Amazon Web Services (AWS) is concerned about Australia’s keenness for cyber security regulation. 

The company that runs some of the biggest data centres and servers says the Federal Government should wait until its recent reforms come into effect before going harder on cyber security regulations. 

The comments come from AWS’ submission to a government proposal to impose voluntary or mandatory cyber security governance standards on companies.

“We caution against the introduction of additional measures…before existing reforms have been properly implemented, matured and evaluated,” AWS said in a submission to the Department of Home Affairs consultation.

“This process is critical for ensuring that any new policies are based on evidence; [are] consistent and complementary to existing policies; and are addressing a genuine policy gap.”

It comes after a year of rapid cyber security reforms following the government’s 2020 cyber security strategy.

In just over 12 months, the Morrison Government has introduced and passed controversial online account takeover powers, put forth its Online Safety Act, and launched a review of the Privacy Act.

This includes its Security Legislation Amendment (Critical Infrastructure) Bill 2020, which seeks to give  the government the power to “defend” networks of critical infrastructure providers under cyber attack. 

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has called for the powers to be “swiftly legislated”, while it continues consideration of other components. 

AWS says the reforms have been “substantial and meaningful”, having “a significant impact on building Australia’s cyber security and boosting confidence in the digital economy”.

“However, these reforms need time to take effect – and impacted entities allowed sufficient time for implementation – before the introduction of any new regulatory instruments or initiatives,” it said.

AWS wants “existing reforms, frameworks and program… be allowed space to be implemented, matured and evaluated before the introduced of addition regulatory measures”.