Introductory Info
Date of introduction: 30 July 2025
House introduced in: House of Representatives
Portfolio: Attorney-General
Commencement: Schedules 1 and 5: 6 months after Royal Assent. Schedules 2–4: the day after Royal Assent.
Purpose and structure of the Bill
The Strengthening Oversight of the National Intelligence Community Bill 2025 amends the Inspector General of Intelligence and Security Act 1986 (IGIS Act), the Intelligence Services Act 2001 (IS Act) and other Commonwealth legislation to provide expanded oversight arrangements for Australian national intelligence agencies. It does this by, among other things:
Many of the amendments in the Bill reflect amendments earlier introduced in the Intelligence Services Legislation Amendment Bill 2023 (ISLAB), which lapsed at dissolution of 47th Parliament. That Bill was referred to the PJCIS for inquiry and 10 submissions were received. However, the PJCIS did not report on the Bill before the dissolution of the Parliament.
Amendments relating to the Independent National Security Legislation Monitor (INSLM), contained in Schedule 4 of this Bill, are newly included since ISLAB. The below analysis is largely consistent with, and relies on analysis contained in the previous Bills Digest for the ISLAB.
Australia’s National Intelligence Community and Oversight Framework
Australia’s National Intelligence Community (NIC) is made up of 10 agencies: Australian Criminal Intelligence Commission (ACIC), Australian Federal Police (AFP), Australian Geospatial-Intelligence Organisation (AGO), Australian Security Intelligence Organisation (ASIO), Australian Secret Intelligence Service (ASIS), Australian Signals Directorate (ASD), Australian Transaction Reports and Analysis Centre (AUSTRAC), Defence Intelligence Organisation (DIO), Department of Home Affairs (Home Affairs) and Office of National Intelligence (ONI).
While there is a regulatory and oversight framework for each of these agencies, three oversight agencies play a concerted role in relation to broad oversight of intelligence activities: IGIS, PJCIS, and the Independent National Security Legislation Monitor (INSLM). However, much of this oversight is also concealed for security reasons. This tension lies at the heart of NIC oversight. As the 2019 Comprehensive Review (also known as the Richardson Review, after Dennis Richardson who conducted the review) noted:
Intelligence agency oversight, by its nature, differs from oversight of other government agencies. Intelligence oversight in democracies must grapple with a permanent conundrum: how to provide democratic control of those government functions and agencies which are necessary for the state’s security but which must also operate—to a certain extent—in secrecy (volume 3, p. 236).
In describing the need for the amendments, the Attorney-General has stated:
National security threats are becoming increasingly complex and interconnected, requiring greater collaboration and engagement between the agencies in the National Intelligence Community. To respond to these threats, intelligence agencies are entrusted with significant powers to protect Australians from those who would seek to do us harm. Achieving this outcome requires balancing national security interests and the preservation of essential individual liberties. Enabling uniform oversight across the agencies will ensure their intelligence capabilities are subject to rigorous and specialised oversight, commensurate with their significant powers.
In her second reading speech, the Attorney-General also stated that ‘[t]he existing oversight regime is strong but, as the national intelligence community evolves to meet the complex and dynamic security challenges it faces, the oversight framework must move with it.’
Previous NIC Inquiries
A timeline of previous intelligence reviews can be found in the PJCIS Advisory Report on the Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020 (Advisory Report on Integrity Measures Bill) (Appendix C, pp. 41–56). However, it is briefly worth referring to two recent reviews that consider, among other things, the more contemporary NIC oversight framework.
2017 Independent Intelligence Review
In relation to NIC oversight, the 2017 Independent Intelligence Review (2017 Intelligence Review) concluded that there was ‘a compelling case for a consistent oversight regime to apply to all the intelligence capabilities that support national security, across the ten agencies of the NIC’ (p. 116). While the 2017 Intelligence Review recommended that the oversight of the PJCIS and the IGIS be expanded to all ten NIC agencies (Recommendation 21), it concurrently noted that oversight of the AFP, ACIC and then-Department of Immigration and Border Protection (DIBP) be ‘limited to their intelligence functions’. The 2017 Intelligence Review went on to note that:
Given the breadth of the functions of the AFP, ACIC and DIBP, and the complementary oversight arrangements, it would be neither appropriate nor necessary to expand the role of the PJCIS or the IGIS beyond the exercise of intelligence capabilities that contribute to national security. (p. 116).
2019 Comprehensive Review
The 2019 Comprehensive Review agreed with some but not all of the 2017 Intelligence Review recommendations. For instance, the 2019 Comprehensive Review did not endorse the 2017 Intelligence Review’s recommendation that the role of the IGIS be expanded to apply to all ten NIC agencies (see volume 1, p. 55–56).
Lapsed NIC Oversight Legislation
Intelligence Services Legislation Amendment Bill 2023
In June 2023, the Government introduced the Intelligence Services Legislation Amendment Bill 2023 (ISLAB), which lapsed at dissolution of 47th Parliament. The Bills Digest for the ISLAB considers its proposed amendments in detail. This Bill includes a number of the provisions that were previously contained in the ISLAB.
Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020
The Intelligence Oversight and Other Legislation Amendment (Integrity Measures) Bill 2020 (Integrity Measures Bill) was introduced in December 2020. The Integrity Measures Bill responded to recommendations proposed in the 2017 Intelligence Review and the 2019 Comprehensive Review. Among other things, the Integrity Measures Bill proposed to expand the power of the IGIS to conduct oversight of the intelligence functions of the ACIC and AUSTRAC.
The Integrity Measures Bill was referred to the PJCIS on 10 December 2020, which undertook an inquiry into the Bill and tabled its Report on 9 February 2022. The Bills Digest for the Integrity Measures Bill more comprehensively considers its amendments. However, the Bill was never debated and lapsed when Parliament was dissolved on 11 April 2022.
Despite the Bill lapsing, the ACIC (but not AUSTRAC) was included in section 3 of the IGIS Act by the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021. This meant that IGIS had oversight over ACIC’s intelligence functions relating to network activity warrants.
Committee consideration
On 31 July 2025, Australian Greens Senator David Shoebridge sought to move an amendment to a report by the Senate Selection of Bills Committee, providing that the Bill be referred for inquiry by the Senate Legal and Constitutional Affairs Legislation Committee. This motion was not successful.
The PJCIS has commenced an inquiry into the Bill, with submissions due by 25 September 2025.
Key Issues and Provisions
Inspector-General: expanded oversight
The Inspector-General of Intelligence and Security (IGIS) is an independent statutory office that provides oversight of Australia’s intelligence agencies. The IGIS is regulated by the IGIS Act.
IGIS currently has oversight of six Australian intelligence agencies: AGO, ASD, ASIO, ASIS, DIO and ONI, as well as oversight over the intelligence functions of the AFP and the ACIC being the use of network activity warrants by both the AFP and ACIC under the Surveillance Devices Act 2004. The Bill amends the IGIS Act to provide IGIS varying levels of oversight of all ten NIC agencies (item 3, Schedule 1).
This Bill proposes that IGIS will have total oversight over the ACIC, instead of just its intelligence functions relating to network activity warrants. Currently, the ACIC is defined in section 3 of the IGIS Act as an intelligence agency but only in relation to its intelligence functions. This Bill removes the ACIC from the more limited definition of intelligence agency based on its intelligence functions and newly defines it as an intelligence agency (item 3, Schedule 1). This means that the IGIS has oversight over all ACIC activities.
The Bill expands IGIS oversight of the intelligence functions of the AFP (which is currently limited to network activity warrants), and newly includes AUSTRAC and Home Affairs, limited to their intelligence functions. The current definition of intelligence function contained in the IGIS Act is repealed (item 4, Schedule 1) and the meaning of intelligence function, defined separately for the AFP, AUSTRAC, and Home Affairs, is introduced in proposed section 3A to the IGIS Act (item 6, Schedule 1).
These changes to the definition of intelligence agency partly comport with the 2017 Intelligence Review (Recommendation 21, p. 21) but differ by providing IGIS with complete oversight of the ACIC rather than being limited to its intelligence function. The 2019 Comprehensive Review (Vol 1, pp. 55–56) noted that while there was a stronger case for IGIS oversight of ACIC and AUSTRAC’s intelligence activities, there was potential for confusion regarding the AFP’s oversight arrangements and questioned the value and necessity of including Home Affairs. IGIS oversight changes relating to the ACIC, AFP, AUSTRAC and Home Affairs are discussed in detail below.
Australian Criminal Intelligence Commission (ACIC)
The ACIC is Australia’s national criminal intelligence agency, responsible for combatting threats to Australia from transitional serious and organised crime. Currently, the IGIS is limited to inquiring into the ACIC’s intelligence function, which is restricted to network activity warrant related functions, including the collection, correlation, analysis, production and dissemination of intelligence obtained from such warrants. The 2017 Intelligence Review considered that PJCIS and IGIS oversight, in relation to the ACIC, should be ‘limited to [its] intelligence functions’ (p. 21). However, the Bill redefines the ACIC as an intelligence agency (see item 3 of Schedule 1).
The basis of holistically defining the ACIC as an intelligence organisation is, as outlined in the Explanatory Memorandum (p. 18) that ‘its intelligence functions, include those of collecting, correlating, analysing and disseminating criminal information and intelligence … are inseparable from its other functions.’
One of the functions performed by ACIC is conducting criminal intelligence assessments in relation to employment in the aviation or maritime sectors (see section 36B of the Australian Crime Commission Act 2002 (ACIC Act)). This may result in the ACIC giving an adverse criminal intelligence assessment in respect of a person (section 36C of the ACIC Act). A person in respect of whom an adverse criminal assessment is made can apply to the Administrative Review Tribunal (ART) for review of the decision (section 36F of the ACIC Act) and that review will be conducted in the Intelligence and Security jurisdictional area of the ART (section 134 of the Administrative Review Tribunal Act 2024 (ART Act).
Item 2 of Schedule 2 amends the definition of exempt security record decision in the ART Act so that a decision by the National Archives of Australia in relation to access to an ACIC record relating to a criminal intelligence assessment will similarly only be reviewable by the Intelligence and Security jurisdictional area of the ART.
Oversight of ACIC examinations
The ACIC’s coercive powers, similar to those of a Royal Commission, are used in special operations and special investigations to obtain information where the Board of the ACIC determines that it is in the public interest to do so. These extraordinary coercive powers, which include compelling witnesses to answer questions and produce documents, are exercised by independent statutory officers, known as ‘Examiners’, who perform their functions in accordance with Division 2 of Part II of the Australian Crime Commission Act 2002 (ACC Act). Examiners must be legal practitioners who have been enrolled as such for at least 5 years (subsection 46B(3), ACC Act). Examiners are authorised to compel people to give evidence for the purposes of special ACIC operations or investigations.
Currently, IGIS is unable to inquire into any action taken by an ACIC Examiner (subsection 8(3B), IGIS Act). Item 11 of Schedule 1 of the Bill repeals subsection 8(3B) of the IGIS Act and replaces it with a provision that authorises the IGIS to inquire into the ACIC. Coupled with the full inclusion of the ACIC as an intelligence agency, this amendment allows the IGIS, at the request of the Attorney-General or the responsible Minister or on its own motion, to inquire into any ACIC matter including in relation to:
- compliance by the ACIC with Commonwealth, State and Territory laws, or Ministerial Guidelines
- the propriety of particular activities of the ACIC
- the effectiveness and appropriateness of the procedures of the ACIC relating to the legality or propriety of its activities and
- an act or practice of the ACIC which may be inconsistent or contrary to any human rights, or practices that may constitute discrimination.
In relation to ACIC examinations, items 21 and 24 of Schedule 1 repeal and replace sections 9B and 19A, respectively, of the IGIS Act to authorise IGIS to enter any place where a person is either being questioned or apprehended under ASIO’s compulsory questioning powers (Division 3, Part III of the Australian Security Intelligence Organisation Act 1979 (ASIO Act)) or detained under section 31 or section 34D of the ACC Act. An ACIC Examiner may prevent an IGIS official from being present in certain circumstances that could harm any persons or impact the effectiveness of the examination (item 127, Schedule 1).
Recent Independent Review into the ACIC
The Bill’s amendments in relation to the ACIC appear to align with the recommendations of the Independent Review of the Australian Criminal Intelligence Commission and associated Commonwealth law enforcement arrangements, which included positioning ACIC as ‘Australia’s national criminal intelligence agency’ (Final report, p. 7). Additionally, Recommendation 15 called for parliamentary oversight of the ACIC to be exercised by PJCIS, and for IGIS to oversee the ACIC, replacing the Commonwealth Ombudsman (p. 12).
Australian Federal Police (AFP)
Currently, the IGIS has oversight of AFP activity related to network activity warrants, including the relevant provisions outlined in the Surveillance Devices Act (see subsection 8(3A) and the definition of ‘intelligence function’ in subsection 3(1) of the IGIS Act).
A revised definition of intelligence function for the AFP is set out in proposed subsection 3A(1) of the IGIS Act (item 6, Schedule 1). The new definition includes—and therefore allows IGIS to oversee—functions relating to the collection, correlation, analysis, production and dissemination of intelligence by the AFP to support the performance of prescribed AFP functions under the Australian Federal Police Act 1979 and relating to network activity warrants under the Surveillance Devices Act. For avoidance of doubt, the Bill notes that intelligence function does not mean the arrest, charging or detention of suspected offenders; or the gathering of evidence and its related actions, meaning IGIS cannot oversee these activities (item 6, Schedule 1).
Australian Transaction Reports and Analysis Centre (AUSTRAC)
AUSTRAC has dual regulatory (as Australia’s anti-money laundering and counter-terrorism financing regulator) and intelligence functions. Currently, IGIS is not authorised to inquire into AUSTRAC. The Bill will authorise IGIS to oversee the intelligence functions of AUSTRAC (item 3, Schedule 1).
For AUSTRAC, ‘intelligence function’ is defined in proposed subsection 3A(3) of the IGIS Act (item 6, Schedule 1). This includes—and therefore allows IGIS to oversee—the collection, correlation, analysis, production and dissemination of intelligence, in accordance with AUSTRAC’s financial intelligence functions under the Anti-Money Laundering and Counter Terrorism Financing Act 2006.
Department of Home Affairs
Currently, the IGIS does not have authorisation to inquire into Home Affairs’ functions. The Bill authorises IGIS to oversee the intelligence function of Home Affairs (item 3, Schedule 1). The intelligence function for Home Affairs is defined in proposed subsection 3A(4) of the IGIS Act (item 6, Schedule 1) and, in contrast to both the AFP and AUSTRAC, Home Affairs intelligence functions will be prescribed by regulations. This is justified as follows in the Explanatory Memorandum (p. 23):
Home Affairs is a department of State and as such is subject to changes to its mandate through executive action, in contrast to statutory agencies (such as the ACIC, AFP and AUSTRAC) who have a legislatively prescribed set of functions.
Many of Home Affairs’ intelligence functions are not legislated and cannot be directly linked to specific legislated functions, instead being provided for in the Administrative Arrangements Order. This means that Home Affairs’ intelligence functions may change, including to add new intelligence functions, quickly and with potential frequency.
This reflects Recommendation 16 of the 2019 Comprehensive Review (volume 1, p. 11) which recommended that the intelligence functions of Home Affairs not be specified in legislation. However, the 2019 Comprehensive Review (volume 3, p. 262) also stated that ‘Home Affairs has existing and effective oversight mechanisms for a department of state’ and accordingly questioned ‘the value of adding more oversight [referring to IGIS]’.
Information sharing and reporting
Division 4 of Part II of the IGIS Act imposes reporting requirements on the IGIS. These requirements include providing reports setting out the IGIS’s conclusions and recommendations on inquiries (other than preliminary inquiries) under section 22 of the IGIS Act. Currently the IGIS is required to provide such reports to the responsible Minister. The Attorney-General and/or Prime Minister must also be given a copy of the report if they requested the inquiry, the responsible Minister asks for a copy to be given, or the IGIS considers it appropriate to do so. Items 26 and 27 of Schedule 1 will amend section 22 to require these reports to be provided to the Attorney-General in all cases and for the Prime Minister to be given a copy if they requested the inquiry, they request a copy or the IGIS considers it appropriate to provide one to them.
Part IIIA of the IGIS Act largely regulates how the IGIS interacts with other agencies and persons, including through information sharing arrangements. The Bill will insert an avoidance of doubt provision at proposed section 32AEA of the IGIS Act (item 31, Schedule 1) which states that IGIS may share information or documents about its exercise of powers, or performance of functions or duties, with the Attorney-General and other responsible Ministers.
In relation to ACIC Examinations, the Bill inserts proposed section 32AFA (item 32, Schedule 1) into the IGIS Act to authorise IGIS to disclose and share ACIC examination material. However, before IGIS can do so, it must consult with the CEO of ACIC to ensure the sharing of such information will not be prejudicial to a person’s safety, to a fair trial, or to an ACIC operation or investigation.
Warrant information to be provided to IGIS
In relation to certain surveillance device warrants or computer access warrants issued under the Telecommunications (Interception and Access) Act 1979 (TIA Act)—being either a Part 5.3 warrant (issued in relation to control orders and extended supervision orders imposed under Part 5.3 of the Criminal Code) or a Part 9.10 warrant (issued in relation to community safety detention orders and community safety supervision orders)—currently within 6 months of the warrant being issued, the chief officer of the agency that requested the warrant must notify the Ombudsman and provide a copy of the warrant (sections 59B and 59C of the TIA Act). Reflecting the transfer of responsibility for oversight of ACIC from the Ombudsman to the IGIS, items 328 to 332 of Schedule 1 amend section 59B and 59C to require the notification and copy of the report to be provided to the IGIS rather than the Ombudsman, where the ACIC is the requesting agency.
If a journalist information warrant (issued under Division 4C of Part 4-1 of the TIA Act) is issued to the ACIC, the chief officer of the ACIC must, as soon as practicable, give a copy of the warrant to the Ombudsman (paragraph 185D(5)(b) of the TIA Act). Item 345 of Schedule 1 amends section 185D to provide that the chief officer of the ACIC must, as soon as practicable, give copies of the warrant to the responsible Minister and IGIS, and the Minister must, as soon as practicable, cause the PJCIS to be notified of the issuing of the warrant (item 345, Schedule 1). As set out in the Explanatory Memorandum, this ‘reflects the expansion of the jurisdictions of the IGIS and the PJCIS to include all of the ACIC and the subsequent carve out of the ACIC from the Ombudsman’s jurisdiction’. Additionally, item 346 of Schedule 1 provides that if the ACIC is authorised under Division 4 of Part 4-1 of the TIA Act to identify media sources under a journalist information warrant, then a copy of that authorisation must also be provided to the IGIS (rather than the Ombudsman, as required by the current provision).
PJCIS: expanded oversight
The PJCIS is a parliamentary committee constituted under Part 4 of the IS Act and its role includes reviewing the administration and expenditure of ASIO, ASIS, AGO, ASD, DIO and ONI, as well as reviewing any matter in relation to these six agencies as referred by the relevant Minister, the Attorney-General or either House of Parliament (section 29, IS Act).
Potential expansion of the powers and jurisdiction of the PJCIS has been the subject of disagreement between the various reviews, as noted by PJCIS in the Advisory Report on Integrity Measures Bill:
The Committee notes the conflicting positions of the Independent Intelligence Review (IIR) and 2019 Comprehensive Review of the Legal Framework of the National Intelligence Community (Richardson Review) in relation to the role of the Parliamentary Joint Committee on Intelligence and Security (PJCIS). The IIR recommended that the oversight role of the PJCIS be expanded to all agencies which make up the National Intelligence Community (NIC). The Richardson Review did not make recommendations to expand the oversight role of the PJCIS to further intelligence agencies, however commented that there was a strong case for Inspector-General of Intelligence and Security (IGIS) oversight of the ACIC and AUSTRAC intelligence functions. (p. 31)
A recent Australian Strategic Policy Institute publication on the work of the PJCIS has described it as at a ‘critical juncture’ and argued that the PJCIS is ‘being asked to do too much, and too much outside of its specific intelligence oversight role’ (p. 9). The Explanatory Memorandum notes that the Government has committed $1.3 million over 4 years from 2023–24 and $0.3 million ongoing, to support the expanded jurisdiction of the PJCIS (p. 6).
The functions of the PJCIS are currently outlined in section 29 of the IS Act. This Bill makes amendments to section 29 to reflect the inclusion of the four new NIC agencies: the ACIC in its entirety, and the performance of intelligence functions of the AFP, AUSTRAC and Home Affairs (items 52–66, Schedule 1). The inclusion of these agencies into the remit of the PJCIS mirrors IGIS’ proposed jurisdiction over the ten NIC agencies, discussed above. Accordingly, PJCIS will be authorised to review:
- the full administration and expenditure of the ACIC and
- the administration and expenditure of the performance of the AFP, AUSTRAC, and Home Affairs but only to the extent that it relates to their intelligence functions (item 52, Schedule 1).
Additionally, the PJCIS will be authorised to review matters that are referred to it by responsible Ministers, the Attorney-General, or a resolution of either House of the Parliament in relation to the ACIC (item 53, Schedule 1); any proposed reforms to, or the expiry, lapsing or cessation of legislation relating to counter-terrorism or national security as the Committee sees fit (item 54, Schedule 1); and to monitor and review the performance of the AFP, AUSTRAC or Home Affairs intelligence functions (proposed paragraph 29(1)(bad), item 55, Schedule 1).
PJCIS inquiry request to IGIS
Currently, the PJCIS may request that the Inspector-General of Intelligence and Security brief the Committee for the purpose of the Committee performing its functions. The Bill introduces proposed section 29(2A) into the IS Act (item 59, Schedule 1) which allows the PJCIS to request IGIS to inquire into a matter relating to the legality and propriety of the operational activities of an agency or other body, where such an inquiry is within IGIS’ functions under section 8AA of the IGIS Act (which is introduced in item 17, Schedule 1) and does not relate to an individual complaint about the activities of the agency or body. While the PJCIS may request the IGIS to undertake such inquiries, ‘the IGIS has discretion in deciding whether to conduct any such inquiry and would not be required to comply with a request’ (Explanatory Memorandum, p. 28).
If IGIS completes an inquiry at the request of PJCIS, then it must take reasonable steps to provide a written response relating to the inquiry to PJCIS, unless doing so would prejudice security, the defence of Australia or Australia’s relations with other countries (proposed section 22A of the IGIS Act, item 28, Schedule 1). IGIS must also provide a copy of the response to the responsible Minister and may give the response to the Attorney-General and/or Prime Minister (proposed subsection 22A(7)).
This proposal was recommended in the 2017 Intelligence Review (Recommendation 23, p. 22) and endorsed by the 2019 Comprehensive Review, which stated that this ability for PJCIS to request IGIS conduct an operational inquiry would give the Committee ‘a more active role in agency oversight, facilitating matters of public concern being brought to the IGIS’ attention, increasing the PJCIS’s visibility of the IGIS’ review of such matters’ (volume 1, p. 55).
PJCIS briefing-request list
Section 30 of the IS Act currently allows the PJCIS to request briefings for the purpose of performing its functions. Item 69 of Schedule 1 expands the list of persons that PJCIS may request briefings from to include: the Secretary of Home Affairs; the CEO of AUSTRAC; the CEO of ACIC; the INSLM; and the head of an agency if its functions relate to a matter being considered by the PJCIS. Item 68 provides that the list in section 30 does not limit who the Committee may request a briefing from (that is, it is not an exclusive list).
PJCIS disclosure of information
Subclause 7(1) in Schedule 1 of the IS Act currently lists certain information that the PJCIS must not disclose in a report to a House of the Parliament, including certain operationally sensitive information or the identity of a person who has been a staff member of ASIO, ASIS, AGO or ASD. Item 80 of Schedule 1 of the Bill proposes new types of information that must not be disclosed, including information that has a national security classification (unless the agency head provides written authority to disclose such information) or which, if disclosed, could:
- reveal the existence or identity of a confidential source of information to any agency
- endanger a person’s life or physical safety
- prejudice the protection of public safety
- prejudice a fair trial
- prejudice the proper enforcement of the law
- unreasonably disclose confidential commercial information.
The Explanatory Memorandum states that these categories of information have been proposed because the new agencies under PJCIS oversight
… are likely to deal with information that may not constitute national security information, yet is still appropriately sensitive to warrant limited disclosure, particularly to the public-at-large through a report to a House of the Parliament (p. 53).
PJCIS security clearance considerations
Subclause 17 in Schedule 1 of the IS Act stipulates administrative requirements for PJCIS meetings. Items 81–82 of Schedule 1 of the Bill introduce new requirements for meetings where classified information may be discussed. This includes that the Chair of the Committee must obtain and follow advice from the agency head for each agency producing classified information regarding the suitability of security arrangements for the meetings including, and perhaps especially, for virtual meeting technology (proposed subclause 17(3)).
Additionally, changes have been proposed regarding security clearance levels for PJCIS staff. Currently, staff members of the PJCIS must have security levels at the same level as staff of ASIS (clause 21 in Schedule 1, IS Act). Item 83 of Schedule 1 amends this section, to ensure that staff members of PJCIS must be cleared for security purposes at least at a level and frequency that is appropriate for access to information and systems the staff member requires in accordance with the Protective Security Policy Framework, and acceptable to all agency heads. This reflects ‘practical implications of the change in the PJCIS’s work over time, including the increase in public hearings’ (Explanatory Memorandum, p. 55), and that not all staff require such high level clearances.
Defence officials exemption from certain civil and criminal liability
Distinct from the other Schedules in the Bill, Schedule 3 provides exemption from criminal or civil liability for defence officials for specified computer-related conduct. The Criminal Code contains a range of criminal offences for unlawfully accessing or interfering with telecommunication or computer systems. A detailed discussion of the history of these provisions, and exemptions from liability, is discussed in the ISLAB Bills Digest (pp. 26–29).
Currently, section 476.6 of the Criminal Code outlines the immunity from civil or criminal liability for members of ASIS, ASD or AGO in relation to certain computer-related conduct where such actions are engaged in in the proper performance of functions of the listed agency.
Items 1 and 3 of Schedule 3 repeal the definitions of civil and criminal liability and computer-related act, event or circumstance or result currently contained in subsection 476.6(10) and instead places them in the section 476.1 (definitions section) of Part 10.7 (Computer offences) of the Criminal Code. This means the definitions apply to all of Part 10.7, and are not necessarily limited to members of ASIS, ASD or AGO.
Building on this, proposed section 476.7 (item 4, Schedule 3) provides that a defence official is not subject to any civil or criminal liability (defined in item 1, Schedule 3)—unless the relevant Commonwealth or state/territory law that imposes the liability expressly otherwise specifies (proposed subsection 476.7(4))—for engaging in conduct either inside or outside Australia, so long as two conditions are met (proposed subsection 476.7(1)):
- the conduct is engaged in on the reasonable belief that it is likely to cause a computer-related act, event, circumstance or result to take place outside of Australia and
- the conduct is engaged in in the proper performance of authorised ADF activities.
Defence official is defined in broad terms to include members of the ADF, a defence civilian, APS employees in the Defence Department (including the Secretary), a consultant or contractor to the Defence Department, a person who is made available to the Defence Department by another Commonwealth or State authority, or any other person included in a class specified by the Defence Secretary or Chief of the Defence Force (proposed subsection 476.7(8)). It is unclear why such a broad category of individuals connected to Defence require such sweeping protections from criminal and civil liability in the listed circumstances. The 2019 Comprehensive Review recommendation on this issue was limited to providing immunity to ‘ADF members’ (Recommendation 72, vol 2, p. 225 ).
Additionally, the Defence Secretary or Chief of the Defence Force may, by legislative instrument, specify one or more classes of persons as defence officials (proposed subsection 476.7(9)). This power may be delegated to an SES employee in the Defence Department, or to certain officers in the Australian Navy (rank of Commodore or higher), Army (rank of Brigadier or higher), or Air Force (rank of Air Commodore or higher).
Proposed subsection 476.7(2) provides that a person is not subject to any civil or criminal liability for preparatory acts connected to authorised ADF activities outside Australia, where such acts, taken together with a computer-related activity, could amount to an offence. These actions must be engaged in in the proper performance of authorised ADF activities. Authorised ADF activity means activity that has been authorised by the Chief of the Defence Force and is connected with the defence or security of Australia (proposed subsection 476.6(8)).
If a person engages in computer-related conduct that could constitute an offence in the absence of section 476.7 and the conduct causes material damage, interference or obstruction to a computer in Australia, then they must, as soon as practicable, give a written notice of that fact to the Chief of the Defence Force or the Secretary of the Defence Department (whichever is appropriate). The notice must detail the conduct that caused the damage, interference or obstruction to the computer (proposed subsections 476.7(6) and (7)). However, there is no requirement for anyone to notify the IGIS or any other oversight body. The PJCIS also does not have oversight of the ADF/Defence Department. Proposed legislation to establish a parliamentary joint committee to oversight defence agencies failed to pass in the last Parliament.
INSLM Amendments
The INSLM is a statutory office holder who independently reviews Australia’s national security and counter-terrorism laws and can make recommendations for law reform. The INSLM is regulated under the Independent National Security Legislation Monitor Act 2010 (INSLM Act). Proposed section 17B of the INSLM Act (item 15, Schedule 4) bolsters the independence of the INSLM, stating that, subject to the INSLM Act or any other Act, the INSLM:
(a) has complete discretion in performing or exercising the Monitor’s functions or powers; and
(b) is not subject to direction from anyone when doing so.
Among other things, the INSLM reviews Australian counter-terrorism and national security legislation (defined in section 4 of the INSLM Act) in accordance with the statutory objectives outlined in section 3 of that Act. Item 4 of Schedule 4 repeals the definition of counter-terrorism and national security legislation, which is replaced by proposed section 4A (item 6, Schedule 4). The new definition is broader than that currently in the INSLM Act, and is aimed at expanding the INSLM’s mandate to conduct own-motion reviews into any Commonwealth laws that relate to counter-terrorism or national security (Explanatory Memorandum, p. 157). Proposed subsection 4A(1) states that counter-terrorism and national security legislation means laws of the Commonwealth that either relate to (or to the extent they relate to) counter-terrorism or national security. Proposed subsection 4A(2) provides an inclusive list of counter-terrorism and national security legislation, such as the IS Act, the ASIO Act, and the Office of National Intelligence Act 2018 and elements of the Telecommunications Act 1997 and the Australian Citizenship Act 2007.
Ministerial Rule Making Provisions
Item 7 of Schedule 5 provides that the Minister may, by legislative instrument, make rules prescribing matters of a transitional nature relating to the amendments or repeals made by the Bill.