internet law

The Australian Cyber Law Map – overview

HomePrivate: BlogIndustry expertiseCyber security consultantsThe Australian Cyber Law Map – overview

by

reviewed by

Malcolm Burrows

Reading Time:

3–4 minutes

The Australian Cyber Law Map (Map) is a collaborative guide intended to help legal practitioners navigate through the detailed and complicated legal landscape of Australian cyber-related legislation and case law. Within the Map, the ever-evolving area of cyber law has existing principles and new development categorises.  The Map and the categories it focuses on can be easily understood via the following visualisation.

australian-cyber-law-map-table

This article discusses the Map and its key benefits and applications.

The Map’s benefits

The Map provides some clarity, in an area of law that is developing at such a substantial rate that it is difficult for practitioners to keep abreast of changes.  Added to this challenge is the lack of certainty in Australia’s cyber laws.  That is to say, new and rapid technological developments may demand responsive legislative implementations.  There is no dedicated instrument intended solely to respond to the, often positively, disruptive impact that innovative technologies have in various areas of law.  For example, there is no legislation governing the interface between cyber law and the law surrounding commercial enterprises.

Notwithstanding that such interface will often result in safer, more secure commercial dealings, for example, smart contracts protected through blockchain technology, the interface, and other cyber developments, need to be regulated to ensure fairness and deter opportunistic misdealing.

Applications

The Map details how, in the context of an increasingly digital commercial scene, common cyber issues or disputes may give rise to legal remedies. The Map considers how existing legal principles surrounding contracts, directors’ duties and mergers and acquisitions interact with cyber law.  For example, the Map discusses established common law principle, the doctrine of frustration,[1] to modern circumstances.  The Map states that negligence may prevent a party from relying on frustration in response to a cyber risk, such as where careless mistakes are involved.[2]

On a larger scale, the project is contributing to societal welfare by bringing to the forefront of the legal profession expert analysis of how cyber-law may interact with and protect critical infrastructure.  The Map considers the Australian Government’s Critical Infrastructure Resilience Strategy (Strategy) in order to provide analysis which may be assistive in policy decisions.  The Strategy provides the following definition for critical infrastructure:

…those physical facilities, supply chains, information technologies and communication networks, which if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic wellbeing of the nation, or affect Australia’s ability to conduct national defence and ensure national security.

One would need to look no further than the recent cyber-attack on the Colonial Pipeline to understand the importance of legislative and policy protections being in place to prevent or deter such attacks.  Proper legislative safeguards surrounding cyber-security will protect critical infrastructure’s continued operation in the face of all hazards.  The Map is assistive in bringing about this end by being a mechanism for the recognition and communication of legal analysis performed by leading experts in the field of cyber law.

Takeaways

The Map aims to guide the legal profession across areas of cyber law in the country and its application to certain areas of law.  These areas are: Commercial Enterprises, Cyber Offences, Infrastructure, International Law, National Security and Personal Rights.  The Map strives to provide clarity amongst the challenges of practicing in the ever-changing legal landscape of Australian cyber law.  What has been evidenced so far is the Map providing frameworks for certain issues such as when negligence can impact on the doctrine of frustration in contract law matters.

Further information about Australian cyber law

If you need advice on the evolving area of Australian cyber law, contact us for a confidential and obligation-free discussion:


Related insights about Australian cyber law

  • Malcolm Burrows on ABC’s “Legal Eagles” segment – artificial intelligence law

    Malcolm Burrows on ABC’s “Legal Eagles” segment – artificial intelligence law

    On 30 July 2025, Malcolm Burrows appeared live on Katherine Feeney’s ABC Radio program, “Legal Eagles” as the Technology and Intellectual Property Lawyer to discuss legal issues associated with the adoption of artificial intelligence.

    Read more …

  • Ransomware payment reporting obligations

    Ransomware payment reporting obligations

    A “Ransomware Attack” is a cyber security breach in which a malicious actor gains unauthorised access to a computer system or network and then encrypts, exfiltrates, or otherwise compromises data or functionality.[1]  Ransomware Attacks have become increasingly sophisticated, financially motivated, and disruptive across all sectors, prompting legislative intervention to regulate responses and improve national cyber…

    Read more …

  • How are Google and Microsoft implementing age verification?

    How are Google and Microsoft implementing age verification?

    From 27 December 2025, all ‘internet search engine services’ operating in Australia will be legally required to comply with Schedule 3 – Internet Search Engine Services Online Safety Code (Class 1C and Class 2 Material) (Code) registered under the Online Safety Act 2021 (Cth) (eSafety Act).  The Code, registered by the eSafety Commissioner on 27…

    Read more …

  • Risks when implementing retrieval-augmented generation systems

    Risks when implementing retrieval-augmented generation systems

    Retrieval-augmented generation (RAG) is an artificial intelligence (AI) system architecture that combines large language models (LLMs), such as GPT-4, with external data retrieval processes.

    Read more …

  • What is the US Take It Down Act?

    What is the US Take It Down Act?

    The Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act (Take It Down Act ) is a United States (US) federal law enacted on 19 May 2025. The Take It Down Act amends 47 U.S. Code § 223 (Code) of the Communications Act 1934 (US) (Communications Act) by establishing new…

    Read more …

  • QITC IT contracts framework an introduction

    QITC IT contracts framework an introduction

    In August 2017, the Queensland Government introduced the Queensland Information Technology Contracting (QITC).  The QITC framework replaces the Government Information Technology Contracting (GITC) framework.  It was designed for the purpose of guiding all Queensland Government Information and Communications Technology (ICT) contracts.

    Read more …

  • Federal parliament enacts cyber security legislation

    Federal parliament enacts cyber security legislation

    On 25 November 2024, the Australian Parliament passed a suite of legislation, collectively referred to by the Australian Government as the Cyber Security Legislative Package 2024.  The purported impetus for this legislation was a series of high-profile data breaches in 2022 and 2023.

    Read more …

  • Domain name disputes – a summary of the process

    Domain name disputes – a summary of the process

    A domain name is a string of text that maps to an alphanumeric IP address, enabling users to access websites through client-side software.[1]  Domains can be valuable business assets, and they frequently become the subject of disputes regarding the legitimacy of their registration among organisations with competing rights.

    Read more …

  • New OAIC guidance on Artificial Intelligence

    New OAIC guidance on Artificial Intelligence

    On 21 October 2024, the Office of the Australian Information Commissioner (OAIC) published two (2) new guides on artificial intelligence (AI), purportedly in effort to make privacy compliance easier for business.

    Read more …

Send this to a friend