March 4,2025
5 mins
The Australian government has issued a directive mandating the removal of all Kaspersky Lab software and web services from federal systems, citing risks of espionage, foreign interference, and sabotage.
Announced under the Protective Security Policy Framework (PSPF) Direction 002-2025, the move requires non-corporate Commonwealth entities to identify and remove all instances of Kaspersky software by April 1, 2025, while also prohibiting future installations.
According to Home Affairs Secretary Stephanie Foster, the decision concerns Kaspersky’s “extensive collection of user data” and its potential exposure to “extrajudicial directions from a foreign government that conflict with Australian law.”
Let’s know more about it.
The PSPF Direction 002-2025 applies to all government-issued devices, including mobile phones, laptops, and third-party hardware, under the Public Governance, Performance, and Accountability Act 2013 (PGPA Act).
The ban explicitly targets Kaspersky’s cybersecurity solutions, cloud-based services, and threat intelligence platforms, though it does not apply to third-party software that may contain embedded Kaspersky code.
Foster’s assessment highlights the risk posed by Kaspersky’s telemetry and data analytics capabilities, which she warns could make government networks vulnerable to “transnational threat actors seeking unauthorized access.”
Australia’s decision follows similar actions by the United States, which banned Kaspersky from operating in North America in 2024 due to alleged ties to Russian intelligence. Other countries, including Canada and the U.K., have also restricted Kaspersky’s use in critical infrastructure, making Australia the third Five Eyes nation to enforce such a prohibition.
Related Read: What Personal Data Are Companies Tracking and How Can You Stay Safe?
While the directive applies broadly, specific national security, law enforcement, and regulatory agencies may apply for exemptions, provided they implement strict risk mitigation measures.
These include:
Entities seeking exemptions must submit detailed justifications to the Commonwealth Security Policy Branch by March 15, 2025, and will be subject to quarterly audits to ensure compliance.
The Department of Home Affairs has also urged state governments and critical infrastructure operators to follow similar cybersecurity measures. Additionally, private-sector contractors handling government data are advised to enhance their security protocols, reflecting the growing concern over third-party vendor risks.
Read More: Mac Malware Mayhem: How 100 Million Apple Users Can Protect Data
Kaspersky Lab has repeatedly denied any affiliation with government intelligence agencies, asserting that it operates independently.
In its 2023 Sustainability Report, the company highlighted its Cyber Immunity strategy, which prioritizes secure-by-design principles and transparency initiatives, including third-party code audits.
Western governments remain skeptical despite these assurances, particularly due to Russia’s Federal Law, which requires companies to store data locally and provide access to security agencies upon request.
The ban is part of a broader shift in global cybersecurity policy, emphasizing supply chain security, zero-trust architectures, and stricter software vetting processes. Analysts predict Australian agencies will accelerate the adoption of alternatives like CrowdStrike, Palo Alto Networks, and Microsoft Defender for Endpoint.
Additionally, the directive aligns with PSPF Direction 002-2024, which mandates rigorous IT inventory controls for internet-facing systems, reinforcing the government’s push toward greater cybersecurity resilience.
Also Read: IoT Data Breach Exposed 2.7 Billion Records: Data Breach Prevention Tips
Australia’s decision to prohibit Kaspersky products highlights the growing geopolitical tensions influencing cybersecurity policies worldwide.
Supporters argue the move reduces national security risks, while critics claim it may strain diplomatic relations and limit access to affordable cybersecurity solutions. Regardless, the decision reflects a paradigm shift away from unchecked software dependency, signaling a future where nations prioritize self-reliance and proactive cyber defense over cost-effective but potentially risky software solutions.
Protecting your data is essential in today’s digital world, where every click can expose you to cybersecurity risks. Protecting your information from hackers and system vulnerabilities is crucial whether you’re on your phone, tablet, or desktop.
Here are some top tips to help you safeguard your digital life:
Don’t let cyber threats catch you off guard—secure your digital world now!
Upgrade to AVP Suite today for unstoppable protection and peace of mind!
The Australian government, meanwhile, has come up with a directive that signals that the Kaspersky Lab software and services should be removed entirely from all federal systems. This is due to dangers like espionage, foreign interference, or sabotage among the risks cited.
Under the Protective Security Policy Framework (PSPF) Direction 002-2025, this has called for the non-corporate Commonwealth entities to identify and remove Kaspersky software by April 1, 2025, and forbid any further installations.
Home Affairs Secretary Stephanie Foster’s decision concerns Kaspersky’s “extensive collection of user data” and its potential exposure to “extrajudicial directions from a foreign government that conflict with Australian law.”
Let’s know more about it.
The PSPF Direction 002-2025 applies to all government-issued devices, including mobile phones, laptops, and third-party hardware, under the Public Governance, Performance, and Accountability Act 2013 (PGPA Act).
Specifically, the ban encompasses Kaspersky’s cybersecurity solutions, cloud-based services, and threat intelligence platforms but excludes third-party software embeds with Kaspersky code.
It also mentions the risk due to Kaspersky’s telemetry and data analytic capabilities, which potentially causes vulnerability of government networks by “transnational threat actors seeking unauthorized access,” in Foster’s assessment.
Most importantly, Australia made this decision following the steps taken by the United States of America, which, in 2024, banned the use of Kaspersky in North America because of its relations with Russian intelligence.
Australia’s decision follows similar actions by the United States, which banned Kaspersky from operating in North America in 2024 due to alleged ties to Russian intelligence. Other countries, including Canada and the U.K., have also restricted Kaspersky’s use in critical infrastructure, making Australia the third Five Eyes nation to enforce such a prohibition.
Related Read: What Personal Data Are Companies Tracking and How Can You Stay Safe?
Whilst broadly applicable, the directive could see exceptions from national security, law enforcement, and regulatory bodies should they propose appropriate robust risk mitigation approaches.
Such exceptions include:
Deadline: Justification requests for exemption should be submitted to the Commonwealth Security Policy Branch on or before March 15, 2025, with a quarterly audit for compliance.
In addition, the Department has encouraged state governments and critical infrastructure operators to observe these cybersecurity measures. Advisory also extends to private-sector contractors that handle government data to escalate their security to a higher level, showing an increased concern over third-party vendor risks.
Read More: Mac Malware Mayhem: How 100 Million Apple Users Can Protect Data
Kaspersky Lab has often denied business with government intelligence agencies; it operates independently.
Kaspersky highlighted its Cyber Immunity strategy, as it called in its 2023 Sustainability Report, which prioritizes secure-by-design principles and transparency initiatives like third-party code audits.
However, Western governments remain unimpressed since companies in Russia have to operate under the Federal Law that requires all data to be stored locally and made accessible by security agencies upon request.
Nations worldwide are shifting their cybersecurity policies. They are now advocating an emphasis on securing the supply chain, establishing zero-trust architectures, and implementing stringent software vetting processes.
However, analysts predict that Australian governments would speedily favor alternatives such as CrowdStrike, Palo Alto Networks, and Microsoft Defender for Endpoint.
The directive complements PSPF Direction 002-2024, which requires strict IT inventory controls for systems exposed to the Internet in furtherance of the government’s drive toward enhanced cybersecurity resilience.
Also Read: IoT Data Breach Exposed 2.7 Billion Records: Data Breach Prevention Tips
The decision to prohibit Kaspersky products is Australia’s growing reaction to the geopolitical sources of tension that underscore cybersecurity policy worldwide.
For proponents, it lessens threats to national security; for critics, it builds a diplomatic wall around Australia and restricts access to low-priced cybersecurity.
AVP Suite detects and secures it instantly & provides 24/7 protection
Try AVP Suite for Free!Protecting your data is essential in today’s digital world, where every click can expose you to cybersecurity risks. Protecting your information from hackers and system vulnerabilities is crucial whether you’re on your phone, tablet, or desktop.
Here are some top tips to help you safeguard your digital life:
Don’t let cyber threats catch you off guard—secure your digital world now!
Upgrade to AVP Suite today for unstoppable protection and peace of mind!
AVP Suite shields it from cyber threats & keeps hackers at bay
Claim Your Free Trial!