Regulation Impact Statement – Department of Home Affairs
On 10 December 2020, the Security Legislation Amendment (Critical Infrastructure) Bill 2020 was introduced into Parliament.
In response to evolving threats and risks to Australia’s critical infrastructure in a post-COVID world, the Government introduced an enhanced regulatory framework, building on existing requirements under the Security of Critical Infrastructure Act 2018. The Security Legislation Amendment (Critical Infrastructure) Bill 2020 gives effect to this framework by introducing:
- a Positive Security Obligation for critical infrastructure, including a risk management program, to be delivered through sector-specific requirements, and mandatory cyber incident reporting;
- enhanced cyber security obligations for those assets most important to the nation, described as systems of national significance; and
- Government Assistance to relevant entities for critical infrastructure sector assets in response to significant cyber attacks that impact on Australia’s critical infrastructure assets.
The OBPR’s assessment is that the quality of the regulatory impact analysis in the RIS and the RIS process itself is adequate. For the RIS to achieve good practice, given the significance of the package of reforms, the RIS would have benefited from being released for consultation which would allow stakeholders to verify the accuracy of the regulatory costings and assumptions, as well as the broader impact analysis.
The RIS estimates the average annual regulatory costs at $2.19 million for components of the reforms that require ongoing obligations.
A Post-implementation Review will be required for completion, within five years of implementation of the sector-specific regulations.