The future of foreign investment: the role of the Security of Critical Infrastructure Act
Foreign investment in the Australian energy and resources sectors has long been subject to a national interest and national security test. These tests ensure that investment by foreign entities remains overall beneficial, in light of issues concerning Australia’s sovereignty. Recently, a significant increase in global cyber attacks from nation-states, state-sponsored actors and transnational cybercrime syndicates has prompted the Federal Government to re-evaluate the robustness of these tests.
In response, the Federal Government has introduced legislative changes expanding the scope of ‘critical’ infrastructure assets and technologies, to protect essential sectors of the Australian economy. With a suite of reforms introduced in late 2021 and early 2022 and more on the horizon, the application of the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) to resources and renewables sectors means more transactions are now subject to scrutiny through the Foreign Investment Review Board (FIRB) process.
FIRB has recently shown a willingness to exercise its national security powers in the resources sector. On 15 February 2023, it rejected an application for approval for Yuxiao Fund Pte. Ltd, a Chinese-owned company, to purchase an additional 9.92% interest (increasing its interest to 19.9%) in Northern Minerals Limited, a listed critical minerals company. For several years now, FIRB has maintained the position that investments in the critical minerals space will be viewed through a national security lens, and we are now seeing in real time that they are willing to take a hard-line stance on this issue.
Critical energy assets – what’s protected?
The Australian energy industry is one of eleven key infrastructure sectors protected by the SOCI Act, with several key infrastructure asset classes caught, including:
- Electricity Critical Assets;
- Gas Critical Assets;
- Energy Market Operator Critical Assets; and
- Liquid Fuel Critical Assets.
Whether an asset qualifies as ‘critical infrastructure’ depends on whether that asset satisfies the appropriate test under the SOCI Act. For example, for a project or facility to be classified as:
- an ‘Electricity Critical Asset’, it must either be a ‘network, system or interconnector for the transmission or distribution of electricity to ultimately serve at least 100,000 consumers’, or be ‘an electricity generation station critical to ensuring the security and reliability of electricity networks or systems’; or
- a ‘Liquid Fuel Critical Asset’, it must be a ‘liquid fuel refinery’, a ‘liquid fuel pipeline’ or a ‘liquid fuel storage facility’, which is critical to ensuring the security and reliability of a liquid fuel market.
What is ‘critical infrastructure’ is also closely connected to what types of information an entity holds. For example, a company which holds personal information subject to the Privacy Act 1988 (Cth) for over 100,000 consumers, can fall into the ‘data storage’ class of critical infrastructure assets, and therefore the acquisition of such a company will require FIRB approval. These provisions could cover other participants in the energy sector such as electricity retailers, an area not previously subject to FIRB oversight.
Impact on the foreign investment regime
Under Australia’s foreign investment regime, the concept of a ‘national security business’ is linked directly to the ownership or operation of critical infrastructure under the SOCI Act.
FIRB approval is generally required in the following circumstances:
- starting a ‘national security business’; and
- acquiring an interest of 10% or more in a ‘national security business’.
Importantly, there is no minimum monetary threshold for the acquisition of a ‘national security business’, meaning regardless of a transaction’s value, the acquisition of a ‘national security business’ is subject to FIRB approval. This will result in more transactions in the energy and resources space requiring mandatory FIRB approval.
Additional due diligence
Foreign investors will need to consider whether an asset qualifies as critical infrastructure before proceeding with a potential investment or acquisition. Failure to identify this critical component of the transaction may result in not obtaining FIRB approval, in contravention of Australia’s foreign investment regime. In such a case, the Treasurer may either order the transaction or investment to be unwound or impose significant, possibly even criminal, penalties where he considers it to be contrary to Australia’s national interests.
Factoring FIRB timing into potential transaction
Investors will need to consider FIRB’s assessment timeframes when investing in critical infrastructure assets. Investors should engage with sellers early, as sellers will need to determine whether they are deemed a ‘national security business’ for foreign investment purposes and prepare their business for investment accordingly (including by responding to potential queries from FIRB or ensuring its ongoing compliance under the SOCI regime).
Beyond investment — Ongoing compliance obligations
In addition to the regulations underpinning Australia’s foreign investment regime, owners and operators of critical infrastructure assets have several key ongoing compliance obligations under the SOCI Act. Following investment in a national security business or upon acquisition of a critical infrastructure asset, investors are required to:
- notify the Australian Cyber Security Centre of actual or imminent cyber security incidents affecting the critical infrastructure asset, including cyber attacks which cause impairment of the availability, reliability, and or security of an energy sector asset, or compromise confidential information about or stored in an energy sector asset;
- provide information relating to the investor’s ownership of, interest in and operation of the critical infrastructure asset to the Cyber Infrastructure Security Centre, to be registered on the Register of Critical Infrastructure Assets; and
- prepare and maintain a Critical Infrastructure Risk Management Program.
With an eye towards investment in 2023, those in the resources and renewables sectors must maintain an acute awareness of changes to policy and market and financial conditions which may impact them. What is even more important is the need to remain vigilant in complying with legislation and regulation such as the SOCI regime. As it emerges from its infancy, the SOCI Act’s outreach will continue to expand, so implementing strong compliance procedures early will be vital for those looking to expand their investments in the Australian resources and renewables sectors.
For more information on this topic, or to explore other articles from our 2023 edition of Emerging Issues for the Australian Energy and Resources Industry, click here.
This publication covers legal and technical issues in a general way. It is not designed to express opinions on specific cases. It is intended for information purposes only and should not be regarded as legal advice. Further advice should be obtained before taking action on any issue dealt with in this publication.