We're consulting on the extension of legislative instruments to ensure continued security obligations for the telecommunications sector.
Why we want your inputThe proposed extension will provide further clarity for the sector and reduce regulatory duplication. Carriers and eligible carriage service providers (CSPs) will continue to be required to report on asset and cyber security incidents, to align with the obligations other sectors have under the Security of Critical Infrastructure Act 2018.
How you can voice your opinionRead the consultation overview (and legislative instruments if you aren’t familiar with them) and provide your submission using the form below. You can also make a submission by email or post.
What will be the outcome of this consultation?Your submission will help inform the decision to extend the security information obligations for carriers and eligible CSPs.
In July 2022, instruments were put in place to require telecommunications carriers and CSPs to provide information to the Register of Critical Infrastructure Assets. This register supports the Australian Government to identify and manage risks to critical infrastructure assets which could cause significant harm to Australia.
The Security of Critical Infrastructure Act 2018 (SOCI Act) was amended in December 2021, introducing new positive security obligations for many sectors. These provisions did not cover the telecommunications sector.
On 7 July 2022, the Australian Government created parallel obligations for the telecommunications sector by putting in place the Telecommunications (Carrier License Conditions—Security Information) Declaration 2022 and the Telecommunications (Carriage Service Provider—Security Information) Determination 2022, as separate arrangements in the Telecommunications Act 1997.
The Australian Government is still deciding on the best approach in the longer term to address telecommunications security issues. Since the legislative instruments are due to sunset on 7 January 2024 and replacement legislative amendments will not be in place by that date, the Australian Government is seeking to extend the timeframe of the instruments to allow enough time for these reforms to take place.
The extension of these instruments by an additional 18 months will extend security information obligations for carriers and eligible carriage service providers from 7 January 2024 to 6 July 2025 (23.59).
We are seeking views from interested parties on the extension of legislative instruments for another 18 months, through an amendment to the wording in Part 4 of the legislative instruments to change the timeframe wording from 'eighteen months' to 'three years'.
Australian Privacy Principle 5 Notice
Extending security information obligations for carriers and eligible carriage service providers
The Department of Infrastructure, Transport, Regional Development, Communications and the Arts (the department) is collecting information for the purposes of extending security information obligations for carriers and eligible carriage service providers, in accordance with the Privacy Act 1988.
The department will use this information to inform consideration of issues associated with extending security information obligations for carriers and eligible carriage service providers and will store this information securely. It may be used by the department to make further contact with you about the review.
The department will not disclose information to third parties, except in the circumstances outlined below.
Submissions, in part or full, including the name of the author may be published on the department's website unless the submission is confidential. Confidential submissions (including the author's name) will not be published. Private addresses and contact details will not be published or disclosed to any third parties unless required by law.
Submissions will only be treated as confidential if they are expressly stated to be confidential. Automatically generated confidentiality statements or disclaimers appended to an email do not suffice for this purpose. If you wish you make a confidential submission, you should indicate this by ensuring your submission is marked confidential.
Confidential submissions will be kept securely and will only be disclosed in the following circumstances:
- in response to a request by a Commonwealth Minister
- where required by a House or a Committee of the Parliament of the Commonwealth of Australia
- where required by law.
The department may also disclose confidential submissions within the Commonwealth of Australia, including with other Commonwealth agencies, where necessary in the public interest.
Please note that in order to protect the personal privacy of individuals in accordance with the Privacy Act any submissions containing sensitive information, personal information or information which may reasonably be used to identify a person or group of people may not be published, even if not marked as confidential.
We invite you to to tell us your views on this topic.
- contact name
- organisation name, if applicable
- contact details, including telephone number, postal and email addresses
- confirmation whether or not your submission can be made public—published—or kept confidential.
All submissions to be made public need to meet the Digital Service Standard for accessibility. Any submission that does not meet this standard may be modified before being made public.
If your submission is to be made public, please ensure you do not include any personal information that you don't want to be published.
If your submission is confidential, please ensure each page of the submission is marked as confidential.
Please click on the 'Have your say now' button below to upload your submission.
Alternatively please email your completed template submission to firstname.lastname@example.org or send it to:
Kate McMullan, Assistant Secretary
Telecommunications Resilience Branch
Department of Infrastructure, Transport, Regional Development, Communications and the Arts
GPO Box 594
Canberra ACT 2601