The legislative framework for the NZIC is contained in the Intelligence and Security Act 2017.

The purpose of the GCSB and NZSIS’ governing legislation, the Intelligence and Security Act 2017, is to protect New Zealand as a free, open and democratic society. 

In March 2016, Sir Michael Cullen and Dame Patsy Reddy presented the First Independent Review of Intelligence and Security to Parliament. The review focused on the legislative framework governing the agencies and their oversight regime.

Their central conclusion was that there should be a single, integrated and comprehensive Act clearly setting out how and why the agencies are constituted; how their intelligence and security activities are authorised; and their oversight.

In light of the growing complexity and sophistication of security threats, there was also an increasing need for intelligence and security agencies to work together and pool their expertise.

On the 28 March 2017 the Intelligence and Security Act 2017 gained Royal Assent. On 1 April 2017, the first provisions under the Act took effect. On 28 September 2017 further provisions under the ISA came into force.

The overarching purpose of the Intelligence and Security Act 2017 is to protect New Zealand as a free, open and democratic society.

The Act puts in place a single legislative regime for the GCSB and the NZSIS, providing a single purpose and shared objectives and functions.

The Act allows the intelligence and security agencies to act as necessary to protect New Zealand and New Zealand interests, with appropriate limitations and robust oversight applying across all of the agencies’ activities.

The Act sets out the functions, powers and duties of the agencies and empowers them to contribute to the following objectives while acting in accordance with New Zealand law and human rights obligations:

  • The protection of New Zealand’s national security
  • The international relations and wellbeing of New Zealand
  • The economic wellbeing of New Zealand.

The agencies’ shared key functions are:

  • Intelligence collection and analysis
  • Protective security services, advice and assistance (including the GCSB’s information assurance and cybersecurity activities, which are elaborated on further in section 12)
  • Co-operation with the New Zealand Police and the New Zealand Defence Force to facilitate the performance of New Zealand Police and New Zealand Defence Force functions
  • Co-operation with other entities to respond to imminent threats to life and safety of certain persons.

The agencies will continue to carry other functions as conferred by or under other legislation e.g. the GCSB carries out regulatory functions under the Telecommunications (Interception Capability and Security) Act 2013.

Fact sheets and case studies highlighting key areas of the Act can be found on the Department of the Prime Minister and Cabinet website.

Previous legislation

Before the Intelligence and Security Act 2017 there were four separate Acts governing New Zealand’s core security and intelligence agencies, and their oversight mechanisms:

  • the New Zealand Security Intelligence Service Act 1969
  • the Government Communications Security Bureau Act 2003
  • the Intelligence and Security Committee Act 1996
  • the Inspector-General of Intelligence and Security Act 1996.

Ministerial Policy Statements (MPSs) are statements issued by the Minister Responsible for the GCSB and NZSIS under section 206 and 207(1) of the Intelligence and Security Act 2017 (‘the Act’).

MPSs provide guidance to GCSB and NZSIS on certain lawful activities

MPSs provide guidance to GCSB and NZSIS (also called ‘the agencies’) on lawful activities under the Act.  They do not act as legal authorisations for these activities but set out the Minister’s expectations of how the activities covered by the MPS should be properly carried out and any protections or restrictions in relation to the activity.  Activities which are unlawful may only be carried out to the extent that they can be authorised under an intelligence warrant.

Every employee making decisions or taking any action in relation to the matters covered by the MPSs must consider and should be able to explain how they had regard to the MPS.  This might include an explanation of the consideration of any relevant internal policy or procedures that reflect the MPS.  The Directors-General of the GCSB and NZSIS are responsible for ensuring each MPS is reflected in their agency’s internal policies and procedures.  If any action is taken that is inconsistent with the MPS, employees must be able to explain why that action was taken.

They are also considered by the Inspector-General of Intelligence and Security when conducting an inquiry or review

MPSs are relevant to the oversight of the GCSB and NZSIS by the Inspector-General of Intelligence and Security in the exercise of their propriety jurisdiction.  When conducting an inquiry or review, the Inspector-General of Intelligence and Security must take account of any relevant MPS and the extent to which an agency has complied with it. 

And they assist in increasing transparency with the New Zealand public

While the primary purpose of the MPSs is to provide guidance to the GCSB and NZSIS on their lawful activities, they also provide the public with information on how and why the agencies carry out these activities to help keep New Zealand secure. 

Each of the activities covered by the MPSs enable the agencies to perform their statutory functions

The Act sets the principal objectives of GCSB and NZSIS, which are to contribute to:

  • The protection of New Zealand’s national security;
  • The international relations and well-being of New Zealand; and
  • The economic well-being of New Zealand.

The GCSB and NZSIS meet these objectives through the performance of their statutory functions, namely:

  • Intelligence collection and analysis;
  • Protective security services, advice and assistance;
  • Cooperation with other public authorities to facilitate their functions; and
  • Cooperation with other entities to respond to imminent threat.  

All collection and analysis of intelligence undertaken by GCSB and NZSIS is in accordance with the New Zealand Government’s priorities.  These are primarily established through the National Security and Intelligence Priorities (NSIPs) which are set by the Government and reviewed every two years. The NSIPs outline the focus areas for all intelligence and assessment activity across the national security sector, including GCSB and NZSIS.

MPSs are an important part of the measures put in place by the Act to ensure these functions are carried out properly. 

Matters covered by the MPSs

The MPSs cover areas of work of the GCSB and NZSIS that involve gathering information about individuals and organisations that may intrude into the privacy of individuals and other areas where ministerial guidance was considered appropriate.  There are currently 11 MPSs, covering the following activities:

  1. Providing information assurance and cybersecurity activities;
  2. Acquiring, using and maintaining an assumed identity;
  3. Creating and maintaining a legal entity (such as a cover company);
  4. Human intelligence activities;
  5. Conducting surveillance in a public place;
  6. Obtaining and using publicly available information;
  7. Making requests for information from other agencies (section 121 requests);
  8. Information management;
  9. Making false or misleading representations about employment;
  10. Road User Rule Exemption; and
  11. Cooperation with overseas public authorities.

MPSs take effect from the date of signing and continue in effect for three years. The Minister responsible for GCSB and NZSIS may amend, revoke or replace any of the MPSs at any time.  However, they must consult with the Inspector-General of Intelligence and Security, any other relevant Minister, or any other person the Minister considers appropriate. 

The Minister can issue further MPSs on other areas if considered necessary or desirable.