Chapter 1 - Introduction

Introduction
1. On 28 November 2024, the Assistant Minister for Immigration, the Hon Matt Thistlethwaite MP, introduced the Transport Security Amendment (Security of Australia's Transport Sector) Bill 2024 (Bill) into the House of Representatives.
2. On 13 January 2025, the Minister for Home Affairs and Minister for Cyber Security, the Hon Tony Burke MP, wrote to refer the Bill to the Parliamentary Joint Committee on Intelligence and Security (Committee) for inquiry and report.
3. The Bill consists of reforms to the Aviation Transport Security Act 2004 (ATSA) and the Maritime Transport and Offshore Facilities Security Act 2003 (MTOFSA). Minister Burke advised the Committee that:

The Bill will strengthen Australia’s aviation, maritime, and offshore facilities’ (transport sector) security settings to ensure government and industry are resilient to current and emerging threats in a flexible, risk-based and scalable way. The Bill will also contribute to initiatives under the 2023-2030 Australian Cyber Security Strategy (pillar 13), and the Aviation White Paper (initiative 10.3).[1]

1.4Minister Burke added that the Bill contains measures that are intended to achieve the following security objectives:

a transport sector that is resilient to current and emerging threats;
an effective system testing program that is risk-based and responsive to intelligence;
a compliance and enforcement framework that is robust and fit-for-purpose; and
transport security legislation is proportionate and modern.
1. Minister Burke advised that, in accordance with clause 20 of Schedule 1 to the Intelligence Services Act 2001, he had sought and received the approval of the appropriate Ministers to enable the Committee, to the extent possible, to conduct its inquiry in public. The Minister asked that the Committee complete its report by no later than 7 March 2025.

Conduct of the inquiry

1.6The Committee announced its inquiry on 23 January 2025 and invited submissions addressing the terms of reference by 13 February 2025.

1.7The Committee received 21 submissions and 6 supplementary submissions. Appendix A sets out a list of submissions received.

1.8The Committee held a public hearing on 20 February 2025. Appendix B sets out a list of witnesses who appeared at the public hearing.

1.9Copies of the submissions, a transcript of the public hearing, and links to the Bill and its Explanatory Memorandum can be accessed from the Committee’s website.[2]

Report structure

1.10This report comprises 3 chapters:

The remainder of Chapter 1 discusses the context within which the Bill was introduced, including prior consultations and reports, and provides an outline of the Bill
Chapter 2 summarises evidence provided to the Committee in relation to the Bill
Chapter 3 sets out the Committee’s comments and recommendations to the Parliament.

Context of the inquiry

1.11In his second reading speech, Minister Thistlethwaite told the House of Representatives that the transport sector is ‘critical for sustaining Australia's social and economic prosperity, national security and defence, and for facilitating the provision of essential goods and services’, but that Australia faces an ‘inherently complex geostrategic environment’, with ‘significant and far-reaching’ threats to critical infrastructure.[3]

1.12Minister Thistlethwaite noted that existing transport security legislation was enacted at a time when terrorism was the greatest threat to the transport sector and cautioned that:

… while the threat of terrorism remains, we now must protect against nation-states and other actors targeting our critical transport infrastructure through espionage, sabotage, and foreign interference: all significant and evolving threats.[4]

1.13Minister Thistlethwaite highlighted malicious cyber activity as another threat, and further said that ‘catastrophic natural hazards and the COVID-19 pandemic have also exposed vulnerabilities and cascading consequences for Australia's critical transport infrastructure and supply chain resilience’.[5]

1.14In 2021, the then Government commissioned an independent Review into Australia’s Aviation and Maritime Transport Security Settings, conducted by Ms Kerri Hartland (Independent Review).[6] The Independent Review was intended to review the existing approach to transport security ‘with a view to reducing unnecessary costs and red tape for industry’ and identifying ‘ready-to-implement regulatory reform priorities’ to help facilitate an industry-led economic recovery from the COVID-19 pandemic.[7]

1.15The final report of the Independent Review, finalised in mid-2022, has not been made public but was provided to the Committee at its request. As summarised in the Bill’s Explanatory Memorandum, the report made a series of recommendations grouped into the following five themes:

update legislative and policy frameworks to enable iterative, risk-based, and scalable regulation;
increase integration of intelligence and data to improve security outcomes;
improve industry and government partnerships;
re-design compliance processes and enforcement strategies;
raise, train and sustain the recommended transport security capability of industry and government.[8]
1. In February 2022, the then Government introduced the Transport Security Amendment (Critical Infrastructure) Bill 2022, which contained a range of amendments to the ATSA and the MTOFSA intended to ‘safeguard against unlawful interference with aviation and maritime transport, and offshore facilities’.[9] That Bill lapsed at the end of the 46th Parliament on 11 April 2022.
2. On introducing the current Bill, Minister Thistlethwaite advised that:

Given the findings of the independent review, the increasing complex and evolving threat environment and industry feedback, my department is progressing a multifaceted reform agenda to deliver targeted, high-impactlegislative and regulatory initiatives to the transport security legislative frameworks, as well as strengtheninggovernment and industry capability and partnerships.[10]

1.18Minister Thistlethwaite explained that the Government had consulted ‘widely’ throughout 2023 and 2024 to ‘ensure the proposed measures were appropriately designed and targeted’. He added:

This consultation included the establishment of a cross-sectoral industry advisory committee, multiple discussion papers, an impact analysis and extensive face-to-face consultation.

This comprehensive consultation process provided the transport sector with an appropriate opportunity to ask questions and provide invaluable feedback, which helped shape the bill.

Industry has generally been supportive of these measures. The Department of Home Affairs will continue to work closely with industry during the implementation of these legislative reforms, through the development of the regulations and as we progress future stages of the reform agenda.[11]

1.19The Bill partially implements recommendations of the Independent Review. As the Explanatory Memorandum states:

The Bill will amend the ATSA and the MTOFSA to give effect to the first theme of the Independent Review – updating legislative and policy frameworks to enable iterative, risk-based, and scalable legislation. The four remaining themes do not require legislative change to implement; these will be actioned by the Government outside of legislative processes.[12]

1.20The Explanatory Memorandum sets out several ‘adjacent programs of work’ that are expected to align with the transport security reforms proposed in the Bill.[13] These include:

The 2023–2030 Australian Cyber Security Strategy, which sets out the Government’s ambition to become a world leader in cyber security by 2030, including by ‘clarify[ing] the scope of critical infrastructure regulation’;[14]
The Aviation White Paper, published in August 2024, which sets out 56 policy initiatives for ‘achieving the Government’s vision for aviation’, including through ‘targeted and proportionate aviation security regulation’;[15]
The Maritime Single Window initiative, a digital reporting platform which is intended to simplify the exchange of mandatory information between maritime industry and government agencies;[16]
The National Defence Strategy, which sets out the Government’s strategy for addressing Australia’s most consequential security risks;[17]
The National Resilience Framework, which is intended to ‘bolster Australia’s ability to anticipate, prevent, absorb, adapt and evolve from extreme and concurrent natural and human induced crises or shocks, regardless of how these challenges come about’.[18]

Current regulatory framework and relationship with the SOCI Act

1.21The ATSA and MTOFSA establish regulatory frameworks to safeguard aviation, maritime transport and offshore facilities against ‘unlawful interference’.[19]

1.22The ATSA operates by:

requiring aviation industry participants to have in place approved transport security programs setting out how the participants will manage security for their operations
authorising the Secretary of the Department of Home Affairs (Secretary) to designate airports as security controlled airports and to establish airside and landside areas, security zones and event zones that are subject to certain security requirements
providing for other specific security measures, including in relation to screening, examination, on‑board security, persons in custody and offences in relation to weapons and prohibited items
authorising the Minister to make a legislative instrument prohibiting the entry of specified kinds of cargo into Australian territory and to determine a code regulating and authorising the use of optical surveillance devices at airports and on board aircraft
empowering the Secretary to give special security directions and control directions in certain circumstances
establishing powers for aviation security inspectors, law enforcement officers, airport security guards and screening officers
establishing reporting obligations in relation to aviation security incidents
empowering the Secretary to require aviation industry participants to provide security compliance information and aviation security information
providing for a range of enforcement mechanisms, including infringement notices, enforcement orders, enforceable undertakings, injunctions and a demerit points system; and for the review of certain decisions by the Administrative Review Tribunal.[20]
1. The MTOFSA contains somewhat similar provisions in relation to maritime transport and offshore facilities, including by:
providing for maritime security levels in which different security measures are implemented and empowering the Secretary to give security directions in special circumstances
requiring certain maritime industry participants (including port operators and port facility operators) to have maritime security plans and to comply with their plans
requiring regulated Australian ships to have ship security plans and International Ship Security Certificates (ISSC), and to operate in compliance with those plans and ISSC standards
placing obligations on regulated foreign ships, and empowering the Secretary to give control directions to ensure that security standards are maintained
requiring certain offshore industry participants, including offshore facility operators, to have offshore security plans and to comply with their plans
requiring Australian ships that are regulated as offshore facilities to have ISSCs, and empowering the Secretary to give control directions to foreign ships regulated as offshore facilities to ensure that security standards are maintained
providing for the establishment of maritime security zones within ports, on and around ships, and on and around offshore facilities, in which additional security requirements apply
providing for other specific security measures, including in relation to screening, weapons and prohibited items
setting out powers for maritime security inspectors, security assessment inspectors, duly authorised officers, law enforcement officers, maritime security guards and screening officers
setting out reporting obligations in relation to certain maritime transport or offshore facility security incidents
empowering the Secretary to require security compliance information from maritime industry participants
providing for a range of enforcement mechanisms, including infringement notices, enforcement orders, ship enforcement orders, injunctions and a demerit points system; and the review of certain decisions by the Administrative Review Tribunal.[21]
1. Australia’s aviation assets and ports are also subject to regulation under the Security of Critical Infrastructure Act 2018 (SOCI Act).[22] The SOCI Act creates a framework for managing risks relating to critical infrastructure, including by:
requiring the keeping of a register of critical infrastructure assets
requiring responsible entities for critical infrastructure assets to have, and comply with, a critical infrastructure risk management program
requiring notification of cyber security incidents
imposing enhanced cyber security obligations in relation to designated ‘systems of national significance’
requiring certain entities relating to a critical infrastructure asset to provide information in relation to the asset, and to notify if certain events occur in relation to the asset
authorising the Minister for Home Affairs to require certain entities relating to a critical infrastructure asset to do, or refrain from doing, an act or thing if the Minister is satisfied that there is a risk of an act or omission that would be prejudicial to security
empowering the Secretary to require certain entities relating to a critical infrastructure asset to provide certain information or documents
setting up a regime for the Commonwealth to respond to serious cyber security incidents
allowing the Secretary to undertake an assessment of a critical infrastructure asset to determine if there is a risk to national security relating to the asset.[23]
1. However, regulations made under the SOCI Act exclude critical aviation assets and critical ports from the SOCI Act’s requirements in relation to critical infrastructure risk management programs (CIRMPs).[24] An impact analysis by the Department of Home Affairs (Department), included in the Explanatory Memorandum to the Bill, concluded that the option of ‘switching on’ the SOCI Act’s CIRMP obligations for critical aviation assets and critical ports—as opposed to the Bill’s approach of amending the ATSA, the MTOFSA and their associated regulations—would not be capable of solving the identified ‘policy problem’.[25] Specifically, the impact analysis found that the SOCI Act option would not capture the transport sector holistically, would not provide the Government with adequate powers to enforce industry compliance, and would place an additional compliance burden on industry having to respond to security obligations across multiple legislative frameworks.[26]

Outline of the Bill

1.26The Bill consists of 3 schedules containing multiple parts:

Schedule 1 would commence on either a day fixed by proclamation or 12 months after the Bill receives Royal Assent
Schedule 2 would commence immediately after Schedule 1
Schedule 3 would commence the day after the Bill receives Royal Assent.[27]
1. Together, the amendments in the Bill would:
broaden the definitions of ‘unlawful interference’ in the ATSA and the MTOFSA to cover a wider variety of acts, including cyber security incidents
introduce cyber security incident reporting requirements into the ATSA and MTOFSA
establish the concept of ‘operational interference’ in the ATSA and the MTOFSA in support of the introduction of ‘all-hazards’ security obligations
require industry participants to undertake a security assessment and to produce a yearly Statement of Compliance
introduce security system testing into the MTOFSA, and introduce vulnerability testing powers and a broader definition of ‘test weapon’ into both the ATSA and the MTOFSA
align the powers to charge for issuing aviation security identification cards under the ATSA with the approach under the MTOFSA
remove the MTOFSA requirement for ships that operate as both a ship and an offshore facility to have two security plans, and remove regulatory requirements for ships that infrequently travel overseas
enable the future establishment of a single demerit points scheme for the aviation sector in the ATSA regulations
modernise language by replacing references to ‘sex’ with ‘gender’ in the ATSA and MTOFSA, and removing the term ‘fax’ in the MTOFSA
enable training requirements to be provided for through determinations for all aviation industry participants under the ATSA
align the security direction provisions in the MTOFSA with the special security direction provisions in the ATSA, and broaden the provisions in both Acts
clarifying the scope of the definitions of ‘port’, ‘port facility’ and ‘security regulated port’ in the MTOFSA.[28]
1. These amendments are discussed in more detail below.

Unlawful interference and mandatory reporting of incidents

1.29The overriding purposes of the ATSA and the MTOFSA are to safeguard against unlawful interference with aviation, and unlawful interference with maritime transport or offshore facilities, respectively.[29] ‘Unlawful interference with aviation’ is defined in the ATSA to include acts such as taking control of an aircraft by force, damaging or putting the safety of an aircraft at risk, and committing an act at an airport that puts the safe operation of the airport at risk.[30] In the MTOFSA, ‘unlawful interference with maritime transport or offshore facilities’ includes taking control or a ship or offshore facility by force; interfering with, damaging or destroying navigational aids, communication systems or security systems; and other acts that put the safe operation of a port or offshore facility at risk.[31]

Definition of unlawful interference

1.30Part 1 of Schedule 1 to the Bill includes amendments that would expand the definition of ‘unlawful interference with aviation’ in section 10 of the ATSA to include ‘cyber security incidents’ that have had, are having or are likely to have either:

a ‘relevant impact’ on an aviation asset, or
a ‘significant impact' on the availability of an aviation asset.[32]
1. ‘Cyber security incident’ is proposed to be defined in new section 9B of the ATSA, using terms identical to the equivalent definition in the SOCI Act,[33] as follows:

A cyber security incident is one or more acts, events or circumstances involving any of the following:

unauthorised access to:

computer data; or
a computer program;

unauthorised modification of:

computer data; or
a computer program;

unauthorised impairment of electronic communication to or from a computer;
unauthorised impairment of the availability, reliability, security or operation of:

a computer; or
computer data; or
a computer program.[34]
1. In support of this definition, the Bill proposes to insert new definitions of ‘unauthorised access, modification or impairment’ and various other terms used in the new provisions,[35] using language similar or identical to the SOCI Act.[36]
2. The Bill also proposes definitions of ‘relevant impact’ and ‘significant impact’ in language similar to the SOCI Act:[37]

A ‘relevant impact’ would be defined broadly to include the impact (whether direct or indirect) of a cyber security incident on the availability, integrity or reliability of an aviation asset, or on the confidentiality of information or computer data.
A ‘significant impact’ on the availability of an aviation asset would be defined more narrowly to include circumstances where a cyber security incident has ‘materially disrupted’ the availability of essential goods and services associated with the asset, or other circumstances specified in the regulations.[38]
1. The Bill proposes similar amendments to the MTOFSA, with the definition of ‘unlawful interference with maritime transport or offshore facilities’ in section 11 expanded to include cyber security incidents that have had, are having or are likely to have either a ‘relevant impact’ on a maritime asset or a ‘significant impact’ on the availability of a maritime asset.[39] The key terms would be defined consistently with the ATSA and the SOCI Act.[40]
2. The MTOFSA definition of ‘unlawful interference with maritime transport or offshore facilities’ would also be expanded to include ‘attempted’ acts,[41] consistent with the equivalent definition in the ATSA.[42]

Mandatory reporting of incidents

1.36Part 1 of Schedule 1 to the Bill also proposes to expand the existing mandatory reporting requirements in the ATSA and the MTOFSA in relation to security incidents involving unlawful interference.

1.37Currently, the MTOFSA requires that any port operator, ship master, ship operator, port facility operator, offshore facility operator, person with incident reporting responsibilities, or employee of a maritime industry participant who becomes aware of a ‘maritime transport or offshore facility security incident’ must report the incident to specified authorities as soon as possible.[43] ‘Maritime transport or offshore facility security incident’ is defined as an unlawful interference—or a threat of unlawful interference—with maritime transport or offshore facilities that is, or is likely to be, a terrorist act.[44] The MTOFSA includes criminal offences with maximum penalties of between 50 and 200 penalty units for non-compliance with the reporting obligations.[45]

1.38The Bill proposes to remove the reference to terrorist acts from the definition of ‘maritime transport or offshore facility security incident’.[46] This change will have the effect of requiring maritime entities to report all acts and threats of unlawful interference, regardless of any connection to terrorism. The Explanatory Memorandum advises that:

Whilst the risks associated with terrorism and serious crime will continue to persist, acts of espionage, foreign interference, and malicious cyber activity are emerging as significant and evolving threats.[47]

1.39The Bill also proposes separate mandatory reporting requirements in relation to cyber security incidents. The new provisions would require any port operator, ship master, ship operator, port facility operator, offshore facility operator, person with incident reporting responsibilities, or employee of a maritime industry participant who becomes aware of a ‘maritime transport or offshore facility security incident’ that is a cyber security incident to report the incident to the Secretary and to the Australian Signals Directorate (ASD).[48] The timeframe within which the report must be made would vary depending on the type of incident:

if a cyber security incident has had, is having, or is likely to have a ‘significant impact’ on the availability of a maritime asset, the report must be made ‘as soon as possible, and in any event within 12 hours’ of the person becoming aware of the incident
if a cyber security incident has had, is having, or is likely to have a ‘relevant impact’ on a maritime asset, the report must be made ‘as soon as possible, and in any event within 72 hours’ of the person becoming aware of the incident.[49]
1. These proposed mandatory reporting timeframes for cyber security incidents having a significant impact or a relevant impact, respectively, are consistent with the mandatory requirements in Part 2B of the SOCI Act.[50]
2. The Bill proposes equivalent amendments to the ATSA to create specific obligations for airport operators, aircraft operators, persons with incident reporting responsibilities and employees of aviation industry participants to report cyber-related aviation security incidents to the Secretary and to ASD.[51]
3. In both cases, the maximum penalties for non-compliance would be between 50 and 200 penalty units.[52] With one exception,[53] the proposed penalties are consistent with the existing penalties under the ATSA and MTOFSA for failure to report non-cyber related incidents.[54] In contrast, in Part 2B of the SOCI Act, the equivalent penalty for a responsible entity for a critical infrastructure asset who fails to notify ASD of a cyber security incident is 50penalty units.[55]
4. Consistent with existing offences in the ATSA and MTOFSA,[56] the mandatory reporting offences under the Bill are expressed as imposing strict liability.[57] This means that a person is liable if it is proven that they committed the conduct, without any need for the prosecution to prove intention or recklessness in doing so. The equivalent SOCI Act offences for failing to report cyber security incidents do not include strict liability.[58]

Security assessments

1.44Part 2 of Schedule 1 to the Bill introduces the concept of ‘operational interference’ into the ATSA and MTOFSA, which is proposed to exist alongside the existing concept of ‘unlawful interference’ in each Act.[59] Part 2 of Schedule 1 also proposes to require aviation industry participants to include security assessments within their transport security programs and to strengthen existing security assessment requirements for maritime security plans, ship security plans and offshore security plans. Additionally, each industry would be required to produce yearly statements of compliance in relation to their plans.

Definition of ‘operational interference’

1.45In the case of ATSA, the Bill proposes that ‘operational interference with aviation’ be defined as:

committing, or attempting to commit, an act that results in a relevant interference with the operation of an aviation industry participant; or
committing, or attempting to commit, an act that results in a relevant interference with an aviation asset; or
the occurrence of a hazard that results in a relevant interference with the operation of an aviation industry participant; or
the occurrence of a hazard that results in a relevant interference with an aviation asset.[60]
1. ‘Relevant interference’ would be defined as interference (whether direct or indirect) with the availability, integrity or reliability of an asset or the operation of an aviation industry participant; or with the confidentiality of information or computer data relating to the asset or the operation.[61]
2. ‘Operational interference with aviation’ would only extend to interference that falls short of ‘unlawful interference with aviation’ (as discussed above) and would exclude ‘lawful advocacy, protest, dissent or industrial action’.[62]
3. An equivalent definition of ‘operational interference with maritime transport or offshore facilities’ would apply under the Bill’s proposed amendments to the MTOFSA.[63]
4. The effect of these amendments is to extend the regulatory framework established by the ATSA and the MTOFSA to a broader range of circumstances beyond malicious security threats: the so-called ‘all hazards’ approach. The Explanatory Memorandum states:

Whilst the risks associated with terrorism and serious crime will continue to persist, catastrophic floods and the COVID-19 pandemic have also revealed vulnerabilities in Australia’s infrastructure and supply chain resilience.

The inclusion of operational interference extends the purposes of the Acts to also mitigate risks that do not arise through an unlawful means, such as supply chain hazards or natural hazards, or which arise through negligence or accident.[64]

1.50The Explanatory Memorandum goes on to describe the ‘spectrum of risks’ captured by the all-hazards approach, as outlined in Table 1.1.

Table 1.1All-hazards spectrum of risks

Area of risk	Description
Physical security (existing obligation under the transport security legislative frameworks)	Physical hazards may disrupt the functioning of IP and the systems that rely upon its function. This may include systems and networks which operate to protect from and mitigate the impacts of human induced threats. Threats of terrorism or piracy may attempt to disrupt physical facilities such as airports, through acts of sabotage, hijacking or armed attacks posing risks to passengers and infrastructure. There are also risks of sabotage by malicious actors to physical facilities.
Personnel security (existing obligation under the transport security legislative frameworks, but to be added to).	Personnel with access to systems, data or premises may pose insider threat risks including fraud, theft, espionage, infrastructure sabotage and misuse of sensitive data. This includes personnel such as employees, owners, operators, contractors, and subcontractors. In the transport sector, there has been a risk of issue-motivated disruptions perpetrated by insider personnel. Issue motivated groups can create disruptions through cyberspace and via non-violent protests, as well as serious and organised crime groups concealing illicit commodities from authorities while in transit.
Cyber security	Cyber threats can disrupt the digital systems, computers, datasets, and networks an organisation relies on. This can result in an “unintended taint” (where software design or implementation flaws increase susceptibility to cyber risks) or “malicious taint” (deliberate diversion or disruption to cyber supply chains). Cyber security threats are outpacing terrorism threats. DDoS attacks, fraudulent websites and emails, and ransomware attacks are of key concern for the transport sector.
Supply chain security	Supply chain risks include threats to organisations, people, activities, information, and resources that support Australia’s transport sector and the delivery of essential goods and services. This risk is compounded where organisations are reliant on suppliers in a particular part of the world that may also experience supply chain disruptions. Australia’s transport sector acts as a gateway and point of connection to resources and services across other critical infrastructure sectors including energy, health care and services, and food and grocery. Disruptions to the transport sector can have significant impacts to the supply chains of other sectors.
Natural hazards	Natural hazards are unexpected or uncontrollable geophysical events, which have the potential to cause damage or loss to an organisation, its people, systems, or property. Climate change is a threat to transport infrastructure. Airlines and their pilots rely on predictable weather conditions to make crucial decisions to enable safe flights, and the maritime sector is vulnerable to sea-borne weather events due to its littoral nature. Natural hazards can cause up-stream supply chain outages that may affect the delivery of essential transport services.

Source: TSA(SATS) Bill 2024, Explanatory Memorandum, p. 51 [344].

Security assessments

1.51Existing Part 2 of the ATSA requires certain aviation industry participants—including operators of security controlled airports and prescribed air services—to have, and comply with, a transport security program that has been approved by the Secretary. The required contents of a transport security program are set out in section 16 of the ATSA and as prescribed in regulations.[65]

1.52The Bill proposes to extend section 16 of the ATSA to require that a transport security program must:

include a security assessment [66] for the participant’s operations that takes into account ‘any documents required in writing by the Secretary to be taken into account’ and addresses any matters prescribed in the regulations
set out the participant’s measures and procedures for addressing the outcomes of the security assessment
set out the participant's measures and procedures for complying with the minimum requirements (if any) prescribed by regulations for the purpose of safeguarding against unlawful interference or operational interference with aviation.[67]
1. The Bill also extends the existing regulation-making power under section 16 to allow for prescribing matters relating to safeguarding against unlawful interference or operational interference that must be dealt with in transport security programs.[68]
2. Equivalent provisions in the MTOFSA already include a requirement for a security assessment to be included in a maritime security plan, ship security plan or offshore security plan.[69] The Bill would extend these provisions to require security plans to set out measures and procedures for addressing the outcomes of the security assessment, complying with any minimum requirements prescribed by the regulations and responding to security incidents.[70] The Bill also proposes to extend the MTOFSA’s regulation-making powers in similar terms to the ATSA amendments, including by prescribing matters that relate to safeguarding against unlawful interference or operational interference.[71]

Annual statements of compliance

1.55The Bill proposes to insert a new Division 7 into Part 2 of the ATSA, which would require an aviation industry participant to give the Secretary a statement of compliance each year which includes:

a statement on whether or not the security assessment included in the participant’s transport security program is up to date
a statement on whether or not the measures and procedures set out in the participant’s transport security program are up to date
any other statement or information prescribed by the regulations.[72]
1. The Bill includes criminal offences with maximum penalties of between 100 and 200 penalty units for an aviation industry participant failing to give the Secretary a statement of compliance in accordance with the provisions, without a reasonable excuse.[73]
2. Equivalent provisions are proposed for the MTOFSA in relation to statements of compliance concerning maritime security plans, ship security plans and offshore security plans.[74]
3. In each case, the Bill proposes to allow the Secretary to cancel the approval of a security plan if the industry participant fails to provide a statement of compliance in accordance with the provisions.[75]

Security system testing

1.59The ATSA and the MTOFSA enable departmental officials and law enforcement officers to be appointed as security inspectors for the aviation and maritime sectors, respectively.[76]

Amendments to aviation security inspector testing powers

1.60In the case of the ATSA, the powers available to aviation security inspectors include the ability to test a security system, including by using an item, test weapon or vehicle to test its detection either:

in a security controlled airport or in areas, buildings or vehicles under the control of an aviation industry participant;[77] or
in an aircraft, if the test is conducted while passengers are not on board, boarding or disembarking from the aircraft;[78] and

for the purposes of determining whether a person is complying with the Act, or investigating possible contraventions of the Act.[79]

1.61An aviation security inspector’s testing activities must be completed in accordance with regulations made for the purpose of the provisions.[80] Aviation security inspectors are given immunity from civil and criminal liability in relation to the exercise of their testing powers, to the extent that the exercise of power is in good faith; does not seriously endanger the health or safety of any persons; and does not result in significant loss of, or serious damage to, property.[81]

1.62Part 3 of Schedule 1 to the Bill proposes to expand the purposes for which security system testing can take place to include activities aimed at identifying the existence or extent of a flaw or vulnerability in an aviation security system (i.e. ‘vulnerability testing’).[82] Additionally, the Bill proposes to redraft the existing testing powers in a way that explicitly authorises aviation security inspectors to operate or connect to equipment (including electronic equipment) as part of their testing activities.[83] The Explanatory Memorandum states:

Vulnerability testing is a way to partner with industry to test the limits of capability by having an inspector emulate an adversary who has both the intent and capability to exploit, access, circumvent, or defeat a security system. This is an effective way to expose weaknesses in security systems and identify what improvements need to be made in relation to people, process, technology, and legislation to achieve an effective security outcome.[84]

1.63The Bill also proposes to repeal and replace the ATSA’s existing definition of ‘test weapon’. ‘Test weapon’ is currently defined as ‘a weapon of a kind that is a replica or an imitation of another weapon’.[85] Part 5 of Schedule 3 to the Bill would replace that definition with the following:

test weapon means:

a weapon of a kind that is a replica or an imitation of another weapon; or

a weapon that, as a result of a modification, is not capable of operating as a functional weapon; or
a thing prescribed by the regulations to be a test weapon.[86]
1. The Explanatory Memorandum reports that test weapons are used by the Department in ‘covert systems tests’ to determine whether the measures and procedures at a screening point are ‘effectively implemented to detect weapons and prevent their carriage into a secure area’.[87] It notes that the proposed new definition of ‘test weapon’ would provide for ‘a wider variety of weapons’ and support the Department’s ‘ability to be risk agile in responding to new threats’.[88] Unlike the current definition, the proposed new definition would allow for modified versions of real weapons to be used in tests:

Providing a legislated definition that allows the use of other weapons, so long as they have been modified to be incapable of functioning as intended, allows the Department to incorporate genuine weapons rendered inert or with their primary function disabled. This allows for a much broader variety of test weapons without using weapons that can be used to harm as intended – for example removing the firing pin from a gun and soldering the gun so the firing pin cannot be replaced, or using super glue to affix a rubber edge to a blunted knife.[89]

New testing powers for maritime security inspectors

1.65Under the MTOFSA, maritime security inspectors are authorised to inspect ships, offshore facilities, and the premises and operations of maritime industry participants to ensure compliance with the MTOFSA or for determining compliance with ISSC verification requirements.[90] However, the MTOFSA does not currently confer any powers on maritime security inspectors to conduct tests of security systems.

1.66Part 3 of Schedule 1 to the Bill proposes to introduce powers for maritime security inspectors to test security systems for ships, offshore facilities, and the premises and operations of maritime industry participants.[91] The proposed powers are equivalent to the provisions in the ATSA, as amended by the Bill, including in respect of the definitions, purposes, specific powers, regulation requirements and immunities associated with the new powers.[92] The Explanatory Memorandum states:

System testing is necessary to support and enhance the ongoing compliance monitoring of security screening at any place where a Maritime Industry Participant operates. Additionally system testing provides maritime industry participants with opportunities to improve their security measures and procedures when identified or highlighted by the Department’s system testing activities.[93]

Fees for ASIC cards

1.67Part 4 of Schedule 1 to the Bill would insert a new Division 4B into Part 3 of the ATSA, titled ‘Charging of fees’.[94] Proposed new section 38AC would allow for the creation of regulations in relation to the charging of fees ‘in connection with security passes or other identification systems’.[95]

1.68The Explanatory Memorandum states that the amendments are intended to align the powers to charge for issuing Aviation Security Identification Cards (ASICs) under the ATSA with the approach for issuing Maritime Security Identification Cards (MSICs) under the MTOFSA.[96] The Explanatory Memorandum adds that ‘under these reforms, there will be no increase to the fees’.[97]

1.69The Explanatory Memorandum provided the following overview of ASICs and MSICs:

These identification cards are a physical indicator that the individual who displays a valid ASIC or MSIC card has undertaken a background check. A background check is undertaken through the AusCheck process that is regulated by the AusCheck Act 2017 and AusCheck Regulations 2017.

An ASIC or a MSIC is not an access card. It does not give the holder the right to access secure areas and zones without the permission from the relevant authority or facility owner or operator. Access is controlled by the airport owner/operator or a port owner/operator.[98]

1.70The MTOFSA does not have a single section that is equivalent to proposed new section 38AC of the ATSA. Rather, the MTOFSA contains several subsections which have a similar effect of allowing for cost recovery fees to be prescribed in the regulations.[99]

Regulation of low-risk maritime industry participants

1.71Part 1 of Schedule 2 to the Bill contains a series of amendments to the MTOFSA that are intended to ‘reduce the regulatory burden for specific categories of low risk [maritime industry participants] where regulation is disproportionate to maritime security risk’.[100] The Explanatory Memorandum states:

These measures promote simplification and deregulation in the Australian shipping sector, with the aim of reducing the regulatory, administrative and consequent financial burdens.[101]

Dual vessels

1.72The proposed amendments include repealing existing Parts 5B and 5C of the MTOFSA, which currently deal with Australian or foreign ships that are also regulated as offshore facilities.[102] These include a ‘small cohort’ of vessels known as Floating Product, Storage and Offtake vessels (FPSOs) and Floating Storage Unit vessels (FSUs).[103]

1.73Existing Part 5A requires Australian ships that are regulated as offshore facilities to have an ISSC, which is issued by the Secretary and subject to verification inspections by a maritime security inspector.[104] Part 5C places obligations on foreign ships that are regulated as offshore facilities, including that they: have an ISSC or equivalent; carry the required ship security records; provide pre-arrival information; allow inspections; and comply with security directions or control directions made by the Secretary.[105]

1.74In removing these parts from the Act, FPSOs and FSUs will instead be treated under the MTOFSA as regulated Australian ships or regulated foreign ships.[106] The Explanatory Memorandum states that regulation of FPSOs and FSUs will be simplified by treating them as ships ‘for their entire operational life while preserving functions and security features relevant to their hybrid nature’.[107]

Infrequent International Vessels

1.75The Bill proposes to insert an ‘infrequent overseas voyages test’ into the MTOFSA, defined in proposed new section 17AA as follows:

A ship passes the infrequent overseas voyages test if each overseas voyage undertaken by the ship is undertaken in exceptional circumstances.[108]

1.76The test is intended to apply to ships that ‘undertake primarily domestic voyages but need to embark on overseas voyages on an infrequent basis’,[109] and which do not take overseas voyages ‘for the primary purpose of conducting business or trade’.[110]

1.77A ship that passes the test would be excluded from the MTOFSA’s definition of ‘regulated Australian ship’.[111] Such ships would no longer be required to comply with MTOFSA obligations in relation to maintaining a ship security plan and being subject to compliance checks.[112]

1.78Proposed new Part 4A of the MTOFSA would also provide for ‘exemption certificates’ for ships that pass the infrequent overseas voyages test.[113] Ship operators that pass the infrequent overseas voyages test would be able to apply to the Secretary for two types of certifications:

1a ship security plan exemption certificate, and

2an ISSC exemption certificate.[114]

1.79In both cases, the matters which the Secretary must consider in deciding whether to issue the certificate are proposed to be defined in regulations.[115] The matters the Secretary must consider when deciding whether to cancel a certificate would also be prescribed in regulations.[116]

1.80A certificate would serve as evidence to foreign authorities that a ship which passes the infrequent overseas voyages test is exempt from the usual requirements for ships to hold an ISSC or have an approved ship security plan in place. The Explanatory Memorandum states:

Under the International Convention for the Safety of Life at Sea (SOLAS) as amended by the [International Code for the Security of Ships and Port Facilities] ISPS Code, for a ship to comply with ISPS Code obligations, the ship is required to either hold an ISSC and have an approved ship security plan in place when the vessel arrives at a foreign port, or have an exemption to those requirements. A ship security plan exemption certificate or an ISSC exemption certificate would be evidence of such an exemption.[117]

Demerit points

1.81Existing section 125 of the ATSA enables the regulations to establish a demerit points system, under which an aviation industry participant’s transport security program may be cancelled if the prescribed number of demerit points is reached. Demerit points are accrued where an aviation industry participant is convicted or found guilty of an offence under the Act, or where an infringement notice has been paid as an alternative to prosecution.[118]

1.82Part 1 of Schedule 3 to the Bill proposes to repeal and replace section 125 to allow for the demerit points system to be expanded to all aviation industry participants, whether or not they have a transport security program in place.[119] The Explanatory Memorandum states:

The purpose of this amendment is to enable the Department to access and apply the same scalable enforcement options across all regulated [Aviation Industry Participants] to prevent unlawful interference in the aviation sector. Amendments to the regulations will be required to establish the specifics of the demerit points system as it is yet to be developed. Consideration will need to be made as to how to design a demerit points system that is robust and fit-for-purpose, and the role of the aviation sector in co-design.[120]

Language modernisation

1.83Part 2 of Schedule 3 to the Bill contains a series of amendments aimed at modernising language in the ATSA and MTOFSA.

1.84The Bill amends the ATSA and MTOFSA to replace references to ‘sex’ with ‘gender’ in the context of frisk searches undertaken by screening officers.[121] The Explanatory Memorandum states:

These changes are being made to align with community expectations, the Sex Discrimination Act 1984 (Sex Discrimination Act), the Australian Privacy Principles, and the “Australian Guidelines on the Recognition of Sex and Gender” (the RSG Guidelines) developed by the Attorney-General’s Department in 2015.

When undertaking frisk searches, screening officers are required to use reasonable efforts to locate a screening officer of the same gender as the person to be screened, if practicable.

For the purposes of a frisk search, screening officers should ask an individual their gender identity such that an officer of the same gender can be located. If the individual identifies as gender other than male or female, the screening officers should ask for the individual’s preference regarding the gender of the officer conducting their frisk search.[122]

1.85The Bill amends the MTOFSA to omit references to ‘fax’ from several provisions.[123] The Explanatory Memorandum states:

This amendment will modernise the legislation by removing references to outdated technology, making MTOFSA technologically neutral, allowing for future types of communication to be added. These provisions ensure alignment with the Electronic Transactions Act 1999 (Electronic Transactions Act).[124]

Training requirements

1.86Section 44C of the ATSA currently enables the regulations to prescribe training requirements for employees of known consignors and regulated or accredited air cargo agents,[125] and for the Secretary to make determinations in relation to those training requirements.[126]

1.87Part 3 of Schedule 3 to the Bill amends the ATSA to allow training, qualification or other requirements to be made through regulations or determinations for all aviation industry participants.[127] The Explanatory Memorandum states:

The training requirements in ATSA remains the same. The amendments contained within this Part only influence how they are prescribed by Government and ensure consistency across the sector.

The Secretary’s powers enable flexibility to rapidly respond to new and emerging security threats by making certain requirements mandatory. Furthermore, if training, qualification and other requirements are standardised across the aviation sector, security outcomes are also likely to be aligned and more consistent.[128]

Security directions

1.88The ATSA currently allows the Secretary to issue special security directions (SSDs) to address special circumstances that may arise which require additional security measures beyond those otherwise required under the ATSA.[129] SSDs may be given to employees of the Department; staff members of the Civil Aviation Safety Authority and Air Services Australia; aviation industry participants and their employees; passengers; and other persons who are within the boundaries of a security controlled airport.[130] Criminal offences apply to persons who fail to comply with an SSD without a reasonable excuse, or who fail to comply with confidentiality requirements included in an SSD.[131]

1.89Current subsection 67(1) of the ATSA provides that an SSD may be given only in circumstances where:

a specific threat of unlawful interference with aviation is made or exists; or

there is a change in the nature of an existing general threat of unlawful interference with aviation; or
both of the following apply:

a national emergency declaration (within the meaning of the National Emergency Declaration Act 2020) is in force;

the Secretary is satisfied that additional security measures are appropriate to support the national emergency declaration.[132]
1. Part 4 of Schedule 3 to the Bill amends paragraph (b) to allow the Secretary to issue an SSD where there is a change in the risk of an existing general threat of unlawful interference with aviation, as well as when there a change in the nature of that general threat.[133] The Explanatory Memorandum states:

The purpose of this amendment is to ensure that the threshold for an SSD is proportionate to the existing and emerging risk environment. This is essential to providing the Secretary with the power to enact a targeted response to a threat, including when requirements for security exceed what is in the [Security Plan] SP of an [Industry Participant] IP. SSDs are a last resort power, used in exceptional circumstances where a SP is deemed or assessed to be insufficient for IPs to adequately respond to a specific or general threat.[134]

1.91The Bill also broadens subsection 67(1) to allow the Secretary to issue a special security direction where:

a general threat of unlawful interference with aviation is made or exists.[135]
1. The Explanatory Memorandum states:

The inclusion of the addition to the threshold providing that a SSD may be issued if a general threat of unlawful interference with aviation is made or exists allows for the capture of threats that are not present at the time of commencement. Given the novel nature of emerging and not yet present threats, this section is intentionally broad to allow for future threats not yet present in the environment can be captured as they emerge. This will allow the issuing of an SSD to mitigate the consequences that warrant one.[136]

1.93The Bill also amends section 70 of the ATSA to give express authority to the Secretary to revoke an SSD, and to require the Secretary to revoke an SSD made under new paragraph (aa) when the general threat no longer exists.[137]

1.94The MTOFSA includes security direction powers in relation to maritime transport and offshore facilities that are similar to the SSD powers in the ATSA.[138] The remainder of Part 4 of Schedule 3 to the Bill consists of amendments to make the MTOFSA’s security direction provisions consistent with the equivalent provisions in the ATSA, as amended by the Bill.[139]

Security regulated ports

1.95Part 6 of Schedule 3 to the Bill repeals and replaces the current MTOFSA definitions of ‘port’, ‘security regulated port’ and ‘port facility’.[140]

1.96The term ‘port’ is used extensively throughout the Act. The MTOFSA currently defines a ‘port’ as:

… an area of water, or land and water (including any buildings, installations or equipment situated in or on that land or water) intended for use either wholly or partly in connection with the movement, loading, unloading, maintenance or provisioning of ships.[141]

1.97The Bill would repeal and replace this definition with the following:

A port is one or more areas of land or water, or land and water, (including any buildings, installations or equipment situated in or on the land or water, or land and water) intended for use either wholly or partly in connection with one or more of the following:

the movement, loading, unloading, maintenance or provisioning of ships;

the movement of goods that have been, or are intended to be, transported by ship;
the storage of goods that have been, or are intended to be, transported by ship;
the loading of goods that have been transported by ship on to another mode of transport;
the unloading of goods that are intended to be transported by ship from another mode of transport;
any other activity or thing that is critical to ensuring the security and reliability of an activity mentioned in any of the above paragraphs.[142]
1. The MTOFSA’s existing definitions of ‘security regulated port’ and ‘port facility’ would be amended to use equivalent terminology.[143]
2. The term ‘security regulated port’ refers to areas of a port that have been declared by the Secretary to comprise a security regulated port.[144] ‘Port facility’ refers to an area within a security regulated port.[145] Security regulated ports are subject to regulatory requirements under the MTOFSA, including the requirement to have a maritime security plan.[146] The boundaries of a security regulated port must be shown in a map included in a public notice of the declaration.[147]
3. According to the Explanatory Memorandum, the amended definitions are intended to clarify the scope of facilities, functions and capabilities covered by the definitions:

The definitions provide clarity and will ensure entities can be responsive to emerging threats and risks under the all hazards security framework.

The definitions seek to ensure infrastructure, operations, assets or anchorages— used in connection with the facilities, functions or capabilities of the port, either directly or indirectly— are captured as security regulated ports.[148]

Footnotes

[1]Hon Tony Burke MP, Minister for Home Affairs and Minister for Cybersecurity, letter to Committee, 13January 2025, unpublished.

[2]www.aph.gov.au/pjcis

[3]The Hon Matt Thistlethwaite MP, Assistant Minister for Immigration, House of Representatives Hansard, 28November 2024, p. 8885.

[4]The Hon Matt Thistlethwaite MP, Assistant Minister for Immigration, House of Representatives Hansard, 28November 2024, p. 8885.

[5]The Hon Matt Thistlethwaite MP, Assistance Minister for Immigration, House of Representatives Hansard, 28November 2024, p. 8885.

[6]Transport Security Amendment (Security of Australia's Transport Sector) Bill 2024 (TSA(SATS) Bill 2024), Explanatory Memorandum, p. 2.

[7]Australian Government, Aviation Recovery Framework: Flying to Recovery, December 2021, p. 12.

[8]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 2.

[9]Transport Security Amendment (Critical Infrastructure) Bill 2022, Explanatory Memorandum, p. 2.

[10]The Hon Matt Thistlethwaite MP, Assistance Minister for Immigration, House of Representatives Hansard, 28November 2024, p. 8885.

[11]The Hon Matt Thistlethwaite MP, Assistance Minister for Immigration, House of Representatives Hansard, 28November 2024, p. 8885.

[12]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 2.

[13]TSA(SATS) Bill 2024, Explanatory Memorandum, pp. 2–3.

[14]Australian Government, 2023–2030 Australian Cyber Security Strategy, November 2023, pp. 6, 13, 40–41.

[15]Australian Government, Aviation White Paper: Towards 2050, August 2024,pp. 5, 10.

[16]Department of Infrastructure, Transport, Regional Development, Communications and the Arts, ‘Maritime Single Window’,https://www.infrastructure.gov.au/infrastructure-transport-vehicles/maritime/maritime-single-window, viewed 22 January 2024.

[17]Australian Government, National Defence Strategy, 2024, p. 6.

[18]The Hon Clare O’Neil MP, Minister for Home Affairs and Minister for Cyber Security, ‘National Resilience Taskforce’, Media Release, 8 December 2022.

[19]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 2.

[20]Aviation Transport Security Act 2004 (ATSA), s. 4.

[21]Maritime Transport and Offshore Facilities Security Act 2003 (MTOFSA), s. 4.

[22]See Security of Critical Infrastructure Act 2018 (SOCI Act), ss. 5 (definition of ‘critical aviation asset’), 9(meaning of ‘critical infrastructure asset), 11 (meaning of ‘critical port’).

[23]SOCI Act, s. 4.

[24]See Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 23/006) 2023, r. 4.

[25]TSA(SATS) Bill 2024, Explanatory Memorandum, Attachment B, p. 66.

[26]TSA(SATS) Bill 2024, Explanatory Memorandum, Attachment B, p. 67.

[27]TSA(SATS) Bill 2024, item 2.

[28]See TSA(SATS) Bill 2024, Explanatory Memorandum, pp. 3–6.

[29]ATSA, s. 3; MTOFSA, s. 3.

[30]ATSA, s. 10.

[31]MTOFSA, s. 11.

[32]TSA(SATS) Bill 2024, Schedule 1, item 3.

[33]SOCI Act, s. 12M.

[34]TSA(SATS) Bill 2024, Schedule 1, item 2.

[35]TSA(SATS) Bill 2024, Schedule 1, items 1–2.

[36]See SOCI Act, ss. 5, 12N.

[37]See SOCI Act, ss. 8G, 30BEA.

[38]TSA(SATS) Bill 2024, Schedule 1, item 2.

[39]TSA(SATS) Bill 2024, Schedule 1, item 25.

[40]TSA(SATS) Bill 2024, Schedule 1, items 10, 21–22.

[41]TSA(SATS) Bill 2024, Schedule 1, item 23.

[42]ATSA, s. 10.

[43]MTOFSA, ss. 171–181.

[44]MTOFSA, s. 170.

[45]MTOFSA, ss. 171–176. As at 28 January 2025, one penalty unit was valued at $330.

[46]TSA(SATS) Bill 2024, Schedule 1, item 26.

[47]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 35 [216].

[48]TSA(SATS) Bill 2024, Schedule 1, items 28–40.

[49]TSA(SATS) Bill 2024, Schedule 1, items 28–40.

[50]See SOCI Act, ss. 30BC–30BD.

[51]TSA(SATS) Bill 2024, Schedule 1, items 7–12. Note that, unlike the equivalent definition in the MTOFSA, the existing ATSA definition of ‘aviation security incident’ is not limited to terrorist acts—see ATSA, s. 99.

[52]TSA(SATS) Bill 2024, Schedule 1, items 7–12, 28–40.

[53]Existing section 172 of the MTOFSA provides that the maximum penalty for a ship master failing to report a ‘maritime transport or offshore facility security incident’ is 50 penalty units. In contrast, the TSA(SATS) Bill 2024 proposes that the maximum penalty for a ship master failing to report a ‘cyber security incident’ would be 200 penalty units (see Schedule 1, item 30).

[54]See ATSA ss. 100–103; MTOFSA ss. 171–176.

[55]SOCI Act, ss. 30BC–30BD.

[56]See ATSA ss. 100–103; MTOFSA ss. 171–176.

[57]TSA(SATS) Bill 2024, Schedule 1, items 7–12, 28–40.

[58]SOCI Act, ss. 30BC(1) and 30BD(1). The maximum penalties under the SOCI Act provisions are 50 penalty units in all cases, compared to between 50 and 200 penalty units under the Bill.

[59]TSA(SATS) Bill 2024, Schedule 1, items 48–53, 67–72.

[60]TSA(SATS) Bill 2024, Schedule 1, item 53 (proposed section 10AA).

[61]TSA(SATS) Bill 2024, Schedule 1, item 52 (proposed section 9F).

[62]TSA(SATS) Bill 2024, Schedule 1, item 53 (proposed subsection 10AA(2)).

[63]TSA(SATS) Bill 2024, Schedule 1, item 71–72 (proposed sections 10F and 11A).

[64]TSA(SATS) Bill 2024, Explanatory Memorandum, pp. 50–51 [342]–343].

[65]ATSA, s. 16(3).

[66]The term ‘security assessment’ as used in the Bill should not be confused with a security assessment within the meaning of the Australian Security Intelligence Organisation Act 1979, which is also referred to in s.126 of the ATSA.

[67]TSA(SATS) Bill 2024, Schedule 1, item 55.

[68]TSA(SATS) Bill 2024, Schedule 1, item 56.

[69]MTOFSA, ss. 47, 66, 100G.

[70]TSA(SATS) Bill 2024, Schedule 1, items 74, 81, 88.

[71]TSA(SATS) Bill 2024, Schedule 1, items 75, 77, 82, 84, 89, 91.

[72]TSA(SATS) Bill 2024, Schedule 1, item 59 (proposed section 26AB).

[73]TSA(SATS) Bill 2024, Schedule 1, item 59 (proposed section 26AC).

[74]TSA(SATS) Bill 2024, Schedule 1, items 79, 86, 93.

[75]TSA(SATS) Bill 2024, Schedule 1, items 57, 77, 85, 92.

[76]See ATSA, pt 5, div 2; MTOFSA, pt 8, div 2.

[77]ATSA, s. 79(2)(h).

[78]ATSA, s. 80(2)(f).

[79]ATSA, ss. 79(1); 80(1).

[80]ATSA, ss 79(2A), 80(2A). See Aviation Transport Security Regulations 2005, reg. 5.02.

[81]ATSA, ss 79(9); 80(7).

[82]TSA(SATS) Bill 2024, Schedule 1, items 103, 107.

[83]TSA(SATS) Bill 2024, Schedule 1, items 104, 108.

[84]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 4.

[85]ATSA, s. 9 (definition of ‘test weapon’).

[86]TSA(SATS) Bill 2024, Schedule 3, item 33.

[87]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 152 [1211].

[88]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 152 [1212].

[89]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 154 [1222].

[90]MTOFSA, s. 135.

[91]TSA(SATS) Bill 2024, Schedule 1, items 118, 122, 126.

[92]TSA(SATS) Bill 2024, Schedule 1, items 112–130.

[93]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 98 [701].

[94]TSA(SATS) Bill 2024, Schedule 1, item 132.

[95]TSA(SATS) Bill 2024, Schedule 1, item 132 (proposed section 38AC).

[96]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 5.

[97]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 5.

[98]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 107 [792]–[793].

[99]MTOFSA, ss. 105(4), 109(4), 113(4), 113D(4).

[100]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 110 [810].

[101]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 110 [811].

[102]TSA(SATS) Bill 2024, Schedule 2, items 1–2, 44–45.

[103]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 110 [812].

[104]MTOFSA, ss. 100U–100Z.

[105]MTOFSA, ss. 100ZH–100ZN.

[106]TSA(SATS) Bill 2024, Schedule 2, items 19, 22, 26–27, 46–47.

[107]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 110 [812].

[108]TSA(SATS) Bill 2024, Schedule 2, items 11, 25.

[109]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 117 [877].

[110]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 125 [962].

[111]TSA(SATS) Bill 2024, Schedule 2, item 20.

[112]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 117 [877].

[113]TSA(SATS) Bill 2024, Schedule 2, item 43.

[114]TSA(SATS) Bill 2024, Schedule 2, item 43 (proposed section 89B and 89D).

[115]TSA(SATS) Bill 2024, Schedule 2, item 43 (proposed subsections 89B(3) and 89D(3)).

[116]TSA(SATS) Bill 2024, Schedule 2, item 43 (proposed subsections 89C(2) and 89E(2)).

[117]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 125 [961].

[118]ATSA, s. 125(2). For infringement notices, see also ATSA, s. 117.

[119]TSA(SATS) Bill 2024, Schedule 3, items 1–2. See also Explanatory Memorandum, p. 141 [1113].

[120]TSA(SATS) Bill 2024, Explanatory Memorandum, pp. 141–142 [1114].

[121]TSA(SATS) Bill 2024, Schedule 3, items 3–9, 14–19.

[122]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 142 [1116]–[1118].

[123]TSA(SATS) Bill 2024, Schedule 3, items 10–13.

[124]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 145 [1141].

[125]ATSA, s. 44C(1)(g). See also ATSA, s. 9 (definition of ‘regulated agent’).

[126]ATSA, s. 44C(1A).

[127]TSA(SATS) Bill 2024, Schedule 3, items 21–23; Explanatory Memorandum, p. 148 [1167].

[128]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 148 [1168]–[1169].

[129]ATSA, s. 66.

[130]ATSA, s. 69.

[131]ATSA, ss. 73–74.

[132]ATSA, s. 67.

[133]TSA(SATS) Bill 2024, Schedule 3, item 25.

[134]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 150 [1184].

[135]TSA(SATS) Bill 2024, Schedule 3, item 24.

[136]TSA(SATS) Bill 2024, Explanatory Memorandum, pp. 149–150 [1182].

[137]TSA(SATS) Bill 2024, Schedule 3, items 26–27.

[138]MTOFSA, ss. 33–40.

[139]TSA(SATS) Bill 2024, Schedule 3, items 28–31.

[140]TSA(SATS) Bill 2024, Schedule 3, items 34–36.

[141]MTOFSA, s. 12(1).

[142]TSA(SATS) Bill 2024, Schedule 3, item 35.

[143]MTOFSA, ss. 10 (definition of ‘port facility’), 13(1); TSA(SATS) Bill 2024, Schedule 3, items 34, 36.

[144]MTOFSA, s. 13(1).

[145]MTOFSA, s. 10.

[146]MTOFSA, s. 42.

[147]MTOFSA, s. 13(2).

[148]TSA(SATS) Bill 2024, Explanatory Memorandum, p. 5.