Loading

Technology Vendor Review Framework

​​​​​On 20 December ​2024 the Minister for Home Affairs announced the finalisation of Australia’s Technology Vendor Review Framework (the framework). The framework is a key measure under the 2023-2030 Australian Cyber Security Strategy.

This webpage provides the Australian public and industry with information on the framework’s purpose, scope and function.​

Key Points

  • The framework establishes the Australian Government’s dedicated and proactive process to consider foreign ownership, control or influence (FOCI) risks associated with technology vendors.
  • With the framework, the Australian Government is in a strong position to analyse and provide guidance on technology vendor risks to inform public and private sector procurement decisions about the security of technology products and services.
  • The framework does not introduce any new legislative authorities or regulation. It provides a robust, comprehensive, consistent and risk-based approach for the government to understand vendor risks and develop appropriate mitigations.
  • Consultation will be a key feature of reviews under the framework. The Australian Government will be engaging directly with organisations and end-users, as appropriate, to understand the risks introduced by a product or service, and the availability of mitigations.
  • The framework will not be released publicly to ensure the integrity of the framework’s processes and protect information relating to national security.

Overview

Australia is a net technology importer – our economy relies on the availability of overseas technology products and services. Foreign technology companies offer significant value, capabilities and opportunities for the Australian economy and society. They are essential for Australia’s long-term economic security, stability and prosperity, including Australia’s net zero transition. Recognising the adoption of new and emerging technologies is a key driver of economic growth and prosperity, the Australian Government is committed to ensuring that Australia remains an open, safe and attractive place to do business.

Foreign owned, controlled or influenced vendors supply and operate a vast range of technology products and services in Australia. The majority of these vendors do not present a threat to Australia’s interests. However, in some cases, the application, market prevalence or nature of certain technologies, coupled with foreign influence could present unacceptable risks to the Australian economy. This is particularly true if the vendor is owned, controlled or influenced by foreign governments with interests which conflict with Australia’s. By introducing the framework, the Australian Government will proactively assess the risks of technology vendors and consider mitigations where these risks are unacceptable.

The government has not established the framework to ban or restrict vendor access within the Australian economy, or target vendors from specific nations. The framework will ensure the Australian Government fully understands the risks presented by technology vendors, to inform proportionate and consistent risk mitigations. The framework is founded on a risk-based approach, ensuring outcomes do not discourage technology adoption.

The framework complements existing policies and legislation, including the Protective Security Policy Framework and the Security of Critical Infrastructure Act 2018.​

Where can I find more information on managing technology risks?

The Australian Government has developed a range of products to support organisations to consider risks when undertaking procurements, this includes:

Downl​​oa​​d


pop-up content starts
pop-up content ends