Insight,

Cybersecurity,

An omnibus cyber security and critical infrastructure package

27 November 2024

Our People
KWM Kinetic
Owl Advisory
AU | EN
Current site :    AU   |   EN
Australia
EN |
China
JP | ZH | EN |
China Hong Kong SAR
ZH | EN |
Japan
JP | ZH | EN |
Singapore
ZH | EN |
United States
EN |
Global
ZH | EN |

Tell me in 2 minutes

The Government’s legislative package that implements a range of initiatives aimed at improving Australia’s cyber security consistent with its 2023-2030 Cyber Security Strategy that we summarised here has now been passed and is awaiting Royal Assent.

Key Changes

The legislative package was reviewed by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which issued an advisory report recommending that it be passed with some minor changes. The Government has since implemented a number of the recommendations of the PJCIS report in the amended legislation, which was passed on 25 November.

The key changes from the legislative package that was initially released are:

  • Consistent with PJCIS recommendation 7, to extend admissibility protections in the Cyber Security Bill to:
    • ransomware payment reports,
    • voluntary information provided to the National Cyber Security Coordinator, and
    • documents provided to the Chair of the Cyber Incident Review Board under voluntary or compulsory requests or contained in a draft report that are then obtained by a Commonwealth body or state body.
  • Consistent with PJCIS recommendation 10, to provide for the PJCIS to review the Cyber Security Bill as soon as practicable after 1 December 2027.
  • Consistent with PJCIS recommendation 7, to amend the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill to clarify that information voluntarily provided to or required by or prepared by the Australian Signals Directorate in relation to cybersecurity incidents is not admissible against an impacted entity in certain criminal or civil proceedings.
  • Consistent with PJCIS recommendations 12 and 13, to:
    • extend the PJCIS’ ability to initiate a review into the operation, effectiveness and implications of the SOCI Act from three years to five years (noting that the Minister has indicated an intention to commence an independent review into the SOCI Act by November 2025),
    • repeal section 60AAA of the SOCI Act, removing the redundant six-monthly reporting to the PJCIS on the 2022 SOCI Act amendments, and
    • make technical amendment to the Australian Security Intelligence Organisation Act 1979, to clarify provisions relating to the ministerial responsibility for protecting ASIO information and giving notice of an adverse or qualified security assessment in respect of an assessed person in connection with certain provisions of the Telecommunications Act 1997 and the SOCI Act.
Categories

KEY CONTACTS

LATEST THINKING
Insight
Top 10 Trends for Private Capital in an uncertain world
With sophisticated investors quickly seeking diversification in response to geopolitical risk, Asia Pacific markets are well-positioned to become an attractive hedge.

17 April 2025

Insight
Private Capital Leading the Surge into Data Centres - What have we learned and what next?
Australia and the Asia Pacific Region emerge as a hotbed for data centre investment, as the AI revolution and resulting demand for digital infrastructure surges.

17 April 2025

Insight
Cov-What? Financial covenants in leveraged finance deals
A short primer on the different approaches being taken to financial covenants in leveraged finance deals

17 April 2025

EXPLORE LATEST THINKING
OUR PEOPLE
LOCATIONS
MEDIA CENTRE
CAREERS
ABOUT US
Explore Our Expertise
Explore insights
Explore Our Insights

Advertising and Targeting Cookies