Assessing proposed changes to public telecommunications networks
Part 3 of the Telecommunications (Interception Capability and Security) Act 2013 (TICSA) requires us to review proposed changes to New Zealand’s public telecommunications networks for security risks. Network operators must tell us about any changes or developments in their networks that intersect with national security.
New Zealand makes decisions on network security risks independently, in accordance with the law. TICSA notifications are assessed on a case-by-case basis. The TICSA legislation is vendor and country agnostic.
Further information about our role and the obligations imposed on network operators is available at the link below.
TICSA covers network security and interception capability
TICSA requires telecommunications network operators to tell us about any changes or developments in their networks that may raise a national security risk.
The New Zealand Police is responsible for the interception capability requirements of TICSA. Further information is available on the New Zealand Police website:
Guidelines to help network operators work with us
We’ve published a set of guidelines to help network operators fulfil their obligations under Part 3 of TICSA.
We work with network operators to identify and address risks that may arise when they design, build or operate public telecommunications networks.
The Director-General of the Government Communications Security Bureau (GCSB) has issued Guidelines for Network Operators on how the GCSB and network operators will interact to fulfil each other’s responsibilities under TICSA. The final Guidelines document was prepared following consultation involving network operators.
The Guidelines cover:
- Process for network operators to register
- The national security focus of the TICSA
- Notification requirements for network operators
- The GCSB’s consideration of proposals, including:
- The factors the GCSB must take into consideration
- How the GCSB will communicate to network operators
- How the GCSB will manage exemption requests
- Referral of cases to the Minister Responsible for the GCSB
- The process for updating the guidelines.
Read the Guidelines for Network Operators [PDF, 464 KB].(external link)
Disclaimer: This section is informational only and is not to be considered “Guidance” as defined in section 58 of the TICSA.
Clearances under section 75 and 76 of TICSA
Clearances can be required for network operators. Network operators can submit a request to the New Zealand Police to have a nominated person go through the clearance process.
New Zealand Police will approve clearance requests for compliance with section 2 of the Act.
NCSC/GCSB will approve clearance requests for compliance with section 3 of the Act.
Both the GCSB and New Zealand Police can require network operators to provide someone to go through the clearance process.
As a network operator, you must nominate a suitable person to apply for a secret-level security clearance.
The vetting procedure can take some time, and holding a security clearance comes with obligations.
Learn more about security clearances on the Protective Security Requirements website(external link).
Vetting assessments for security clearances are completed by the New Zealand Security Intelligence Service. Once you are in the vetting process you should pay attention to the vetting staff instructions to make sure the process does not lapse.
Contact the New Zealand Police TICSA registrar for more information(external link).
This document sets out the steps for network operators and the GCSB in the network security process.
Section 48 of the TICSA creates the obligation for network operators to notify the GCSB of proposed decisions, courses of action, or changes in regard to certain parts of their network (proposals). Under this section, it is only proposals that affect an “area of specified security interest” that need to be notified.
If a network operator becomes aware that implementation of any other decision, course of action, or change to any part of their network may give rise to a network security risk, they are required to notify GCSB (section 46(1) TICSA).
Network operators need to notify the GCSB of proposed decisions, courses of action or changes to certain parts of their network at the stage when these decisions, courses of action or changes are still proposals, yet to be implemented. More detail on the notification requirements and process is provided in the Guidelines for Network Operators document.
Read the Guidelines for Network Operators document [PDF, 464 KB].
TICSA Notification of Proposal template [DOCX, 107 KB](external link)
Under the TICSA, the Director-General of the GCSB can grant exemptions to a network operator’s obligation to notify of proposed decisions, courses of action, or changes to certain parts of their network. Exemptions can only be granted if the Director-General is satisfied that the granting of an exemption will not give rise to a network security risk.
Read the notice of the exemptions that have been granted [PDF, 238 KB]
Exemptions can be granted to individual network operators or a class of network operators. The GCSB will notify individual network operators directly in writing of any exemption applying only to them. Exemptions that apply to a class of network operators will be published on the GCSB and NCSC websites (as required in s49(5) of the TICSA) as well as written notification being sent to all network operators falling in that class.
Network operators will be able to request exemptions from the GCSB through the notification process. This will provide the GCSB with the information it needs to be able to assess whether granting the exemption will give rise to a network security risk.
Under the TICSA, the New Zealand Police is responsible for maintaining the Register of Network Operators on behalf of all of the surveillance agencies. Information and registration details are available on the New Zealand Police website(external link).
Network operators can contact the TICSA team by email: firstname.lastname@example.org
All TICSA guidelines and templates can also be made available in alternative document formats upon request.
National security risk assessment of space activities
We’re part of the Space Activities Risk Assessment Group responsible for providing advice on activities regulated under the Outer Space and High-altitude Activities Act 2017 (OSHAA). We work with the New Zealand Intelligence Community (NZIC) and the New Zealand Defence Force to assess rocket launches, satellites, and high-altitude vehicles for any national security risks.
Our assessments inform advice to the Minister responsible for the Government Communications Security Bureau (GCSB) and the New Zealand Security Intelligence Service (NZSIS). The Minister responsible for administering OSHAA must consult with the Minister responsible for the GCSB and NZSIS.
New Zealand provides a uniquely beneficial environment for space-related activities. Our uncluttered airspace, and the open expanse of unpopulated ocean along typical launch trajectories, gives us long and safe launch windows for high-altitude vehicle flights and space launches. New Zealand’s growing space industry provides significant opportunities for our economy.
The New Zealand Space Agency is the lead government agency for space policy and regulation, including assessment of any broader risks to New Zealand's national interest associated with high-altitude vehicle flights and space launches from New Zealand.
Advising the Government on national security risks from overseas investments
We support the New Zealand Security Intelligence Service in providing advice to the Overseas Investment Office about proposed overseas investments into New Zealand.
The Overseas Investment Office is the regulator of overseas investment in New Zealand. The Overseas Investment Act 2005 ensures responsible investment, recognising that it is a privilege for an overseas person to own or control a sensitive New Zealand asset. The Act was amended in 2021 to introduce a new National Security and Public Order notification regime that allows proactive assessment of investments in particular higher-risk sectors and industries.