Australia: Digital ID Bill 2024 including cybersecurity regulation was adopted by the House of Representatives

On 16 May 2024, the House of Representatives passed the Digital ID Bill. The Bill expands the Australian Government Digital ID System (AGDIS) to include private sector entities, initially focusing on government services before expanding to include banks, credit card operators, and Australia Post within 2 years. These entities will enable access to services using government-issued Digital IDs and later offer their own accredited Digital ID services. The Australian Competition and Consumer Commission (ACCC) will act as the initial regulator, drawing on its consumer data and compliance expertise. The Bill introduces a voluntary accreditation scheme with cybersecurity and privacy requirements for accredited Digital ID providers. In particular, the Bill requires accredited entities to implement preventive, detective, and reactive cybersecurity measures to protect Digital ID systems from cyber threats. These entities must comply with accreditation data standards, which include testing requirements for biometric security, authentication protocols, and electronic identity verification technologies. The Bill also requires notification and management of cybersecurity incidents to ensure timely response and mitigation of risks within the Australian Government Digital ID System (AGDIS). In addition, the Digital ID Regulator has enforcement powers, including remedial orders, penalties, and suspension of accreditation, to ensure compliance with security obligations.