The Cyber Security Act 2024 introduces mandatory security standards for smart devices, aiming to enhance the protection of consumers and businesses against cyber threats. These standards are designed to address vulnerabilities in Internet of Things (IoT) devices, ensuring a safer digital environment in Australia.
Key Aspects of the Security Standards:
Scope of Application: The standards apply to all “relevant connectable products,” which are devices capable of connecting to the internet, either directly or indirectly. This includes a wide range of consumer-grade smart devices commonly used in households.
Manufacturer and Supplier Obligations: Manufacturers must ensure their products comply with the prescribed security standards before they can be supplied in Australia. Suppliers are required to provide a Statement of Compliance, confirming that the devices meet the necessary security requirements.
Exemptions: Certain devices are exempt from these standards, including desktop computers, laptops, tablets, smartphones, therapeutic goods as defined by the Therapeutic Goods Act 1989, road vehicles, and road vehicle components as per the Road Vehicle Standards Act 2018.
Enforcement and Compliance: The Australian Communications and Media Authority (ACMA) is empowered to enforce these standards.
Non-compliance can result in actions such as compliance notices, stop notices, or recall notices, which may be made public to inform consumers and stakeholders.
These measures are part of Australia’s broader strategy to strengthen cybersecurity and protect users from the increasing risks associated with smart devices.
Access Factsheet here : Security Standards for Smart Devices
