Clause 28

in subsection (2)(a), replace “critical information infrastructure” with “provider‑owned critical information infrastructure, designated provider responsible for third‑party‑owned critical information infrastructure, system of temporary cybersecurity concern, entity of special cybersecurity interest or major foundational digital infrastructure service provider”;

in subsection (2)(b), replace “critical information infrastructure” with “provider‑owned critical information infrastructure, third‑party‑owned critical information infrastructure, system of temporary cybersecurity concern, system of special cybersecurity interest or major foundational digital infrastructure”;

in subsection (2)(c), replace “critical information infrastructure” with “provider‑owned critical information infrastructure or system of temporary cybersecurity concern, designated provider responsible for third‑party‑owned critical information infrastructure, entity of special cybersecurity interest or major foundational digital infrastructure service provider”;

in subsection (2)(d), replace “critical information infrastructure to be reported by the owner of the critical information infrastructure” with “provider‑owned critical information infrastructure or a third‑party‑owned critical information infrastructure to be reported by the owner of the provider‑owned critical information infrastructure or the designated provider responsible for third‑party‑owned critical information infrastructure”;

in subsection (2), replace paragraph (e) with —“(e)the type of cybersecurity incidents relating to —

a provider‑owned critical information infrastructure that are required to be reported by the owner of the provider‑owned critical information infrastructure;

a third‑party‑owned critical information infrastructure that are required to be reported by the designated provider responsible for third‑party‑owned critical information infrastructure;

a system of temporary cybersecurity concern that are required to be reported by the owner of the system of temporary cybersecurity concern;

a system of special cybersecurity interest that are required to be reported by the entity of special cybersecurity interest; or

a major foundational digital infrastructure that are required to be reported by the major foundational digital infrastructure service provider;”;

in subsection (2)(f), replace “critical information infrastructure” with “provider‑owned critical information infrastructure or the owner of a third‑party‑owned critical information infrastructure”;

in subsection (2), after paragraph (i), insert —“(ia)the use of any accreditation, certification or inspection mark of the Cyber Security Agency of Singapore;”; and

after subsection (3), insert —“(4) The powers conferred by this section do not extend to any matter for which Rules of Court may be made under section 47A.”.