Australia took significant steps towards enhancing its cybersecurity measures by implementing the Cyber Security Act of 2024. Originally announced on November 29th in 2024, the new legislation is in line with Australia’s Cyber Security Strategy for 2023 to 2030 to bring the country up to international standards and strengthen its protection against cyber risks. The act includes rules that will affect businesses, citizens and government bodies across the board.
Important Measures Under the Cybersecurity Act
The Cyber Security Act introduces significant measures aimed at filling legal loopholes and boosting national security.
- Minimum Security Standards for Smart Devices: Manufacturers of smart devices must adhere to updated security criteria to safeguard users against cyber risks.
- Mandatory Ransomware and Cyber Extortion Reporting: Certain companies are now required to disclose any ransom payments made following cyberattacks to promote transparency and responsibility in dealing with ransomware and cyber extortion incidents.
- Enhanced Collaboration Requirement for Government Interaction: The National Cyber Security Coordinator aims to strengthen partnerships with sector entities to enhance cybersecurity readiness and response capabilities.
- Cyber Incident Review Board: A new body will be formed to look into cyber incidents and share insights to avoid similar attacks in the future.
CyberSecurity Rules Resources
The Rules were officially registered on 4 March 2025, and are linked here:
CyberSecurity Rules Resources
To support the Cyber Security Act 2024, the government has introduced Cyber Security Rules, which were officially registered on March 4, 2025. These rules clarify how the Act will be implemented and set compliance deadlines for businesses and industry sectors.
- The initial regulations for security guidelines for smart devices will be relevant to devices used by consumers and will come into force one year after registration to give manufacturers time to adjust.
- Starting May 30th, 2025, different businesses will be required to report ransomware payments that they make.
- The Cyber Incident Review Board is set to be created upon the implementation of the rule on May 30th, 2025, by the Minister for Home Affairs who will subsequently select members and assemble an Expert Panel.
The government plans to provide guidance materials in the months to help businesses and industry leaders understand their new responsibilities better. Additionally, there was a Town Hall meeting on March 12, 2025, where the specifics of the regulations were discussed.
For this article’s source information and any product certification guidance, please contact Global Validity.
Quick Country Facts
Australia
Certification Body: The Australian Communications and Media Authority (ACMA)
Certification Type: Mandatory
License Validity: Indefinite
Application Language: English
Legal License Holder: Local Representative
In-Country Testing Requirement: Testing Not Required
Access in-depth regulatory knowledge on over 200 countries and territories with Global Validity’s free proprietary product certification management software, Access Manager. Learn more about the platform here or fill our quick contact form!
Global Validity is your partner for global certification success
Want to learn more about regulatory compliance and how we can help? Simply fill out the form below and we’ll be in touch!