The Australian Government is implementing "Critical Infrastructure reforms". The consultation process for the new laws is being managed by the Critical Infrastructure Centre which is part of the Department of Home Affairs.
The CIC is currently assessing implementation of the governance rules to accompany the to-be-amended Security of Critical Infrastructure Act 2018 (Cth) at a broad, industry-neutral level. The CIC is intending these rules to provide an overview of the role industry will play in self-assessment and self-reporting, with the specific rules and obligations around assessment standards to come from later consultations.
At a high-level, materials made available by CIC set out CIC’s intention for the governance rules including a breakdown of the intention behind specific provisions in the draft Bill.
- The Bill is not anticipated to pass until mid-2021 – while not all industry-specific rules may be finalised at that stage, consultation should be almost complete by then.
- Consultation with industry is happening on sequential basis – Electricity and Gas sectors are to start consultation in late March/early April 2021, and then other industries will each have a consultation period one after another.
- The consultation timeline will be quite aggressive – the governance rules are in consultation this week for publication in late March.
- The obligations will not activate immediately on enactment of the Bill, and are instead taking a ‘switch on’ approach. The CIC is vague on what the triggers for ‘switching on’ will be and it is not clear if it was an industry-wide event, whether it was incident-based or whether it would occur from a certain point.