Australia: Digital ID Bill 2024 including cybersecurity regulation was passed by the Senate

On 27 March 2024, the Senate passed the Digital ID Bill. The Bill introduces a voluntary Accreditation Scheme with cybersecurity and data privacy requirements for accredited Digital ID providers. In particular, the Bill requires accredited entities to implement preventive, detective, and reactive cybersecurity measures to protect Digital ID systems from cyber threats. These entities must comply with accreditation data standards, which include testing requirements for biometric security, authentication protocols, and electronic identity verification technologies. The Bill also requires notification and management of cybersecurity incidents to ensure timely response and mitigation of risks within the Australian Government Digital ID System (AGDIS). In addition, the Digital ID Regulator has enforcement powers, including remedial orders, penalties, and suspension of accreditation, to ensure compliance with security obligations.