Australia's Cyber Security Bill 2024

"First reading" - a draft has been submitted to Parliament

On October 9, 2024, a series of cyber security-related regulations were presented to the Australian Parliament. This series is referred to as the "Cyber Security Legislative Package" and consists of

These individual pieces of legislation are similar to the familiar regulations that we have already seen in the EU with the Cyber Resilience Act (CRA), the NIS-2 Directive (EU) 2022/2555 and in the UK with the PSTI Act, albeit in different forms.



Cyber Security Bill

Affected products are similar in definition to "bindable products" as in the PSTI Act. The Cyber Security Bill also defines the "internet-connectable product" and the "network-connectable product". The term "products with digital elements" as we know it from the CRA is not used here.

However, we cannot identify any restrictions on the target group. The Cyber Security Bill not only addresses products for consumers, but also products for professional users without restriction and thus differs significantly from the UK's PSTI Act .

The conformity assessment procedure is concluded with a "statement of compliance", which manufacturers must attach to the "compliant products". This is again based on the UK's PSTI Act

In the event of a safety incident, reports must, as usual, be submitted to the prescribed authorities.



SOCI Bill

The NIS 2 Directive (EU) 2022/2555 distinguishes the requirements between "essential entities" and "important entities". Essential entities are system-critical organizations, while important entities can be those with less critical functions that can still have a potentially serious impact on security. "Essential entities" are subject to stricter requirements and stronger sanctions. "Important entities" also have obligations, but somewhat milder requirements.

The SOCI Bill does not make this distinction and is aimed at organizations that are defined as operators of critical infrastructures. These sectors are described in the "Security of Critical Infrastructure Act 2018", among others.

However, the stricter reporting obligations and the requirement for comprehensive risk management are similar to the NIS 2 Directive (EU) 2022/2555


If you have any questions or require further support, please do not hesitate to contact us. Read more about cybersecurity here.

 

Author

Benjamin Kerger (B. Eng.)
Product Compliance Consultant

Published on 18.10.2024
Category: Focus Automotive, Focus Industry, Focus Consumer Goods & Retail, Fokus Electrical and Wireless, Fokus Medical Devices, Compliance

back to list

Compliance News

The latest developments in all areas of market authorization and product compliance.

Comprehensive expertise in Standards Management
More News
EU: CRA standards and the successors to EN 18031

EN 40000-1-X series

Read more

EU: Update REACH 2026.02

Current developments January 2026 - April 2026

Read more

EU: REACH PFAS restriction SEAC consultation

Last chance to participate until May 2026

Read more

Expert-verified information packages for compliant products worldwide

Save resources, reduce liability risk, gain security!

learn more and order now

De En
Login
x

In accordance with the EU ePrivacy (Cookie) Directive (2009/136/EG), we would like to inform you that our website uses cookies. By using our website, you accept and agree to our Privacy policy. Please view our Privacy policy to find out what cookies we use and how to disable them.

OK