Loading
pop-up content starts
pop-up content ends

Co-designing rules with industry: critical infrastructure reforms

​​​Critical infrastructure asset definition rules

Building on industry engagement during the development of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 (the Bill), we aim to ensure that the critical infrastructure assets included are vital services to Australia’s security, economic prosperity and way of life. We are also seeking to reduce the regulatory burden on industry.

Combining feedback from industry with extensive consultation with commonwealth, state and territory government partners, we have prepared draft definitions for the following 12 asset classes:

  • critical banking assets
  • critical broadcasting assets
  • critical domain name systems
  • critical electricity assets
  • critical financial market infrastructure assets
  • critical food and grocery assets
  • critical freight infrastructure assets
  • critical freight services assets
  • critical gas assets
  • critical insurance assets
  • critical liquid fuel assets
  • critical superannuation assets.

A strong and effective government-industry partnership is central to achieving the Australian Government’s vision for critical infrastructure security and resilience.

For further information, see Critical Infrastructure Asset Definition Rules paper.

Governance rules

In March 2021, we conducted four town hall forums and seven workshops to develop governance rules. These consultation sessions provided industry peak bodies, regulators, state and territory government partners, and industry stakeholders with an opportunity to shape the governance rules for the risk management program across all sectors. During this consultation period, we spoke to over 1,350 people.

The governance rules will work alongside the sector-specific obligations for risk management programs. This will ensure that entities have robust risk minimisation, mitigation or elimination practices.

For a summary of the consultation process, see Co-design of Governance Rules – Critical Infrastructure Risk Management Program: Summary of consultation.

Sector-specific co-design

Engagement with industry has been essential throughout the reform process, including the Bill. For submissions regarding the exposure draft of the Bill, see Protecting Critical Infrastructure and Systems of National Significance.

We approach industry to work together to co-design sector-specific obligations that will underpin the risk management program.

For the aims of this phase of co-design, see Risk Management Program – Sector-Specific Rules: Discussion paper.

We have completed co-designing sector-specific obligations for the electricity, gas, data storage or processing sector, and the water and sewerage sector.

We will soon begin the consultation process for the financial services and markets (payment systems) sector and the food and grocery sector.

Co-design consultation may involve both group and individual engagement sessions. It will also aim to examine the estimated regulatory impact of sector-specific obligations.

We have engaged KPMG to help facilitate the co-design process.

Co-design timeline

The below table is a guide to when we will be undertaking co-design with each asset class:

Asset ClassCo-design Dates
ElectricityMid-April to late July 2021
GasLate April to early August 2021
Data storage or processingLate June to mid-September 2021
Water and sewerageEarly July to late September 2021
Payment SystemsMid-September to late November 2021
Food and GroceryEarly October to mid-December 2021
Liquid FuelsEarly November 2021 to mid-February 2022
Telecommunications*Late November 2021 to late February 2022
Transport (Freight Services)Early February to mid-April 2022
Transport (Freight Infrastructure)Mid-February to late April 2022
Public TransportEarly April to mid-June 2022
Domain Name SystemsMid-April to late June 2022
HealthEarly June to mid-August 2022
BroadcastingMid-June to late August 2022

* Subject to the Parliamentary Joint Committee on Intelligence and Security Review of the Telecommunication Sector Security Reforms

The co-design timeline does not include all asset classes covered by the Bill as some have obligations or approaches already in place. These asset classes are currently considered more broadly in line with the reforms, or are subject to separate reform processes. We will engage with stakeholders from these asset classes to finalise the approach for each of them.

Financial services and markets (payment systems) sector

We anticipate that the co-design consultation will take place over approximately 12 weeks.

The first group briefing session will take place on:

Tuesday 14 September 2021 at 2:00pm – 3:30pm (AEST).​

At this session, we will discuss our approach to the co-design structure and timeframes for individual engagement.

Following the first group session, we will engage individual entities to discuss current risk management practices and related industry standards, This will take place between 21 September and 8 October 2021.

We will then develop draft sector-specific obligations approximately between 11 October and 1 November 2021.

The final group briefing session to discuss the estimated regulatory impact of sector-specific obligations is scheduled for 9 November 2021.

Food and grocery sector

We anticipate that the co-design consultation will take place over approximately 12 weeks.

The first group briefing session will take place on:

Thursday 7 October at 2:00pm – 3:30pm (AEST).

At this session, we will discuss our approach to the co-design structure and timeframes for individual engagement.

Following the first group session, we will engage individual entities to discuss current risk management practices and related industry standards. This will take place between 14 October and 3 November 2021.

We will then develop draft sector-specific obligations approximately between 4 November and 24 November 2021.

The final group briefing session to discuss the estimated regulatory impact of sector-specific obligations is scheduled for 2 December 2021.

For further queries, contact CI.reforms@homeaffairs.gov.au.