Background
On March 5, 2025, the Australian Government officially released the Cybersecurity (Security Standards for Smart Devices) Rules 2025 (hereinafter referred to as the “New Rules”), establishing mandatory cybersecurity requirements for consumer-grade smart devices. As a core supporting regulation under the Cybersecurity Act 2024, the Rules will come into full effect on March 4, 2026, setting internationally leading security benchmarks for the Australian smart device market.
Scope of Products
- In Scope: Personal and household smart products with networking capabilities, such as smart home devices, wearables, smart printers, routers, and gateways.
- Exempt Products: Desktop computers, laptops, tablets, smartphones, medical devices, as well as road vehicles and their components.
Key Requirements
The New Rules mandate that manufacturers and distributors must comply with four mandatory standards:
- Password Security Revolution: Universal default passwords are completely banned. Devices must generate a unique password upon first activation or require users to set a custom password.
- Vulnerability Response Mechanism: Establish a vulnerability reporting channel and initiate an emergency response process upon receiving a report.
- Transparent Update Lifecycle: Clearly state the security update support period.
- Standardized Compliance Declaration: Provide an electronic declaration document at the point of sale containing product batch, manufacturer information, and other required elements. This documentation must be retained for five years.
Official Announcement: https://www.legislation.gov.au/F2025L00276/asmade/text
For Australia’s Smart Device Cybersecurity Standard Rules, Anbotek provides manufacturers with testing & assessment reports and compliance certification services, supporting businesses to smoothly achieve product compliance and gain a competitive edge in the market.
Post time: Jul-24-2025
