On 15 August 2024, the Cyber Security (Compounding of Offences) Regulations 2024 were implemented. Section 60 of the CSA allows the Minister of Digital to establish regulations that prescribe certain offences under the CSA as compoundable and outline the method for compounding such offences. The Compounding Regulations identify six offences that can be compounded with the Public Prosecutor's written consent. These offences include an NCII Entity's failure to provide information about its NCII (Section 20(6)), failure to conduct cyber security risk assessments and audits or submit related reports (Sections 22(7) and 22(8)), and failure to comply with directions from the Chief Executive of NACSA regarding cyber security exercises (Section 24(4)).
Original source