Australia plans comprehensive reforms to strengthen digital security. This overview explains the main elements of the Cyber Security Bill 2024 and its intended impact.
Goals and key points of the bill
The Cyber Security Bill 2024 is intended to address gaps in current legislation and is part of the strategy to make Australia a global leader in cyber security by 2030.
The draft pursues several major objectives:
- Introduction of mandatory security standards for smart devices (Part 2 - Security standards for smart devices)
- Mandatory reporting of ransomware payments (Part 3 - Ransomware reporting obligations)
- Improved coordination for significant cyber security incidents (Part 4 - Coordination of significant cyber security incidents)
- Establishment of a Cyber Incident Review Board to investigate serious incidents (Part 5 - Cyber Incident Review Board)
The aim is to create a clear legal framework to address cyber security risks across the Australian economy and to respond to new threats.
Security standards for smart devices
A central element of the bill is mandatory security standards for internet-connected devices such as smart doorbells or smartwatches. Until now, Australia had no binding standards in this area.
The new rules provide for:
- Secure default settings for smart devices
- Unique device passwords
- Regular security updates
The responsible minister is granted the power to set detailed security standards for smart devices by regulation. This allows quick alignment with international norms and standards.
Failure to comply may result in warnings, injunctions, or recall orders.
Manufacturers must confirm compliance with the standards by means of a conformity declaration. Suppliers may only market products in Australia that have a valid conformity declaration.
Status of the bill and the parliamentary process
The Cyber Security Bill 2024 is currently at the draft stage. Before it can come into force, it must go through the Australian legislative process. This process includes several steps:
- Introduction to parliament: The bill is first introduced in one of the two houses of the Australian Parliament (House of Representatives or Senate).
- First reading: The bill's title is read out, but there is no debate at this stage.
- Second reading: The responsible minister explains the purpose of the bill, followed by a general debate in parliament.
- Committee stage: A parliamentary committee examines the bill in detail. In this case, it has been announced that the draft will be referred to the Joint Parliamentary Committee on Intelligence and Security.
- Third reading: After any amendments by the committee, a final vote is held.
- Other house: If the bill is passed in one house, it goes through the same process in the other house of parliament.
- Royal assent: After passage in both houses, the Governor‑General, as the representative of the British monarch, must give formal assent to the law.
- Commencement: The law comes into force on the date specified in the text of the law. There is often a transitional period to allow affected parties to adapt to the new rules.
The Cyber Security Bill 2024 is still in an early phase of this process. The government has conducted a public consultation phase and plans to present the draft to parliament. It is expected that the draft will undergo changes during the parliamentary procedure before it is enacted.
Conclusion
With the Cyber Security Bill 2024, Australia aims to significantly strengthen its digital security. The mandatory standards for smart devices are an important step to better protect consumers. The government emphasizes that the measures were developed in close consultation with industry. It remains to be seen how the bill will be shaped during the parliamentary process and when it will actually come into force.