... proir cutting their service over to CGNAT?
Nope, prior informing the customers.
Fairly sure an ISP port scanning a customer without prior consent would get into trouble with regards to the privacy act and the misuse of computers section of the crimes act.
According to the UKUSA agreement NZ is one of five eye states - you just let the other states spy on your citizens and you are clean. :-) And you don't have to read the content just to see traffic. A postman doesn't read the letters he brings ... usually.
Also assumes that the customer hasn't firewalled the source IP.
Either the customer is too stupid or he's not ... if not, he should be informed :-)