Australia: Australian Government opened consultation on Digital ID Bill 2023 including cybersecurity regulation

On 19 September 2023, the Australian Government opened a consultation on the draft Digital ID Bill until 10 October 2023. The Bill proposes to extend the existing Digital ID system, which is currently limited to access to government services, to the private sector and to establish the Australian Competition and Consumer Commission (ACCC) as the independent regulator of the Digital ID system. The Bill would also introduce a voluntary accreditation scheme with cybersecurity and privacy requirements for accredited Digital ID providers. In particular, the Bill would require cybersecurity measures to protect data and digital infrastructure from threats. Accredited entities would have to implement preventive, detective and reactive security controls, including incident monitoring, risk assessments and encryption protocols. The Bill also would enforce mandatory notification of cyber incidents, requiring accredited entities to report breaches to the Digital ID Regulator. In addition, the Digital ID Rules would set out obligations for fraud prevention, security governance, and system resilience.