Legal insight new mandatory ransomware payment reporting obligations now in force gadens 322784429253
Published: 2-Dec-25
Legal insight | New mandatory ransomware payment reporting obligations now in force - Gadens
Effective from 30 May 2025, the new mandatory ransomware reporting regime under the Cyber Security Act introduces ransomware payment reporting obligations. This regime requires certain entities – including businesses with an annual turnover exceeding $3 million and operators of critical infrastructure – to report any ransomware or cyber extortion payments made, or known to have been made on their behalf, within 72 hours of the transaction.
![current_brand[0].name](https://au.apsco.org/hs-fs/hubfs/APSCo%20Australia/Images/Logo/website_logo_australia.png?width=400&height=160&name=website_logo_australia.png "current_brand[0].name"){kind=logo}
