Legislation, regulation and compliance Legislation, regulation and compliance

Critical infrastructure security legislation

We administer the Security of Critical Infrastructure Act 2018 (SOCI Act)

These give functions and powers to the Department of Home Affairs (the Department) which include, but are not limited to:

• requiring responsible entities to meet reporting obligations and register critical infrastructure assets
• requiring responsible entities to have and comply with a written critical infrastructure risk management program
• requiring a subset of critical telecommunications assets to meet additional security requirements. These include notifying the Department of certain changes
• information gathering powers, allowing the Secretary of the Department to get information and documents from reporting entities and operators
• directions powers, which allow the Minister for Home Affairs to issue directions when there is a national security risk and mitigations cannot be implemented in collaboration with asset owners and operators.

Refer to the Australian Government Federal Register of Legislation to view the Security of Critical Infrastructure Act 2018.

For more information on how the SOCI Act applies to industry, refer to the Security of Critical Infrastructure Act 2018.

For more information on telecommunications security, go to Telecommunications.

Transport legislation

We also administer the Aviation Transport Security Act 2004 (ATS Act) and Maritime Transport and Offshore Facilities Security Act 2003 (MTOFS Act), and associated regulations.

These give functions and powers to the Cyber and Infrastructure Security Group which include, but are not limited to:

• establishing mechanisms to safeguard against unlawful interference with aviation or offshore facilities sectors
• establishing a regulatory framework centred around the development of security programs for aviation and maritime entities to meet security outcomes
• requiring entities to provide security compliance information to the Secretary
• requiring entities to report security incidents
• Secretary-issued security control directions to address threat vulnerabilities
• ensuring Australia meets its aviation obligations under the Convention on International Civil Aviation (the Chicago Convention) including its annexure, ‘Security: Safeguarding International Civil Aviation Against Acts of Unlawful Interference’.
• ensuring Australia meets its maritime obligations under Chapter XI-2 of the International Convention for the Safety of Life at Sea 1974 (SOLAS) and the International Ship and Port Facility Security Code 2003(ISPS Code).

Go to the Australian Government Federal Register of Legislation to view the:

• Aviation Transport Security Act 2004
• Maritime Transport and Offshore Facilities Security Act 2003.

To see how ATS Act applies to industry, go to Aviation.

To see how MTOFS Act applies to industry, go to Maritime.

Background checking legislation

We also administer the AusCheck Act 2007. This gives functions and powers to the Department that include, but are not limited to:

• background checking services for the:

• Aviation Security Identification Card (ASIC)
• Maritime Security Identification Card (MSIC)
• National Health Security (NHS) check schemes
• Major National Events (MNEs)

• confirming the holder of such cards has a valid background check and is not a threat to aviation or maritime security
• assessing an applicant’s criminal history against criteria for aviation-security-relevant offences (ASROs) and maritime-security-relevant offences (MSROs).

For more information, see AusCheck background checking.

We also give risk advice to other agencies, including under the Foreign Acquisitions and Takeovers Act 1975. The Treasury administers the Foreign Acquisitions and Takeovers Act 1975.