The Australian Government has officially enacted the Cyber Security (Security Standards for Smart Devices) Rules 2025, a landmark regulation designed to strengthen the cybersecurity of smart devices sold or used in Australia. This new instrument, made under the Cyber Security Act 2024, was registered on March 4, 2025 and introduces mandatory compliance standards for connectable smart devices.
The key enforcement date is March 4, 2026, giving manufacturers and suppliers a 12-month window to align with the newly introduced security requirements.
What the Cyber Security Rules Cover
The Rules apply to “relevant connectable products” — any smart device that can directly or indirectly connect to the internet — and are aimed at protecting consumers from poorly secured IoT products.
The regulation includes:
- Mandatory unique or user-defined passwords
- Clear processes for reporting security vulnerabilities
- Published support periods for security updates
- Obligatory statements of compliance from manufacturers
Smart home devices, wearables, connected appliances, and similar products are affected — excluding smartphones, laptops, tablets, vehicles, and medical devices.
For more information on market access and compliance in Australia, contact iCertifi today. Our experts are here to help you navigate regulatory requirements and ensure your smart devices meet all applicable standards.