[Index] [Search] [Download] [Bill] [Help]
2016 - 2017 - 2018 THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA HOUSE OF REPRESENTATIVES SECURITY OF CRITICAL INFRASTRUCTURE (CONSEQUENTIAL AND TRANSITIONAL PROVISIONS) BILL 2017 REVISED EXPLANATORY MEMORANDUM (Circulated by authority of the Minister for Home Affairs and the Minister for Immigration and Border Protection, the Honourable Peter Dutton MP) THIS EXPLANATORY MEMORANDUM TAKES ACCOUNT OF AMENDMENTS MADE BY THE SENATE TO THE BILL AS INTRODUCED 1Index] [Search] [Download] [Bill] [Help]SECURITY OF CRITICAL INFRASTRUCTURE (CONSEQUENTIAL AND TRANSITIONAL PROVISIONS) BILL 2017 GENERAL OUTLINE 1. The Security of Critical Infrastructure (Consequential and Transitional Provisions) Bill 2017 amends the Australian Security Intelligence Organisation Act 1979 (ASIO Act) and the Foreign Acquisitions and Takeovers Act 1975 (FATA Act) to reflect the proposed operation of the Security of Critical Infrastructure Bill 2017. 2. The Security of Critical Infrastructure Bill is designed to strengthen the Government's capacity to manage the national security risks of espionage, sabotage and coercion arising from foreign involvement in Australia's critical infrastructure. 3. Effective and efficient information sharing between Commonwealth entities is important to the success of a coordinated approach to managing national security risks. The Foreign Investment Review Board process is an existing mechanism through which the Government can implement mitigations to address national security risks arising from proposed transactions. Ensuring that Australia's national security agencies have appropriate access to this information is key to a comprehensive consideration of national security risks. 4. The Security of Critical Infrastructure Bill introduces two regulatory measures: a critical infrastructure asset register to capture and track information about who owns and operates Australia's most critical assets in the high-risk sectors, and a Ministerial directions power for the Minister to seek information and issue directions to owners and operators of critical assets in the high-risk sectors when a there is a risk that is prejudicial to security that cannot otherwise be mitigated. Clause 1 - Short title 5. This clause provides for the short title of the Bill, if enacted, to be the Security of Critical Infrastructure (Consequential and Transitional Provisions) Act 2017. Clause 2 - Commencement 6. This clause provides that Schedule 1 of this Bill will come into effect immediately after the commencement of clause 32 of the Security of Critical Infrastructure Bill. The whole of the Security of Critical Infrastructure Bill comes into effect at the date of Proclamation or, if Proclamation does not occur within three months after the Bill receives Royal Assent, then the Bill will commence the day after three months from Royal Assent. Proclamations, which are made by the Governor-General, are the preferred method for providing discretion to fix a commencement date for a Bill. 7. This clause also provides that Schedule 2 of this Bill will commence the day after it receives the Royal Assent. Clause 3 - Schedules 8. This clause provides that upon enactment of this Bill, an Act that is specified in the Schedules is amended or repealed as set out in that Schedule. This provision sets out the purpose of the Bill, which is to make amendments to other Commonwealth legislation to reflect the proposed operation of the Security of Critical Infrastructure Bill. 2
Schedule 1--Amendments consequential on the Security of Critical Infrastructure Act 2017 9. This Schedule details the amendments that will need to be made to the ASIO Act and the FATA Act upon enactment of the Security of Critical Infrastructure Bill. Amendments to the Australian Security Intelligence Organisation Act 1979 Item 1 - Subsection 35(1) (after paragraph (d) of the definition of prescribed administrative action) 10. This item inserts a provision into the definition of 'prescribed administrative action' in subsection 35(1) of the ASIO Act, so that an exercise of power under subclause 32(2) of the Security of Critical Infrastructure Bill will be 'prescribed administration action'. Subsection 35(1) of the ASIO Act is the interpretation provision for ASIO security assessments. 'Prescribed administrative action' specifically relates to ASIO's 'adverse security assessments', which are assessments that provide an opinion or advice in relation to a person, and recommends that prescribed administrative action be taken in respect of the person. 11. This amendment will enable ASIO to provide advice to inform the exercise of the Ministerial directions power, under subclause 32(2) of the Security of Critical Infrastructure Bill, in the form of a security assessment. Subclause 32(2) of the Security of Critical Infrastructure Bill allows the Minister to direct critical infrastructure owners or operators to do or not do a certain thing to mitigate a risk that has been identified as prejudicial to security. Subclause 32(3)(c) of the Security of Critical Infrastructure Bill provides that the Minister must not give the direction unless 'an adverse security assessment in respect of the entity has been given to the Minister for the purposes of this section'. A direction would be based on addressing a security risk as set out in an ASIO adverse security assessment. Item 1A - Section 38A (at the end of the heading) 12. This item will insert the new words, 'or directions under the Security of Critical Infrastructure Act' to the end of the heading at section 38A of the ASIO Act. This ensures the heading for section 38A of the ASIO Act accurately reflects that the section will also apply where an adverse security assessment relates to the directions power at clause 32(2) of the Security of Critical Infrastructure Bill 2017, in addition to (as currently drafted) '[n]otification where assessment relates to Telecommunications Act'. Item 1B - after subsection 38A(1) 13. Where an adverse or qualified security assessment is made in respect of a person (for purposes connected with certain provisions of the Telecommunications Act), section 38A of the ASIO Act requires the Attorney-General, within 14 days of receiving the assessment, to give the assessed person a notice in writing, including a copy of the assessment and information on his or her right to seek merits review. The Attorney-General may not withhold such a notice, but may redact any part of the assessment, the disclosure of which, he or she is satisfied would be prejudicial to the interests of security. 14. This item will insert new subsection 38A(1A) after subsection 38A(1) in the ASIO Act to ensure that the notification requirements in section 38A (outlined above) also apply to an adverse security assessment given in connection with clause 32(2) of the Security of Critical Infrastructure Bill. This aligns the notice requirements of an adverse security assessment relating to the directions 3
power in the Security of Critical Infrastructure Bill with those provided in relation to similar directions powers in the Telecommunications Act. Amendments to the Foreign Acquisitions and Takeovers Act 1975 Item 2 - After paragraph 122(1)(o) 15. This item inserts the Security of Critical Infrastructure Act (once commenced) into subsection 122(1) of the FATA Act, so that a person may disclose protected information (as defined in the FATA Act) to the Minister, or the accountable authority of the responsible Commonwealth entity, administering the Security of Critical Infrastructure Bill, for the purpose of administering that Bill. The accountable authority of the responsible Commonwealth entity would be the Secretary of the Department responsible for the administration of the Security of Critical Infrastructure Bill. 16. This amendment ensures effective and efficient information sharing between the administrator of the Security of Critical Infrastructure Bill and the department with portfolio responsibility for foreign investment in Australia. Protected information obtained under the FATA Act would allow the administrating agency to verify the accuracy of the Register of critical infrastructure assets. To verify information, the administrating agency will be able to compare information from reporting entities to data that the department with portfolio responsibility for foreign investment in Australia may receive as part of the Foreign Investment Review Board approval process. The Register of critical infrastructure assets provides Government with greater visibility of who owns, controls and has access to Australia's critical infrastructure assets. Item 3 - At the end of subsections 122(2) and (3) 17. This item inserts national security into subsections 122(2) and 122(3) of the FATA Act, so that a person may disclose protected information to a Minister, or Secretary of a Department administered by that Minister, who is responsible for national security, but only for the purpose of discharging that responsibility. 18. This amendment ensures effective and efficient information sharing between national security agencies and the department with portfolio responsibility for foreign investment in Australia for the purpose of assessing and mitigating national security risks. Sharing of specific foreign investment data and analysis ensures that national security agencies can draw on existing data sets, which they require to identify, assess and mitigate national security risks. These data sets complement information that the administering agency will receive from the Register of critical infrastructure assets. The inclusion of national security will make the information protections in the FATA consistent with the use and disclosure protections in Division 3 of the Security of Critical Infrastructure Bill. Schedule 2 - Other amendments 19. This Schedule details additional amendments to the Foreign Acquisitions and Takeovers Act 1975 (FATA Act) upon enactment of the Bill. Amendments to the Foreign Acquisitions and Takeovers Act 1975 Item 1 - After paragraph 122(1)(g) 20. This item inserts the Defence Act 1903 into subsection 122(1) of the FATA Act, so that a person may disclose protected information (as defined in the FATA Act) to the Minister for Defence, or the Secretary of the Department of Defence, for the purpose of administering the Defence Act. 4
21. This amendment provides clarity that a purpose arising from the Defence Act is an appropriate purpose for disclosing protected information under the FATA Act. This amendment ensures effective and efficient information sharing between the department with portfolio responsibility for foreign investment in Australia and national security agencies, but particularly for defence purposes. Protected information obtained under the FATA Act would allow national security agencies to consider foreign investment information, for the purpose of assessing national security risks. Item 2 - At the end of subsections 122(2) and (3) 22. This item inserts defence into subsections 122(2) and 122(3) of the FATA Act, so that a person may disclose protected information to a Minister, or Secretary of a Department administered by that Minister, who is responsible for defence, but only for the purpose of discharging that responsibility. 23. This amendment also provides clarity that a defence purpose is an appropriate purpose for disclosing protected information under the FATA Act. This amendment ensures effective and efficient information sharing between national security agencies and the department with portfolio responsibility for foreign investment in Australia for the purpose of assessing and mitigating national security risks, but particularly for defence purposes. 24. The inclusion of defence will make the information protections in the FATA consistent with the use and disclosure protections in Division 3 of the Security of Critical Infrastructure Bill. 5