From 11 July 2018, reporting entities captured by the Security of Critical Infrastructure Act 2018 have new legal obligations to provide information for the Register of Critical Infrastructure Assets (the Register), including information on asset ownership, access and control.

Reporting entities initially have six months from 11 July 2018 to report information on the Register. Following initial reporting these entities are obligated to notify the Government of any notifiable changes to the required information within 30 days of the event.

Who is required to provide information to the Register?

Two types of reporting entities are required to provide information for the register, a Responsible Entity and a Direct Interest Holder.

Direct Interest Holders are entities:

  • that hold an interest of at least 10 per cent in a critical infrastructure asset (including if any of the interests are held jointly with one of more other entities); or
  • who hold an interest in the asset that puts the entity in a position to directly or indirectly influence or control the asset.

A Responsible Entity for a Critical Infrastructure Asset is the body licensed to operate the asset.

Guidance on completing the registration forms

To support reporting entities two guidance documents have been developed to provide detailed information for filling out the online Register forms: