Australia's critical infrastructure is increasingly under threat
The Security of Critical Infrastructure Act 2018 (SOCI) provides a framework for managing and protecting critical infrastructure.
The amendments to the SOCI Act passed in two tranches: the first in December 2021 and the second in April 2022.
Together, these amendments expand the reach of the Act from four to 11 sectors.
SOCI Act compliance: Cyber security
Need help to prepare your critical infrastructure protection program?
SOCI Act: Key compliance dates
8 July 2022
Grace period ended for mandatory Cyber Incident Reporting
8 October 2022
Grace period ended for registering ownership and operational information
17 August 2023
Grace period ended for the Critical Infrastructure Risk Management Program (CIRMP) obligation.
30 June 2024 – 28 Sept 2024
First annual report due (must be submitted within 90 days after the end of the financial year)
17 August 2024
End of grace period to achieve cyber security legislation requirements against a recognised framework (AESCSF, NIST, ISO2700X, E8) or ‘an equivalent’
Summary of SOCI Act legislation reforms
Understand the key points of Australia's Security of Critical Infrastructure Act reforms
In April 2022, the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) expanded the SOCI Act to enforce improved preparedness and resilience. The Security of Critical Infrastructure Act 2022 framework includes these features:
- a positive security obligation
- government assistance measures
- enhanced cyber security obligations.
There’s no cookie-cutter response to these reforms; genuinely delivering on the SOCI intent involves adapting and bringing common concepts and services together in a new way. Our team has worked hard to develop capabilities that deliver practical advice to help organisations along their SOCI journeys, meeting them where they are.
To read more, expand the accordions, or watch our video explainers >
Which sectors are affected by the SOCI Act?
Eleven critical infrastructure sectors will be impacted by the SOCI Act reforms:
Energy
Education
Data Storage
Transport
Financial Services
Health & Medical
Space Technology
Grocery & Food
Water & Sewerage
Defence
Communications
Watch: SOCI Act video explainer
How KPMG can help achieve resilient infrastructure
KPMG’s approach is grounded in our deep understanding of the reforms’ intent.
We utilise our vast expertise across relevant sectors and disciplines – legal, risk, cyber, supply chain, asset management, infrastructure and more – to deliver integrated, SOCI-ready advice.
KPMG can help:
- brief your board
- implement your CIRMP and SOCI uplift program
- provide advice on your asset security approach, including incident response plans
- identify and manage cyber risks in relation to your organisation’s infrastructure
- provide visibility or risks associated with your supply chain and the impact it will have on you, your people and the community
- inform approaches to market for asset upgrades and refreshes
- assess your security and physical risk posture and provide actionable strategies to address the fundamentals
- integrate critical infrastructure requirements into your wider control environment and transformation activities.
Meet KPMG's SOCI Act specialists
Critical infrastructure services and insights
Learn more about Australia's critical infrastructure through KPMG's services, insights and thought leadership.