Insight,

Exposure draft of the second package of amendments to the Security of Critical Infrastructure legislation has been released

21 December 2021

Our People
KWM Kinetic
Owl Advisory
AU | EN
Current site :    AU   |   EN
Australia
EN |
China
JP | ZH | EN |
China Hong Kong SAR
ZH | EN |
Japan
JP | ZH | EN |
Singapore
ZH | EN |
United States
EN |
Global
ZH | EN |

Written by Cheng Lim

TLDR

Draft legislation and rules have been released for consultation. The draft legislation implements the second element of the Government’s regulatory framework for the security and resilience of critical infrastructure and systems of national significance. The draft rules will switch on the reporting obligations and cyber security notification obligations for certain classes of critical infrastructure assets.

Draft legislation and rules released for consultation

As foreshadowed in our alert here, on 15 December 2021, the Government released an exposure draft of the second tranche of legislative amendments to the Security of Critical Infrastructure Act 2018. This tranche contains all the elements of the original Security Legislation Amendment (Critical Infrastructure) Bill 2020 (risk management programs, SONs and enhanced cyber security obligations) that were omitted from the Security Legislation Amendment (Critical Infrastructure) Act 2021 in accordance with the recommendations of the Parliamentary Joint Committee on Intelligence and Security. The consultation period ends on 1 Feb 2022. We will release a more detailed alert on the exposure draft early next year.

At the same time, the Government has also released an exposure draft of the rules under the Security of Critical Infrastructure Act 2018 (see https://www.homeaffairs.gov.au/reports-and-pubs/files/critical-infrastructure-consultation-submissions/soci-app-rules-exposure-draft-explanatory-statement.pdf). The consultation period for these rules also ends on 1 Feb 2022.

These rules will ‘switch on’ the reporting requirements (to provide operational, interest and control information for inclusion in the Register of Critical Infrastructure Assets) and the cyber security notification requirements that were implemented in the Security Legislation Amendment (Critical Infrastructure) Act 2021.

Importantly, in relation to the reporting requirements:

  • not all critical infrastructure assets will be subject to the reporting requirements (for example, it will only apply to critical financial market infrastructure assets that are payment systems)
  • there will be a 6 month grace period for compliance with this reporting obligation for entities that are not currently subject to it.

In relation to the cyber security notification obligations:

  • most but not all critical infrastructure assets will be subject to the reporting obligations
  • there will be a 3 month grace period for compliance with this notification obligation.

Businesses should therefore review these rules carefully to ascertain if their critical infrastructure assets will be subject to the reporting requirements and the cyber security notification obligations.

Categories

MEET THE AUTHORS

LATEST THINKING
Insight
Same same but different: ACCC releases new merger assessment guidelines for public consultation
The ACCC has released its draft merger assessment guidelines for public consultation. The guidelines outline the ACCC’s approach to analysing the potential effects of mergers on competition under the new mandatory merger clearance regime, which will formally commence on 1 January 2026.

21 March 2025

Insight
WA Government releases consultation papers on Pilbara electricity reform
Over recent years, the WA Government has started to focus on facilitating decarbonisation in the Pilbara region, which hosts a significant portion of Australia’s mining sector. This push now continues with the release of two further consultation papers on electricity reform in the Pilbara.

21 March 2025

Insight
Fair, simple and (mostly) nationally aligned: Victoria set to get with the program on SOPA
The Victorian Government has indicated support for significant reforms to the Building and Construction Industry Security of Payment Act 2002 (Vic).

21 March 2025

EXPLORE LATEST THINKING
OUR PEOPLE
LOCATIONS
MEDIA CENTRE
CAREERS
ABOUT US
KWM KINETIC
OWL ADVISORY BY KWM
Explore Our Expertise
Explore insights
Explore Our Insights

Advertising and Targeting Cookies