CrossbenchAU
← Back to bills
This bill did not pass parliament1 Apr 2022

The bill was rejected or lapsed before becoming law.

🏛 House of Representatives3 readingsAmendments circulated

Security Legislation Amendment (Critical Infrastructure Protection) 2022

✦ Plain-English Summary

# Security Legislation Amendment (Critical Infrastructure Protection) 2022 ## What it does This law strengthens protections for Australia's critical infrastructure—things like power grids, water systems, and telecommunications networks—by requiring the organisations that run them to actively identify and manage cyber security risks. It also creates tougher cyber security rules for the most important national systems and allows background checks on people working in these industries. ## Why it matters As Australia becomes more dependent on digital systems, hostile actors (whether criminal groups or foreign governments) are increasingly targeting essential services. This update means the organisations running these services must be more proactive about preventing attacks rather than just reacting when something goes wrong. ## Key details - **Who's affected**: Organisations running critical infrastructure assets, plus people seeking to work in sensitive roles within these sectors (who'll now face background checks through the AusCheck scheme) - **What they must do**: Identify and manage cyber security risks, with enhanced obligations for "systems of national significance" (the most critical ones) - **When it starts**: The day after the bill received Royal Assent (it's already passed Parliament)

Official Description

Implements the second tranche of changes to Australia's critical infrastructure framework by amending the: Security of Critical Infrastructure Act 2018 to: provide that specified critical infrastructure assets must adopt and maintain a critical infrastructure risk management program; provide for annual reporting obligations for assets that are exempt from the risk management program obligation; make minor amendments in relation to consultation requirements and immunities; provide for additional cyber security obligations that may be applied in relation to systems of national significance; provide that directions facilitating government assistance to industry in the event of a serious cyber security incident prevail over the requirements of a risk management program; amend provisions that authorise the use and disclosure of protected information; provide that the minister's power to privately declare an asset as a critical infrastructure asset includes a power to require compliance with a risk management program; enable the minister to declare a critical infrastructure asset to be a system of national of significance; and include additional reporting requirements; and AusCheck Act 2007 to make consequential amendments. Also makes a technical amendment to the Criminal Code Act 1995 .

Committee Referrals

Parliamentary Joint Committee on Intelligence and Security; Senate Standing Committee for the Scrutiny of Bills

Full bill PDF →APH page →

Audit History

Introduced

10 Feb 2022

Last updated on APH

10 Apr 2026

Outcome date

1 Apr 2022

Last checked by Crossbench

yesterday

Full text indexed

yesterday

🗳️

No formal division recorded

This bill passed by voice vote — parliament agreed without calling a formal count. A division is only recorded when a member explicitly requests one.

Constituent votes

Voting is closed — this bill has been decided by parliament.

No votes yet.

No votes were recorded for this bill.

🔒 Voting closed — this bill has been decided by parliament