Australia: Cyber Security Rules 2025 for Smart Devices enter into force

On 4 March 2026, the Cyber Security (Security Standards for Smart Devices) Rules 2025, covering consumer-grade smart devices enter into force. The rules establish mandatory security standards for consumer-grade connectable products acquired in Australia, excluding smartphones, tablets, desktop and laptop computers, road vehicles and components, and therapeutic goods. Manufacturers must ensure that each device has a unique password or user-defined credentials, and that passwords are not based on predictable or public patterns. Manufacturers are also required to provide a statement of compliance including the support period, product identification, and a declaration of conformity, and retain it for five years. They must publish accessible and free contact information for reporting security issues and provide defined periods for security updates, which must be prominently disclosed and not shortened once published. Non-compliance with recall notices must be publicly notified along with consumer guidance.