Australia's Cybersecurity (Smart Device Security Standards) Regulations 2025 Take Effect on March 4th: Smart Devices Without ACMA Certification Will Be Banned

The Cybersecurity (Smart Device Security Standards) Regulations 2025 (hereinafter referred to as the "New Australian Regulations"), formulated by the Australian Department of Home Affairs under the Cybersecurity Act 2024, will officially take effect on March 4, 2026. This regulation is one of the world's strictest security regulations for consumer-grade Internet of Things (IoT) devices, explicitly requiring all regulated smart devices to pass the Australian Communications and Media Authority (ACMA) certification; otherwise, they will be prohibited from import and face hefty fines and market bans.



I. Scope of Mandatory Application and Core Security Requirements


Applicable Products: All consumer-grade IoT devices, including home cameras, smart speakers, smart appliances, smartwatches, etc.


Unapplicable Products: Personal computers, smartphones, tablets, medical devices subject to specific legal regulations, and road vehicles.


Four Core Security Requirements:


Password Security: Each device must have a unique default password. If a device does not have a unique password, it must be mandatory for the user to set a user-defined password upon initial setup.


Vulnerability Response: Manufacturers must publicly provide a free, 24/7, and easily accessible vulnerability reporting channel for security researchers or consumers to report security vulnerabilities in their devices.


Security Updates: Manufacturers must publicly disclose the support period for security updates, and this period cannot be shortened once published.


Compliance Declaration: A compliance declaration containing detailed information such as product identification, manufacturer information, and support period must be provided and retained with the product for at least 5 years.


II. Mandatory Compliance Path: Declaration of Compliance (SoC) + Technical Documentation (TCF)


New Australian regulations allow manufacturers to declare compliance through "self-presumption."


While companies typically use third-party testing to ensure the authenticity of their declarations, the law does not stipulate that third-party reports are the "sole proof" for customs clearance.


A Compliance Declaration (SoC) is sufficient for customs clearance.


III. Key Qualification Requirements: CNAS and NATA Mutual Recognition is Core for Report Acceptance


To ensure that test reports are directly accepted by ACMA, companies should choose laboratories accredited by the China National Accreditation Service for Conformity Assessment (CNAS).


Since CNAS and the National Association of Testing Laboratories of Australia (NATA) are both members of the International Laboratory Accreditation Cooperation (ILAC), they mutually recognize each other's certifications. Therefore, CNAS-accredited reports do not require secondary certification and can be directly used for ACMA audits.


IV. Recommendations for Enterprise Action With less than a month remaining before the regulations take effect, exporting companies should immediately:


Confirm whether their products are within the scope of the regulations;

Contact a third-party laboratory with CNAS accreditation and Australian certification experience;

Initiate full-item testing to ensure a compliant report is obtained before March 4th, seizing the market window.

评论

发表评论

此博客中的热门博文

Power Bank Safety Upgrade: First Mandatory National Standard Issued

图片
 Power Bank Safety Upgrade: First Mandatory National Standard Issued my country's first mandatory national standard, the "Technical Specification for Safety of Power Banks," was published on March 31, 2026, and will officially take effect on April 1, 2027. This standard aims to end long-standing problems in the power bank industry, such as falsely advertised capacity, substandard battery cells, and frequent safety incidents. The new regulation introduces several stringent technical requirements, mandating that battery cells pass a needle penetration test (without catching fire or exploding), and strengthening thermal abuse testing; it also adds tests for whole-device drop and crushing, requires products to be labeled with a safe service life, and improves various protection mechanisms.
阅读全文

EN IEC 62680-1-3/62680-1-2 EU Electronics Standards

图片
To reduce e-waste, the EU is committed to promoting a unified charging technology and interface that supports a variety of electronic products. On November 23, 2022, the EU issued Directive EN IEC 62680-1-3/62680-1-2, requiring electronic product manufacturers to use USB-C charging interface technology in their products. It also requires small and medium-sized portable electronic devices such as mobile phones, tablets, and cameras, as well as laptops, to comply with the USB-C charging interface requirement by 2024 and 2026, respectively. The IEC 62680 testing equipment GRL-USB-PD-C2-EPR, formerly the USB-IF Association's USB PD certification testing instrument, performs PD protocol certification testing. IEC 62680-1-2 and IEC 62680-1-3 incorporate the USB-IF USB PD and Type-C specifications and are currently used for protocol testing and certification corresponding to IEC 62680. IEC 62680-1-2 primarily defines the USB PD power supply specification; IEC 62680-1-3 is a specification ...
阅读全文

What is FDA Certification & What is FDA Registration?

图片
 What is FDA Certification & What is FDA Registration? I. What is the FDA? The FDA, authorized by the U.S. Congress (the federal government), is the highest law enforcement agency specializing in food and drug regulation. Its full name is the Food and Drug Administration. Strictly speaking, there is no such thing as FDA certification; the FDA itself has stated this. Generally, when people talk about FDA certification, they are referring to the following three types: FDA registration, FDA testing, and FDA approval. ① FDA Registration: Companies exporting food, drugs, and medical devices to the United States must register with the FDA, listing their company and products. Otherwise, customs clearance will be denied; this is a mandatory requirement. ② FDA Testing: FDA testing primarily refers to safety testing of food contact materials, testing of product contact packaging, biocompatibility testing of medical products, and clinical safety testing. ③ FDA Approval: This usually appli...
阅读全文