IAA Newsletters
The subordinate legislation under the Security of Critical Infrastructure Act (SOCI Act) and the new Cyber Security Act affecting the telecommunications sector commenced on 4 April 2025.
These instruments introduce new rules for the telco industry, as well as changes to existing obligations, consolidating security regulations that were previously contained under the Telecommunications Act framework into the SOCI legislative framework. Below is a summary of the regulations:
Telecommunications Security and Risk Management Program Rules (TSRMP Rules)
Telco entities that hold a carrier licence, supply over 20,000 carriage services, or supply services to Commonwealth Government entities are subject to more stringent obligations under the new TSRMP Rules.
This involves:
- implementing and maintaining an all-hazards risk management program by 4 October 2025 addressing all material physical and natural hazard, cyber and information, personnel and supply chain risks that could have a relevant impact on the provider’s critical telecommunications asset(s). Providers will have to submit an annual report in relation to its risk management program by 28 September from FY26 (bolded terms defined below);
- compliance with at least maturity level 1 of a cyber security framework by 4 October 2026 (further obligations for carriers to comply with maturity level 2 by 4 October 2027);
- obligation to ‘protect your asset’ as far as it is reasonably practicable to do so. Carriers have further obligations to notify the Department of Home Affairs of any changes to your asset that is likely to have a material adverse effect on your ability to protect your asset.
- critical telecommunications asset: a telco network owned/operated by a carrier or CSP for the supply of a carriage service.
- material risk: includes but not limited to a stoppage or major slowdown of the asset; impairment of its functions; substantive loss of access or manipulation of a critical component of the asset; interference to its operational or information communication technology; the storage, transmission of processing of information outside of Australia; remote access to operational control or monitoring of the asset; compromise, theft or manipulation of communications, unauthorised use; impact on the asset’s availability, integrity, reliability or confidentiality of data storage systems holding business critical data.
- relevant impact: a direct or indirect impact on the availability, integrity, reliability of the asset, or the confidentiality of the information about or stored in the asset.
Asset Register and Mandatory Cyber Incident Reporting Rules
Rules requiring telco entities to register their critical assets, and notify the Department of a cyber incident have been folded into the SOCI framework.
However, these rules now only apply to entities with a carrier licence, or meet the ‘relevant carriage service provider asset’ threshold of over 20,000 services in operation, or supply to the Commonwealth Government.
SOCI rules affecting all telcos
Even if you are not a carrier or don’t meet the ‘relevant carriage service provider asset’ threshold (20,000 SIOs or supply to the Commonwealth Government), telecommunications assets are still captured under the SOCI Act as critical infrastructure. This means you may still have obligations to:
- notify your data storage or processing provider that it is storing or processing your business critical data; and
- following Ministerial directions in relation to serious incidents affecting your asset.
Subordinate cyber security rules
New security standards for smart devices were introduced in March 2025 with the rules commencing 4 March 2026. The rules apply to both manufacturers and suppliers of ‘relevant connectable products’ and is therefore likely to affect telco entities.
The standards introduce 3 rules for manufacturers in relation to their products, including ensuring each device has a unique password or allowing the consumer to create own password, ways for consumers to report security issues and clearly providing information on the support period for security updates.
The manufacturer must also prepare a Statement of Compliance in respect of the rules. Suppliers must then provide this Statement of Compliance with any relevant connectable products they supply to consumers in Australia and must retain the Statement for at least 5 years.
IAA recently held a webinar on IoT Security on 3 April, which included a discussion on the new rules.
Additionally, from 30 May 2025, all entities with an annual turnover of at least $3 million must report ransomware payments to the Department within 72 hours of the ransom being paid.
Please refer to the below summaries and guidance material provided by the Department in respect of these new rules:
- SOCI Act – Summary of changes;
- SOCI Act – Telecommunications Guidance;
- Smart Devices Standard Guidance; and
- Ransomware Reporting Guidance.
IAA is also working on template risk management plan material that Members can utilise to assist with their compliance efforts on the IAA Member Portal.
You can also join the Trusted Information Sharing Network for access to further critical infrastructure information and resources.
Please contact us if you have any questions about these new rules.
Read More
Welcome to our newest Professional Members:
Margaret Boston
Charlie Evans
Donny Gunadi
Kiera Horomia
Hannah Leeder
Gerard O’Leary
Mike O’Connor
Jonathan Patsanas
David Rinaldo
Tarris Thiedecke
Bruce Tonkin
Ming Wong
Welcome to our Corporate Members:
Neptune Internet Pty Ltd
We are pleased to welcome Neptune, the latest ISP to join our peering network. Based in Melbourne, Neptune delivers high-performance internet services, supported by a team of highly skilled Australian experts who are always ready to assist. Their membership stems from both an interest in IX services and the community aspects of IAA.
Vetta Online Ltd
We’re excited to welcome Vetta Online to the peering network under their own port! Vetta has been delivering internet services since 2010, steadily growing from a national provider into one with its own international network backbone, offering some of the fastest and most reliable connectivity in New Zealand.
Read More
In March, the IAA team gathered at the Mercure on the NSW Central Coast for our annual Staff Planning Workshop. This is always a valuable opportunity to bring our geographically dispersed team together in one room to align on how we can better serve our Members.
This year’s Workshop focused on aligning our efforts to meet current OKRs, setting measurable goals for the year ahead, improving how we collaborate, and strengthening our approach to security and incident response, all within the framework of our 2024–2027 Strategic Plan.
A highlight of the Workshop was our team-building activity: SolarBuddy’s Hour of Power. SolarBuddy is an impactful organisation working to end extreme energy poverty, which is a major, but often overlooked, global issue. IAA staff worked together to construct some 20 solar powered lights to send to people in need around the world.
Read More
Well, here we are in 2025! We’ve got some great plans for the year, with some fabulous events to mark our 30th anniversary. We’re really proud of our history and of the future we have. We have more upgrades and expansion planned, and are actively reviewing our footprint as well as any potential new locations. This year will see the end of our QV1 basement room and that truly will be the end of an era! If you still have kit in our QV1 room, please make sure you talk to the IAA team about its future.
We’re also kicking off the year with a significant change —our Member Portal now allows you to order 100G LR1 optical transceivers across any 100Gbps-enabled site. As the successor to 100GBASE-LR4, LR1 simplifies deployment, reduces failure points, and offers cost savings all round. In fact this is such a benefit we are offering members the optics free of charge on your new 100Gbps port!
Like many of you, over Christmas I had some quality time with the extended family, and part of this was with younger members just starting out in their working lives. These kids (actually young adults) are wondering what to do, and how best to get there, so the dinner table conversation headed to the paths people took in and along their careers.
Of course, I spent some time encouraging them into our industry and their questions followed quickly. What are the skills people need to get in? Where do they best get them?
If we look around, there are numerous pathways in and around the internet industry, and some of them are less available than they were. It seems the engineering degree I completed is no longer running, but there are countless online resources that teach a lot of really useful material for the motivated learner. Microcredentials and TAFE courses too seem pretty solid, and even starting with some of the electrical or cabling certificates which are quite short, will certainly help them along. (Given I seem to be breaking all my home cabling, I might need to re-enrol in one of those myself!) The vendor certificates aren’t the guarantee of a well-paid job they once were, but many do give a good grounding for those starting out. A quick search on Seek also shows a pile of traineeships available: is this a path our Members offer?
I’d love to hear your thoughts about where and how we grow the next generation of talent. Please send them through as this is an area we’ll explore some more this year.
Happy peering!
Narelle
IAA CEO
Read More
The IAA Board met for its Planning Day on 13 November 2024 – it was a packed day of valuable discussions with productive outcomes!
The Planning Day began with an induction session including training on Board and Director responsibilities. The insightful presentation from the Associations Forum set a great tone that stressed the crucial strategic role that the Board plays for the Association, especially as we welcomed two new faces to the IAA Board in 2024.
Next, the Board considered the Association’s objectives, noting that any amendments can only be made with a special resolution passed by a 75% majority of votes cast by Members. The Board agreed that the Association’s objects were still relevant and appropriate, alongside the Association’s tagline, ‘infrastructure for the common good’.
With the IAA 3-Year Strategic Plan having only recently come into place, the Board didn’t conduct a full review, and the Planning Day was instead positioned to be a light touch review and check-in on the ‘Objectives and Key Results’ for 2024-25. This still involved deep dives into each of the Association’s key pillars, with spirited discussions focusing on Membership, Tech and Peering, Marketing and Public Policy.
Membership
The Association’s Management Accountant presented membership numbers, revenue, benefits and objectives to help guide the Board’s discussion on how to grow the Association’s membership. As part of these considerations, the Board established a subcommittee to investigate training issues for Members. We will keep Members updated as this work progresses.
Tech and Peering
Our new Tech Lead provided an update on the Association’s current architecture evolution and planning for switch deployment. The Board agreed to a switch replacement plan to ensure redundancy, proper asset management, and standardisation of LR1 optical connection.
Marketing
The CEO presented strategies to increase take-up of the Association’s services and grow membership. Members will be happy to note that, once again, we will not be raising prices. The Board then endorsed a new 12-month discount on 10Gbps ports for new Members, so feel free to spread the news and encourage peers to join!
Public Policy
On the public policy front, the Board reviewed the Association’s Public Policy Principles, deciding they are still appropriate. As is our current approach to advocacy – representing members in relevant regulatory reform consultations. Led by the Association’s Policy Officer, the Board also considered ways to grow Members’ engagement with the Association’s advocacy work. It was decided that the Association will present more regular regulatory updates alongside our events, so that Members can look forward to those in the coming months. The team will also look at creating a new ‘regulatory’ role within the Portal, so watch out for that too!
All in all, the Board found it to be a very productive day and we’re confident in the future of the Association to ‘operate for the benefit of the internet, and the people who build and operate it’!
Read More
This year marks a major milestone for the Internet Association of Australia (IAA): our 30th anniversary! To celebrate, we’re taking the party on the road to make 2025 a year to remember!
We’ve planned celebrations in all seven cities where we operate our exchanges. We’re picking out some extra special venues with fun activities like wine and spirit tastings. These events will not only be fantastic networking opportunities, but also a chance to toast 30 years of making the internet a fairer, more inclusive place for everyone.
As part of the IAA Convergent ‘network, learn, grow’ promise, we’re also hosting three online events – training and educational seminars designed to equip you with valuable knowledge while celebrating this milestone year. Stay tuned for more details on these, with the first planned for April 2025.
We’re already locked in with the first three locations and are working hard to find that special venue near you, so be sure to pencil the dates in your diary.
Hobart – 5:30pm – 9:00pm AEDT | Tuesday, 25 March 2025 | Frogmore Creek Wine Bar | 18 Hunter Street | Hobart
Melbourne – 5:30pm – 9:00pm AEST | Wednesday, 30 April 2025 | Little Lon Distilling Co. | 17 Casselden Place | Melbourne
Adelaide – 5:30pm – 9:00pm ACST | Wednesday, 21 May 2025 | Prohibition Liquor Co. | 22 Gilbert Street | Adelaide
Save the dates!
Sydney – Wednesday, 4 June 2025 | Venue TBC
Brisbane – Thursday, 19 June 2025 | Venue TBC
Perth – Wednesday, 23 July 2025 | Venue TBC
Canberra – Wednesday, 24 September 2025 | Venue TBC
We’ll be in touch about these events and the rest of our IAA Convergent 30 Years of Peers celebration series soon. Let’s come together to commemorate three decades of building a better internet!
By RSVPing for IAA events, you are agreeing to comply with IAA’s Code of Conduct – Events.
Read More
Join our briefing with Q&A for IAA Members regarding our updated Master Service Agreement and Membership Agreement.
To ensure compliance with current legislation and good governance, we have reviewed our Master Service Agreement (MSA) and Membership Agreement (MA). With the assistance of our lawyers, we have conducted a meticulous review and updated the terms of these agreements to ensure compliance with the latest legal requirements.
Please note, we are **not** terminating either of our existing agreements. However, in accordance with clause 24.2 of the MSA, any changes to the Agreement must be in writing and signed by the parties.
In addition, our team has taken this opportunity to streamline processes to benefit our Members by allowing electronic execution of the agreements through the IAA Member Portal, as well as consolidating outdated documents – including the Disconnect Policy, Acceptable Use Policy, Code of Conduct – Members Services, Pricing Policy and Services Schedules – into the MSA. This consolidation simplifies our contractual framework and aligns our terms with current operational practices.
Please review IAA’s new MSA and MA
Read More
Applications are open for the 2025 IAASysters program; this time, we’re offering workshops in New Zealand and Australia. Whether you want to apply for yourself, nominate someone, or explore sponsorship opportunities, this is your chance to get involved!
IAASysters NZ Napier Workshop – backed by NZNOG!
With applications closing this week, there’s still time to apply or nominate.
- IAASysters NZ Workshop – Wednesday, 9 April 2025
- NZNOG Conference – Thursday, 10 and Friday, 11 April 2025.
This program is open to both Australians and New Zealanders!
IAASysters Melbourne Workshop
You can also apply for the IAASysters program in Melbourne this year.
- The IAASysters Melbourne Workshop – Tuesday, 2 September 2025
- AusNOG Conference – Wednesday, 3 and Thursday, 4 September 2025.
What’s included for successful applicants
- A ticket to attend the IAASysters Workshop
- A ticket to the AusNOG or NZNOG Conference
- Economy airfare and accommodation (if required)
- A one-year complimentary IAA Professional Membership (for Australian participants only)
Eligibility Criteria for Applicants:
- Must be employed or working towards a career in the internet industry
- Have a passion for the internet and the internet industry
- Reside within Australia or New Zealand (Melbourne is only open to residents of Australia)
As part of the application, we ask for an overview of your current role, a summary of your career aspirations or training, and an endorsement from a mentor or supervisor. Nominators can also submit an endorsement for their nominees.
*Applications are open to ALL types of job roles within the internet industry (network operations, engineering, IT, marketing, regulation, customer support or studying towards a relevant degree or diploma).
Apply or nominate a Syster today via the IAA website:
Applications close
- Melbourne: Friday, 25 April 2025, at 5:00pm AEST
- Napier: Friday, 7 February 2025, at 5:00pm NZDT
Think your organisation might like to sponsor?
For organisations looking to support more women in the tech space, we offer sponsorship opportunities that will highlight your brand’s commitment to an empowered workforce.