Queensland's New Critical Controls Law Is Almost Here. Is Your Assurance Ready?
- 6 days ago
- 6 min read
Queensland's resources industry has a June 2026 deadline — and for many operators, the hardest part isn't knowing which critical controls exist, it's being able to prove they're actually working.
KEY TAKEAWAYS:
A new legal obligation is now in force. The RSHLA Act 2024 formally requires Queensland resources operators to embed critical control management within their Safety and Health Management Systems (SHMS) — with verifiable evidence of control effectiveness, not just documentation.
Verification ≠ assurance. Completing verification checks is not the same as knowing your controls are working under real operating conditions. The legislation is specifically designed to close that gap.
The structural gaps in your control framework may be invisible to you. Traditional spreadsheets and bow-ties cannot show you which controls carry the most risk weight, where pathways have no controls at all, or whether your assurance effort is aligned with your actual exposure.
CaNeTA turns your risk data into a living intelligence asset. By mapping critical controls as a connected causal network, CaNeTA identifies your highest-priority controls, detects missing coverage, aligns verification effort with structural risk, and traces incident learning back into your live risk model.
The question regulators are now asking is "does it work?" — not "did you do it?" Organisations that build genuine assurance capability now will be better positioned operationally, competitively, and under regulatory scrutiny than those who retrofit it under pressure.
From June 2026, Queensland's resources industry will face a material shift in how it must manage, verify, and demonstrate control over its most serious hazards. The Resources Safety and Health Legislation Amendment Act 2024 (RSHLA Act 2024) formally embeds the requirement to manage critical control into Safety and Health Management Systems (SHMS), creating new obligations around identifying, verifying, and assuring the effectiveness of the controls that stand between workers and fatal or life-altering harm.
This is not another administrative requirement. It is a structural change to how safety accountability works in Queensland resources operations — and for organisations that have been treating critical controls as a checklist rather than a living system, the clock is running out.
⏱ LEGISLATIVE DEADLINE: JUNE 2026 The RSHLA Act 2024 critical control management provisions take effect this June, requiring Queensland resources operators to formally embed critical controls within their Safety and Health Management Systems. Guidance on specific requirements is being provided by Resources Safety & Health Queensland (RSHQ). |
What the Legislation Requires
At its core, the RSHLA Act 2024 requires site operators to identify the critical controls that address their highest-consequence hazards — the specific acts, objects, or technological systems whose absence or failure would significantly increase the likelihood of a fatality or serious injury, even when other controls remain in place. It then requires those controls to be managed within the SHMS, with processes in place to verify that they are present, functional, and effective in the conditions where they are relied upon.
The intent is clear: Queensland's regulator has moved beyond asking whether organisations have a safety management system. The question is now whether that system reliably protects the people most exposed to fatal risk. Operators must be able to demonstrate this with evidence — not just documents.
This reflects a long-developing body of learning from Queensland's own incident record. The 2020 Brady Review of every fatal accident in Queensland mines and quarries over two decades found persistent patterns: the same failure modes appearing in the same critical risk categories, year after year. The RSHLA Act 2024 is, in many respects, the regulatory response to that finding.
Why Assurance Is the Hard Part
Experienced leaders already know which critical risks exist on their operations. They have bowties, they have registers and have invested significantly in verification programs. What is genuinely difficult — and what the new legislation puts squarely in focus — is assurance: the ability to know whether your critical controls are working, across all sites, all shifts, and with all the variability that real work introduces.
The difference matters. A critical control that is present in a procedure but degraded in practice is not a control — it is a false assumption. And false assumptions about critical controls are, historically, how people die.
INDUSTRY INSIGHT Mitchell Services, a Queensland-based contract drilling company, completed 56,500 critical control verifications across assets and sites in 2025 alone — and discovered that verification counts were not, by themselves, proof of control effectiveness. The deeper question was whether verifications were actually testing that controls were functioning in live work conditions, not just recording that they were present. That distinction is precisely what the new legislation demands of all operators. |
Achieving meaningful assurance at scale requires two things that traditional safety management systems have struggled to provide together: structural insight into how controls relate to risks and to each other, and operational intelligence data that connects field-level activity (e.g. maintenance) to the controls that matter most. This is where technology can now make a genuine difference.
How CaNeTA Addresses the Assurance Challenge
CaNeTA — Causal Network Topology Analysis — is Libero AI's causal intelligence solution for safety and risk. Developed from research at the University of Queensland's Sustainable Minerals Institute and now deployed in operational mining environments, CaNeTA transforms how organisations understand, prioritise, and verify their critical controls.
Rather than managing critical controls as isolated line items in a spreadsheet or bow-tie, CaNeTA maps them as nodes in a connected causal network — showing how causes, consequences, and controls interrelate across all fatal risks simultaneously. This network view does things that traditional tools cannot.
Critical Control Prioritisation CaNeTA identifies which controls span multiple fatal risks and carry the greatest structural weight — so verification effort goes where it matters most, not just where it is easiest to measure. | Missing Control Detection Automated analysis pinpoints causal pathways that have no prevention or mitigation control assigned — exposing gaps before they are tested in the field. |
Verification Alignment CaNeTA compares verification frequency against structural importance — revealing where assurance effort is misaligned with actual risk exposure. | Prevention vs. Mitigation Balance Measures whether your control framework is weighted toward preventing incidents or managing consequences — enabling deliberate rebalancing before an event. |
Legislative Traceability Checks whether applicable WHS legislation is traceable to at least one corresponding risk event or control — directly supporting SHMS compliance under the new legislation. | Incident Pathway Learning Maps each incident's causes and failed controls back into the live network — identifying which causal pathways are genuinely active so assurance effort targets proven failure routes. |
The network built during the planning phase is never discarded. As field data, incidents, operational learning, and verification results accumulate, the causal network becomes more sensitive — converting your incident history from a compliance record into a structural intelligence asset. This is the foundation of genuine, ongoing assurance, not a point-in-time document.
What This Means for Operators and Leadership Right Now
Organisations that have already invested in critical control management programs are well-positioned, but they should be asking a harder set of questions as June approaches. Not just "do we have critical controls identified?" but: Can we demonstrate that our most “Critical”, critical controls are being verified with appropriate frequency? Can we show that verification is testing efficacy in practice, not just presence on paper? When a control fails or degrades, can we identify the cause/s and trace the consequences through the risk network and respond proportionately?
These are the questions the RSHLA Act 2024 is designed to make visible. And they are the questions CaNeTA is built to answer.
For organisations earlier in their critical control maturity journey, the new legislation is both a deadline and an opportunity to build the kind of risk intelligence infrastructure that moves beyond compliance and toward genuine operational resilience. Getting that infrastructure right before June — rather than retrofitting it under regulatory pressure — is a meaningful competitive and safety advantage.
The Bigger Picture
Queensland's legislative change sits within a broader shift happening across the global resources sector. Regulators and leading operators alike are moving away from activity-based safety metrics — the number of verifications completed, the hours of training delivered — toward evidence of actual control effectiveness. The question is no longer "how much did we do?" It is "does it work?"
Answering that question at scale, with confidence, requires the kind of causal intelligence that CaNeTA provides. It does not replace the human judgment, field leadership, and safety culture that remain foundational to any high-performing operation. But it gives that judgment the structural context it needs to be applied in the right places, on the controls that matter most, before the next high-potential event reveals where the system was failing quietly.
The new legislation comes into effect in June 2026. The time to build assurance capability is now.
This article is for informational purposes. For specific legal advice on your SHMS obligations, consult a qualified safety professional or legal advisor. © 2026 Libero AI Pty Ltd.
