Australian Cyber Policy & Legislation
Last updated: 2026-04-01 07:21 UTC
Key legislative and policy frameworks governing cybersecurity in Australia.
Security of Critical Infrastructure Act 2018 (SOCI)
Australian Cyber Security Strategy 2023-2030
Privacy Act 1988 (NDB Scheme)
| |
| Status | Active (NDB from Feb 2018) |
| Scope | Organisations with >$3M revenue, health, government |
| Key Requirements | Mandatory notification of eligible data breaches to OAIC and affected individuals |
| Reference | Privacy Act 1988 (NDB Scheme) |
Essential Eight Maturity Model
| |
| Status | Active (updated 2023) |
| Scope | Commonwealth entities (mandated), recommended for all |
| Key Requirements | Eight mitigation strategies across three maturity levels |
| Reference | Essential Eight Maturity Model |
Cyber Security Act 2024
| |
| Status | Active (from 2024) |
| Scope | Ransomware reporting, smart device security, Cyber Incident Review Board |
| Key Requirements | Mandatory ransomware payment reporting, security standards for IoT devices |
| Reference | Cyber Security Act 2024 |
AUKUS Pillar II
| |
| Status | Active |
| Scope | Trilateral defence technology cooperation (AU/UK/US) |
| Key Requirements | Advanced cyber capabilities, AI, quantum technology sharing |
| Reference | AUKUS Pillar II |
International Frameworks
Australia participates in several international cyber cooperation frameworks:
| Framework | Partners | Focus |
| Five Eyes | AU, US, UK, CA, NZ | Intelligence sharing, joint advisories |
| AUKUS Pillar II | AU, UK, US | Advanced cyber capabilities, quantum, AI |
| Quad Cyber | AU, US, India, Japan | Indo-Pacific cyber resilience |
| ASEAN Regional Forum | ASEAN + partners | Regional cyber confidence building |
| Budapest Convention | 60+ countries | Cybercrime cooperation |