Critical infrastructure obligations and energy AI
Energy and utilities operators in Australia are designated Critical Infrastructure Sector entities under the Security of Critical Infrastructure Act 2018 (SOCA). The SOCA risk management programme obligations — requiring entities to adopt and comply with a risk management programme that addresses critical risks to critical infrastructure assets — apply to AI systems used in critical operations. AI systems that control generation, transmission, distribution, or storage of energy at significant scale are likely within the scope of SOCA risk management obligations.
The practical SOCA obligation for energy AI: operators must identify their critical infrastructure assets, identify the critical risks to those assets (including AI system failures), and implement risk management measures addressing those risks. For AI-controlled systems, the risk management measures must include: redundancy and failover arrangements that do not depend on the AI system, monitoring for AI system anomalies with human escalation, incident response procedures for AI system failures, and testing of resilience measures. AEMO and AER are both engaged with the SOCA framework and their oversight incorporates critical infrastructure security considerations.
Grid AI and AEMO market rules
AEMO's National Electricity Rules (NER) create specific requirements for automated systems used in dispatch, bidding, and grid management. AI systems used in these functions must comply with AEMO's registration requirements, satisfy the NER's system standards, and be consistent with AEMO's operational guidelines. AEMO has been progressively developing its approach to AI in grid management — particularly for AI systems involved in renewable energy integration, where the intermittent nature of generation creates specific challenges for AI forecasting and dispatch optimisation.
