Security of Critical Infrastructure Act 2018
Short title: SOCI Act
In plain English
This Act strengthens the security of Australia’s critical infrastructure, protecting essential services.
The Security of Critical Infrastructure Act 2018 applies to entities that operate critical infrastructure. This includes systems and assets. It also applies to those who provide services to those entities. Obligations include risk assessments and incident reporting. The Act aims to protect essential services like energy, communications, and water. It came into force in 2018.
Why it matters
If your business operates critical infrastructure, or provides services to those who do, this Act is vital. Understand your obligations to avoid potential compliance issues and protect Australia’s essential services.
AI-assisted summary, grounded in the source link below. Generated 2026-05-23 via gemma3:12b.
Summary
Federal critical infrastructure protection regime. Pt 2 — asset registration. Pt 2A — CIRMP + annual board-approved report. Pt 2B — cyber incident reporting (12h critical, 72h other). Pt 3A — ministerial direction powers. Covers 11 sectors including banking, energy, telco, water, healthcare, food, data storage + processing.
Topics
Administered by
Source: https://www.legislation.gov.au/C2018A00029/latest. Rules Mate summarises and links; we don't republish full statutory text. Always verify against the live source before acting.