AICD submission to the independent review of the SOCI Act

The AICD considered the SOCI Act has been an important legislative framework in promoting critical asset entities to take proactive steps to address material risks and hazards. However, the regime is relatively new and has undergone significant amendment and a broadening of scope since it commenced, with new layers of compliance and complexity. We did not consider there is a strong policy case at this stage for further expansion of the regime’s scope or regulatory obligations.

We recommended that the focus should be on improving understanding and awareness of the existing SOCI Act obligations and reducing existing complexity through:

• Targeted drafting changes to reduce the uncertainty and complexity of interpreting the core obligations;
• Proactive steps to reduce overlap with other legislative frameworks, including reporting and notification obligations;
• Expanded Cyber and Infrastructure Security Centre guidance and awareness building to assist entities, management and boards understand and meet the obligations; and
• Consideration of how entities can be supported to manage and oversee systemic risks in digital supply chains.