The Enhanced CIRMP Rules were registered and became enforceable on 9 June 2026. All critical infrastructure operators must now comply with four key obligations: comprehensive supply chain mapping, FOCI (Foreign Ownership Control or Influence) documentation, cyber maturity Level 2 verification, and network segregation of critical assets. Board directors face personal liability for non-compliance.