New Regulation Of Critical Infrastructure Assets In Australia.

18 April, 2018

Federal Parliament passes the Security of Critical Infrastructure Bill 2018 (Cth).

What you need to know

On 28 March 2018 the Australian Federal Parliament passed the Security of Critical Infrastructure Bill 2018 (Cth) (the Bill). The Bill now awaits Royal Assent and will commence on the earlier of a date fixed by Proclamation or 3 months after receiving Royal Assent.

The Bill proposes to establish a confidential register (the Register) of "operational information" and "interest and control information" regarding "critical infrastructure assets" in the water, electricity, gas and ports industries.

Entities operating in affected industries will be required to provide up-to-date information to the Register and penalties will apply for failure to make full disclosure.

The Bill will also provide the Minister for Home Affairs (the Minister) a broad power to issue directions to protect against risks to national security.

What you need to do

If you operate in an affected industry, you should consider whether you will be a "responsibly entity" or "direct interest holder" under the regime and if so, what information you will be required to report on the Register. Systems will have to be put in place to produce an initial report within 6 months of the commencement of the Act and to ensure prompt ongoing reporting of updates or changes.

Existing and prospective operators and investors in critical infrastructure assets should also consider the operational and confidentiality risks posed by a requirement to report internal information to a government body, as well as how they could be impacted by a Ministerial declaration in the interests of 'national security'.

What are "critical infrastructure assets"?

Critical electricity assets

A network, system or interconnector that ultimately services 100,000 or more customers.
Generation stations that are critical to ensuring security and reliability of electricity networks or electricity systems.

The Minister will set thresholds for generating capacities of generation stations that will be covered, with the Explanatory Memorandum suggesting the following: NSW – 1400MW; QLD – 1300MW; VIC – 1200MW; TAS – 700MW; WA – 600MW; SA – 600MW; NT – 300MW.

Critical gas assets

Processing facilities with capacity of 300 TJ/day or more.
Storage facilities with capacity of 75 TJ/day or more.
A network or system ultimately distributing to 100,000 or more customers.
Pipelines that are critical to ensuring security and reliability of a gas market.

The Minister will set thresholds for pipelines to be covered, with the Explanatory Memorandum suggesting the following: Eastern market – 200TJ/day; Northern market – 80TJ/day; Western market – 150TJ/day.

Critical ports

Certain large and nationally significant ports listed in the Bill.
"Security regulated ports" under the Maritime Transport and Offshore Facilities Security Act 2003 (Cth).

Critical water assets

One or more water or sewerage systems or networks managed by a single water utility that ultimately services at least 100,000 connections.

Additional assets

The Minister may prescribe an asset outside of these four sectors as a critical infrastructure asset if satisfied that:

first, the asset is critical to the social or economic stability of Australia or its people, the defence of Australia, or national security; and
second, there is a risk, in relation to the asset, that may be prejudicial to security.

The Minister must consult with the First Minister of the relevant State/Territory and any Minister of an affected State or Territory who has responsibility for overseeing or regulating the relevant industry prior to prescribing an asset outside the above four sectors as a critical infrastructure asset.

The Minister may also privately declare an asset to be a critical infrastructure asset where it affects national security and there would be a risk to national security if it were publicly known.

Reporting requirements – the Register of Critical Infrastructure Assets

The Register will be maintained confidentially by the Secretary of the Department of Home Affairs. Responsibility for the Register will be given to the Critical Infrastructure Centre, who will maintain a "secure web portal for entities to easily report information".

Reporting entities (either "responsible entities" or "direct interest holders") must provide an initial report within 6 months of commencement of the Act or an asset becoming a critical infrastructure asset. Any changes to previously provided information must be provided within 30 days of the relevant change.

"Responsible entities" to report "Operational information"

In the electricity, gas and water industries, "responsible entities" are those entities holding the relevant licence, approval or authorisation to provide the service. In the port industry it will be the port operator.

Responsible entities must report "operational information", which includes:

the location of the asset;
a description of the area the asset services;
details of the responsible entity (name, ABN, address of head office, country of incorporation);
details of the CEO of the responsible entity (full name, countries in which he or she is a citizen);
a description of arrangements under which operators operate the asset or part of the asset; and
a description of arrangements on data maintenance.

"Direct interest holders" to report "Interest and control information"

"Direct interest holders" are entities who hold:

together with any associates, a legal or equitable interest of at least 10% (including jointly held interests) in the asset; or
a lease or interest that puts them in a position to directly or indirectly influence or control the asset.

Direct interest holders must report "interest and control information", including:

details of the entity (name, ABN, address of head office, country of incorporation);
information about the influence or control the entity is in a position to exercise over the asset;
details (name, ABN, address of head office, country of incorporation) of the entities (higher entities) exerting direct or indirect influence or control over the direct interest holder or other higher entities; and
information about the influence or control exerted by such higher entities.

The final form of the Bill includes broad definitions of "influence or control".

The scope of the final Bill's application to direct interest holders contains some notable differences to the rules governing notifications and applications to the Foreign Investment Review Board under the Foreign Acquisitions and Takeovers Act 1975 and Foreign Acquisitions and Takeovers Regulation 2015 (the FIRB Rules), including (but not limited to) the following:

first, an exemption applies under the Bill to moneylenders holding interests by way or security or as a result of enforcing a security. However, unlike the comparable exception in the FIRB Rules, this exemption will not apply where enforcing the security would put the moneylender in a position to influence or control the asset; and
second, the definition of "associate" includes companies or trusts in which the entity has an "interest" or which hold an interest in the entity, whereas "associate" under the FIRB Rules refers to a "substantial interest" (ie 20%). Notwithstanding that "interest" appears to be a lower threshold, it does not trace through corporate structures in the way a "substantial interest" would.

Confidentiality

The Register will be kept confidential and information obtained by any person in the course of exercising powers, duties or functions under the Act is "protected information" under the Bill.

There will be penalties for unauthorised disclosure of protected information.

However, the Secretary of the Department may disclose information to (among others) any:

law enforcement body;
State or Territory Minister responsible for regulation or oversight of the relevant industry; or
Commonwealth Minister with responsibility for national security, law enforcement, foreign investment, taxation policy, industry policy, promoting investment in Australia, defence or regulation or oversight of the relevant industry.

Ministerial Directions Power

The Bill also permits the Minister to direct a reporting entity or operator of a critical infrastructure asset to do, or refrain from doing, any specified act if:

there is a risk that an act or omission will be prejudicial to security;
the direction is reasonably necessary to eliminate or reduce that risk;
reasonable steps have been taken to negotiate in good faith with the responsible entity or operator to reduce or eliminate the risk;
no existing regulatory system could be used instead to eliminate or reduce the risk; and
the Australian Security Intelligence Organisation (ASIO) has issued an adverse security assessment in respect of the entity.

In exercising this discretion, the Minister must consider:

the ASIO assessment (to be given paramount consideration);
the likely costs of complying with the direction;
potential consequences on competition;
potential consequences to customers; and
representations made during the consultation period.

The Minister must consult with affected State or Territory Ministers and the operator or reporting entity before making a declaration. Unless there are urgent circumstances, any consulted party must be given 28 days' notice of a proposed direction.

Role of the Critical Infrastructure Centre

Responsibility for the Register will be given to the Critical Infrastructure Centre.

Whilst the Bill does not include any additional restrictions on foreign persons acquiring critical infrastructure assets, the Critical Infrastructure Centre also works in close consultation with the Foreign Investment Review Board in providing asset-specific risk assessments, including early national security advice to inform the Treasurer's decision on foreign investment proposals.

As noted in the Explanatory Memorandum, one of the key focuses of the Critical Infrastructure Centre's is to identify and manage the national security risks of espionage, sabotage and coercion in critical infrastructure.

Read more

The Bill and the Explanatory Memorandum are available here.

For further information, please contact:

Nick Terry, Partner, Ashurst

nick.terry@ashurst.com

New Regulation Of Critical Infrastructure Assets In Australia.

Employer Sponsorship And Work Permits In Indonesia.

- Stephen Igor Warokka - SSEK,

Labor And Employment Law Updates From Indonesia And The World.

Gross Split Production Sharing Contracts: Commercial Insights From Indonesia’s MEMR Regulation No. 13 Of 2024.

- Fitriana Mahiddin - SSEK, SSEK

UK – Shifts Workers – A New Right To Reasonable Notice.

Hong Kong – Keepwell Deeds: A Workable Solution To PRC’s Foreign Exchange Control?

The Catch And Kill Of Non-Disclosure Agreements? New UK Guidance.

EU – Tightening The European Union’s Powers To Review Foreign Direct Investments.

Malaysia – General Average And Salvage.

- Philip Teoh - Azmi & Associates, Azmi & Associates

Role Of Technology In Legal Service Delivery.

Process Optimisation In Legal Teams: Improving Workflow Efficiency.

CONVENTUS LAW

OTHERS

New Regulation Of Critical Infrastructure Assets In Australia.

Register for your monthly Asia legal updates from Conventus Law

- Sacha Kirk - Lawcadia,

Footer

CONVENTUS LAW

OTHERS