Business Insight

A clearer picture of the coming Cyber Security Bill and critical infrastructure reforms

August 06, 2024

By John Macpherson, Geoff McGrath and Andrew Hilton

Share Share

Share

Computer grid

    What you need to know

    • In Australia, the Federal Government reportedly hopes to bring a new Cyber Security Bill to Parliament in the next sitting – which begins next week on 12 August 2024. The new bill will cover ransom reporting, new security standards for smart (IoT) devices, limits on how cyber agencies use information, and the creation of a Cyber Incident Review Board.
    • At the same time, we expect to see a bill to change critical infrastructure laws, to regulate critical data storage systems, to introduce new consequence management and remedial powers, to simplify sharing of critical information, and to shift telecommunications sector obligations to the Security of Critical Infrastructure Act.
    • If bills are introduced, they will likely be referred for Senate Committee consideration, and public consultations will likely follow.
    • The new laws will need to be flexible – expect significant issues to be dealt with in underlying rules, which may require further refinement and consultation.
    • These bills are one part of a very ambitious technology and data law reform agenda. We expect to see in coming weeks, a parliamentary vote on Consumer Data Right "action initiation" laws, movement on misinformation and disinformation laws and mandatory anti-scams codes, as well as legislation to overhaul Australia's privacy laws.

    Key regulatory forms – to be a world cyber security leader by 2030

    These reforms are part of Australia's 2023-2030 Cyber Security Strategy vision to be a world leader in cyber security by 2030 – read about the strategy, and Ashurst's response to the earlier discussion paper.

    A bold regulatory reform agenda is a core part of Australia's cyber strategy

    This publication is a joint publication from Ashurst Australia and Ashurst Risk Advisory Pty Ltd, which are part of the Ashurst Group.

    The Ashurst Group comprises Ashurst LLP, Ashurst Australia and their respective affiliates (including independent local partnerships, companies or other entities) which are authorised to use the name "Ashurst" or describe themselves as being affiliated with Ashurst. Some members of the Ashurst Group are limited liability entities.

    Ashurst Australia (ABN 75 304 286 095) is a general partnership constituted under the laws of the Australian Capital Territory.

    Ashurst Risk Advisory Pty Ltd is a proprietary company registered in Australia and trading under ABN 74 996 309 133.

    The services provided by Ashurst Risk Advisory Pty Ltd do not constitute legal services or legal advice, and are not provided by Australian legal practitioners in that capacity. The laws and regulations which govern the provision of legal services in the relevant jurisdiction do not apply to the provision of non-legal services.

    For more information about the Ashurst Group, which Ashurst Group entity operates in a particular country and the services offered, please visit www.ashurst.com.

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.

    Editorial Disclaimer

    Originally published before the Ashurst Perkins Coie combination. See disclaimer.

    Key Contacts