· Order in Council / Security Management for Critical Infrastructure Regulation · enacted
Security management for critical infrastructure regulation
This Order in Council enacts the Security Management for Critical Infrastructure Regulation, repealing a previous regulation and establishing new requirements for critical facility security management under the authority of the Alberta Ene…
High impactCentralization of powerInstitutional independenceIndependent watchdogsThe public, directly
What changed
- Repeals the Security Management for Critical Upstream Petroleum and Coal Infrastructure Regulation (AR 91/2013).
- Establishes the new Security Management for Critical Infrastructure Regulation (AR 84/2024).
- Defines 'critical facility' to include various energy infrastructure types, such as coal processing plants, in situ operations, mines, pipelines, and wells.
- Mandates the Alberta Energy Regulator (AER) to establish and maintain a confidential critical infrastructure list of identified critical facilities.
- Requires licensees or approval holders of critical facilities to establish and implement a security management program in accordance with CSA Z246.1.
- Grants the AER authority to order compliance, require facility shutdown, demand information, and audit security management programs.
Why it matters
- Expands the scope of critical infrastructure security regulation beyond previous upstream petroleum and coal focus to a broader range of energy facilities.
- Centralizes the identification and oversight of critical infrastructure security with the Alberta Energy Regulator.
- Increases the Regulator's direct authority over energy industry operations, including the power to mandate shutdowns for non-compliance.
- Establishes a specific industry standard (CSA Z246.1) as the mandatory framework for security management programs.
- Confidentiality provisions for the critical infrastructure list and related information may limit public transparency regarding security vulnerabilities or regulatory actions.
Other governance concerns
- Confidentiality of critical infrastructure list and related information
- Expanded regulatory powers, including facility shutdown orders
- Mandatory adherence to a specific private industry standard
Primary sources (1)
- Primary sourceGovernment documentOrder in Council 94/2024 (Alberta King's Printer)
Secondary sources (2)
- Secondary sourceNews articleMobia blog on AR 84/2024
- Secondary sourceNews articleBDP law firm insights