Digital Policy Alert logo

Australia: Introduction of Australia Security Legislation Amendment (Critical Infrastructure) Bill 2021

Policy overview

Description

Introduction of Australia Security Legislation Amendment (Critical Infrastructure) Bill 2021

The Security Legislation Amendment (Critical Infrastructure) Bill 2020 is introduced to Parliament. The Bill expands the sectors that are considered "critical infrastructure", including companies that provide data storage or processing services. Moreover, the bill introduces additional cybersecurity obligations for critical infrastructure assets, such as mandatory risk management programs and rules for cyber incident reporting. Finally, the bill improves the government assistance to relevant entities for critical infrastructure assets.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Cybersecurity regulation
Regulated Economic Activity
infrastructure provider: cloud computing, storage and databases
Implementation Level
national
Government Branch
legislature
Government Body
parliament

Complete timeline of this policy change

Hide details
2020-12-10
under deliberation

The Security Legislation Amendment (Critical Infrastructure) Bill 2020 is introduced to Parliament.…

2021-11-22
adopted

On 22 November 2021, the Security Legislation Amendment (Critical Infrastructure) Bill 2021 was ado…

2021-12-02
in force

On 2 December 2021, the Security Legislation Amendment (Critical Infrastructure) Bill 2021 comes in…

Key regulatory dimensions

Regulated subjects

The businesses, government agencies or individuals affected by this policy or regulatory change.
producer / supplier
1
Type Private organisation
Economic activity infrastructure provider: internet and telecom services
Category All

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.
telecommunication equipment (any form): operate
Regulatory tool
Preventive security requirement
Responsive security requirement
Regulator notification requirement
Regulator reporting requirement
Sanctions
Civil penalty
Regulated subjects
1
software: operating system: hosting (any form)
Regulatory tool
Preventive security requirement
Responsive security requirement
Regulator notification requirement
Regulator reporting requirement
Sanctions
Civil penalty
Regulated subjects
1
algorithm (any type): operate
Regulatory tool
Preventive security requirement
Responsive security requirement
Regulator notification requirement
Regulator reporting requirement
Sanctions
Civil penalty
Regulated subjects
1
financial asset (any type): sale
Regulatory tool
Preventive security requirement
Responsive security requirement
Regulator notification requirement
Regulator reporting requirement
Sanctions
Civil penalty
Regulated subjects
1
all goods (physical or digital): sale
Regulatory tool
Preventive security requirement
Responsive security requirement
Regulator notification requirement
Regulator reporting requirement
Sanctions
Civil penalty
Regulated subjects
1
all goods (physical or digital): creation: production
Regulatory tool
Preventive security requirement
Responsive security requirement
Regulator notification requirement
Regulator reporting requirement
Sanctions
Civil penalty
Regulated subjects
1
all goods (physical or digital): storage (any form)
Regulatory tool
Preventive security requirement
Responsive security requirement
Regulator notification requirement
Regulator reporting requirement
Sanctions
Civil penalty
Regulated subjects
1
all goods (physical or digital): distribution (any form)

Policy change by business practice

The detailed activities within the scope of this policy or regulatory change.

telecommunication equipment (any form): operate

software: operating system: hosting (any form)

algorithm (any type): operate

financial asset (any type): sale

all goods (physical or digital): sale

all goods (physical or digital): creation: production

all goods (physical or digital): storage (any form)

all goods (physical or digital): distribution (any form)