Commonwealth Numbered Acts

[Index] [Table] [Search] [Search this Act] [Notes] [Noteup] [Previous] [Next] [Download] [Help]

CYBER SECURITY ACT 2024 (NO. 98, 2024) - SECT 15

Compliance with security standard for a relevant connectable product

Manufacturer must comply

  (1)   An entity must manufacture a relevant connectable product in compliance with the requirements of the security standard for a class of relevant connectable product that will be acquired in Australia in specified circumstances if:

  (a)   the product is included in that class; and

  (b)   the entity is aware, or could reasonably be expected to be aware, that the product will be acquired in Australia in those circumstances.

  (2)   The entity must comply with any other requirements of the security standard that apply to the manufacturer of a product included in that class.

  (3)   An entity must not supply a product in Australia that was not manufactured in compliance with the requirements of the security standard for a class of relevant connectable product that will be acquired in Australia in specified circumstances if:

  (a)   the product is included in that class; and

  (b)   the entity is aware, or could reasonably be expected to be aware, that the product will be acquired in Australia in those circumstances.

  (4)   The entity must comply with any other requirements of the security standard that apply to the supplier of a product included in that class.

Exception

  (5)   However, to the extent that a requirement in the security standard does not relate to any of the matters in subsection   (6), an entity is not required to comply with subsections   (1) to (4) if the entity is not:

  (a)   an entity that is a corporation to which paragraph   51(xx) of the Constitution applies; or

  (b)   an entity that is undertaking activities in the course of, or in relation to, trade or commerce with other countries, among the States, between Territories or between a Territory and a State.

  (6)   The matters are the following:

  (a)   the direct, or indirect, connection of the relevant connectable product to, a telegraphic, telephonic or other like service within the meaning of paragraph   51(v) of the Constitution (including, for example, connection to the internet);

  (b)   the direct, or indirect, use by the relevant connectable product of such a service (including, for example, use of the internet);

  (c)   measures that would protect the relevant connectable product from an attack effected by means of such a service (including, for example, by means of the internet).



AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback