This bill did not become law and is no longer proceeding.
Government & democracy
Australian police could investigate and prosecute ransomware-style computer attacks that happen overseas when the victim or affected data has a real link to Australia.
The growing use of ransomware, cyber extortionOn this page, this means breaking into or damaging a computer or data and then threatening the victim to force payment or another action. and overseas attacks on Australians exposed gaps in laws for cross-border prosecutions and for tracing and freezing cryptocurrencyA digital asset such as Bitcoin that criminals may use to demand ransom because it is harder to trace than ordinary bank money. proceeds. The bill expands computer crime offences and penalties, and lets police pursue offshore offenders and seize or lock down digital assets used in ransomware crimes.
Australia already had general computer crime and proceeds-of-crime laws, but as ransomware gangs increasingly stole data, encrypted systems and demanded payment in cryptocurrencyA digital asset such as Bitcoin that criminals may use to demand ransom because it is harder to trace than ordinary bank money., police and ministers argued those tools were too weak for cross-border attacks and harder-to-trace digital proceeds. After the Coalition launched a Ransomware Action PlanThe policy package the Coalition announced in October 2021 to tighten law, policing and reporting around ransomware. in October 2021 and pushed tougher laws again in the wake of the September 2022 Optus hack, this bill proposed new cyber extortionOn this page, this means breaking into or damaging a computer or data and then threatening the victim to force payment or another action. offences and crypto-freezing powers, but it lapsed in 2023 and later governments instead advanced mandatory ransomware payment reporting.
The main criticism was that the bill strengthened police powers and penalties but still dealt with ransomware only in part, leaving bigger gaps such as whether victims should have to report attacks or be stopped from paying ransoms. That concern was limited rather than broad opposition: Andrew Wallace called the bill only one step, and later public debate pushed for tougher follow-up rules rather than rejecting this bill itself.
Karen Andrews MP introduced this bill. Speeches supporting it came from Liberal Party, LNP.
Did it become law?
No
The bill did not complete passage through Parliament.
Final passage
No final passage
The bill has not completed passage and is no longer proceeding.
Time before failure
182 days
From introduction to the final recorded step before the bill stopped proceeding
Meaning
Australian police could investigate and prosecute ransomware-style computer attacks that happen overseas when the victim or affected data has a real link to Australia.
People who hack someone’s computer or data and then threaten them to force payment or another act would face a new cyber extortionOn this page, this means breaking into or damaging a computer or data and then threatening the victim to force payment or another action. offence with up to 10 years in prison.
People who use computer attacks against critical infrastructureEssential systems or assets whose disruption would seriously affect Australia, and the bill gives attacks on them much harsher penalties. such as essential national assets would face a much tougher aggravated offence with a maximum penalty of 25 years in prison.
The bill would let authorities apply proceeds-of-crime monitoring and freezing powers to digital currency exchanges so suspect cryptocurrencyA digital asset such as Bitcoin that criminals may use to demand ransom because it is harder to trace than ordinary bank money. can be traced and locked down like bank-held funds.
Search warrants would more clearly let police seize digital assets such as cryptocurrencyA digital asset such as Bitcoin that criminals may use to demand ransom because it is harder to trace than ordinary bank money., with rules tailored to stop suspects moving or draining those assets before they can be confiscated.
Amending the geographical jurisdiction provision in this section is necessary to ensure law enforcement agencies and prosecutorial bodies have the legal authority to investigate and prosecute offences under Part 10.7 of the Criminal Code where the conduct occurs outside of Australia but impacts persons in Australia.Crimes Legislation Amendment (Ransomware Action Plan) explanatory memorandum
This new offence criminalises all forms of extortion in relation to a victim of a computer offence. The offence captures conduct which involves the computer or data in the possession or control of, or owned by another person (the victim), and at or after the time of the unauthorised access, modification or impairment, the person makes a threat to the victim with the intention of compelling the victim to do or omit to do an act.Crimes Legislation Amendment (Ransomware Action Plan) explanatory memorandum
This new aggravated offence ensures that any computer offence against Australia’s critical infrastructure carries an appropriate penalty and deters would be offenders. A significant disruption or attack on Australia’s critical infrastructure could have significant consequences for Australia’s economy, security and sovereignty. The offence captures conduct where a person commits an underlying offence, and intends to cause an impact, whether direct or indirect, on the availability, integrity or reliability of a critical infrastructure asset or on the confidentiality of information about or stored in, or confidentiality of the critical infrastructure asset.Crimes Legislation Amendment (Ransomware Action Plan) explanatory memorandum
Item 13 expands the definition of ‘financial institution’ to include a corporation to which paragraph 51(xx) of the Constitution applies that provides a digital currency exchange. This definition expands the scope of the proceeds of crime regime so that orders that can currently be sought against financial institutions, or notices that can be given to them, can also be sought or given against a digital currency exchange.Crimes Legislation Amendment (Ransomware Action Plan) explanatory memorandum
The Bill amends the Crimes Act and POCA to ensure the powers available to law enforcement to seize digital assets (including cryptocurrency) under warrant reflect the operational environment, and are suitably adapted and extended to prevent the dissipation of proceeds of crime so that it is available for subsequent restraint and forfeiture action under the POCA.Crimes Legislation Amendment (Ransomware Action Plan) explanatory memorandum
Context
Australia already had general computer crime and proceeds-of-crime laws, but as ransomware gangs increasingly stole data, encrypted systems and demanded payment in cryptocurrencyA digital asset such as Bitcoin that criminals may use to demand ransom because it is harder to trace than ordinary bank money., police and ministers argued those tools were too weak for cross-border attacks and harder-to-trace digital proceeds. After the Coalition launched a Ransomware Action PlanThe policy package the Coalition announced in October 2021 to tighten law, policing and reporting around ransomware. in October 2021 and pushed tougher laws again in the wake of the September 2022 Optus hack, this bill proposed new cyber extortionOn this page, this means breaking into or damaging a computer or data and then threatening the victim to force payment or another action. offences and crypto-freezing powers, but it lapsed in 2023 and later governments instead advanced mandatory ransomware payment reporting.
AFPAustralia's federal police force, which the page says would lead ransomware investigations through a dedicated taskforce. sets up a ransomware taskforce
The Australian Federal PoliceAustralia's federal police force, which the page says would lead ransomware investigations through a dedicated taskforce. created a dedicated ransomware taskforce to centralise investigations and pursue gangs extorting Australian organisations.
Australian Financial Review ↗Coalition announces the Ransomware Action PlanThe policy package the Coalition announced in October 2021 to tighten law, policing and reporting around ransomware.
The plan set out a policy, operational and legislative response to rising ransomware attacks and became the package this bill was meant to implement in part.
Crimes Legislation Amendment (Ransomware Action Plan) explanatory memorandum ↗Optus hack sharpens the push for tougher cyber extortionOn this page, this means breaking into or damaging a computer or data and then threatening the victim to force payment or another action. laws
In the days after the Optus data hack exposed up to 9.8 million customers, Coalition MPs used the breach to press for stronger ransomware and cyber extortionOn this page, this means breaking into or damaging a computer or data and then threatening the victim to force payment or another action. penalties.
Australian Financial Review ↗Bill is introduced to create new ransomware offences and crypto powers
The bill was introduced as a private member's measure to add a standalone cyber extortionOn this page, this means breaking into or damaging a computer or data and then threatening the victim to force payment or another action. offence, tougher penalties and powers to trace, freeze and seize cryptocurrencyA digital asset such as Bitcoin that criminals may use to demand ransom because it is harder to trace than ordinary bank money. proceeds.
Parliamentary timeline ↗Bill is removed from the Notice PaperThe parliamentary list of business to be dealt with, from which this bill was later removed when it did not proceed.
The proposal did not complete its parliamentary passage and was removed from the House Notice PaperThe parliamentary list of business to be dealt with, from which this bill was later removed when it did not proceed. under standing ordersThe House rules that govern how bills are handled, including removal from the Notice Paper when a bill lapses or is not pursued..
Parliamentary timeline ↗Mandatory ransomware payment reporting begins under later laws
A later federal regime came into force requiring organisations with turnover of $3 million or more, and critical infrastructureEssential systems or assets whose disruption would seriously affect Australia, and the bill gives attacks on them much harsher penalties. entities, to report ransom payments within three days.
Australian Financial Review ↗Legislative route
The bill was formally presented to the chamber and read a first time, which starts its parliamentary journey.
Introduced and read a first time
A minister or sponsoring member moved the second reading, opening the main debate on the bill's purpose and principles.
Second reading moved
The Senate Standing Committee for the Scrutiny of Bills recorded consideration of the bill in Scrutiny Digest 6 of 2022.
Considered by scrutiny committee
APH bill page notesThe bill reached this recorded parliamentary step.
Key criticism
The main criticism was that the bill strengthened police powers and penalties but still dealt with ransomware only in part, leaving bigger gaps such as whether victims should have to report attacks or be stopped from paying ransoms. That concern was limited rather than broad opposition: Andrew Wallace called the bill only one step, and later public debate pushed for tougher follow-up rules rather than rejecting this bill itself.
No party represented in the debate opposed the bill, but some saw it as incomplete.
Only a partial response to ransomware
Critics' concern was not that the bill was harmful, but that it was too narrow: it created offences and asset-seizure powers without tackling wider policy gaps like mandatory reporting of ransomware incidents or rules around ransom payments, which could leave attacks underreported and the business model intact.
Further sources
Votes
No recorded votes were found before this bill stopped proceeding.
Parliamentary debate
Start here — lead voices
Andrews supports the bill and urges the House to pass it, arguing it gives law enforcement practical tools to deter ransomware, seize criminal gains and protect Australians.
Read in Hansard ↗Wilson supports the bill, saying it is a critical step to deter ransomware gangs, strengthen law enforcement powers, and stop criminals using cryptocurrencyA digital asset such as Bitcoin that criminals may use to demand ransom because it is harder to trace than ordinary bank money. to profit from cyberextortion.
Read in Hansard ↗Wallace supports the bill and says the coalition introduced it as a practical step to combat ransomware and protect Australians, businesses and critical infrastructureEssential systems or assets whose disruption would seriously affect Australia, and the bill gives attacks on them much harsher penalties..
Read in Hansard ↗All speeches by bloc
3 speakers · 3 support
“This bill demonstrates the government's commitment to deterring and disrupting cybercriminals who target Australians and use ransomware to lock their systems and extort them for financial gain.”Read the full speech in Hansard ↗
“So, today, I implore those opposite to support this bill.”Read the full speech in Hansard ↗
“This bill is not going to fix everything—as the shadow minister said, it is just one step in the right direction. But I urge all members to support this bill and call on the government to build on our work, both in defence and in security. Don't dismantle what we are seeking to build for the benefit of Australians and the Australian community and Australian businesses.”Read the full speech in Hansard ↗
Record
House · Introduced and read a first time
Introduced
The bill was formally presented to the chamber and read a first time, which starts its parliamentary journey.
House · Second reading moved
Second reading opened
A minister or sponsoring member moved the second reading, opening the main debate on the bill's purpose and principles.
House · Removed from the Notice Paper in accordance with (SO 42)
Removed from the Notice PaperThe parliamentary list of business to be dealt with, from which this bill was later removed when it did not proceed. in accordance with (SO 42)
The bill reached this recorded parliamentary step.
Senate Standing Committee for the Scrutiny of Bills
Considered by scrutiny committee
The Senate Standing Committee for the Scrutiny of Bills recorded consideration of the bill in Scrutiny Digest 6 of 2022.
Considered by scrutiny committee (26 Oct 2022): Senate Standing Committee for the Scrutiny of Bills; Scrutiny Digest 6 of 2022
APH bill page notes