Australia: Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 adopted

On 31 March 2022, the Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022, including expanded cybersecurity rules for critical infrastructure, has been adopted by the Australian Parliament after passing in the Senate. The Bill applies to critical infrastructure assets, including certain water, gas, and electricity assets defined in the Security of Critical Infrastructure Act 2018. The Bill would introduce a requirement for entities to create and maintain a risk management program identifying relevant hazards and taking steps to minimise such hazards. The Bill would further create enhanced cybersecurity obligations for systems of national significance, including infrastructure assets of special importance to the stability, defence, or national security of Australia. The additional obligations of systems of national significance include the possibility of being subjected to incident response planning, cybersecurity exercises, and vulnerability assessments. The Bill must still receive Royal Assent and will enter into force on the following day.