Sustainability
Updates on New Sustainability Reporting Regime – ASIC Seeks Feedback
On 7 November 2024, ASIC released the draft Regulatory Guide 000 on the sustainability reporting regime, seeking public feedback before it takes effect in January 2025. This regime mandates annual sustainability reports with climate-related financial disclosures for large businesses and financial institutions. ASIC’s guide clarifies the requirements, including guidance on compliance, relief provisions, and a phased implementation approach with modified liability. ASIC is encouraging stakeholder input on the draft to refine its support for the new reporting standards, with feedback due by 19 December 2024.
ISO Launches ESG Implementation Principles
The International Organization for Standardization (ISO) has introduced the ISO ESG Implementation Principles to help organisations enhance ESG integration, performance, and reporting. The guidance aims to address inconsistencies in sustainability reporting across jurisdictions and industries, improve measurement and alignment with existing frameworks, and promote global consistency and reliability in ESG practices. Developed with input from over 1,900 experts worldwide, the principles offer a standardised structure for organisations to establish KPIs, integrate ESG requirements, and assess maturity. The principles can potentially drive sustainable business practices, benefiting communities and the environment.
Global Shift Towards ISSB Sustainability Standards
Over 30 jurisdictions, representing more than half of global greenhouse gas emissions, are moving towards adopting the International Sustainability Standards Board (ISSB) sustainability reporting standards, according to the latest IFRS Foundation Procress Report. This marks considerable progress since May 2024, with 16 jurisdictions finalising adoption decisions and 14 making advancements. The ISSB standards, launched in 2023, with an emphasis on Scope 3 GHG emissions and comprehensive sustainability risk reporting. Additionally, the report highlights increased corporate alignment with TCFD recommendations, though gaps remain in providing comprehensive climate-related disclosures. ISSB Chair Emmanuel Faber urged further action to meet investor demands for sustainability-related information.
Risk
Strengthening Digital Asset Regulations in Criminal Law
The Crimes and Other Legislation Amendment (Omnibus No.1) Act 2024 strengthens Australia’s legal framework to address digital assets in criminal activities like cybercrime, money laundering, and terrorism financing. It updates the Crimes Act 1914, Proceeds of Crime Act 2002, and National Anti-Corruption Commission Act 2022, introducing a flexible definition of digital assets aligned with ASIC standards. The amendments authorise the seizure of digital assets through warrants targeting premises or individuals, including using electronic equipment to identify, transfer, or access assets, with provisions for remote execution and post-warrant expiry seizures under certain conditions. These changes enhance law enforcement’s ability to combat misuse of digital assets while safeguarding lawful data use.
Cybersecurity Updates
ASD’s Annual Cyber Threat Report 2023-2024
The “Annual Cyber Threat Report 2023–2024” released by the Australian Signals Directorate (ASD) highlights the growing cyber threat landscape in Australia, driven by geopolitical tensions and advancing technology. State-sponsored actors and cybercriminals pose significant risks to governments, businesses, and critical infrastructure, leveraging tools like AI for espionage, ransomware, data theft, and fraud. The report underscores the importance of robust cyber resilience, recommending practices such as multi-factor authentication (MFA), secure-by-design principles, and the adoption of the Essential Eight Maturity Model. Hacktivist activities are also rising, fuelled by global tensions.
Zero Trust – Challenges and Strategies
Zero Trust is a transformative cybersecurity model that assumes no one, inside or outside the network, should be trusted by default and requires continuous verification for every user, device, and access request. Implementing Zero Trust presents challenges and strategies for organisations, including the need for granular access controls, integration of advanced technologies, and a cultural shift to address both internal and external threats. Key challenges include unclear standards, complex integrations, and workforce skill gaps. Strategies for overcoming these include assessing current security landscapes, adopting frameworks like the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and the CIS Controls, leveraging tools like Identity and Asset Management (IAM), Security Information and Event Management (SIEM), and fostering continuous employee education. The focus is on adaptability, the use of threat intelligence, and decision-making frameworks to address evolving threats. Zero Trust is presented as a dynamic, essential transformation, aligning security measures with modern risks and organisational resilience.
Bunnings’ Facial Recognition Technology Found in Breach of Privacy
Australia’s privacy commissioner has determined that Bunnings Group breached Australia’s privacy principles. by collecting personal and sensitive information through facial recognition technology in 63 stores across Victoria and New South Wales between 2018 and 2021, without those individuals’ consent and failing to take such steps as were reasonable in the circumstances to notify those individuals about the facts, circumstances and purposes of collection, and the consequences of not collecting that information. Facial images and other biometric data are considered personal sensitive information under the Privacy Act 1988 (Cth) and Australian Privacy Principles, subject to heightened privacy protection. While facial recognition could be effective for security purposes, the intrusion on privacy was deemed disproportionate. Bunnings has paused its use of the technology and must comply with privacy orders to prevent future breaches.
Compliance
AI Updates
ASIC Warns of Governance Gap in AI Adoption by Licensees
ASIC warns that governance practices among financial services and credit may lag behind the rapid adoption of AI, potentially creating a “governance gap”. In its first review of AI adoption by 23 licensees, ASIC found that most current AI use supports human decisions, but AI adoption is expected to increase significantly, with 60% of licensees planning to expand its use. However, nearly half lack sufficient policies in areas such as data privacy, consumer fairness and bias, raising risks in these areas if governance doesn’t keep pace. ASIC urges licensees to strengthen governance frameworks to balance innovation with safe, ethical AI use, emphasising that existing consumer protection laws already mandate responsible governance.
Legal Developments in AI: Key Federal and State Regulatory Trends in the US
The regulatory landscape for AI in the US is rapidly evolving, with recent federal, state, and international initiatives targeting responsible AI development. The White House’s Executive Order 14110 outlines federal agency roles in AI oversight, focusing on areas like data privacy, competitive practices, and consumer protection. At the state level, Colorado, California, and Utah have enacted laws addressing AI-driven risks, including algorithmic discrimination and transparency requirements for generative AI use. The EU AI Act also sets a risk-based framework for AI applications with stringent compliance measures for high-risk uses. Key themes across these regulations include anti-discrimination measures, AI interaction disclosures, IP protections, watermarking for AI-generated content, and consumer control over training data. Companies developing or deploying AI should prioritise compliance with these new laws to mitigate legal risks and safeguard user trust.
Coinbase Launches AI Agents for Automated Crypto Transactions
Coinbase has introduced a new tool, “Based AI Agent”, that allows crypto users to create personalised AI agents for on-chain activities such as executing trades, staking, and interacting with smart contracts. Built with Coinbase’s SDK and integrated with OpenAI and Replit, this tool enables users to set up AI bots quickly, using basic tools such as API keys. By offering this functionality, Coinbase aims to drive forward the adoption of AI in the blockchain space, with the potential to automate many crypto operations. However, these developments raise concerns about market integrity and legal issues. Users are advised to be cautious in utilising AI agents for important transactions.
New U.S. Investment Restrictions Target Chinese Tech Sectors
The Biden Administration has finalised regulations restricting U.S. investments in Chinese involved critical technology sectors, including semi-conductors, quantum technologies, and AI, citing national security concerns. Effective January 2, 2025, the rules prohibit certain investments in these sectors, require post-closing notifications for others, and aim to prevent U.S. capital from providing intangible benefits such as managerial expertise and global networks that could aid China’s technological advancement. The regulations target U.S. individuals and entities investing in Chinese firms engaged in military or surveillance-related applications of these technologies. Existing investments are allowed to remain, but additional investments in restricted areas are prohibited. The rules impose compliance requirements on U.S. fund managers and limited partners, emphasising due diligence and avoidance of circumvention. Although not retroactive, the rules reflect bipartisan support and reinforce broader U.S. efforts to curb China’s technological indigenisation, complementing export controls and prior executive orders.
Re Blockchain Tech Pty Ltd [2024] VSC 690 (12 November 2024)
In Re Blockchain Tech Pty Ltd [2024] VSC 690, in an Australian legal first, Justice Attiwill of the Supreme Court of Victoria has determined that a person’s interest in Bitcoin is property. This case is ground-breaking, as it is the first superior court proceeding where an Australia court has found that a cryptocurrency possesses all characteristics of property.
On the basis that an interest in Bitcoin is property, Attiwill J went on to find that the 25 Bitcoin transferred to the first defendant were held on trust. In the circumstances, Attiwill J held that Blockchain Tech was entitled to equitable compensation on the basis the defendant had failed to fully account for the dissipated Bitcoin. Meanwhile, Attiwill J rejected the argument that Bitcoin was capable of being held on bailment as it is an intangible form of property.