Australia - Attorney-General announces telecommunications sector security reforms The Australian Government has announced its proposal for security reforms in the telecommunications sector, with the release of the draft Telecommunications and Other Legislation Amendment Bill 2015 on 26 June 2015. This new regulatory framework aims to strengthen industryto-government engagement and information sharing practices, and to deal with the potential for the misalignment of commercial interests and national security concerns. A key feature of the draft bill is to impose a duty on carriers, CSPs and carriage service intermediaries (intermediaries) to "do their best" to protect telecommunications network and facilities from unauthorised interference or access. The draft bill also provides new powers for the Attorney-General to give directions to a carrier, CSP or intermediary in circumstances involving a risk to security, including a direction to suspend supply of carriage services. However, the Explanatory Memorandum advises that such a power should only be exercised in the context of the most "extreme national security risks". The draft bill also establishes a process for the Attorney-General's delegate to obtain information from carriers, CSPs and intermediaries that is relevant to their duty to protect networks and facilities from cyber attacks. Once collected, this information can be disclosed for the assessment of the risk to the protection duty, or for the purposes of "security". Examples of the types of information which the delegate may require are provided in the EM, and include procurement plans, network or service design plans, tender documentation, contacts, etc. Consistent with ACMA's information gathering powers under the Telecommunications Act 1997 (Cth) (Telco Act), a person is not excused from giving information or producing documents on grounds of self-incrimination. A cloud of uncertainty still follows the standard of compliance required of a carrier, CSP or intermediary to "do its best" to protect telecommunications networks and facilities, which is the same standard of compliance already required under section 313 of the Telco Act to prevent networks and facilities being used in the commission of offences. The EM provides some clarification by stating that this obligation requires carriers, CSPs and intermediaries to take "all reasonable steps" and "demonstrate effective control and competent supervision of its network and systems". Whilst the government has recognised that implementation of the bill would increase the regulatory burden on the telecommunications industry (by providing a 6 month grace period for compliance), it is still unclear how the proposal will be funded. Neither the draft bill nor the EM provides for the introduction of a levy, as some had anticipated. Submissions on the proposed legislation can be made to the Cyber and Identity Security Policy Branch until 31 July 2015. A copy of the draft bill is available here. For more information, please contact Anne-Marie Allgrove, Toby Patten, Jarrod Bayliss-McCulloch or Grace Loukides.