National Security Legislation Amendment (Comprehensive Review and Other Measures No. 3) Act 2024 (24 of 2024)
Schedule 1 Security assessments
Part 3 Delayed security assessments
Australian Security Intelligence Organisation Act 1979
28 At the end of Division 2 of Part IV
Add:
41 Notification of delayed security assessment
Notification of delayed security assessment
(1) If a security assessment is not furnished under this Part within 12 months after the Organisation starts to prepare the assessment (the delayed security assessment ), the Director-General must cause the Inspector-General of Intelligence and Security to be notified of the delayed security assessment.
Note: A protocol made under subsection 42(1) must specify when the Organisation is taken to have started to prepare a security assessment, which may be specified differently for different classes of security assessments (see subsections 42(3) and (4)).
(2) The notification must:
(a) be made within the period specified, for the purposes of subparagraph 42(3)(b)(i), in the protocol made under subsection 42(1), as in force from time to time; and
(b) include the information specified in that protocol for the purposes of subparagraph 42(3)(b)(ii); and
(c) comply with any other requirements specified in the protocol for the purposes of paragraph 42(3)(d).
Exceptions to requirement to notify
(3) However, subsection (1) does not apply if:
(a) the Organisation has been notified that the security assessment is no longer required; or
(b) the Organisation initiated the preparation of the security assessment without a request for the assessment being made by another Commonwealth agency, a State or an authority of a State.
Application of this section
(4) This section applies to a security assessment that the Organisation starts to prepare on or after the commencement of this section.
42 Protocol for dealing with delayed security assessments
Requirement to make protocol
(1) The Director-General must make a written protocol for dealing with delayed security assessments.
Note 1: For variation of a protocol, see subsection 33(3) of the Acts Interpretation Act 1901.
Note 2: A protocol made under this subsection may be combined with a protocol made under subsection 82GB(1) (protocol for dealing with delayed security clearance decisions and delayed security clearance suitability assessments).
(2) The Director-General must consult with the Inspector-General of Intelligence and Security before making a protocol under subsection (1).
(3) The protocol:
(a) must specify when the Organisation is taken to have started to prepare a security assessment; and
(b) must specify the following in relation to the notification of a delayed security assessment under section 41:
(i) the period within which the notification must be made;
(ii) the information to be included in the notification; and
(c) must deal with steps to be taken by the Organisation in relation to the delayed security assessment after the notification referred to in paragraph (b) is made; and
(d) may specify other requirements, or deal with any other matters, that:
(i) relate to a delayed security assessment or the notification of the assessment under section 41; and
(ii) the Director-General considers appropriate.
(4) Without limiting subsection (1), the protocol may provide differently for different classes of security assessments.
(5) A protocol made under subsection (1) is not a legislative instrument.
Requirement to comply with protocol
(6) The Organisation must, in relation to a delayed security assessment to which subsection 41(1) applies, comply with a protocol made under subsection (1) of this section, as in force from time to time.