Responsible entities for specified critical infrastructure assets that are required to hold and maintain a critical infrastructure risk management program (CIRMP) or that are exempt from such requirement, must comply with annual reporting requirements under the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) for the first time this year.
The Security of Critical Infrastructure (Critical infrastructure risk management program) Rules (LIN 23/006) 2023 (CIRMP Rules), made under the SOCI Act, commenced on 17 February 2023. The CIRMP Rules activated additional obligations for responsible entities for specified critical infrastructure assets under the SOCI Act, including the obligation to submit an annual report to the relevant regulator relating to its CIRMP and/or to certain assets that are not covered by a CIRMP.
Due to a grace period, responsible entities were not obligated to submit an annual report for the 2022-2023 financial year.
However, the inaugural annual report for the 2023-2024 financial year must be submitted between 30 June 2024 and 28 September 2024.
What is CIRMP?
In accordance with the SOCI Act, responsible entities for specified critical infrastructure assets…
