The Australian Government is committed to being a world-leader in cyber security by 2030, as outlined in the
2023-2030 Australian Cyber Security Strategy. As part of this commitment and following extensive consultation, the Cyber Security Legislative Package has received Royal Assent on 29 November 2024, meaning parts of the following acts are now law:
To give effect to some of the measures, subordinate legislation in the form of Rules is required.
The Proposed Rules include:
- Cyber Security (Security Standards for Smart Devices) Rules 2024
- Cyber Security (Ransomware Reporting) Rules 2024
- Cyber Security (Cyber Incident Review Board) Rules 2024
- Security of Critical Infrastructure (Critical infrastructure risk management program) Amendment (Data Storage Systems) Rules 2024 (Data Storage Systems Rules)
- Security of Critical Infrastructure (Telecommunications Security and Risk Management Program) Rules 2024 (TSRMP Rules)
- Security of Critical Infrastructure (Application) Amendment (Critical Telecommunications Assets) Rules 2024
There are 6 Rules in total, each with an explanatory document to provide additional information about the policy behind the measures.
Draft Rules and Explanatory Documents:
Formal consultation closed 5pm AEDT, Friday 14 February 2025.
For more information on the amendments to the Security of Critical Infrastructure Act contact ci.reforms@homeaffairs.gov.au
For more information on the instruments related to the Cyber Security Act please contact
cyber.legislation@homeaffairs.gov.au
For more information on consultation sessions held in January and February 2025, visit Town halls and awareness sessions.
