Skip to main content

Mandatory Incident Reporting

New measures to enhance the cyber security of Australia’s critical infrastructure.

All Australians rely on critical infrastructure to deliver vital essential services such as electricity, water, communications, health, transport, and banking. Australia’s economy and way of life depends on critical infrastructure, which is increasingly interconnected and interdependent.

A compromise of one critical infrastructure entity can have flow on effects that could degrade or disrupt other entities. This can result in cascading consequences across Australia, the economy, and can impact national security.

On 2 December 2021, the Security of Critical Infrastructure Act 2018 (the SOCI Act) was amended to introduce measures that protect Australia’s critical infrastructure.  The new reforms enable the mandatory cyber incident reporting obligations for specified critical infrastructure entities to Commonwealth entities, including the Australian Signals Directorate’s Australian Cyber Security Centre (ACSC).

More information about mandatory incident reporting can be found on the Cyber and Infrastructure Security Centre’s Website. A written critical infrastructure cyber security incident report can be made on the report a cyber security incident page.