Insight,

Cybersecurity,

An omnibus cyber security and critical infrastructure package

27 November 2024

Our People
AU | EN
Current site :    AU   |   EN
Australia
EN |
Singapore
EN |

Tell me in 2 minutes

The Government’s legislative package that implements a range of initiatives aimed at improving Australia’s cyber security consistent with its 2023-2030 Cyber Security Strategy that we summarised here has now been passed and is awaiting Royal Assent.

Key Changes

The legislative package was reviewed by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which issued an advisory report recommending that it be passed with some minor changes. The Government has since implemented a number of the recommendations of the PJCIS report in the amended legislation, which was passed on 25 November.

The key changes from the legislative package that was initially released are:

  • Consistent with PJCIS recommendation 7, to extend admissibility protections in the Cyber Security Bill to:
    • ransomware payment reports,
    • voluntary information provided to the National Cyber Security Coordinator, and
    • documents provided to the Chair of the Cyber Incident Review Board under voluntary or compulsory requests or contained in a draft report that are then obtained by a Commonwealth body or state body.
  • Consistent with PJCIS recommendation 10, to provide for the PJCIS to review the Cyber Security Bill as soon as practicable after 1 December 2027.
  • Consistent with PJCIS recommendation 7, to amend the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill to clarify that information voluntarily provided to or required by or prepared by the Australian Signals Directorate in relation to cybersecurity incidents is not admissible against an impacted entity in certain criminal or civil proceedings.
  • Consistent with PJCIS recommendations 12 and 13, to:
    • extend the PJCIS’ ability to initiate a review into the operation, effectiveness and implications of the SOCI Act from three years to five years (noting that the Minister has indicated an intention to commence an independent review into the SOCI Act by November 2025),
    • repeal section 60AAA of the SOCI Act, removing the redundant six-monthly reporting to the PJCIS on the 2022 SOCI Act amendments, and
    • make technical amendment to the Australian Security Intelligence Organisation Act 1979, to clarify provisions relating to the ministerial responsibility for protecting ASIO information and giving notice of an adverse or qualified security assessment in respect of an assessed person in connection with certain provisions of the Telecommunications Act 1997 and the SOCI Act.
Categories

Key Contacts

Latest Thinking
Insight
Bendel: Commissioner ‘A loan’ in view that UPE was a loan for Division 7A purposes
The long-awaited High Court decision in Bendel has arrived!

12 June 2026

Insight
Queensland goes all in on critical minerals: Key changes under the SDPWO Amendment Bill 2026
Queensland has fired the legislative starting gun in the race for critical minerals investment.

05 June 2026

Insight
The forfeiture rule and superannuation death benefits: emerging issues for trustees
While the forfeiture rule is a longstanding position in law, its application to superannuation is not always clear.

05 June 2026

Explore Latest Thinking
Our People
Media Centre
About Us
Contact Us
Explore Our Expertise
Explore insights

Advertising and Targeting Cookies