//
© 2026 Zoe. All rights reserved.
Zoe is a legal information platform. Always consult the official source for authoritative text.
Commonwealth act
The Security of Critical Infrastructure Act 2018 (SOCI Act) creates a national framework to protect Australia's most essential services and systems from threats — including cyberattacks, sabotage, and foreign interference.
This law affects a very wide range of businesses and organisations — far more than most people would expect. If you own, operate, or have significant influence over any of the following, this law likely applies to you:
Want the full deep dive?
Zoe can write the in-depth analysis on top of the summary above: how it works, who it affects and what each part actually does.
Direct links to the current provisions in Security of Critical Infrastructure Act 2018.
Zoe has indexed the source text for search and analysis. Use the official register for the original document and download formats.
View on official registerSourced from the Federal Register of Legislation (legislation.gov.au), CC BY 4.0.
If you're caught by this law, your obligations include:
Australia has faced increasing cyber threats to essential services. This law is the government's main tool to ensure that if something goes wrong — a cyberattack on the power grid, a foreign takeover of a port, or a breach of hospital systems — there are legal mechanisms to prevent, detect, and respond.
Non-compliance carries civil and criminal penalties. Breaches of some obligations can result in fines of tens of thousands of dollars.
Much of the information collected under this law (ownership details, risk programs, incident reports) is treated as sensitive/protected — meaning it can't be freely shared or disclosed. This protects businesses from competitors and protects national security details from bad actors.