Unlock unlimited alerts, exports & API access — RuleWatch Pro at $29/mo

Regulation dossier

Australia

Security of Critical Infrastructure ERP Act 2024

CybersecurityIn Effect

A focused view of the rule, its enforcement posture, and the timeline teams should keep in their operating plan.

Plain-English summary

What this regulation means

Built for operators

Australia's 2024 ERP Act updates the Security of Critical Infrastructure regime with stronger powers to manage consequences of incidents and to address deficient risk management programs. It affects operators of critical infrastructure and critical telecommunications assets, including some data storage systems that hold business-critical data. The reforms are part of the broader cyber legislative package tied to the 2023-2030 Cyber Security Strategy.

Reading guide

Use the timeline below to see how the rule progressed from enactment to current obligations.

Related regulations surface adjacent requirements in the same jurisdiction or policy lane.

Timeline

Regulatory lifecycle

Sequence: Royal Assent -> Additional Commencement
  1. 1

    Nov 29, 2024

    Royal Assent

    Australia assented to the ERP Act updating its critical infrastructure framework.

  2. 2

    Mar 12, 2025

    Additional Commencement

    Further ERP Act provisions commenced under the 2025 proclamation timetable.

Pro feature

📊 Stay ahead of this regulation

Get email alerts when this regulation changes and export records to CSV for your compliance workflow — available with RuleWatch Pro.

  • →Email alerts when this regulation is updated or enforced
  • →Export to CSV or JSON for compliance reporting
  • →API access to integrate regulation tracking into your workflows
See what's included

Subscribe for regulation alerts

Get alerts for this regulation →

Free weekly digest for compliance professionals following material legal changes.

No spam. Professional updates only.

Free to join. Unsubscribe anytime.

Related regulations

What else belongs on the watchlist

Pulled from the same jurisdiction or category so teams can compare adjacent obligations quickly.

Australia

Online Safety Amendment (Social Media Minimum Age) Act 2024

Age VerificationIn Effect

Australia amended its online safety regime to require providers of age-restricted social media platforms to take reasonable steps to prevent under-16 users from holding accounts. The framework affects covered social platforms serving Australian users and relies on age-assurance systems rather than mandating government digital ID. It also gives the eSafety Commissioner implementation and oversight responsibilities.

Effective
Dec 10, 2025
View detail

Texas, United States

Texas Cybersecurity Program

CybersecurityIn Effect

Texas gives certain businesses a safe harbor from exemplary damages after a breach if they implemented and maintained a qualifying cybersecurity program. It affects Texas businesses that handle sensitive personal information and pushes them toward recognized cybersecurity frameworks and scaled security controls.

Effective
Sep 1, 2025
View detail

United States

FTC Safeguards Rule Update

CybersecurityAmended

The FTC Safeguards Rule requires covered non-bank financial institutions to maintain a written information security program with risk assessments, qualified oversight, access controls, encryption, and monitoring. Updated requirements also added mandatory breach reporting to the FTC for certain notification events. The rule affects lenders, mortgage brokers, auto dealers, and other financial institutions under FTC jurisdiction.

Effective
May 13, 2024
View detail