The net effect of this is that the proposed new powers would create a high degree of uncertainty for industry. One concern is that they could be used to target specific equipment vendors, which could have significant impact given the narrow range of major vendors on which the industry currently relies.
Clearly a telecommunications service provider could suffer major disruption to its business if one of its key vendors is effectively 'blacklisted' as the result of a government direction.
The draft EM specifically indicates that the bill is "not about preventing the use of particular equipment vendors or service suppliers."
However, this may be seen as somewhat cold comfort given that the government has form in this area, having previously prohibited Chinese vendor Huawei from supplying equipment for the NBN project.
Broad and unrestricted new information-gathering powers
In addition to the expanded direction-making powers, the bill would also give government new powers to require service providers to provide information that is relevant to their new security duties. They would need to provide this information within a timeframe set by the government.
Again, these powers would be broad and relatively unconstrained, with few limits on how the government may use any information that is provided.
For example, the bill would allow the information to be shared with third parties for risk assessment or other security purposes. This could allow information provided by a service provider to be shared with foreign government security agencies and also with other companies that may be confronted with a similar security threat.
This would obviously be a concern to the extent that the information contains commercially sensitive details about a particular service provider's network design or procurement practices.
The proposed information-gathering regime may also raise practical compliance risks for service providers, such as if the government sets an unreasonable timeframe for providing complex technical information. The bill offers little protection against these risks.
Increasing complexity and deterring innovation
The procurement departments of major telco companies operate in a very complex environment where they often need to manage hundreds of separate procurement projects at any one time.
Any additional layer of regulation will inevitably increase the time and cost associated with procuring new technology, particularly where the impact of the additional regulation is uncertain and subject to change.
If the bill is passed, Australian telcos will need to factor in new security considerations into each procurement exercise they undertake. They will also need to make potentially difficult decisions about whether it will result in any change from a security perspective that needs to be notified to government.
If a change does need to be notified, then there will be time and money spent on preparing the notification and waiting on a response from government.
Sign up for CIO Asia eNewsletters.