Navigating Director Duties in Defence-Aligned Enterprises

For directors operating in Defence-aligned industries, the weight of responsibility goes far beyond the typical boardroom. While all Australian directors are bound by the duties outlined in the Corporations Act—such as acting in good faith, exercising due care, and preventing insolvent trading—those working in sectors connected to national security, Defence procurement, or critical infrastructure face a more complex legal environment.

The intersection of corporate governance and government accountability means that every decision a director makes can carry implications beyond commercial outcomes. In many cases, those decisions affect not just the company’s success, but its legal standing, security compliance, and eligibility for public sector work. What’s more, the scrutiny these organisations face from regulators, Defence agencies, and prime contractors means that even minor oversights can result in significant contract risks or reputational harm.

At AQMN, we've seen an increase in directors requesting clarity around how DISP obligations, procurement frameworks, and cyber-related legal risks should influence their governance strategies. Many directors are surprised to learn that their responsibilities may extend into areas traditionally viewed as operational—such as the company’s cyber resilience, staff security clearances, and incident response protocols. These are no longer concerns reserved for CISOs or compliance managers; they are board-level matters with board-level consequences.

Take DISP, for example. When a company is part of the Defence Industry Security Program, the board becomes accountable for ensuring that the organisation maintains appropriate levels of protective security, manages personnel vetting processes, and responds properly to incidents. Failing to meet these standards doesn’t just affect contract eligibility—it can place the entire company under review and lead to enforcement action.

Similarly, the rise of cyber law and privacy legislation has made directors more vulnerable to fallout from data breaches and technology failures. With the Security of Critical Infrastructure Act and changes to the Privacy Act expanding reporting obligations, boards now need to ensure that their governance policies account for cyber-legal risks. If an incident occurs, directors may be held responsible for delayed reporting, lack of preparation, or unclear escalation paths.

Another common blind spot we observe is contract management. Directors often assume that contracts are a matter for project managers and legal teams. But when you're dealing with government contracts—especially those involving security-sensitive work—directors are frequently required to sign off on clauses related to probity, performance guarantees, and even personal responsibility for breaches. Without the right briefings or oversight structures, it’s easy to overlook these implications until it's too late.

To navigate all this effectively, directors need to adopt a mindset that views governance not just as oversight, but as active legal risk management. This means engaging in regular legal briefings tailored to the Defence and public sector environment, reviewing governance documents in light of DISP and procurement rules, and ensuring that board-level policies address emerging areas like cyber governance, information handling, and subcontractor management.

At AQMN, we work closely with boards to strengthen these foundations. Whether it's delivering training on Defence-specific legal duties, reviewing internal governance policies, or advising on contract risk, our goal is to make directors feel informed, protected, and equipped to lead in high-stakes environments.

Because ultimately, being a director in a Defence-aligned business isn’t just about corporate performance—it’s about public trust, national security, and doing the right thing when it matters most.