The Security of Critical Infrastructure Act 2018 brings with it a new regime of reporting obligations and ministerial powers, aimed at safeguarding Australia’s most relied upon infrastructure assets from the threat of sabotage, espionage and coercion posed by foreign involvement and ownership.
The Act received assent in April this year. The two major developments of the Act are the implementation of a Critical Infrastructure Assets (CIA) Register and the conferral of a last resort directions power on the Minister for Infrastructure and Transport.
Critical Infrastructure Assets Register
There are four broad categories of CIAs covered in the register:
- Ports that are vital for defence purposes, liquid fuel imports and bulk cargo exports;
- Gas processing, storage and distribution facilities and networks ultimately servicing at least 100,000 customers;
- Electricity networks systems and interconnectors that service at least 100,000 customers, as well as generation stations that are critical to ensuring the security and stability of a state or territory’s electricity network and stations contracted to provide a system restart service; and
- Water or sewerage systems or networks that service at least 100,000 customers.
(A complete list of the asset coverage criteria is available through the Attorney-General’s website at https://www.ag.gov.au/Consultations/Documents/critical-infrastructure-bill/CIC-factsheet-security-of-critical-infrastructure-bill.pdf)
Which entities are required to report to the Critical Infrastructure Centre?
The Critical Infrastructure Centre administers the Trusted Information Sharing Network, which is used to engage with CIA owners and is the forum through which owners and other involved entities report the required information.
Two types of entities are required to report to the CIC, Direct Interest Holders and Responsible Entities.
Direct Interest Holders are entities holding greater than 10% direct interest in the CIA, or any entity in a position to directly or indirectly influence or control the asset.
Responsible Entities are bodies that are licensed to operate CIAs.
What information must be disclosed and when?
Direct Interest Holders are required to report interest and control information:
- The legal name, ABN, address and country of origin of the entity;
- The type of interest (legal equitable, lease or licence interest) and the level of interest (shareholding) the entity holds in the CIA; and
- Details regarding the control and influence the entity has over the CIA, such as board appointments and voting rights.
Responsible Entities are required to provide operation information:
- The location of the asset and a description of the area that the asset services; and
- The name, address and incorporation details of the entity.
Entities will initially have six months to report the CIC’s Trusted Information Sharing Network, following the initial reporting period, entities will then be required to notify the CIC of any changes to the required information within 30 days of a change.
How will the Bill be enforced?
The Minister will have the discretion of seeking, by application to a relevant court, the imposition of civil penalties, enforceable undertakings and/or injunctions.
How will the Ministerial Directions Power effect businesses?
The proposed Directions Power will allow the Minister to issue a direction to an owner or operator of a CIA to mitigate national security risks in instances where the risks cannot be managed through collaboration with owners and operators or via any existing regulatory frameworks.
The specific instances in which the Minister may exercise this power:
- If there is a risk identified which is prejudicial to the security of the CIA; and
- Through collaboration, the owner or operator does not or cannot implement mitigations to address the risk; and
- There are no existing regulatory frameworks that can be used to enforce such mitigations.
If you have any questions regarding your reporting obligations or the ways this legislation may affect your ownership interest, please contact Morrissey Law & Advisory.
Disclaimer: This publication by Morrissey Law & Advisory is for general information and commentary only and should not be considered or relied upon as legal advice. Formal legal advice should be sought in relation to any matters or transactions that may arise in relation with communication.