We absolutely appreciate the intent behind this provision; however, I think an unintended consequence could be that it would effectively allow designated operators to determine, themselves, whether their existing cybersecurity programs meet the requirements of the CCSPA and whether they are therefore obligated to comply with the obligations regarding the cybersecurity programs.
Unfortunately, this would undermine the purpose of the CCSPA, which is to ensure that all designated operators meet a base level of cybersecurity.