Federal Register of Legislation - Australian Government

Primary content

LIN 21/039 Rules/Other as made
This instrument prescribes matters for the purpose of a number of definitions in the Security of Critical Infrastructure Act 2018.
Administered by: Home Affairs
Registered 13 Dec 2021
Tabling HistoryDate
Tabled HR08-Feb-2022
Tabled Senate08-Feb-2022

EXPLANATORY STATEMENT

Issued by authority of the Minister for Home Affairs

Security of Critical Infrastructure Act 2018

Security of Critical Infrastructure (Definitions) Rules (LIN 21/039) 2021

1               The instrument, Departmental reference LIN 21/039, is made under section 61 of the Security of Critical Infrastructure Act 2018 (the Act). 

2               The instrument repeals the Security of Critical Infrastructure Rules 2018 (F2018L01002) in accordance with subsection 33(3) of the Acts Interpretation Act 1901 (the Acts Interpretation Act). That subsection provides that a power to make a legislative instrument includes a power to amend or repeal that instrument in the same manner, and subject to the same conditions, as the power to make the instrument. 

3               The instrument commences on the day after registration on the Federal Register of Legislation and is a legislative instrument for the purposes of the Legislation Act 2003 (the Legislation Act). 

Purpose

4               The Act provides the framework for managing risks relating to critical infrastructure assets, as recently amended by the Security Legislation Amendment (Critical Infrastructure) Act 2021 (the SLACI Act).

·         Part 2 of the Act provides for the establishment of the Register of Critical Infrastructure Assets, and obliges reporting agencies to provide information to the Secretary to maintain the Register. 

·         Part 2B requires responsible entities for certain critical infrastructure assets to provide the Secretary with notification about cyber security incidents. 

·         Part 3A establishes a regime for the Commonwealth to respond to serious cyber security incidents.

5               Sections 10-12KA of the Act provide definitions of the various types of critical infrastructure assets. These definitions include rule-making powers to prescribe detail in relation to some of these definitions.

6               The purpose of these rules is to prescribe the circumstances when an asset falls within the definition of a critical infrastructure asset under certain provisions in sections 10-12KA of the Act. The requirements will apply to foreign and Australian owned critical infrastructure assets located in Australia. Subsection 9(1) of the Act defines critical infrastructure asset accordingly.

7               This instrument prescribes various assets, or requirements for assets, under the applicable provisions of the Act, to be critical infrastructure assets.

8               Under the Act, some types of assets will be defined as a critical infrastructure asset without needing to be prescribed in the rules. These rules are not intended to affect the status of these assets as critical infrastructure assets.

Consultation

9               The Department has consulted Commonwealth, State and Territory partners to develop a draft policy position. This policy was further refined through public consultation. On 23 April 2021, the Department of Home Affairs published a policy paper Protecting Critical Infrastructure and Systems of National Significance – Draft Critical Infrastructure Asset Definition Rules (2021) (the Policy Paper). Submissions closed on 14 May 2021, and the feedback provided by industry has informed the drafting of this instrument.

10           The Office of Best Practice Regulation (OBPR) was also consulted and considered that the instrument dealt with matters of a machinery nature and no regulatory impact statement was required. The OBPR reference is 44841. Further details about the overall regulatory impact of the SLACI Act are set out in the Explanatory Memorandum to the Security Legislation Amendment (Critical Infrastructure) Bill 2020. 

Details of the instrument

11            Details of the instrument are set out in Attachment A. 

Parliamentary scrutiny etc. 

12            The instrument is subject to disallowance under section 42 of the Legislation Act.  A Statement of Compatibility with Human Rights has been prepared in relation to the instrument, and provides that the instrument has no impact on human rights.  The Statement is included at Attachment B to this explanatory statement. 

13            The instrument was made by Karen Andrews, Minister for Home Affairs, in accordance with section 61 of the Act. 


 

Attachment A

Details of the Security of Critical Infrastructure (Definitions) Rules 2021

Part 1—Preliminary

Section 1         Name

Section 1 sets out the name of the instrument.

Section 2         Commencement

Section 2 provides that the instrument commences on the day after registration on the Federal Register of Legislation.

Section 3         Definitions

Section 3 sets out a number of definitions under the rules.

·         Australian Register of Therapeutic Goods has the meaning given by section 3 of the Therapeutic Goods Act.

·         Cash Market Product is defined by reference to section 1.4.3 of the ASIC Market Integrity Rules (Securities Markets) 2017 as in force from time to time, by operation of section 13 of the Legislation Act. 

·         Corporations Act means the Corporations Act 2001.

·         current Poisons Standard has the meaning given by section 3 of the Therapeutic Goods Act.

·         medical device has the meaning given by section 3 of the Therapeutic Goods Act.

·         Futures Market Contract is defined by reference to section 1.4.3 of the ASIC Market Integrity Rules (Futures Markets) 2017 as in force from time to time, by operation of section 13 of the Legislation Act. 

·         nameplate rating relates to gas transmission pipelines specifically, and means the maximum quantity of gas that a specific gas transmission pipeline can transport on a day under normal operating conditions. This definition is consistent with industry understanding and the regulations under which gas is transmitted by the Australian Energy Market Operator.

·         quarter means any of the periods of a year mentioned in the definition. Consistent with item 1 of the table in subsection 36(1) of the Acts Interpretation Act 1901, references to ‘between’ two dates in the definition include both dates.

·         smart meter means a meter or device that can measure and remotely communicate information relating to the usage or any product that is produced or supplied by a critical infrastructure asset. Unlike meters that need to be manually read by a meter reader, smart meters are able to communicate information remotely. Currently the rules refer to a ‘smart meter’ in relation to gas, electricity or water, but smart meters could potentially be applied in relation to other critical infrastructure assets where appropriate.

·         Therapeutic Goods Act means the Therapeutic Goods Act 1989.

Section 4         Repeal

Section 4 repeals the previous instrument, Security of Critical Infrastructure Rules 2018 (F2018L01002).

Part 2—Matters relating to definitions in the Act

Division 2.1—Classes of infrastructure asset

Section 5         Critical electricity asset

Section 10 of the Act defines critical electricity asset. Paragraph 10(1)(a) of the Act provides that an asset is a critical electricity asset if it is a network, system, or interconnector, for the transmission or distribution of electricity to ultimately service at least 100,000 customers or any other number of customers prescribed by the rules.

Paragraph 10(1)(b) of the Act provides that a critical electricity asset also includes an electricity generation station that is critical to ensuring the security and reliability of electricity networks or electricity systems under subsection 10(2). Subsection 10(2) provides that the rules may prescribe relevant requirements for an electricity generation station for paragraph 10(1)(b).

Section 5(1) of the instrument prescribes the requirements for an electricity generation station to be a ‘critical electricity asset’ for subsection 10(2) of the Act. This will be the case if:

·         either the entity that owns or operates the station is contracted to provide a system restart ancillary service in the State or Territory or is an electricity generator, in the State or Territory, that has an installed capacity of at least 30 megawatts (MW) (paragraph (a)), and

·         the electricity generation station is connected to a wholesale electricity market (paragraph (b)). 

The threshold for installed capacity is being lowered to 30MW from the levels in the repealed instrument. The intent of lowering the threshold to 30MW nationally is not to capture all electricity generation stations but to drive a broad uplift in sector resilience given the interconnected nature of the electricity network. 30MW captures the majority of generators connected to the wholesale electricity markets.

Subsection 5(2) of the instrument defines system restart ancillary service as an electricity generation station that is able to start without an external power supply; and connect and provide energy to an electricity network or an electricity system for the transmission of distribution of electricity. An electricity generation station includes all the generating units in the station. Electricity generation stations that provide a system restart ancillary service are able to restart generators in the electricity network and commence restoration of load in the event of a blackout.

Section 6         Critical gas assets

Section 12 of the Act defines critical gas asset. Subsection 12(1) defines a number of categories of asset to be a critical gas asset. Paragraph 12(1)(d) provides that a critical gas asset includes a gas transmission pipeline that is critical to ensuring the security and reliability of a gas market, in accordance with subsection (2).  Subsection 12(2) of the Act provides that the rules may prescribe: (a) specified gas transmission pipelines, or (b) requirements for gas transmission pipelines, for paragraph 12(1)(d).

Subsection 6(1) of the instrument prescribes the Tasmanian Gas Pipeline and the Carpentaria gas pipeline for paragraph 12(2)(a) of the Act.

The Tasmanian Gas Pipeline refers to the pipeline that transports gas from Longford in Victoria, under Bass Strait, to Bell Bay in Tasmania. The Tasmanian Gas Pipeline is critical as it provides the only link between Victoria and Tasmania. The Tasmanian Gas Pipeline is currently owned by Tasmanian Gas Pipeline Pty Ltd (ABN 36 083 052 019), but this pipeline will continue to be prescribed in the event that ownership of the pipeline changes.

The Carpentaria Gas Pipeline refers to the transmission pipeline system that includes:

·         an 840-kilometre scheme pipeline between Ballera in southwest Queensland and Mount Isa. It includes the Mica Creek metering facility and the 6-kilometre Mount Isa Lateral, and

·         a 96-kilometre non-scheme pipeline connected to the CGP, called the Cannington Lateral.

The Carpentaria Gas Pipeline is critical as it provides the only link between the Northern Territory gas fields and the east coast gas market. The pipeline is currently owned by APA Group, but this pipeline will continue to be prescribed in the event that ownership of the pipeline changes.

Subsection 6(2) of the instrument prescribes requirements for a gas transmission pipeline to be critical to ensuring the security and reliability of a gas market for paragraph 12(2)(a) of the Act. These requirements are that the pipeline has at least one of the following nameplate ratings for an Australian gas market:

·         Eastern gas market: 200 terajoules per day

·         Northern gas market: 80 terajoules per day

·         Western gas market: 150 terajoules per day.

The thresholds for each gas market capture those pipelines that are critical to ensuring the varying industrial, residential and export demands in each market are met. As a result, the thresholds ensure the Act only applies to gas transmission pipelines that are critical for transporting gas from processing plants to major demand centres for distribution networks or large gas users such as electricity generators and industrial users, and to certain facilities and hubs for export purposes.

Section 7         Critical liquid fuel asset

Section 12A of the Act defines critical liquid fuel asset. Paragraph 12A(1)(a) provides that a critical liquid fuel asset includes a liquid fuel refinery that is critical to ensuring the security and reliability of a liquid fuel market, in accordance with subsection 12A(2). Paragraph 12A(2)(a) of the Act provides the rules may prescribe specified liquid fuel refineries that are critical to ensuring the security and reliability of a liquid fuel market.

Subsection 7(1) of the instrument prescribes specified liquid fuel refineries for paragraph 12A(2)(a) of the Act. These are the oil refineries located in Corio, Victoria and Lytton, Queensland. More specifically, the Corio liquid fuel refinery refers to the facility in Geelong currently operated by Viva Energy Group Limited (ABN 74 626 661 032), located at Refinery Road, Corio, Victoria. The Lytton liquid fuel refinery refers to the facility located at 41 South Street, Lytton, Queensland.

Paragraph 12A(1)(b) of the Act provides that a critical liquid fuel asset includes a liquid fuel pipeline that is critical to ensuring the security and reliability of a liquid fuel market, in accordance with subsection 12A(3). Paragraph 12A(3)(a) of the Act provides that the rules may prescribe specified liquid fuel pipelines that are critical to ensuring the security and reliability of a liquid fuel market.

Subsection 7(2) of the instrument prescribes the following liquid fuel pipelines for paragraph 12A(3)(a) of the Act:

·         Sydney Metropolitan Pipeline (including Silverwater to Newcastle via Plumpton to include the Banksmeadow to Silverwater Pipeline, paragraph (a))

·         Gore Bay Pipeline (Gore Bay to Clyde/Parramatta terminal to include the Viva Energy Mascot Pipeline, paragraph (b))

·         Westernport Altona Geelong (WAG) Pipeline and associated infrastructure (Long Island Point Tank Farm to Altona to Geelong Refinery, paragraph (c))

·         Longford (Dutson) to Hastings Pipeline and associated infrastructure (crude oil from Bass Strait to Long Island Point Tank Farm, paragraph (d))

·         Melbourne Airport Jet Fuel (Joint User Hydrant Installation – JUHI) Pipelines (Altona/Newport to Tullamarine via Somerton);

·         Jet Fuel Pipeline (Kurnell to Sydney Airport);

·         Brisbane Airport Jet Fuel (Joint User Hydrant Installation – JUHI) Pipelines; and

·         Perth Airport Jet Fuel Pipeline.

These major distribution pipelines are critical to ensuring liquid fuel security across the country. Any disruption to these major pipelines would have significant flow on effects to other sectors reliant on liquid fuels whose protection is essential to Australia’s security.

Paragraph 12A(1)(c) of the Act provides that a critical liquid fuel asset includes a liquid fuel storage facility that is critical to ensuring the security and reliability of a liquid fuel market, in accordance with subsection 12A(4). Paragraph 12A(4)(b) of the Act provides that the rules may prescribe requirements for a liquid fuel storage facility to be critical to ensuring the security and reliability of a liquid fuel market

Subsection 7(3) of the instrument prescribes a liquid fuel storage facilities that have a storage capacity of more than 50 megalitres of liquid fuel for paragraph 12A(4)(b) of the Act. The threshold of 50 megalitres is intended to capture the most significant and regionally important liquid fuel terminals, including liquid fuel import terminals, to build resilience to liquid fuel supply disruptions, thereby protecting consumers and the economy from fuel shortages.

Section 8         Critical freight infrastructure asset

Section 12B of the Act defines critical freight infrastructure asset. Paragraph 12B(1)(c) of the Act provides that critical freight infrastructure asset includes an intermodal transfer facility that, in accordance with subsection (4), is critical to the transportation of goods between 2 States, a State and a Territory, 2 Territories or 2 regional centres. Paragraph 12B(4)(a) of the Act provides that the rules may prescribe specified intermodal transfer facilities that are critical to the transportation of goods between the places listed in the paragraph.

An intermodal facility is any site or facility along the supply chain that contributes to an intermodal movement by providing efficient transfer of goods from one mode of transport to another. Intermodal terminals play a significant role in facilitating the consolidation, storage and transfer of freight between rail and road at the beginning and end of each rail journey. Intermodal terminals provide connectivity to ports, regional networks and other capital cities and regional centres and are central to the stability and security of road and rail infrastructure.

Section 8 of the instrument prescribes the intermodal transfer facilities mentioned in Schedule 1 for paragraph 12B(4)(a) of the Act. Schedule 1 specifies the location and owner or operator of prescribed intermodal transfer facilities.

Section 9         Critical freight services asset

Section 12C of the Act defines critical freight services asset. Subsection 12C(1) of the Act provides that asset is a critical freight services asset if it is a network that is used by an entity carrying on a business that, in accordance with subsection (2), is critical to the transportation of goods by any combination of road, rail, inland waters or sea. Paragraph 12C(2)(b) of the Act provides that the rules may prescribe requirements for a business to be critical to the transportation of goods by road, rail, inland waters or sea.

Section 9 of the instrument prescribes requirements for a business to be critical to the transportation of goods for paragraph 12C(2)(b) of the Act. If a business meets the requirements of paragraph 9(a), (b) and (c) it will be critical to the transportation of goods.

Paragraph 9(a) of the instrument provides that, to be critical to the transportation of goods, a business must have an annual revenue of at least $150 million.

Paragraph 9(b) of the instrument provides that, to be critical to the transportation of goods, a business must provide one or more of the types of freight service mentioned in the paragraph.

Paragraph 9(c) of the instrument provides that, to be critical to the transportation of goods, the freight service provided by the business must involve transport or storage services for one or more of the kinds of goods mentioned in the paragraph.

For subparagraph 9(c)(i) of the instrument, the terms critical supermarket retailer and critical grocery wholesaler are defined in section 15 of the instrument.

For subparagraph 9(c)(ii) of the instrument, the term Australian Register of Therapeutic Goods has the same meaning as in the Therapeutic Goods Act. This is the register of therapeutic goods maintained by the Therapeutic Goods Administration (TGA) in the Department of Health.

For subparagraph 9(c)(iii) of the instrument, the term current Poisons Standard (the Poisons Standard) has the same meaning as in the Therapeutic Goods Act. The Poisons Standard is also known as the Standard for the Uniform Scheduling of Medicines and Poisons (SUSMP). It is a legislative instrument consisting of decisions regarding the classification of medicines and poisons into Schedules for inclusion in the relevant legislation of the States and Territories. The Poisons Standard is maintained by the TGA.

The freight services assets mentioned in section 9 of the instrument are critical to Australia’s trade and commerce and social stability as they are responsible for logistics and movement of valuable goods and products across the country. These assets assist businesses to transport products to consumers, and ensuring communities can access critical supplies, including food and groceries and essential medical goods.

Section 10       Critical financial market infrastructure asset

Section 12D of the Act defines critical financial market infrastructure asset. These types of assets relate to the following provisions in the instrument and in the Act:

Asset type

Provision of the instrument

Provisions of the Act

financial market

subsection 10(1)

paragraphs 12D(1)(a)-(b) and subsection 12D(2)

critical clearing and settlement facility

subsection 10(2)

paragraphs 12D(1)(c)-(d) and subsection 12D(3)

significant financial benchmark

subsection 10(3)

paragraphs 12D(1)(e)-(f) and subsection 12D(4)

derivative trade repository

subsection 10(4)

paragraphs 12D(1)(g)-(h) and subsection 12D(5)

payment system

subsection 10(5)

paragraph 12D(1)(i), subsection 12D(6) and paragraph 12L(8)(i)

Financial market

Subsection 10(1) of the instrument prescribes requirements for a financial market to be critical to the security and reliability of the financial services and markets sector. Section 5 of the Act provides that financial market has the same meaning as in Chapter 7 of the Corporations Act.

Paragraphs 12D(1)(a)-(b) of the Act provides that an asset is a critical financial market infrastructure asset if:

·         it is owned or operated by Australian body corporate (or an associated entity of an Australian body corporate) that holds an Australian market licence; and

·         is used in connection with the operation of a financial market that, in accordance with subsection 12D(2) of the Act, is critical to the security and reliability of the financial services and markets sector.

Paragraph 12D(2)(b) of the Act provides that the rules may prescribe requirements for a financial market to be critical to the security and reliability of the financial services and markets sector for paragraphs 12D(1)(a)-(b). Section 5 of the Act defines financial services and markets sector.

Subsection 10(1) of the instrument prescribes the following for paragraph 12D(2)(b) of the Act:

·         the financial market is operated by an entity that holds a Tier 1 market licence under subsection 795B(1) of the Corporations Act (paragraph (a)), and

·         the financial market has, for at least two consecutive quarters, a turnover that meets one or more conditions—namely, 35% market share of traded Cash Market Products, $4 billion average daily value of traded Cash Market Products, 15 billion average daily notional value of Futures Market Contract transactions, or $30 billion average daily notional value of transactions that are not Cash Market Products or Futures Market Contracts. 

Clearing and settlement facility

Subsection 10(2) of the instrument prescribes requirements for a clearing and settlement facility to be critical to the security and reliability of the financial services and markets sector. Section 5 of the Act provides that clearing and settlement facility has the same meaning as in Chapter 7 of the Corporations Act.

Paragraphs 12D(1)(c)-(d) of the Act provides that an asset is a critical financial market infrastructure asset if the asset:

·         is owned or operated by an Australian body corporate (or an associated entity of Australian body corporate) that holds an Australian CS facility licence; and

·         is used in connection with the operation of a clearing and settlement facility that, in accordance with subsection 12D(3) of the Act, is critical to the security and reliability of the financial services and markets sector.

Paragraph 12D(1)(d) of the Act provides similarly for an associated entity of an Australian body corporate that holds an Australian CS facility licence. Section 5 of the Act provides that Australian CS facility licence has the same meaning as in Chapter 7 of the Corporations Act. Paragraph 12D(3)(b) of the Act provides that the rules may prescribe requirements for a clearing and settlement facility to be critical to the security and reliability of the financial services and markets sector.

Subsection 10(2) of the instrument prescribes that a clearing and settlement facility is critical to the security and reliability of the financial services and markets sector if the facility is owned or operated by an Australian body corporate that is required to comply with the financial stability standards determined by the Reserve Bank of Australia under section 827D of the Corporations Act.

Subsection 827D(1) of the Corporations Act provides that the Reserve Bank of Australia may, in writing, determine standards for the purposes of ensuring that CS facility licensees conduct their affairs in a way that causes or promotes overall stability in the Australian financial system. At the time of making the instrument, the Determination of Financial Stability Standards (currently F2014C00922) apply to all holders of an Australian Clearing and Settlement Facility Licence under Part 7.3 of the Corporations Act that operate a central counterparty. Any changes in the future will automatically apply in this instrument by way of section 14 of the Legislation Act. 

The proposed threshold under subsection 11(2) of the instrument is intended to exclude clearing and settlement facilities that are exempt from the obligation to comply with financial stability standards due to their limited risk profile, such as facilities that have a low value of trades settled.

Significant financial benchmark

Subsection 10(3) of the instrument prescribes requirements for a significant financial benchmark to be critical to the security and reliability of the financial services and markets sector. Section 5 of the Act provides that significant financial benchmark has the same meaning as in the Corporations Act.

Paragraphs 12D(1)(e)-(f) of the Act provide that an asset is a critical financial market infrastructure asset if:

·         it is owned or operated by an Australian body corporate (or an associated entity of an Australian body corporate) that holds a benchmark administrator licence; and

·         is used in connection with the administration of a significant financial benchmark that, in accordance with subsection 12D(4) of the Act, is critical to the security and reliability of the financial services and markets sector

Paragraph 12D(4)(b) of the Act provides that the rules may prescribe requirements for a significant financial benchmark to be critical to the security and reliability of the financial services and markets sector.

Subsection 10(3) of the instrument prescribes that a significant financial benchmark is critical to the security and reliability of the financial services and markets sector if it is declared under subsection 908AC(2) of the Corporations Act. The threshold under subsection 10(3) is intended to capture the assets of significant financial benchmarks that are of critical importance to a wide range of users in financial markets and throughout the broader economy.

Derivative trade repository

Subsection 10(4) of the instrument prescribes requirements for a derivative trade repository to be critical to the security and reliability of the financial services and markets sector. Section 5 of the Act provides that derivative trade repository has the same meaning as in Chapter 7 of the Corporations Act. Paragraphs 12D(1)(g)-(h) of the Act provide that an asset is a critical financial market infrastructure asset if:

·         it is owned or operated by an Australian body corporate (or an associated entity of an Australian body corporate) that holds an Australian derivative trade repository licence; and

·         is used in connection with the operation of a derivative trade repository that, in accordance with subsection 12D(5) of the Act, is critical to the security and reliability of the financial services and markets sector.

Paragraph 12D(5)(b) of the Act provides that the rules may prescribe requirements for a derivative trade repository to be critical to the security and reliability of the financial services and markets sector.

Subsection 10(4) of the instrument prescribes that a derivative trade repository is critical to the security and reliability of the financial services and markets sector if it has at least $20 trillion average daily notional value of outstanding transactions for all asset classes for a least two consecutive quarters.

Derivative trade repositories are a core component of the infrastructure supporting derivatives markets. An Australian derivative trade repository may be part of a network linking various entities, such as clearing and settlement facilities, dealers or financial custodians. Therefore, a disruption in a sufficiently sized Australian derivative trade repository could risk spreading to linked entities and have cascading impacts across the economy.

Payment system

Subsection 10(5) of the instrument prescribes specified assets as a payment system that is critical to the security and reliability of the financial services and markets sector. Section 5 of the Act provides that payment system has the same meaning as in the Payment Systems (Regulation) Act 1998 as in force from time to time. 

Paragraph 12D(1)(i) of the Act provides that an asset is a critical financial market infrastructure asset if is used in connection with the operation of a payment system that, in accordance with subsection 12D(6) of the Act, is critical to the security and reliability of the financial services and markets sector. Paragraph 12D(6)(a) of the Act provides that the rules may prescribe specified payment systems that are critical to the security and reliability of the financial services and markets sector. Paragraph 12L(8)(i) of the Act provides that the rules may prescribe the responsible entity for a payment system.

Subsection 10(5) of the instrument prescribes assets for paragraph 12D(6)(a) of the Act. The specified payment systems are retail payment systems which, if they suffered a major disruption or a serious data breach, could have a material negative impact on end-users and economic activity and significantly reduce public confidence in payment services and key providers.

Subsection 10(5) also prescribes, for paragraph 12L(8)(i) of the Act, the body corporate that is the responsible entity under the Act for each of the prescribed payment systems.

Section 11       Critical broadcasting asset

Section 12E of the Act defines critical broadcasting asset. Paragraph 12E(1)(c) of the Act provides that broadcasting transmission assets are a critical broadcasting asset if the broadcasting transmission assets are owned or operated by an entity that, in accordance with subsection 12E(3) of the Act, is critical to the transmission of a broadcasting service. Paragraph 12E(3)(a) of the Act provides that the rules may prescribe specified entities as critical to the transmission of a broadcasting service.

Section 11 of the instrument prescribes TX Australia Pty Ltd (ABN 98 086 979 339) for paragraph 12E(3)(a) of the Act.

TX Australia is prescribed because it owns, operates, manages, engineers, maintains and markets transmission facilities in the five major mainland metropolitan cities of Australia. TX Australia provides television transmission for broadcasters, including for commercial metropolitan television networks Seven, Nine and Ten.

Section 12       Critical banking asset

Section 12G of the Act defines critical banking asset. Subsection 12(1) of the instrument prescribes requirements where an asset is owned or operated by an authorised deposit taking institution.

Paragraph 12G(1)(a) of the Act provides that an asset is a critical banking asset if:

·         the asset is owned or operated by an authorised deposit taking institution (subparagraph (i))

·         the authorised deposit taking institution is an authorised deposit taking institution that, in accordance with subsection 12G(2) of the Act, is critical to the security and reliability of the financial services and markets sector (subparagraph (ii)), and

·         the asset is used in connection with the carrying on of banking business (subparagraph (iii)).

Section 5 of the Act provides that an authorised deposit taking institution has the same meaning as in the Banking Act 1959 as in force from time to time. Paragraph 12G(2)(b) of the Act provides that, for the purposes of for subparagraph 12G(1)(a)(ii) of the Act, the rules may prescribe requirements for an authorised deposit taking institution to be critical to the security and reliability of the financial services and markets sector.

Subsection 12(1) of the instrument prescribes that an authorised deposit-taking institution is critical to the security and reliability of the financial services and markets sector if the authorised deposit-taking institution has assets over $50 billion.

Therefore an asset will be a critical banking asset if:

·         the asset is owned or operated by an authorised deposit taking institution;

·         the authorised deposit taking institution has assets over $50 billion; and

·         the asset is used in connection with the carrying on of banking business.

Subsection 12(2) of the instrument prescribes requirements relating to where an asset is owned or operated by a body corporate that is a related body corporate of an authorised deposit taking institution. Section 5 of the Act provides that related body corporate has the same meaning as in the Corporations Act.

Paragraph 12G(1)(b) of the Act provides that an asset is a critical banking asset if:

·         the asset is owned or operated by a body corporate that is a related body corporate of an authorised deposit taking institution (subparagraph (i))

·         the body corporate is a body corporate that, in accordance with subsection 12G(3) of the Act, is critical to the security and reliability of the financial services and markets sector (subparagraph (ii)), and

·         the asset is used in connection with the carrying on of banking business (subparagraph (iii)).

Paragraph 12G(3)(b) of the Act provides that, for the purposes of subparagraph 12G(1)(b)(ii) of the Act, the rules may prescribe requirements for a body corporate to be critical to the security and reliability of the financial services and markets sector.

Subsection 12(2) of the instrument prescribes that a related body corporate is critical to the security and reliability of the financial services and markets sector if it has assets over $50 billion.

Therefore an asset will be a critical banking asset if:

·         the asset is owned or operated by a body corporate that is a related body corporate of an authorised deposit taking institution;

·         the related body corporate has assets over $50 billion; and

·         the asset is used in connection with the carrying on of banking business.

The thresholds in subsections 12(1) and 12(2) of the instrument are intended to capture banking assets of large authorised deposit taking institutions and related body corporates that are critical to the security and reliability of the financial services and markets sector due to their size.

Section 13       Critical insurance asset

Section 12H of the Act defines critical insurance asset. These types of assets relate to the following provisions in the instrument and in the Act:

Asset type

Provision of the instrument

Provisions of the Act

insurance business (entity)

subsection 13(1)

paragraphs 12H(1)(a) and 12H(2)(b)

insurance business (related body corporate)

subsection 13(2)

paragraphs 12H(1)(b) and 12H(3)(b)

life insurance business (entity)

subsection 13(3)

paragraphs 12H(1)(c) and 12H(4)(b)

life insurance business (related body corporate)

subsection 13(4)

paragraphs 12H(1)(d) and 12H(5)(b)

health insurance business (entity)

subsection 13(5)

paragraphs 12H(1)(e) and 12H(6)(b)

health insurance business (related body corporate)

subsection 13(6)

paragraphs 12H(1)(f) and 12H(7)(b)

Subsection 13(1) of the instrument prescribes requirements where an asset is owned or operated by an entity that carries on insurance business. Paragraph 12H(1)(a) of the Act provides that an asset is a critical insurance asset if:

·         the asset is owned or operated by an entity that carries on insurance business (subparagraph (i))

·         the entity is an entity that, in accordance with subsection (2), is critical to the security and reliability of the financial services and markets sector (subparagraph (ii)), and

·         the asset is used in connection with the carrying on of insurance business (subparagraph (iii)). 

Paragraph 12H(2)(b) of the Act provides that the rules may prescribe requirements for an entity to be critical to the security and reliability of the financial services and markets sector for subparagraph 12H(1)(a)(ii).

Subsection 13(1) prescribes that an entity is critical to the security and reliability of the financial services and markets sector if the entity has assets over $2 billion. Therefore an asset will be a critical insurance asset if:

·         the asset is owned or operated by an entity that carries on insurance business

·         the entity has assets over $2 billion, and

·         the asset is used in connection with the carrying on of insurance business. 

Subsection 13(2) of the instrument prescribes requirements for assets of a related body corporate to an entity that carries on insurance business. Paragraph 12H(1)(b) of the Act provides that an asset is a critical insurance asset if:

·         the asset is owned or operated by a body corporate that is a related body corporate of an entity that carries on insurance business (subparagraph (i))

·         the body corporate is a body corporate that, in accordance with subsection 12H(3) of the Act, is critical to the security and reliability of the financial services and markets sector (subparagraph (ii), and

·         the asset is used in connection with the carrying on of insurance business (subparagraph (iii)). 

Section 5 of the Act provides that insurance business has the same meaning as in the Insurance Act 1973. Paragraph 12H(3)(b) of the Act provides that the rules may prescribe requirements for a body corporate to be critical to the security and reliability of the financial services and markets sector for subparagraph 12H(1)(b)(ii).

Subsection 13(2) prescribes a related body corporate to be critical to the security and reliability of the financial services and markets sector if it has assets over $2 billion. Therefore an asset will be a critical insurance asset if:

·         the asset is owned or operated by a body corporate that is a related body corporate of an entity that carries on insurance business

·         the related body corporate has assets over $2 billion, and

·         the asset is used in connection with the carrying on of insurance business. 

The thresholds in subsections 13(1)-(2) of the instrument are intended to include insurance entities that, if rendered unavailable, would have a significant impact on the security and reliability of the financial services and markets sector. These large insurers act as an important buffer for the Australian economy, softening the financial impact of events on public funds by drawing on private sector funding.

Life insurance

Subsection 13(3) of the instrument prescribes requirements for an assets of entity that carries on a life insurance business. Paragraph 12H(1)(c) of the Act provides that an asset is a critical insurance asset if:

·         the asset is owned or operated by an entity that carries on life insurance business (subparagraph (i))

·         the entity is an entity that, in accordance with subsection 12H(4) of the Act, is critical to the security and reliability of the financial services and markets sector (subparagraph (ii)), and

·         the asset is used in connection with the carrying on of life insurance business (subparagraph (iii)).

Section 5 of the Act provides that life insurance business has the same meaning as in the Life Insurance Act 1995. Paragraph 12H(4)(b) of the Act provides that the rules may prescribe requirements for an entity to be critical to the security and reliability of the financial services and markets sector for subparagraph 12H(1)(c)(ii).

Subsection 13(3) prescribes that an entity (i.e. a life insurance provider) is critical to the security and reliability of the financial services and markets sector if it has over $5 billion in assets. Therefore an asset will be a critical insurance asset if:

·         the asset is owned or operated by an entity that carries on life insurance business

·         the entity has assets over $5 billion, and

·         the asset is used in connection with the carrying on of life insurance business. 

Subsection 13(4) of the instrument prescribes requirements for assets of related body corporates of an entity that carries on a life insurance business. Paragraph 12H(1)(d) of the Act provides that an asset is a critical insurance asset if:

·         the asset is owned or operated by a body corporate that is a related body corporate of an entity that carries on life insurance business (subparagraph (i))

·         the body corporate is a body corporate that, in accordance with subsection 12H(5) of the Act, is critical to the security and reliability of the financial services and markets sector (subparagraph (ii)), and

·         the asset is used in connection with the carrying on of life insurance business (subparagraph (iii)). 

Paragraph 12H(5)(b) of the Act provides that the rules may prescribe requirements for a body corporate to be critical to the security and reliability of the financial services and markets sector for subparagraph 12H(1)(d)(ii). Subsection 13(4) of the instrument prescribes that a body corporate is critical to the security and reliability of the financial services and markets sector if it has assets over $5 billion. Therefore an asset is a critical insurance asset if:

·         the asset is owned or operated by a body corporate that is a related body corporate of an entity that carries on life insurance business

·         the related body corporate has assets over $5 billion, and

·         the asset is used in connection with the carrying on of life insurance business. 

The thresholds in subsections 13(3)-(4) of the instrument are intended to include life insurance entities that, if rendered unavailable, would have a significant impact on the security and reliability of the financial services and markets sector. Life insurance acts as a saving mechanism for Australians and allows for significant volumes of long-term funding for financial markets and other sectors in need of investment, contributing to Australia’s overall economic growth and stability.

Health insurance

Subsection 13(5) prescribes requirements for assets of an entity that carries on a health insurance business. Paragraph 12H(1)(e) provides that an asset is a critical insurance asset if:

·         the asset is owned or operated by an entity that carries on health insurance business (subparagraph (i))

·         the entity is an entity that, in accordance with subsection 12H(6) of the Act, is critical to the security and reliability of the financial services and markets sector (subparagraph (ii)), and

·         the asset is used in connection with the carrying on of health insurance business (subparagraph (iii)). 

Section 5 of the Act provides that health insurance business has the same meaning as in the Private Health Insurance Act 2007. Paragraph 12H(6)(b) of the Act provides that the rules may prescribe requirements for an entity to be critical to the security and reliability of the financial services and markets sector for subparagraph 12H(1)(e)(ii).

Subsection 13(5) prescribes that an entity is critical to the security and reliability of the financial services and markets sector if the entity has assets over $500 million. Therefore an asset is a critical insurance asset if:

·         the asset is owned or operated by an entity that carries on health insurance business

·         the entity has assets over $500 million, and

·         the asset is used in connection with the carrying on of health insurance business.

Subsection 13(6) of the instrument prescribes requirements for assets of related body corporate to an entity that carries on a health insurance business. Paragraph 12H(1)(f) of the Act provides that an asset is a critical insurance asset if:

·         the asset is owned or operated by a body corporate that is a related body corporate of an entity that carries on health insurance business (subparagraph (i))

·         the body corporate is a body corporate that, in accordance with subsection 12H(7) of the Act, is critical to the security and reliability of the financial services and markets sector (subparagraph (ii)), and

·         the asset is used in connection with the carrying on of health insurance business (subparagraph (iii)).

Paragraph 12H(7)(b) of the Act provides that the rules may prescribe requirements for a body corporate to be critical to the security and reliability of the financial services and markets sector. Subsection 13(6) prescribes a body corporate as critical to the security and reliability of the financial services and markets sector if it has assets over $500 million. Therefore an asset is a critical insurance asset if:

·         the asset is owned or operated by a body corporate that is a related body corporate of an entity that carries on health insurance business;

·         the related body corporate has assets over $500 million; and

·         the asset is used in connection with the carrying on of health insurance business.

The thresholds in subsections 13(5)-(6) of the instrument is intended to include the health insurance entities that, if rendered unavailable, would have a significant impact on the security and reliability of the financial services and markets sector. This is intended to capture the large health insurers that provide health insurance to a large number of Australians.

Section 14       Critical superannuation asset

Section 12J of the Act defines critical superannuation asset. Subsection 12J(1) of the Act provides that an asset is a critical superannuation asset if:

·         it is owned or operated by a registrable superannuation entity that, in accordance with subsection 12J(2), is critical to the security and reliability of the financial services and markets sector (paragraph (a)), and

·         it is used in connection with the operation of a superannuation fund (paragraph (b)).

Section 5 of the Act provides that registrable superannuation entity has the same meaning as in the Superannuation Industry (Supervision) Act 1993. Paragraph 12J(2)(b) of the Act provides that the rules may prescribe requirements for a registrable superannuation entity to be critical to the security and reliability of the financial services and markets sector for paragraph 12J(1)(a).

Section 14 of the instrument prescribes that a registrable superannuation entity is critical to the security and reliability of the financial services and markets sector if the registrable superannuation entity holds assets over $20 billion.

Therefore an asset is a critical superannuation asset if:

·         it is owned or operated by a registrable superannuation entity that holds assets over $20 billion; and

·         it is used in connection with the operation of a superannuation fund. 

The threshold in section 14 is intended to capture those registrable superannuation entity (RSE) licensees that are critical to the security and reliability of the financial services and markets sector on a national level. A security incident that impacts the critical financial market infrastructure assets of a RSE licensee with total assets above $20 billion could have cascading effect across the Australian population and economy.

Section 15       Critical food and grocery asset

Section 12K of the Act defines critical food and grocery asset.

Subsection 12K(1) of the Act provides that an asset is a critical food and grocery asset if it is a network that is used for the distribution or supply of food or groceries, and is owned or operated by either a critical supermarket retailer or a critical grocery wholesaler. Subsection 12K(2) of the Act provides that the rules may prescribe specified entities that are critical supermarket retailers, or requirements for an entity to be a critical supermarket retailer.

Subsection 15(1) of the instrument prescribes the following entities as a critical supermarket retailer for the purposes of subparagraph 12K(1)(b)(i) of the Act:

·         Aldi Pty Limited (ABN 68 086 493 950) (paragraph (a))

·         Coles Group Limited (ABN 11 004 089 936) (paragraph (b))

·         Woolworths Group Limited (ABN 88 000 014 675) (paragraph (c)). 

Subsection 12K(4) of the Act provides that the rules may prescribe specified entities that are critical grocery wholesalers, or requirements for an entity to be a critical grocery wholesaler.

Subsection 15(2) of the instrument prescribes MetCash Limited (ABN 32 112 073 480) a critical grocery wholesaler for the purposes of subparagraph 12K(1)(b)(iii).

Therefore an asset is a critical food and grocery asset if it is a network for that is used for the distribution or supply of food or groceries and is owned or operated by an entity prescribed in section 15.

Section 16       Critical domain name system

Section 12KA of the Act defines critical domain name system. Subsection 12KA(1) provides that an asset is a critical domain name system if it:

·         is managed by an entity that, in accordance with subsection (2), is critical to the administration of an Australian domain name system (paragraph (a)), and

·         is used in connection with the administration of an Australian domain name system (paragraph (b)).

Subsection 12KA(2) provides that the rules may prescribe specified entities that are critical to the administration of an Australian domain name system or requirements for an entity to be critical to the administration of an Australian domain name system.

Subsection 16(1) of the instrument provides that, for subparagraph 12KA(2)(a) of the Act, au Domain Administration Ltd (ABN 38 079 009 340) is prescribed as a relevant entity. This means that an asset will be a critical domain name system if it is managed by au Domain Administration Ltd and is used in connection with the administration of an Australian domain name system.

Subsection 16(2) provides that, for subparagraph 12KA(2)(b) of the Act, an entity is critical to the administration of an Australian domain name system if the entity administers the ‘.au’ domain name system.

Division 2.2—Other definitions

Section 17       Operational information

Section 7 of the Act defines operational information. This is the information that a responsible entity must provide to the Register of Critical Infrastructure Assets (the Register) in accordance with Part 2, Division 3 of the Act. Section 17 of the instrument sets out what data arrangements responsible entities must report as ‘operational information’ on the Register under paragraph 7(1)(f) of the Act.

Part 2, Division 2 of the Act establishes the Register which provides a more detailed understanding of who owns and controls critical infrastructure assets. The Register requires reporting entities, who are either direct interest holders or the responsible entity of critical infrastructure assets, to provide interest and control information and operational information within a certain timeframe. This information will assist the Government to identify who owns and controls the asset, its board structure, ownership rights of interest holders, and operational, outsourcing and offshoring information.

The information which will be required to be reported under section 17 by the responsible entity will provide the Government with visibility of those data arrangements in the critical infrastructure assets covered by the Act. This information contributes to the Government’s understanding of how the critical infrastructure asset and sector operates, and where there may be vulnerabilities. It also informs the Government’s ability to work cooperatively with industry to develop strategies to mitigate or reduce national security risk.

Given the critical importance of data, and its potential attractiveness for espionage and sabotage purposes, section 17 ensures the Australian Government has visibility of any outsourced and offshored arrangements relating to data. Clause 17(2) clarifies that this provision only applies if the responsible entity for a critical infrastructure asset does not maintain the data itself.

Section 17(1)(c) specifies which sets of data are relevant for the purposes of this provision.

·         Personal information is defined in the Privacy Act 1988 (Privacy Act) as meaning information or an opinion about an identified individual, or an individual who is reasonably identifiable: whether the information or opinion is true or not; and whether the information or opinion is recorded in a material form or not. This provision is also limited to bulk holdings of personal information, through the 20,000 persons threshold. This ensures responsible entities do not bear an additional reporting burden if they hold some personal information that does not meet the 20,000 persons threshold.

·         Sensitive information is defined in the Privacy Act as meaning information or an opinion about an individual’s: racial or ethnic origin, political opinions, membership of a political association, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, membership of a trade union, sexual orientation or practices, criminal record, that is also personal information or health information about an individual, genetic information about an individual that is not otherwise health information, biometric information that is to be used for the purpose of automated biometric verification or biometric identification or biometric templates.

·         Research and development information such as technological or security research and development information that if released, would have a material effect on the responsible entity’s business in relation to the operation of the asset.

·         Operational systems information in relation to the asset, such as documents that provide instructions to operate critical components of the asset that, if switched off, would significantly interfere with the asset’s operations. For example, documents that provide material instructions in relation to an asset’s supervisory control and data acquisition (SCADA) systems.     

·         Risk management and business continuity information in relation to the asset, such as any document that provides information on how the responsible entity manages business continuity risk.

·         Consumption information in relation to the product being produced or supplied by the asset to a consumer, such as usage or load data.

In relation to consumption information, it is noted that:

·         The terms ‘or any other product’ is included as a measure to future-proof the definition if at a later stage further sectors are included under the Act.  The terms ‘produced or supplied’ are to clarify that while some sectors may ‘produce’ the product (for example the energy sectors ‘produce’ gas and electricity), other sectors may only ‘supply’ the product (for example the water sector ‘supplies’ water, rather than a produces it).  These terms ensure we capture both. 

·         Read in conjunction, the phrase ‘that is produced or supplied by an infrastructure asset’ ensures that the responsible entity for a critical infrastructure asset is only required to provide this information in relation to that particular infrastructure asset.  For example, if a responsible entity for a critical electricity asset is providing operational information on the Register, but it also has access to smart meters or consumption information in relation to a critical gas asset, it is not required to provide the gas asset information. 

These data sets have the highest level of risk in relation to acts of sabotage, espionage or coercion. This has been assessed with respect to each data set’s value and vulnerability. The consequence of unintended disclosure of information will depend on the profile of that information and could affect:

·         confidentiality, integrity and availability of data

·         privacy and integrity of personal information about Australian citizens

·         the safety of persons

·         the public’s confidence in business

·         market stability and commercial interests

·         the competitive process,

·         compliance with legislation, and

·         service delivery.

Section 17(2) of the instrument provides a description of what information the responsible entity needs to provide in relation to its data arrangements, namely:

·         the name of the entity that maintains the data—including the name of the responsible entity, if it is indeed the responsible entity that maintains the data, but does so at a location outside Australia (see subparagraph 17(2)(b)(ii))

·         if the data is not maintained by the responsible entity, then the responsible entity needs to provide the ABN or similar business number if it is an overseas company, the entity’s head office or principal place of business and the country in which the entity is incorporated, formed or created

·         the address at which the data is held within Australia or outside Australia. This includes, to the extent practicable, the address at which computers or servers holding the data are located and whether or not those computers or servers are part of a cloud service. Where data is maintained at multiple addresses, each address at which data is held within Australia or outside Australia. The phrase ‘to the extent practicable’ is intended to provide flexibility to a responsible entity where an address cannot be obtained. For example, this may be as a result of a data set being held in a cloud service that does not utilise any fixed address for that data set and therefore may not be able to be obtained

·         for applicable data arrangements, the name of the cloud service provider, and

·         the kind of data mentioned in paragraph 17(2)(c) of the instrument that the entity maintains.

For clarity, this would include details that would associate the entity and the particular data sets that entity manages on behalf of the responsible entity. For example, ‘Cloud service provider Pty Ltd holds research and development information and bulk personal information on behalf of the asset.’

Schedule 1       Intermodal transfer facilities

Section 9 of this instrument prescribes critical freight infrastructure asset for paragraph 12B(4)(a) of the Act and provides that the intermodal facilities specified in Schedule 1 fall within that provision. Schedule 1 specifies the location and owner/operator of the relevant intermodal facilities, which will therefore be critical freight infrastructure assets under the Act.


 

Attachment B

Statement of Compatibility with Human Rights

Prepared in accordance with Part 3 of the Human Rights (Parliamentary Scrutiny) Act 2011

 

Security of Critical Infrastructure (Definitions) Rules 2021

 

This Disallowable Legislative Instrument is compatible with the human rights and freedoms recognised or declared in the international instruments listed in section 3 of the
Human Rights (Parliamentary Scrutiny) Act 2011.

 

Overview of the Disallowable Legislative Instrument

1        The Security of Critical Infrastructure (Definitions) Rules 2021 (the Definitions Rules) prescribe the circumstances in which an asset falls within the definition of a critical infrastructure asset under sections 10-12KA of the Security of Critical Infrastructure Act 2018 (the Act).  Under subsection 61(1) of the Act, the Definitions Rules prescribe the circumstances in which an asset falls within the definition of:

·                Section 10 of the Act – a critical electricity asset;

·                Section 12 of the Act – a critical gas asset;

·                Section 12A of the Act – a critical liquid fuel asset;

·                Section 12B of the Act – a critical freight infrastructure asset;

·                Section 12C of the Act – a critical freight services asset;

·                Section 12D of the Act – a critical financial market infrastructure asset;

·                Section 12E of the Act – a critical broadcasting asset;

·                Section 12G of the Act – a critical bank asset;

·                Section 12H of the Act – a critical insurance asset;

·                Section 12J of the Act – a critical superannuation asset;

·                Section 12K of the Act – a critical food and grocery asset; and

·                Section 12KA of the Act – a critical domain name system.

2        The object of prescribing the assets to which the Act applies is to ensure the purpose of the Act—to strengthen the Government’s capacity to manage the national security risks of espionage, sabotage and coercion arising from foreign involvement in Australia’s critical infrastructure—applies in relation to the intended assets.

3        The Definitions Rules also prescribe additional categories of information which is considered to be operational information under paragraph 7(1)(f) of the Act. The information prescribed by the Definitions Rules must be provided to the Secretary of the Department administering the Act. Under subsection 61(1) of the Act, the Definitions Rules prescribes information that must be provided by all responsible entities of critical infrastructure assets and information specific to certain sectors. The object of prescribing categories of operational information is to ensure the Government is provided all information that is necessary to determine the national security risks in critical infrastructure sectors, and assist understanding of who is in a position to influence the control and operation of critical infrastructure assets.

4        The Definitions Rules are definitional and technical in nature. The Rules prescribe the circumstances and thresholds in which an asset falls within certain definitions (e.g. section 12J of the Act  prescribes when a superannuation asset will meet the threshold for being a ‘critical superannuation asset’). In the absence of the Definitions Rules, the obligations on responsible entities, imposed by the Act, remain the same. For example the following obligations already apply to the relevant sectors referred to in the Act:

·         mandatory notification of cyber-security incidents (Part 2B of the Act)

·         Government assistance: Ministerial authorisation relating to cyber-security incidents (Part 3A, Division 2 of the Act);

·         the obligation of a reporting entity for a critical infrastructure asset to give information and notify of events for the Register of Critical Infrastructure Assets (Part 2, Division 2 of the Act); and

·         the Secretary’s powers to obtain information or documents (Part 4, Division 2 of the Act).

5        Part 2 of the Act requires the responsible entity and direct interest holders of specified critical infrastructure assets to provide the Secretary of the Department administering the Act with certain interest and control information in relation to the entity and the asset, and operational information in relation to the asset, which is maintained in a Register. The Register is not made public.

6        The obligation to provide operational information and the requirement to provide information for the Register may result in the incidental collection of personal information in relation to responsible entities who are individuals, and may engage the right to privacy in Article 17 of the ICCPR. These obligations are discussed in the Statement of Compatibility with Human Rights for the Security of Critical Infrastructure Bill 2017. The measures in this Disallowable Legislative instrument do not alter the engagement with Article 17 of the ICCPR.

7        The Definitions Rules also repeal the Security of Critical Infrastructure Rules 2018 (F2018L01002) (the repealed instrument) in accordance with subsection 33(3) of the Acts Interpretation Act 1901 (the Acts Interpretation Act). That subsection provides that a power to make a legislative instrument includes a power to amend or repeal that instrument in the same manner, and subject to the same conditions, as the power to make the instrument. 

Human rights implications

8        This Disallowable Legislative Instrument does not engage any of the applicable rights or freedoms.

Conclusion

This Disallowable Legislative Instrument is compatible with human rights as it does not raise any human rights issues.