Insight,

An omnibus cyber security and critical infrastructure package

AU | EN
Current site :    AU   |   EN
Australia
Singapore

Tell me in 2 minutes

The Government’s legislative package that implements a range of initiatives aimed at improving Australia’s cyber security consistent with its 2023-2030 Cyber Security Strategy that we summarised here has now been passed and is awaiting Royal Assent.

Key Changes

The legislative package was reviewed by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which issued an advisory report recommending that it be passed with some minor changes. The Government has since implemented a number of the recommendations of the PJCIS report in the amended legislation, which was passed on 25 November.

The key changes from the legislative package that was initially released are:

  • Consistent with PJCIS recommendation 7, to extend admissibility protections in the Cyber Security Bill to:
    • ransomware payment reports,
    • voluntary information provided to the National Cyber Security Coordinator, and
    • documents provided to the Chair of the Cyber Incident Review Board under voluntary or compulsory requests or contained in a draft report that are then obtained by a Commonwealth body or state body.
  • Consistent with PJCIS recommendation 10, to provide for the PJCIS to review the Cyber Security Bill as soon as practicable after 1 December 2027.
  • Consistent with PJCIS recommendation 7, to amend the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill to clarify that information voluntarily provided to or required by or prepared by the Australian Signals Directorate in relation to cybersecurity incidents is not admissible against an impacted entity in certain criminal or civil proceedings.
  • Consistent with PJCIS recommendations 12 and 13, to:
    • extend the PJCIS’ ability to initiate a review into the operation, effectiveness and implications of the SOCI Act from three years to five years (noting that the Minister has indicated an intention to commence an independent review into the SOCI Act by November 2025),
    • repeal section 60AAA of the SOCI Act, removing the redundant six-monthly reporting to the PJCIS on the 2022 SOCI Act amendments, and
    • make technical amendment to the Australian Security Intelligence Organisation Act 1979, to clarify provisions relating to the ministerial responsibility for protecting ASIO information and giving notice of an adverse or qualified security assessment in respect of an assessed person in connection with certain provisions of the Telecommunications Act 1997 and the SOCI Act.
Latest Thinking
Insight
The Department of Home Affairs (Department) has released the Streamlining and Modernising the Security of Critical Infrastructure Act 2018 Consultation Paper (Consultation Paper) here, proposing a second tranche of reforms to the Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act).

15 July 2026

Insight
From 1 July 2026, in New South Wales it is now mandatory for persons conducting a business or undertaking to comply with Approved Safety Codes of Practice.

14 July 2026

Insight
In this edition of the Rail Round-up, we summarise the latest developments across the rail industry, with a particular focus on the recent budget announcements and significant shifts in national rail policy.

10 July 2026