The Australian government will ban antivirus software from Russian cybersecurity company Kaspersky on all its devices and systems, claiming it poses an “unacceptable security risk” to networks and data.
Home Affairs secretary Stephane Foster issued a mandatory directive on Friday prohibiting the use of the company’s software over foreign interference and espionage concerns.
The move comes six months after the United States government banned local sales of Kaspersky products over the company’s alleged ties to the Russian government.
Kaspersky has been the subject of controversy since 2017, when its software was reportedly used by Russian hackers to obtain classified documents from a US National Security Agency employee.
According to the direction, all non-corporate Commonwealth entities will need to “prevent the installation of Kaspersky Lab Inc. products and web services”, and remove all existing instances, by 1 April 2025, the directive states.
It follows advice from intelligence agencies that the software “poses an unacceptable security risk to Australian government, networks and data, arising from threats of foreign interference, espionage and sabotage”, Ms Foster said.
“Entities must manage the risks arising from Kaspersky Lab, Inc.’s extensive collection of user data and exposure of that data to extrajudicial directions from a foreign government that conflict with Australian law,” the directive states.
Only agencies involved in “national security or regulatory functions, including compliance and law enforcement functions” can seek an exemption to the ban, if mitigations are in place.
The ban is also intended to act as a “strong policy signal to critical infrastructure and other Australian government’s regarding the unacceptable security risk associated with the use of Kaspersky Lab, Inc. products and web services”.
In that way, it is designed to work the same way as the government’s ban of Chinese AI software DeepSeek earlier this month, which many critical infrastructure operators and state governments have also implemented.
Australia is the third Five Eyes nation to ban Kaspersky from government systems, joining the US — which barred department’s from using the software in 2017 — and Canada.
The United Kingdom has also banned Kaspersky from national security departments since 2017. Other countries to ban the company’s software in one way or another include the Netherlands, Italy, Lithuania and Romania.
Australia’s ban follows a lengthy US investigation last year that found Kaspersky’s links to the Kremlin “could not be addressed through mitigation measures short of a total prohibition”.
While the US has banned the sale of Kaspersky software in country, businesses will not face legal penalties if they continue to use existing software instances.
Do you know more? Contact James Riley via Email.