New reporting requirements for critical infrastructure require the lodgement of information on the Register of Critical Infrastructure Assets before 11 January 2019. This is the time for owners and operators of Australian infrastructure to consider whether any of their assets qualify as 'critical infrastructure'. Partner Wendy Rae and Senior Associate Nick Kefalianos explain what critical infrastructure is and who will be affected by the new requirements.
The Critical Infrastructure Centre manages national security concerns relating to Australian critical infrastructure. As discussed in our previous publication, Implications of the Critical Infrastructure Centre for foreign investment in Australia, the Centre's broad role includes assessing foreign investment applications relating to critical infrastructure, and assisting the Australian Government in understanding and managing risks relating to such infrastructure.
The Security of Critical Infrastructure Act 2018 (the Critical Infrastructure Act), which will commence on 11 July 2018, supports the Centre's role by:
- establishing the Register of Critical Infrastructure Assets (the Register);
- providing the Secretary of the Department of Home Affairs with information-gathering powers; and
- giving the relevant minister power to issue directions to owners and/or operators of critical infrastructure in mitigation of national security risks.
The Register will have the most immediate impact on owners and operators of critical infrastructure assets, who are initially required to provide information regarding such assets within six months from 11 July 2018, and then subsequently to notify of any changes to that information within 30 days.
In the lead up to the commencement of the Critical Infrastructure Act, draft rules have been published confirming what is considered 'critical infrastructure' for the purposes of the Critical Infrastructure Act. 'Critical infrastructure' refers to the following assets:
|Critical electricity assets||
|Critical gas assets||
The following ports are considered 'critical ports':
|Critical water assets||A critical water asset is one or more systems or networks managed by a water utility where those assets ultimately service more than 100,000 connections.|
The relevant minister may also declare other assets to be critical infrastructure assets under the Critical Infrastructure Act.
The requirement to report information regarding critical infrastructure assets for inclusion on the Register is imposed on 'reporting entities'. A 'reporting entity' is defined in the Critical Infrastructure Act as meaning either of the following:
- (Direct interest holders) A 'direct interest holder' of a critical infrastructure asset is an entity (including an individual, a body corporate, a body politic, a partnership, a trust, a superannuation fund or an unincorporated foreign company) that:
(a) together with one or more associates holds an interest of at least 10% in the asset; or
(b) holds an interest in the asset that puts the entity in a position to directly or indirectly 'influence or control' the asset.
- (Responsible entities) A 'responsible entity' is:
(a) for critical electricity assets or critical gas assets, an entity that holds the licence, approval or authorisation to operate the asset to provide the service to be delivered by the asset;
(b) for critical water assets, a water utility that holds the licence, approval or authorisation under a law of the Commonwealth, a state or territory to provide the service to be delivered by the asset; and
(c) for critical ports, the port operator (within the meaning of the Maritime Transport and Offshore Facilities Security Act 2003 (Cth)).
Direct interest holders will be required to report ownership and control information, while responsible entities will be required to report operational information.
If you would like to talk to an expert about these changes, please contact one of the Partners listed below.