal record: an individual has a CIRMP criminal record if the individual has been:
(a) convicted of a CIRMP level 1 offence; or
(b) convicted of a CIRMP level 2 offence and sentenced to any term of imprisonment for the offence.
CIRMP level 1 offence means a CIRMP‑security‑relevant offence mentioned in an item in the table in clause 1 of Schedule 2.
CIRMP level 2 offence means a CIRMP‑security‑relevant offence mentioned in an item in the table in clause 2 of Schedule 2.
CIRMP‑security‑relevant offence means an offence mentioned in an item in a table in Schedule 2 against a law of the Commonwealth, a State or a Territory.
5 Section 4 (definition of conviction)
After “an MNE accreditation”, insert “or of an individual for whom a CIRMP permits a background check,”.
6 Section 4
Insert:
critical infrastructure asset has the same meaning as in the Security of Critical Infrastructure Act 2018.
7 Section 4 (paragraph (d) of the definition of identification document)
After “an MNE accreditation”, insert “, or for an individual for whom a CIRMP permits a background check”.
8 Section 4
Insert:
responsible entity has the same meaning as in the Security of Critical Infrastructure Act 2018.
9 Section 4 (definition of verifying person)
Repeal the definition, substitute:
verifying person, for an identity verification check of an individual, means:
(a) if the identity verification check is in connection with MNE accreditation in relation to a major national event:
(i) AusCheck; or
(ii) the organising body for the major national event; or
(iii) a person acting on behalf of AusCheck or the organising body; or
(b) if the identity verification check is permitted under a CIRMP:
(i) AusCheck; or
(ii) the responsible entity in relation to whom the CIRMP applies; or
(iii) a person acting on behalf of AusCheck or the responsible entity.
10 Paragraph 5(1)(d)
Omit “or 3”, substitute “, 3 or 3AAB”.
11 After paragraph 5(1)(ia)
Insert:
(iab) if the individual is, or is to be, employed, and the application relates to a background check of the individual permitted under a CIRMP:
(i) the name and business address of the responsible entity in relation to whom the CIRMP applies; and
(ii) details of the capacity in which the individual is, or is to be, employed; and
(iii) if the individual is, or is to be, employed by an entity other than the responsible entity—the name and business address of that entity; and
(iv) the reason the individual is an individual for whom a background check is permitted under the CIRMP;
12 After paragraph 5(1)(ka)
Insert:
(kb) if the individual is a student and the application relates to a background check of the individual permitted under a CIRMP:
(i) the name and business address of the responsible entity in relation to whom the CIRMP applies; and
(ii) the name and business address of the institution at which the individual is studying; and
(iii) details of the work that the individual is undertaking, or will undertake, including details of the person for whom the individual is, or will be, working; and
(iv) the reason the individual is an individual for whom a background check is permitted under the CIRMP;
13 After paragraph 5(1)(m)
Insert:
(ma) if the application relates to a background check of the individual permitted under a CIRMP—a record of the express consent of the individual:
(i) for the background check of the individual to be conducted; and
(ii) if the CIRMP provides that the background check must include an identity verification check—for the identity of the individual to be verified.
14 At the end of subsection 5(1)
Add:
; (o) if the application relates to a background check of the individual permitted under a CIRMP and the individual is under 16 years of age at the time the application is made—a record of the express consent of the parent or guardian of the individual:
(i) for the background check of the individual to be conducted; and
(ii) if the CIRMP provides that the background check must include an identity verification check—for the identity of the individual to be verified.
15 At the end of subsection 5A(1)
Add:
; and (d) the requirement does not relate to a background check of the individual permitted under a CIRMP.
16 At the end of subsection 5B(2)
Add “or permitted under a CIRMP”.
17 Subsection 5B(2) (note)
Omit “section 21L”, substitute “sections 21L and 21Y”.
18 Subsection 5B(2) (at the end of the note)
Add “or under CIRMPs”.
19 At the end of section 6
Add:
; (e) for an individual for whom a background check is undertaken under section 11AD, 11AE or 21DC—a CIRMP criminal record.
20 After Division 3AA of Part 2
Insert:
Division 3AAB—Background checks for critical infrastructure risk management program purposes
(1) AusCheck may undertake a background check of an individual if:
(a) a CIRMP permits a background check of the individual; and
(b) an application for a background check of the individual is made under section 21Q.
(2) The application must:
(a) be made electronically; and
(b) include all of the required information for the individual; and
(c) include a statement, made by the responsible entity, as to:
(i) whether the CIRMP permits or requires an assessment of information relating to one or more of the matters mentioned in paragraph 5(a), (b), (c) or (d) of the Act; and
(ii) if the CIRMP permits or requires an assessment of information relating to the matters in paragraph 5(b) of the Act—how the responsible entity deals with an adverse security assessment or a qualified security assessment under the CIRMP; and
(d) if, under the CIRMP, the background check must include an electronic identity verification check—include:
(i) the details required under section 21V or a copy of an exemption (or a copy of an application for an exemption) under section 21X from the requirement to provide those details; and
(ii) the record (if any) required under section 21V; and
(e) be made in the form (if any) approved for the purposes of this paragraph under subsection (3); and
(f) meet any other requirement specified by the Secretary for the purposes of this paragraph under subsection (4).
(3) The Secretary may, in writing, approve a form for the purposes of paragraph (2)(e).
(4) The Secretary may, by notifiable instrument, specify requirements for the purposes of paragraph (2)(f).
(1) AusCheck may undertake a background check of an individual if:
(a) a background check (the original background check) of the individual has been undertaken under section 11AD; and
(b) after the original background check the Secretary considers, on reasonable grounds, that the individual:
(i) has a CIRMP criminal record; or
(ii) if the original background check was undertaken for the purpose of granting the individual access to a critical infrastructure asset declared by the Minister, by notifiable instrument, for the purposes of this subparagraph—constitutes a threat to the security of the asset.
(2) In considering a matter under paragraph (1)(b), the Secretary must take into account:
(a) any information given to the Secretary by the individual or the responsible entity in relation to whom the CIRMP applies; and
(b) any information given to the Secretary by a law enforcement, or national security, agency (however described) about the individual; and
(c) anything else relevant that the Secretary knows about.
(3) If AusCheck undertakes a background check of an individual under subsection (1):
(a) the applicant for the original background check is taken to have applied for the background check of the individual; and
(b) the application for that background check is taken to be the same as the application for the original background check.
21 Paragraph 11A(2)(b)
Omit “or organising body”, substitute “, organising body or responsible entity”.
22 Paragraph 11A(2)(f)
Omit “or 21C(3)”, substitute “, 21C(3) or 21DC(5)”.
23 At the end of Division 5 of Part 2
Add:
Subdivision D—Advice about background checks for critical infrastructure risk management programs
21DA Advice about background check of an individual
(1) This section applies if AusCheck undertakes a background check of an individual under section 11AD, 11AE or 21DC.
Advice relating to criminal history etc.
(2) The Secretary must advise the responsible entity in relation to whom the CIRMP applies:
(a) if the background check included an assessment of the individual’s criminal history—whether or not the individual has an unfavourable criminal history; and
(b) if the background check included a security assessment of the individual—whether or not the security assessment of the individual is an adverse security assessment or qualified security assessment; and
(c) if the background check included an assessment of information relating to whether the individual holds a visa entitling the individual to work in Australia—whether or not the individual has a right to work in Australia, and if so, the class of visa held.
(3) If the Secretary advises the responsible entity under paragraph (2)(a) that the individual has an unfavourable criminal history, the Secretary:
(a) must include in the advice details of the type of offence of which the individual has been convicted; and
(b) must inform the individual of that advice and the reasons for that advice.
(4) If:
(a) the Secretary has advised the responsible entity in relation to a previous background check of the individual; and
(b) the advice in relation to the previous background check was that the individual had an unfavourable criminal history;
the Secretary must also advise the responsible entity whether there has been a material change in the individual’s criminal history.
(5) If:
(a) the Secretary has advised the responsible entity that the individual has been convicted of a CIRMP‑security‑relevant offence (the relevant CIRMP offence); and
(b) the responsible entity requests the Secretary, in writing, to provide the responsible entity with details of the relevant CIRMP offence; and
(c) the individual provides express consent for the Secretary to provide details of the relevant CIRMP offence to the responsible entity;
the Secretary must provide to the responsible entity a document setting out the details of the relevant CIRMP offence and any sentence imposed for the offence.
21DB Advice about background check that is cancelled
If:
(a) a background check of an individual is cancelled under subsection 11A(7); and
(b) had AusCheck completed the check, the Secretary would have been required or authorised, or would have been so required or authorised depending on the results of the background check, to give to the individual or the responsible entity in relation to whom the CIRMP that permits the background check applies:
(i) advice; or
(ii) a document;
the Secretary must advise the individual or responsible entity (as the case requires) that the background check is cancelled.
21DC AusCheck may undertake new background checks
(1) This section applies if:
(a) the Secretary gives advice about a background check (the original check) of an individual under this Subdivision; and
(b) the Secretary later reasonably suspects that:
(i) any of the requirements of this instrument for the application for the original check were not satisfied; or
(ii) the Secretary did not have all of the required information for the individual when AusCheck undertook the original check; or
(iii) any of the requirements specified under subsection 11A(3) for the purposes of paragraph 11A(2)(f) in relation to the application for the original check were not satisfied; or
(iv) the advice is inaccurate or incomplete.
(2) This section also applies if:
(a) the Secretary cancels a background check (the original check) of an individual under subsection 11A(7) and gives advice of the cancellation under section 21DB; and
(b) the thing that the Secretary requested be done under subsection 11A(2) in relation to the original check is later done.
(3) This section also applies if an individual informs the Secretary, as required under section 21ZB, that the individual has been convicted of a CIRMP level 1 offence or has been convicted of a CIRMP level 2 offence and sentenced to any term of imprisonment for the offence.
(4) AusCheck may undertake a new background check of the individual.
(5) If AusCheck does so, for the purposes of the AusCheck scheme:
(a) the applicant of the original check is taken to have applied for the new background check; and
(b) the application for the new background check is taken to be the same as the application (if any) for the original check (as affected by subsection 11A(6)).
Note: Paragraph (5)(b) may be relevant to whether the Secretary may make a request under subsection 11A(2) in relation to the application.
21DD Secretary must give further advice if initial advice is inaccurate or incomplete
If the Secretary becomes aware that advice about a background check of an individual that has been given under this Subdivision is inaccurate or incomplete, the Secretary must give further advice in accordance with this Subdivision that is accurate and complete.
24 After Division 5A of Part 2
Insert:
Division 5B—Matters relating to critical infrastructure risk management programs
Subdivision A—Applying for background checks and requirements for identity verification checks
21Q Arranging background check
The following persons may apply to AusCheck for a background check of an individual if a CIRMP permits a background check of the individual:
(a) the individual;
(b) the responsible entity in relation to whom the CIRMP applies.
21V Electronic identity verification checks
(1) This section applies if a CIRMP permits a background check of an individual and provides that the background check must include an electronic identity verification check.
(2) AusCheck must not conduct the check unless, subject to section 21X, the following are provided to AusCheck:
(a) details of a Category A identification document or a Category B identification document, being details AusCheck can use to verify electronically the individual’s identity for the purposes of a background check;
(b) if the individual is at least 16 years of age at the time of the check—a record of the individual having given express consent to the identity of the individual being verified.
21W In person identity verification checks
(1) If a CIRMP permits a background check of an individual and provides that the background check must include an in person identity verification check, the check must be conducted in accordance with this section.
Individuals who are 18 years of age or older
(2) Subject to section 21X, if the individual is at least 18 years of age at the time of the in person identity verification check, the individual must attend the check in person and must give to the verifying person conducting the check:
(a) the following documents:
(i) a Category A identification document;
(ii) a Category B identification document that is different from the Category A identification document;
(iii) a Category C identification document that is different from the Category A identification document and the Category B identification document;
(iv) if evidence of the individual’s current residential address is not set out in a document already given—a Category D identification document; and
(b) if the individual’s identity has been verified electronically before the in person identity verification check has been conducted—the identity documents the details of which were used to electronically verify the individual’s identity.
Individuals under 18 years of age
(3) Subject to section 21X, if an individual is under 18 years of age at the time of the in person identity verification check, the individual must attend the check in person and must give to the verifying person conducting the check:
(a) a Category A identification document; and
(b) if the individual’s identity has been verified electronically before the in person identity verification check has been conducted—the identity documents the details of which were used to electronically verify the individual’s identity.
Identity to be verified at time the individual attends the check
(4) The verifying person conducting the in person identity verification check must verify the individual’s identity at the time the individual attends the check, unless the individual is exempted under section 21X from the requirement to attend the identity verification check in person.
Identification documents must be provided for each identity verification
(5) To avoid doubt, the individual must give the documents referred to in subsection (2) or (3) to the verifying person conducting the in person identity verification check even if the individual has previously given the same documents to the verifying person, or to a verifying person, in relation to another background check permitted under the CIRMP or any other CIRMP.
(1) This section applies if, for the purposes of an identity verification check under section 21V or 21W, an individual for whom a CIRMP permits a background check to be conducted is unable:
(a) for an electronic identity verification check—to provide details of a Category A identification document or a Category B identification document, being details AusCheck can use to verify electronically the individual’s identity for the purposes of a background check; or
(b) for an in person identity verification check—either:
(i) to provide a Category A identification document; or
(ii) to attend the identity verification check in person.
(2) The individual, or the responsible entity in relation to whom the CIRMP applies, may apply to the Secretary for an exemption from whichever of the following requirements applies:
(a) to provide details of a Category A identification document or details of a Category B identification document;
(b) to provide a Category A identification document;
(c) to attend the identity verification check in person.
Requirements for application
(3) The application must:
(a) be made electronically; and
(b) set out which of the requirements mentioned in subsection (2) the individual is unable to satisfy; and
(c) set out the reasons why the individual is unable to satisfy those requirements; and
(d) if the application is for an exemption from the requirement to attend an identity verification check in person—be accompanied by the following:
(i) a photograph of the individual (taken no more than one month before the date of the application) showing the individual’s full face and the individual’s head and shoulders;
(ii) copies of the identification documents required under subsection 21W(2) or (3) that are certified in accordance with subsection (4) of this section; and
(e) include any other information that may assist the Secretary in making a decision about whether to grant an exemption in relation to the individual.
Certification of documents
(4) For the purposes of subparagraph (3)(d)(ii), a copy of an identification document must be certified, in writing, by a person prescribed by section 7 of the Statutory Declarations Regulations 2018, to be a true copy of the original identification document.
Matters to be considered
(5) In making a decision under this section in relation to the individual, the Secretary must consider the following matters:
(a) the reasons set out in the application under paragraph (3)(c);
(b) any other information provided under paragraph (3)(e).
Requirement for further information
(6) If the Secretary requires further information to consider the application, the Secretary may request the applicant to give the further information within 30 days after receiving the request.
When decision must be made
(7) The Secretary must, in writing and within 30 days after receiving the application or, if further information is requested, within 30 days after receiving the further information in accordance with subsection (6):
(a) do either of the following:
(i) grant the exemption in relation to the individual;
(ii) refuse to grant the exemption in relation to the individual; and
(b) notify the applicant of the decision; and
(c) if the decision is a refusal—notify the applicant of the reasons for the refusal.
(8) The Secretary is taken to have refused to grant the exemption if the Secretary has not made a decision on the application within the period mentioned in subsection (7).
21Y AusCheck not required to continue background check if identity not verified
AusCheck is not required to continue undertaking a background check of an individual for whom a CIRMP permits a background check to be conducted if the identity of the individual is unable to be verified in accordance with section 21V or 21W (as affected by section 21X).
21ZA Responsible entity must inform Secretary of certain decisions
Decision to grant access to certain assets
(1) A responsible entity commits an offence if:
(a) the Secretary advises the responsible entity about a background check of an individual under section 21DA or 21DD; and
(b) in the advice, the Secretary advises that:
(i) the individual has an unfavourable criminal history; or
(ii) the security assessment of the individual is an adverse security assessment or qualified security assessment; and
(c) after receiving the advice, the responsible entity makes a decision to grant, or continue to grant, the individual access to a critical infrastructure asset declared by the Minister, by notifiable instrument, for the purposes of this paragraph; and
(d) the responsible entity does not inform the Secretary of the decision within 7 days after making the decision.
Penalty: 5 penalty units.
Decision to revoke access to certain assets
(2) A responsible entity commits an offence if:
(a) the responsible entity makes a decision to grant, or continue to grant, an individual access to a critical infrastructure asset declared by the Minister for the purposes of paragraph (1)(c); and
(b) the responsible entity later makes a decision to revoke the individual’s access to the asset; and
(c) the responsible entity does not inform the Secretary of the decision within 48 hours after making the decision.
Penalty: 5 penalty units.
21ZB Individual must inform Secretary of certain CIRMP‑security‑relevant offences
CIRMP level 1 offence—conviction
(1) An individual commits an offence if:
(a) the Secretary advises a responsible entity about a background check of the individual under section 21DA or 21DD; and
(b) after receiving the advice, the responsible entity makes a decision to grant, or continue to grant, the individual access to a critical infrastructure asset declared by the Minister, by notifiable instrument, for the purposes of this paragraph; and
(c) during the period of 2 years beginning on the day the Secretary gives the advice, the individual is convicted of a CIRMP level 1 offence; and
(d) the individual does not inform the Secretary, in writing, of the following matters within 7 days after individual is convicted:
(i) the individual’s name, date of birth and residential address;
(ii) the date the individual was convicted;
(iii) the court in which the individual was convicted.
Penalty: 5 penalty units.
CIRMP level 2 offence—conviction and imprisonment
(2) An individual commits an offence if:
(a) the Secretary advises a responsible entity about a background check of the individual under section 21DA or 21DD; and
(b) after receiving the advice, the responsible entity makes a decision to grant, or continue to grant, the individual access to a critical infrastructure asset declared by the Minister, by notifiable instrument, for the purposes of this paragraph; and
(c) during the period of 2 years beginning on the day the Secretary gives the advice, the individual is convicted of a CIRMP level 2 offence and sentenced to any term of imprisonment for the offence; and
(d) the individual does not inform the Secretary, in writing, of the following matters within 7 days after individual is sentenced:
(i) the individual’s name, date of birth and residential address;
(ii) the date the individual was convicted and sentenced;
(iii) the court in which the individual was convicted and sentenced.
Penalty: 5 penalty units.
25 Paragraph 26(a)
Omit “5A(6) or 21K(7)”, substitute “5A(6), 21K(7) or 21X(7)”.
26 Subsection 30(3)
Repeal the subsection, substitute:
(3) If a fee under subsection (1) or (2A) is payable:
(a) by an individual; or
(b) by an issuing body, NHS entity, organising body or responsible entity that is not the Commonwealth or an unincorporated Commonwealth authority;
the fee is a debt due to the Commonwealth and is recoverable by the Secretary on behalf of the Commonwealth.
27 At the end of the instrument
Schedule 2—CIRMP‑security‑relevant offences
Note: See the definition of CIRMP‑security‑relevant offence in section 4.
1 CIRMP level 1 offences
Each item of the following table sets out a kind of CIRMP level 1 offence.
Item | Kind of offence |
1.1 | An offence involving, or relating to, a weapon of mass destruction |
1.2 | An offence involving, or relating to, terrorism |
1.3 | An offence involving, or relating to, any of the following: (a) treason; (b) espionage; (c) disclosure of national secrets |
1.4 | An offence involving or relating to: (a) engagement in hostile activities in a foreign country; or (b) involvement with foreign armed forces |
1.5 | An offence involving, or relating to, the hijacking or destruction of: (a) an aircraft; or (b) a vessel; or (c) an offshore facility |
1.6 | An offence involving, or relating to, the endangerment of an aircraft, airport, vessel, port or offshore facility that is: (a) used in commerce; or (b) owned by the Commonwealth or a State or Territory |
1.7 | An offence involving, or relating to, an act of piracy at sea |
1.8 | An offence involving or relating to: (a) slavery; or (b) smuggling or trafficking of people |
1.9 | An offence involving, or relating to, a crime against humanity |
1.10 | An offence involving, or relating to, any of the following: (a) murder; (b) manslaughter; (c) threat to kill |
1.11 | An offence involving, or relating to, assault, including any of the following: (a) indecent assault; (b) sexual assault; (c) sexual abuse |
1.12 | An offence involving, or relating to, any of the following: (a) firearms; (b) ammunition; (c) weapons, including use of an item as a weapon; (d) explosives or explosive devices; (e) microbial or other biological agents or toxins |
1.13 | An offence involving or relating to: (a) destruction of, or damage to, property; (b) arson |
1.14 | An offence involving, or relating to, affray, riot or public violence |
1.15 | An offence involving, or relating to, any of the following: (a) false imprisonment; (b) deprivation of liberty; (c) kidnapping; (d) taking a hostage |
1.16 | An offence involving, or relating to, participation in, or association with, serious and organised crime or gangs |
1.17 | An offence involving, or relating to, exploitation of a child |
1.18 | An offence involving, or relating to, robbery |
Each item of the following table sets out a kind of CIRMP level 2 offence.
Item | Kind of offence |
2.1 | An offence involving, or relating to, fraud, forgery, false identity or false identity documents |
2.2 | An offence involving, or relating to, any of the following: (a) perjury; (b) perverting the course of justice; (c) intimidation |
2.3 | An offence involving, or relating to, the production, possession, supply, importation or export of any of the following: (a) an illegal drug; (b) a controlled substance (within the meaning of subsection 3(1) of the Crimes Act 1914) |
2.4 | An offence involving, or relating to, racial hatred or racial vilification |
2.5 | An offence involving, or relating to, any of the following: (a) money laundering; (b) currency violations; (c) dealing with proceeds of crime |
2.6 | An offence involving, or relating to, bribery, corruption, extortion, racketeering or blackmail |
2.7 | An offence involving, or relating to, obstructing, hindering, resisting or impersonating: (a) a government official; or (b) a law‑enforcement officer |
2.8 | An offence involving, or relating to, use, access, modification or destruction of: (a) data; or (b) electronic communications |
2.9 | An offence involving, or relating to, theft or burglary |
2.10 | An offence involving, or relating to, the intentional endangerment of persons (not including an offence that is an CIRMP level 1 offence) |
2.11 | An offence involving or relating to: (a) illegal importation or export of goods, fauna or flora; or (b) interference with goods under customs control |