Publication
Mission impossible? Teresa Ribera’s mission letter and the future of EU merger review
Executive Vice President Vestager’s momentous tenure as Commissioner responsible for EU competition policy is nearing its end.
Author:
Australia | Publication | October 2024
This article was co-authored with Amanda Wescombe.
On 9 October 2024, a number of Australian security reforms were released in draft legislation. This article outlines the key takeaways of the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024 (Bill) which will amend the Security of Critical Infrastructure Act 2018 (SOCI Act).
The changes contemplated by the Bill give effect to the legislative reforms outlined in Shield 4 (Protected critical infrastructure) of the 2023-2030 Australian Cyber Security Strategy. It is intended to improve the resilience of Australia’s critical infrastructure and essential government systems against increasingly sophisticated cyber-attacks.
Below, we outline some of the key changes that may impact a range of entities, the potential level of impact and our suggestions as to how affected entities can start preparing for these reforms.
This amendment includes expanding the definition of “critical infrastructure assets” to include data storage systems used in connection with critical infrastructure assets which store or process “business critical data”, where vulnerabilities in those systems could have a “relevant impact” on the primary critical infrastructure.
Impact on: Responsible entities with current critical infrastructure assets
Potential level of impact: Medium
Some practical considerations for your action plan:
This amendment includes expanding the application of current government powers under Part 3A of the SOCI Act from “cyber security incidents” to “incidents” more broadly to allow specific directions to be made to respond to and manage the consequences of a nationally significant incident.
Impact on: Relevant entities (responsible entity, direct interest holder, operator or managed service provider)
Potential level of impact: High
Some practical considerations for your action plan:
This amendment includes a revised definition of “protected information” which incorporates a harms-based assessment requiring an analysis of the harm or risk caused by the disclosure to the Australian public, the security of the asset, commercial interests, the socioeconomic stability, national security or defence of Australia. The amendment also introduces new authorisation provisions to facilitate more effective and timely sharing of information under the SOCI Act.
Impact on: Holders or recipients of “protected information” (including other entities which may be assisting with the relevant entity’s business, professional, commercial or financial affairs)
Potential level of impact: Medium
Some practical considerations for your action plan:
This amendment includes the creation of a directions power for the regulator which can be exercised where a CIRMP has been identified as “seriously deficient”.
Impact on: Responsible entities
Potential level of impact: Medium
Some practical considerations for your action plan:
This amendment includes integrating various security requirements for critical telecommunication assets in Part 14 of the Telecommunications Act 1997 into the SOCI Act, with enhancements to align key regulatory obligations and clarify telecommunications-specific obligations.
Impact on: Owners and operators of critical telecommunications assets as defined by Part 14 of the Telecommunications Act.
Potential level of impact: High
Some practical considerations for your action plan:
This amendment includes streamlining obligations by removing direct interest holders from the administrative obligations relating to systems of national significance (SoNS).
Impact on: All critical infrastructure asset owners and direct interest holders of SoNS.
Potential level of impact: Low
Some practical considerations for your action plan:
Critical infrastructure entities and assets are at risk of being targets for malicious attacks that could result in significant disruptions to the community at large. The introduction of the SOCI Bill represents the priority of the Department of Home Affairs to ensure Australia is well positioned to prevent and respond to evolving security threats, including cyber-attacks.
Norton Rose Fulbright offers one of Australia’s largest and most experienced legal teams to support your SOCI Act risk and security review, compliance, implementation, and assurance needs. Please reach out to any of us below for a confidential discussion regarding your SOCI compliance.
Publication
Executive Vice President Vestager’s momentous tenure as Commissioner responsible for EU competition policy is nearing its end.
Publication
On November 28, 2023, the European Commission (EC) adopted its first list of Projects of Common Interest (PCIs), i.e., projects within the EU territory, and Projects of Mutual Interest (PMIs), i.e., projects connecting the EU with other countries, including 166 projects implementing the European Green Deal.
Publication
On 10 October 2024, the UK government published its long awaited response (the Response) to its January 2024 consultation on “Designing a policy framework to enable investment in long duration electricity storage” (the Consultation).
Subscribe and stay up to date with the latest legal news, information and events . . .
© Norton Rose Fulbright LLP 2023