Rules Mate
Acts/CWLTH· 2018

Security of Critical Infrastructure Act 2018

Short title: SOCI Act

In forceact

In plain English

This Act strengthens the security of Australia’s critical infrastructure, protecting essential services.

The Security of Critical Infrastructure Act 2018 applies to entities that operate critical infrastructure. This includes systems and assets. It also applies to those who provide services to those entities. Obligations include risk assessments and incident reporting. The Act aims to protect essential services like energy, communications, and water. It came into force in 2018.

Why it matters

If your business operates critical infrastructure, or provides services to those who do, this Act is vital. Understand your obligations to avoid potential compliance issues and protect Australia’s essential services.

reportinggovernancetelecommunicationstransportdefence

AI-assisted summary, grounded in the source link below. Generated 2026-05-23 via gemma3:12b.

Summary

Federal critical infrastructure protection regime. Pt 2 — asset registration. Pt 2A — CIRMP + annual board-approved report. Pt 2B — cyber incident reporting (12h critical, 72h other). Pt 3A — ministerial direction powers. Covers 11 sectors including banking, energy, telco, water, healthcare, food, data storage + processing.

Topics

socicybercritical-infrastructure

Administered by


Source: https://www.legislation.gov.au/C2018A00029/latest. Rules Mate summarises and links; we don't republish full statutory text. Always verify against the live source before acting.