Laws & RegulationsSOCI Act
In Forcecritical infrastructureSecurity of Critical Infrastructure Act 2018 (Cth)
Security of Critical Infrastructure Act 2018
Also known as: SOCI Act
The SOCI Act protects Australia's critical infrastructure from cybersecurity and other risks. It was significantly expanded in 2022 to cover 11 sectors and introduce mandatory risk management programs and enhanced incident reporting. It requires responsible entities to register assets, report incidents, and implement risk management programs.
Jurisdiction
Australia
Regulator
Australian Signals Directorate
Effective
7/11/2018
Sector
critical infrastructure
Full Text / Summary
The SOCI Act was originally enacted in 2018 and significantly amended in 2022 (Security Legislation Amendment (Critical Infrastructure Protection) Act 2022). Key provisions include: (1) Asset Register — mandatory registration of critical infrastructure assets; (2) Positive Security Obligations — sector-specific rules for risk management; (3) CIRMP — mandatory critical infrastructure risk management program for most sectors; (4) Enhanced Cyber Security Obligations — for systems of national significance (SoNS); (5) Government Assistance — powers for ASD to assist with or direct response to significant cyber attacks; (6) Incident Reporting — 12-hour and 72-hour reporting requirements.