Budget confirms the creation of new bureaucracy for supply chains

Latest News

Hidden in last week's 2021-22 Budget was the creation of a new bureaucracy that will almost certainly reach well into Australia's health products supply chain.

The federal government will provide $98.8 million over four years for the creation of the Office of Supply Chain Resilience and Public Sector Capability.

According to the Budget, its purpose is "to provide ongoing capacity to monitor and coordinate the Government's efforts to boost supply chain resilience and also to support the implementation of other Government policy priorities, including its COVID-19 response and continuing Australian Public Service reforms."

The new agency will exist across three government departments but be primarily housed within the Department of the Prime Minister and Cabinet (DPMC). It will also operate in the Department of Finance and the Australian Public Service Commission.

The Budget papers, including DPMC's Portfolio Budget Statements, contain very little detail.

However, we know from the government's current policy and legislative agenda that it considers the resilience of Australia's health products supply chain as a priority.

Yet it is also going much further.

The parliament is currently considering the Legislation Amendment (Critical Infrastructure) Amendment Bill 2020 that will grant the federal Department of Home Affairs sweeping new powers over 'critical infrastructure' in 11 sectors, including health.

The current law covering 'critical infrastructure' is limited to matters related to defence, security or international relations. The Bill, which is currently in the committee process, would significantly extend the law and require specified industries to "identify and manage risks relating" to assets considered critical infrastructure.

The new Bill effectively covers the entire health products sector, including the "production, distribution or supply of medical supplies”.

Some of the sector's larger companies would be required to have a critical infrastructure risk management program (CIRMP) and report on that program annually within 30 days of the end of the financial year. They could even be required to security check employees.