Act No. 10 of 2019. Introduced by /u/DirtySaiyan. Assented to 2019-03-06.
2019
The Parliament of the
Commonwealth of Australia
HOUSE OF REPRESENTATIVES
Presented and read a first time
Securing the Nation's Critical Infrastructure Bill
2019
Written by u/DirtySaiyan
A Bill for an Act to create a framework for managing critical
infrastructure, and for related purposes
Contents
Part 1—Preliminary 4
Division 1—Preliminary 4
1 Short title 4
2 Commencement 4
3 Objects 4
Division 2—Definitions 4
4 Definitions 4
5 Meaning of operational information 5
6 Meaning of direct interest holder 5
7 Meaning of influence or control 6
8 Meaning of critical infrastructure asset 6
9 Meaning of critical electricity asset 7
10 Meaning of critical port 7
11 Meaning of critical gas asset 7
Division 3—Constitutional provisions and application of this Act 8
12 Application of this Act 8
13 Extraterritoriality 8
14 This Act binds the Crown 8
Part 2—Register of Critical Infrastructure Assets 8
Division 1—Simplified outline of this Part 8
15 Simplified outline of this Part 8
Division 2—Register of Critical Infrastructure Assets 9
16 Secretary must keep Register 9
17 Secretary may add information to Register 9
18 Secretary may correct or update information in the Register 9
19 Register not to be made public 9
Division 3—Obligation to give information and notify of events 9
20 Initial obligation to give information 9
21 Ongoing obligation to give information and notify of events 10
Part 3—Directions by the Minister 10
Division 1—Simplified outline of this Part 10
22 Simplified outline of this Part 10
Division 2—Directions by the Minister 11
23 Direction if risk of act or omission that would be prejudicial to security 11
24 Requirement to comply with direction 11
Part 4—Declaration of assets by the Minister 12
Division 1—Simplified outline of this Part 12
25 Simplified outline of this Part 12
Division 2—Declaration of assets by the Minister 12
26 Declaration of assets by the Minister 12
Part 5—Secretary’s powers 12
Division 1 — Secretary’s power to obtain information or documents 12
2
27 Secretary may obtain information or documents from entities 12
Division 2—Matters relating to Secretary’s powers 13
28 Additional power of Secretary 13
29 Assets ceasing to be critical infrastructure assets 13
Part 6—Enforcement 13
Division 1—Simplified outline of this Part 13
30 Simplified outline of this Part 13
Division 2 — Civil penalties, enforceable undertakings and injunctions 14
31 Civil penalties, enforceable undertakings and injunctions 14
Part 7—Miscellaneous 15
Division 1—Periodic reports and reviews 15
32 Periodic report 15
33 Review of this Act 15
3
The Parliament of Australia enacts:
Part 1—Preliminary
Division 1—Preliminary
1 Short title
This Act may be cited as the Securing the Nation's Critical Infrastructure Act 2019
2 Commencement
This Act commences on the day it receives the Royal Assent.
3 Objects
The object of this Act is to provide a framework for managing risks to national
security relating to critical infrastructure, including by:
(a) improving the transparency of the ownership and operational control of critical
infrastructure in Australia in order to better understand those risks; and
(b) facilitating cooperation and collaboration between all levels of government,
and regulators, owners and operators of critical infrastructure, in order to
identify and manage those risks.
Division 2—Definitions
4 Definitions
In this Act, unless the contrary intention appears:
National security means the same as the definition of security as given in the Australian
Security Intelligence Organisation Act 1979.
Register means the Register of Critical Infrastructure Assets kept by the Secretary under
section 16.
ean the minister for the Department of Infrastructure
Minster m
Regulatory Powers Act means the Regulatory Powers (Standard Provisions) Act 2014 .
Reporting entity, for an asset, means either of the following:
(a) the responsible entity for the asset;
(b) a direct interest holder in relation to the asset.
4
Note: An entity may be both the responsible entity for an asset and a direct interest
holder in relation to the asset
Secretary means the Secretary of the Attorney-General’s Department.
5 Meaning of operational information
(1) The following information is operational information in relation to an asset:
(a) the location of the asset;
(b) a description of the area the asset services;
(c) the following information about each entity that is the responsible entity for, or
an operator of, the asset:
(i) the name of the entity;
(ii) if applicable, the ABN of the entity, or other similar business number
(however described) if the entity was incorporated, formed or created
(however described) outside Australia;
(iii) the address of the entity’s head office or principal place of business;
(iv) the country in which the entity was incorporated, formed or created
(however described);
(d) the following information about the chief executive officer (however described)
of the responsible entity for the asset:
(i) the full name of the officer;
(ii) the country or countries of which the officer is a citizen;
6 Meaning of direct interest holder
(1) An entity is a direct interest holder in relation to an asset if the entity:
(a) together with any associates of the entity, holds an interest of at least 10% in
the asset (including if any of the interests are held jointly with one or more
other entities); or
(b) holds an interest in the asset that puts the entity in a position to directly or
indirectly influence or control the asset.
(2) Subsection (1) does not apply to an interest in an asset held by an entity if:
(a) the entity holds the interest in the asset:
(i) solely by way of security for the purposes of a moneylending
agreement; or
(ii) solely as a result of enforcing a security for the purposes of a
moneylending agreement; and
(iii) the holding of the interest does not put the entity in a position to
directly or indirectly influence or control the asset; and
(iv) if the entity is holding the interest solely by way of security—enforcing
the security would not put the entity in a position to directly or indirectly
influence or control the asset.
(3) A moneylending agreement is:
5
(a) an agreement entered into in good faith, on ordinary commercial terms and in
the ordinary course of carrying on a business (a moneylending business) of
lending money or otherwise providing financial accommodation, except an
agreement dealing with any matter unrelated to the carrying on of that
business; or
(b) if the entity:
(i) is carrying on a moneylending business; or is a subsidiary or holding
entity of a corporate entity that is carrying on a moneylending
business;
7 Meaning of influence or control
(1) An entity is in a position to directly or indirectly influence or control an asset if:
(a) the entity is in a position to exercise voting or veto rights in relation to the
body that governs the asset; or
(b) the entity is in a position to make decisions that materially impact on the
running of, or strategic direction in relation to, the asset; or
(c) the entity has the ability to appoint:
(i) persons to the body that governs the asset; or
(ii) key personnel involved in running the asset; or
(d) the entity is in a position to influence or determine decisions relating to:
(i) the business plan, or any other management plan, for the asset; or
(ii) major expenditure relating to the asset; or
(iii) major contracts or transactions involving the asset; or
(iv) major loans involving the asset.
8 Meaning of critical infrastructure asset
(1) An asset is a critical infrastructure asset if it is:
(a) a critical electricity asset; or
(b) a critical port; or
(c) a critical water asset; or
(d) a critical gas asset; or
(e) an asset declared under section 26 to be a critical infrastructure asset; or
(f) an asset prescribed by the rules for the purposes of this paragraph.
(2) However, the rules may prescribe that a specified:
(a) critical electricity asset; or
(b) critical port; or
(c) critical water asset; or
(d) critical gas asset;
is not a critical infrastructure asset.
Prescribing an asset as a critical infrastructure asset
(3) The Minister must not prescribe an asset for the purposes of paragraph (1)(f) unless
the Minister is satisfied that:
a. the asset is critical to:
6
i. the social or economic stability of Australia or its people; or
ii. the defence of Australia; or
iii. national security; and
b. there is a risk, in relation to the asset, that may be prejudicial to security.
9 Meaning of critical electricity asset
(1) An asset is a critical electricity asset if it is:
(a) a network, system, or interconnector, for the transmission or distribution of
electricity to ultimately service at least 100,000 customers; or
(b) an electricity generation station that is critical to ensuring the security and
reliability of electricity networks or electricity systems in a State or Territory
10 Meaning of critical port
An asset is a critical port if it is land that forms part of any of the following security regulated
ports:
(a) Broome Port;
(b) Port Adelaide;
(c) Port of Brisbane;
(d) Port of Cairns;
(e) Port of Christmas Island;
(f) Port of Dampier;
(g) Port of Darwin;
(h) Port of Eden;
(i) Port of Fremantle;
(j) Port of Geelong;
(k) Port of Gladstone;
(l) Port of Hay Point;
(m) Port of Hobart;
(n) Port of Melbourne;
(o) Port of Newcastle;
(p) Port of Port Botany;
(q) Port of Port Hedland;
(r) Port of Rockhampton;
(s) Port of Sydney Harbour;
(t) Port of Townsville;
11 Meaning of critical gas asset
(1) An asset is a critical gas asset if it is any of the following:
(a) a gas processing facility that has a capacity of at least 300 terajoules per day
or any other capacity prescribed by the rules;
(b) a gas storage facility that has a maximum daily quantity of at least 75
terajoules per day or any other quantity prescribed by the rules;
(c) a network or system for the distribution of gas to ultimately service at least
100,000 customers or any other number of customers prescribed by the rules;
7
Note: The rules may prescribe that a specified critical gas asset is not a
critical infrastructure asset (see section 8).
Division 3—Constitutional provisions and application of this Act
12 Application of this Act
(1) This Act applies to the following:
(a) an entity that is a corporation
(b) an entity that is a reporting entity for, or an operator of, an asset that is:
(i) in a Territory; or
(ii) used in the course of, or in relation to, trade or commerce with other
countries, among the States, between Territories or between a
Territory and a State; or
(iii) used for the purposes of the defence of Australia;
13 Extraterritoriality
This Act applies both within and outside Australia.
14 This Act binds the Crown
(1) This Act binds the Crown in each of its capacities.
(2) This Act does not make the Crown liable to be prosecuted for an offence.
(3) The protection in subsection (2) does not apply to an authority of the Crown.
Part 2—Register of Critical Infrastructure Assets
Division 1—Simplified outline of this Part
15 Simplified outline of this Part
The Secretary must keep a Register of Critical Infrastructure
Assets, containing information in relation to those assets. The Register must
not be made public.
The responsible entity for a critical infrastructure asset must give the Secretary
operational information in relation to the asset.
An entity that is a direct interest holder in relation to a critical infrastructure
asset must give the Secretary interest and control information in relation to the
entity and the asset.
8
If particular events occur in relation to the asset, the relevant reporting entity
for the asset must notify the Secretary of the event and provide certain
information.
The rules may provide for exemptions from these requirements.
Division 2—Register of Critical Infrastructure Assets
16 Secretary must keep Register
The Secretary must keep a Register of Critical Infrastructure Assets, containing:
(a) the information obtained by the Secretary under Division 3 (obligation to give
information and notify of events); and
(b) any information added under section 10; and
(c) any corrections or updates of information described in paragraph (a) or (b)
that are made under section 18.
17 Secretary may add information to Register
The Secretary may add to the Register any of the following that is obtained by the
Secretary:
(a) operational information in relation to a critical infrastructure asset;
(b) interest and control information in relation to a direct interest holder and a
critical infrastructure asset.
18 Secretary may correct or update information in the Register
The Secretary may correct or update information in the Register.
19 Register not to be made public
The Secretary must ensure that the Register is not made public.
Division 3—Obligation to give information and notify of events
20 Initial obligation to give information
(1) This section applies if an entity is, or will be, a reporting entity for a critical
infrastructure asset at the end of the grace period for the asset.
(2) The entity must give the Secretary the following information in accordance with
subsection (3):
9
(a) if the reporting entity is the responsible entity for the asset, the operational
information in relation to the asset;
(b) if the reporting entity is a direct interest holder in relation to the asset—the
interest and control information in relation to the entity and the asset.
Civil penalty: 50 penalty units.
(3) The information must be given:
(a) in the approved form; and
(b) by the earlier of:
(i) the end of the grace period for the asset; or
(ii) the end of 30 days after the day the entity becomes a reporting entity
for the asset.
21 Ongoing obligation to give information and notify of events
(1) This section applies to a reporting entity for a critical infrastructure asset if a notifiable
event occurs in relation to the asset:
(a) after the entity gives information in relation to the asset under section 13; or
(b) after the end of the grace period for the asset.
(2) If the reporting entity is required to give information, the reporting entity for the asset
must give the Secretary that information and notice of the event:
(a) in the approved form; and
(b) by the end of 30 days after the event occurs.
Civil penalty: 50 penalty units.
Part 3—Directions by the Minister
Division 1—Simplified outline of this Part
22 Simplified outline of this Part
The Minister may require a reporting entity for, or an operator of, a critical infrastructure
asset to do, or refrain from doing, an act or thing, if the Minister is satisfied that there is a
risk of an act or omission that would be prejudicial to security.
The Minister may give the direction only if particular criteria are met and certain
consultation has been undertaken.
10
Division 2—Directions by the Minister
23 Direction if risk of act or omission that would be prejudicial to security
(1) This section applies if in connection with the operation of, or the delivery of a service
by, a critical infrastructure asset the Minister is satisfied that there is a risk of an act
or omission that would be prejudicial to security.
Direction to do, or refrain from doing, an act or thing
(2) The Minister may, subject to subsections (3) and (4), give an entity that is a reporting
entity for, or an operator of, a critical infrastructure asset a written direction requiring
the entity to do, or refrain from doing, a specified act or thing within the period
specified in the direction
(3) The Minister must not give the direction unless:
(a) the Minister is satisfied that requiring the entity to do, or to refrain from doing,
the specified act or thing is reasonably necessary for purposes relating to
eliminating or reducing the mentioned in subsection (1); and
(b) the Minister is satisfied that reasonable steps have been taken to negotiate in
good faith with the entity to achieve an outcome of eliminating or reducing the
risk without a direction being given under subsection (2); and
(c) an adverse security assessment in respect of the entity has been given to the
Minister for the purposes of this section.
(4) Before giving the entity the direction, the Minister must have regard to the following:
(a) the adverse security assessment mentioned in paragraph (3)(c);
(b) the costs that would be likely to be incurred by the entity in complying with the
direction;
(c) the potential consequences that the direction may have on competition in the
relevant industry for the critical infrastructure asset;
(d) the potential consequences that the direction may have on customers of, or
services provided by, the entity.
24 Requirement to comply with direction
An entity must comply with a direction given to the entity under subsection 16(2).
Civil penalty: 250 penalty units.
11
Part 4—Declaration of assets by the Minister
Division 1—Simplified outline of this Part
25 Simplified outline of this Part
The Minister may privately declare an asset to be a critical infrastructure asset if
the Minister is satisfied that:
(a) the asset is critical infrastructure that affects national security; and
(b) there would be a risk to national security if it were publicly known that
the asset is critical infrastructure that affects national security.
The Minister must notify each reporting entity for a declared asset.
Division 2—Declaration of assets by the Minister
26 Declaration of assets by the Minister
(1) The Minister may, in writing, declare a particular asset to be a critical infrastructure
asset if:
(a) the asset is not otherwise a critical infrastructure asset; and
(b) the asset relates to a relevant industry; and
(c) the Minister is satisfied that:
(i) the asset is critical infrastructure that affects national security; and
(ii) there would be a risk to national security if it were publicly known that
the asset is critical infrastructure that affects national security
(2) The declaration must specify the entity that is the responsible entity for the asset.
Part 5—Secretary’s powers
Division 1 — Secretary’s power to obtain information or documents
27 Secretary may obtain information or documents from entities
(1) This section applies if the Secretary has reason to believe that an entity that is a
reporting entity for, or an operator of, a critical infrastructure asset has information or
a document that:
(a) is relevant to the exercise of a power, or the performance of a duty or
function, under this Act in relation to the asset; or
12
(b) may assist with determining whether a power under this Act should be
exercised in relation to the asset.
(2) The Secretary may, by notice in writing given to the entity, require the entity to:
(a) give any such information; or
(b) produce any such documents; or
(c) make copies of any such documents and to produce those copies to the
Secretary within the period, and in the manner, specified in the notice.
(3) Before giving the entity the notice, the Secretary:
(a) must have regard to the costs that would be likely to be incurred by the entity
in complying with the notice; and
(b) may have regard to any other matters the Secretary considers relevant.
(4) An entity must comply with a notice given to the entity under subsection (2)
Civil penalty: 150 penalty units.
Division 2—Matters relating to Secretary’s powers
28 Additional power of Secretary
Without limiting any other provision of this Act, the Secretary may undertake an
assessment of a critical infrastructure asset to determine if there is a risk to national
security relating to the asset.
29 Assets ceasing to be critical infrastructure assets
The Secretary must, in writing, notify the reporting entity for an asset if the Secretary
becomes aware that the asset has ceased to be a critical infrastructure asset.
Part 6—Enforcement
Division 1—Simplified outline of this Part
30 Simplified outline of this Part
Civil penalty orders may be sought under Part 4 of the Regulatory Powers Act in
relation to contraventions of civil penalty provisions of this Act.
Undertakings to comply with civil penalty provisions of this Act may be accepted
and enforced under Part 6 of the Regulatory Powers Act.
Injunctions under Part 7 of that Act may be used to restrain a person from
contravening a civil penalty provision of this Act or to compel compliance with a civil
penalty provision of this Act
13
Division 2 — Civil penalties, enforceable undertakings and injunctions
31 Civil penalties, enforceable undertakings and injunctions
Enforceable provisions
(1) Each civil penalty provision of this Act is enforceable under:
(a) Part 4 of the Regulatory Powers Act (civil penalty provisions); and
(b) Part 6 of that Act (enforceable undertakings); and
(c) Part 7 of that Act (injunctions).
Note 1: Part 4 of the Regulatory Powers Act allows a civil penalty provision to be enforced
by obtaining an order for a person to pay a pecuniary penalty for the contravention of the
provision.
Note 2: Part 6 of that Act creates a framework for accepting and enforcing undertakings
relating to compliance with provisions.
Note 3: Part 7 of that Act creates a framework for using injunctions to enforce provisions.
Authorised applicant
(2) For the purposes of Part 4 of the Regulatory Powers Act, as that Part applies in
relation to a civil penalty provision of this Act, each of the following is an authorised
applicant:
(a) the Minister;
(b) the Secretary.
Authorised person
(3) For the purposes of Parts 6 and 7 of the Regulatory Powers Act, as those Parts apply
in relation to a civil penalty provision of this Act, each of the following is an authorised
person:
(a) the Minister;
(b) the Secretary.
Relevant court
(4) For the purposes of Parts 4, 6 and 7 of the Regulatory Powers Act, as those Parts
apply in relation to a civil penalty provision of this Act, each of the following is a
relevant court:
(a) the Federal Court of Australia;
(b) the Federal Circuit Court of Australia;
14
(c) a court of a State or Territory that has jurisdiction in relation to matters arising
under this Act.
Extension outside Australia
(5) Parts 4, 6 and 7 of the Regulatory Powers Act, as those Parts apply in relation to a
civil penalty provision of this Act, extends outside Australia (including to every
external Territory).
Part 7—Miscellaneous
Division 1—Periodic reports and reviews
32 Periodic report
(1) The Secretary must give the Minister, for presentation to the Parliament, a report on
the operation of this Act for a financial year.
(2) A report under subsection (1) must not include personal information (within the
meaning of the Privacy Act 1988 ).
33 Review of this Act
(1) The Parliamentary Joint Committee on Intelligence and Security must:
a. review the operation, effectiveness and implications of this Act; and
b. review the circumstances in which any declarations have been made under
Part 4 of this Act (declarations of assets by the Minister); and
c. report the Committee’s comments and recommendations to each House of
the Parliament.
(2) The Committee must begin the review before the end of 3 years after this Act
receives the Royal Assent.
15
Explanatory memorandum:
This bill is intended to strengthen the Australian Government's current and future
Government's capacity to manage the national security risks of espionage, sabotage and
coercion that arise from foreign involvement in Australia’s critical infrastructure. Critical
infrastructure underpins the functioning of Australia’s society and economy and is integral to
the prosperity of the nation. It enables the provision of essential services such as food,
water, health, energy, communications, transportation and banking. Secure and resilient
infrastructure supports productivity and helps to drive the business activity that underpins
economic growth.
Second reading speech:
Mr Speaker,
I rise to speak in support of this bill. Critical infrastructure is integral to the prosperity of the
nation. Secure and resilient infrastructure underpins the effective functioning of our nation's
economy and society. Foreign involvement in Australia's critical infrastructure plays an
important and beneficial role in supporting economic growth. It can improve productivity by
enabling the development of much-needed infrastructure, introducing new technology,
allowing access to global supply chains and markets, and enhancing Australia's skills base.
However, while recognising its many benefits, increasing foreign involvement in our national
critical infrastructure means that Australia's critical infrastructure is more exposed than ever
to sabotage, espionage and coercion. As a result, The bill will establish a register of critical
infrastructure assets, which will enhance the capability of the centre to understand who
owns, controls and has access to Australia's critical infrastructure. This register will support
more proactive management of the risks faced by assets in our high-risk sectors.
16