Australia: Cyber Security Rules 2025 for Smart Devices were adopted

On 4 March 2025, the Australian Government registered the Cyber Security (Security Standards for Smart Devices) Rules 2025 under the Cyber Security Act 2024. The Rules will apply from 4 March 2026 and establish mandatory security standards for consumer-grade connectable products acquired in Australia, excluding smartphones, tablets, desktop and laptop computers, road vehicles and components, and therapeutic goods. Manufacturers must ensure that each device has a unique password or user-defined credentials, and that passwords are not based on predictable or public patterns. Manufacturers are also required to provide a statement of compliance including the support period, product identification, and a declaration of conformity, and retain it for five years. They must publish accessible and free contact information for reporting security issues and provide defined periods for security updates, which must be prominently disclosed and not shortened once published. Non-compliance with recall notices must be publicly notified along with consumer guidance.