The regulation of critical infrastructure under the Security of Critical Infrastructure Act 2018 (the SOCI Act) now places obligations on specific entities in the electricity, communications, data storage or processing, financial services and markets, water, health care and medical, higher education and research, food and grocery, transport, space technology, and defence industry.
The SOCI Act was amended to strengthen the security and resilience of critical infrastructure by expanding the sectors and asset classes the SOCI Act applies to, and to introduce new obligations. Click on the fact sheets to learn more about your obligations.
In the SOCI Act we have developed, in conjunction with industry, definitions that outline each of the 11 critical infrastructure sectors. We have also worked with industry to develop definitions to clearly articulate what would constitute a critical infrastructure asset within each of these sectors.
The new requirements may apply to owners and operators of critical infrastructure assets and those businesses who have a direct interest in the critical infrastructure asset. If you are not sure whether you are an owner or operator, or are a direct interest holder of a critical infrastructure asset, refer to
CI assets captured under the Act.
Although your business may be captured by SOCI Act,
not all of the obligations in the SOCI Act may be applicable to your business. However, it is important for you to know if you are captured by the SOCI Act and that additional responsibilities may apply to your business in future.
In March 2022, additional amendments to the SOCI Act introduced the following key measures:
- a new obligation for responsible entities to create and maintain a critical infrastructure risk management program (the Minister for Home Affairs will consult with industry before the rules are made setting out the requirements for a risk management program), and
- a new framework for enhanced cyber security obligations required for operators of systems of national significance (SoNS), Australia’s most important critical infrastructure assets (the Minister for Home Affairs will consult with impacted entities before any declarations are made).
These reforms seek to make risk management, preparedness, prevention and resilience, business as usual for the owners and operators of critical infrastructure assets and to improve information exchange between industry and government to build a more comprehensive understanding of threats.
The following factsheets provide further information about these amendments to the SOCI Act:
We will work in partnership with owners and operators of critical infrastructure assets to make sure the new requirements build on and do not duplicate existing obligations.