Complex Regimes – Regulatory Overlap in Australia’s Cloud Services Sector
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
Robust cyber security protection is essential to cloud services and government and private sector customers. In Australia, cloud services have undergone a significant regulatory reset, in part due to reforms to the critical infrastructure (‘CI’) legislative framework, including amendments to the Security of Critical Infrastructure Act 2018 (Cth) (‘SOCI Act’). Shifts in industry practice, such as the increased uptake of cloud services by businesses and government agencies and the advent of new security threats, have accentuated these changes. While Australian governments and regulators have implemented numerous legislative, policy, and guidance instruments to bolster cyber security measures, many of these attempts are not well-aligned. The outcome is an unclear and difficult-to-navigate regulatory ecosystem. We argue this complex regulatory landscape will likely result in increased costs, variable compliance, and decreased confidence in providing cyber security services unless careful attention is paid to mitigating the detrimental effects of ‘regulatory overlap’. This article identifies and critically examines key elements of existing statutory, regulatory and guidance instruments imposing cyber security and CI obligations on cloud services providers, as well as agencies and institutions holding key regulatory roles. These elements are examined in the context of cloud services providers subject to direct legal obligations, such as being responsible entities for CI assets and/or systems of national significance under the SOCI Act and other cloud services entities that form part of the supply chain for other providers with such obligations.
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.000 | 0.000 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.001 | 0.000 |
| Bibliometrics | 0.000 | 0.001 |
| Science and technology studies | 0.000 | 0.000 |
| Scholarly communication | 0.000 | 0.001 |
| Open science | 0.000 | 0.000 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.000 | 0.001 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it