On 29 November 2024, the Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 became law.
The Bill was part of the Cyber Security Legislative Package that included the Cyber Security Act 2024, which has established a separate limited use obligation for the National Cyber Security Coordinator. The Intelligence Services and Other Legislation Amendment (Cyber Security) Act 2024 legislates a limited use obligation for the Australian Signals Directorate (ASD) by adding a new Division, 1A of Part 6.
Our incident response services will not change. We will continue to provide free technical guidance, advice and assistance to Australian organisations that have been impacted by cyber security incidents.
The limited use obligation intends to provide additional assurance that cyber security information voluntarily shared with ASD, or that is acquired or prepared by ASD with the consent of an impacted entity, is protected.
Information protected by the limited use obligation cannot be used for regulatory action or admitted as evidence in civil or criminal proceedings against the impacted entity, except in certain circumstances. It is automatically applied and encourages proactive, timely and voluntary information sharing relating to cyber security incidents with us.
Reporting to us quickly means we can provide you with rapid technical advice and assistance, so you can get back to business faster.