Australia's critical infrastructure is increasingly under threat

The Security of Critical Infrastructure Act 2018 (SOCI) provides a framework for managing and protecting critical infrastructure.

The amendments to the SOCI Act passed in two tranches: the first in December 2021 and the second in April 2022.

Together, these amendments expand the reach of the Act from four to 11 sectors.

  • SOCI Act compliance: Cyber security

    Need help to prepare your critical infrastructure protection program?





SOCI Act: Key compliance dates


8 July 2022


Grace period ended for mandatory Cyber Incident Reporting

8 October 2022


Grace period ended for registering ownership and operational information

17 August 2023


Grace period ended for the Critical Infrastructure Risk Management Program (CIRMP) obligation.

30 June 2024 – 28 Sept 2024


First annual report due (must be submitted within 90 days after the end of the financial year)

17 August 2024


End of grace period to achieve cyber security legislation requirements against a recognised framework (AESCSF, NIST, ISO2700X, E8) or ‘an equivalent’





Summary of SOCI Act legislation reforms

Understand the key points of Australia's Security of Critical Infrastructure Act reforms

In April 2022, the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) expanded the SOCI Act to enforce improved preparedness and resilience. The Security of Critical Infrastructure Act 2022 framework includes these features:

 

  • a positive security obligation
  • government assistance measures
  • enhanced cyber security obligations.


There’s no cookie-cutter response to these reforms; genuinely delivering on the SOCI intent involves adapting and bringing common concepts and services together in a new way. Our team has worked hard to develop capabilities that deliver practical advice to help organisations along their SOCI journeys, meeting them where they are.

To read more, expand the accordions, or watch our video explainers  >


Which sectors are affected by the SOCI Act?

Eleven critical infrastructure sectors will be impacted by the SOCI Act reforms:

Energy

Education

Data Storage

Transport


Financial Services

Health & Medical

Space Technology

Grocery & Food


Water & Sewerage

Defence

Communications





Watch: SOCI Act video explainer



loading loading


How KPMG can help achieve resilient infrastructure

    KPMG’s approach is grounded in our deep understanding of the reforms’ intent.

    We utilise our vast expertise across relevant sectors and disciplines – legal, risk, cyber, supply chain, asset management, infrastructure and more – to deliver integrated, SOCI-ready advice.

    KPMG can help:

  • brief your board
  • implement your CIRMP and SOCI uplift program
  • provide advice on your asset security approach, including incident response plans
  • identify and manage cyber risks in relation to your organisation’s infrastructure
  • provide visibility or risks associated with your supply chain and the impact it will have on you, your people and the community
  • inform approaches to market for asset upgrades and refreshes
  • assess your security and physical risk posture and provide actionable strategies to address the fundamentals
  • integrate critical infrastructure requirements into your wider control environment and transformation activities.


Meet KPMG's SOCI Act specialists



Critical infrastructure services and insights

Learn more about Australia's critical infrastructure through KPMG's services, insights and thought leadership.