Julian Hill (Bruce, Australian Labor Party, Assistant Minister for Citizenship and Multicultural Affairs) Share this | Link to this | Hansard source

by leave—I present a supplementary explanatory memorandum and a correction to the explanatory memorandum to the bill. I ask leave of the Federation Chamber to move government amendments (1) to (4) as circulated together.

Leave granted.

I move government amendments (1) to (4) as circulated together:

(1) Clause 32, page 37 (line 7), before "subsection 29(1)", insert "section 27,".

(2) Clause 42, page 49 (line 15), omit "subsection 38(1),", substitute "subsection 35(2), 38(1), 39(1),".

(3) Clause 58, page 67 (line 6), omit "section 54,", substitute "section 48, 49, 51, 54,".

(4) Page 94 (after line 30), at the end of the Bill, add:

88 Review of this Act

The Parliamentary Joint Committee on Intelligence and Security may:

(a) review the operation, effectiveness and implications of this Act; and

(b) report the Committee's comments and recommendations to each House of the Parliament;

so long as the Committee begins the review as soon as practicable after 1 December 2027.

This is the first bill in the Cyber Security Legislative Package, alongside the Intelligence Services and Other Legislation Amendment (Cyber Security) Bill 2024 and the Security of Critical Infrastructure and Other Legislation Amendment (Enhanced Response and Prevention) Bill 2024. This package will collectively strengthen our national cyber defences and build cyber resilience across the Australian economy.

On 9 October, Minister Burke referred the package to the Parliamentary Joint Committee on Intelligence and Security.

The committee recommended that, subject to implementation of the recommendations in its report, the package be passed by parliament. These amendments will implement the changes and clarifications as recommended by the committee. To implement recommendation 7 of the committee's report, the bill was amended to clarify that information obtained by the National Cyber Security Coordinator in relation to a cybersecurity incident or required by a Commonwealth body or state body from a ransomware payment report is not admissible against the impacted entity in certain criminal or civil proceedings. Further amendments will ensure that information obtained by the Cyber Incident Review Board in the performance of its functions is not admissible in evidence against the entity in certain criminal and civil proceedings.

To address recommendation 10 of the committee's report, the bill now contains a provision that the committee may review the operation effectiveness and implications of the cybersecurity act as soon as practicable after 1 December 2027. The bill will provide clarity and confidence for Australians in the face of an ever-changing cybersecurity landscape. The legislative package will empower government and industry with awareness and resilience to better protect Australians from cybersecurity threats. I commend the bill to the chamber.

Question agreed to.

Bill, as amended, agreed to.

Ordered that this bill be reported to the House with amendments.