For the purposes of this Part, a cyber security incident has a significant impact (whether direct or indirect) on the availability of an asset if, and only if:
(a) both:
(i) the asset is used in connection with the provision of essential goods or services; and
(ii) the incident has materially disrupted the availability of those essential goods or services; or
(b) any of the circumstances specified in the rules exist in relation to the incident.