Loading

Cyber Security Legislative Package – Consultation on Subordinate Legislation to the Cyber Security Act and Security of Critical Infrastructure Act 2018 (SOCI Act)

​​​​​​​​The Australian Government is committed to being a world-leader in cyber security by 2030, as outlined in the 2023-2030 Australian Cyber Security Strategy. As part of this commitment and following extensive consultation, the Cyber Security Legislative Package has received Royal Assent on 29 November 2024, meaning parts of the following acts are now law:

To give effect to some of the measures, subordinate legislation in the form of Rules is required.

The Proposed Rules include:

  1. Cyber Security (Security Standards for Smart Devices) Rules 2024
  2. Cyber Security (Ransomware Reporting) Rules 2024
  3. Cyber Security (Cyber Incident Review Board) Rules 2024
  4. Security of Critical Infrastructure (Critical infrastructure risk management program) Amendment (Data Storage Systems) Rules 2024 (Data Storage Systems Rules)
  5. Security of Critical Infrastructure (Telecommunications Security and Risk Management Program) Rules 2024 (TSRMP Rules)
  6. Security of Critical Infrastructure (Application) Amendment (Critical Telecommunications Assets) Rules 2024​

There are 6 Rules in total, each with an explanatory document to provide additional information about the policy behind the measures.

Draft Rules and Explanatory Documents:

​The Minister for Home Affairs has now commenced consultation on these Rules. To account for the Christmas period, the Department will hold consultation from 16 December 2024 until Friday 14 February 2025 providing an opportunity for industry to engage with the Department.

Providing a submission

Feedback on the Rules must be made in a submission to the Minister for Home Affairs. The Minister invites you to do so through the submission portal Consultation on Subordinate Legislation form​

The submission portal closes at 5pm AEDT, Friday 14 February 2025.

Submissions will be published unless you state in writing that your submission, or parts of it, should be kept confidential.


​​

For more information on the amendments to the Security of Critical Infrastructure Act contact ci.reforms@homeaffairs.gov.au

For more information on the instruments related to the Cyber Security Act please contact cyber.legislation@homeaffairs.gov.au

For more information on consultation sessions held in January and February 2025 and to register for these sessions visit ​Town halls and awareness sessions.​​

pop-up content starts
pop-up content ends