Security Industry Regulation in Australia: 2026 Update

The Australian security industry operates within one of the more complex regulatory environments in the world. With eight separate state and territory licensing regimes, overlapping federal legislation, and evolving standards driven by changing threat landscapes, staying current on regulatory requirements is a continuous challenge for security companies and individual operators alike.

As we move through 2026, several significant regulatory developments are reshaping how security businesses operate, how operators are licensed and monitored, and how compliance is enforced. This article provides an overview of the regulatory landscape and highlights the changes that matter most for executive protection and close protection professionals.

Key Regulatory Bodies Governing Australian Security

Understanding who regulates what is the first step in navigating the compliance landscape. The Australian security industry is overseen by a combination of state, territory, and federal bodies, each with distinct responsibilities.

At the state and territory level, the primary regulatory bodies include:

• NSW Police Force — Security Licensing and Enforcement Directorate (SLED) — responsible for licensing, compliance, and enforcement under the Security Industry Act 1997
• Victoria Police — Licensing and Regulation Division — administers the Private Security Act 2004, including bodyguard-specific licence categories
• Queensland Office of Fair Trading — manages licensing under the Security Providers Act 1993 and conducts compliance audits
• WA Police — Security — oversees the Security and Related Activities (Control) Act 1996
• SA Consumer and Business Services — administers the Security and Investigation Industry Act 1995
• Tasmania — Consumer, Building and Occupational Services — regulates under the Security and Investigations Agents Act 2002
• NT Police — Firearms and Security — manages the Private Security Act 1995
• ACT — Access Canberra — administers security licensing in the Australian Capital Territory

At the federal level, several agencies have indirect but important influence on the security industry:

• Australian Security Intelligence Organisation (ASIO) — conducts security assessments for operators working in critical infrastructure or government-adjacent roles
• Australian Criminal Intelligence Commission (ACIC) — provides criminal history information used in licence applications
• Safe Work Australia — sets the national framework for work health and safety that applies to all security operations
• Australian Skills Quality Authority (ASQA) — regulates the registered training organisations (RTOs) that deliver security industry qualifications

This multi-layered regulatory structure means that security companies must maintain awareness of developments across multiple agencies and jurisdictions simultaneously.

US regulatory comparison. The United States has a similarly fragmented regulatory structure, though without the degree of federal oversight that bodies like ASQA and Safe Work Australia provide. Each US state maintains its own security licensing authority — such as California's BSIS, New York's DOS, Texas's DPS, and Florida's DOACS. At the federal level, agencies such as the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) influence security industry standards for critical infrastructure and transportation security. The professional body ASIS International, while not a regulator, plays a significant standard-setting role through its certifications and published guidelines. US operators face a comparable challenge of tracking regulatory changes across multiple state jurisdictions simultaneously.

Major Regulatory Changes in 2025–2026

Several regulatory developments from late 2025 and early 2026 have direct implications for security operators and companies across Australia.

Enhanced training standards. Following an extensive review of security industry training, several states have adopted updated competency requirements aligned with the revised CPP Security Training Package. The changes emphasise scenario-based assessment, de-escalation techniques, and cultural competency. Close protection operators in particular face increased requirements around threat assessment methodology and protective intelligence. Transitional arrangements are in place in most jurisdictions, giving existing licence holders time to complete additional training units before their next renewal.

Strengthened background checking. Multiple states have expanded the scope of background checks required for security licence applications and renewals. In addition to criminal history checks, some jurisdictions now require ongoing monitoring through continuous criminal history checking arrangements, where licence holders are flagged if they come to police attention between renewal periods. This represents a shift from point-in-time vetting to continuous suitability assessment.

Digital licensing initiatives. NSW and Victoria have both advanced digital licensing projects that allow operators to hold and present their security licences electronically via official government applications. This reduces the risk of lost or expired physical licences and simplifies verification for employers and clients. Other states are expected to follow with similar digital licence initiatives over the coming twelve to eighteen months.

Increased penalties for non-compliance. Several jurisdictions have increased the maximum penalties for security industry offences, including operating without a licence, employing unlicensed personnel, and failing to maintain required records. In Queensland, for example, maximum penalties for serious breaches have increased significantly, reflecting the government's view that inadequate regulation of the security industry poses a public safety risk.

Critical infrastructure obligations. The Security of Critical Infrastructure Act 2018 (Cth), as amended, continues to expand the obligations of security providers working in critical infrastructure sectors including energy, transport, telecommunications, and data centres. Security companies providing protective services to these sectors face additional reporting requirements, personnel vetting standards, and operational protocols.

Impact on Security Companies and Operators

The cumulative effect of these regulatory changes is a higher compliance burden for security businesses and a greater emphasis on operational professionalism across the industry.

For security companies, the key impacts include:

• Increased administrative overhead — managing enhanced background checks, updated training records, multi-state licensing, and digital licence systems requires more sophisticated record-keeping and compliance management
• Higher training costs — the expanded training standards mean additional investment in operator development, both for new hires and existing staff who need to complete transitional requirements
• Greater enforcement exposure — with increased penalties and more active regulatory auditing, the consequences of compliance failures are more severe than in previous years
• Client-driven compliance demands — corporate and government clients are increasingly requiring security providers to demonstrate compliance through auditable records, certifications, and technology-enabled reporting

For individual operators, the changes mean that maintaining a current licence requires more active engagement with training, background checking, and administrative processes. The days of obtaining a security licence and forgetting about compliance until renewal are over. Operators who treat their licence as a living credential — keeping training current, reporting changes in circumstances, and maintaining professional development records — will be better positioned than those who approach compliance as a periodic inconvenience.

Staying Compliant With Evolving Regulations

Given the pace and complexity of regulatory change, security companies need systematic approaches to compliance management rather than ad hoc responses to individual regulatory updates.

Effective compliance management for Australian security businesses involves several elements:

• Regulatory monitoring — establishing processes to track legislative changes, regulatory guidance, and enforcement actions across all relevant jurisdictions
• Centralised records management — maintaining a single source of truth for all licence, training, insurance, and compliance documentation, accessible to authorised personnel across the organisation
• Automated expiry tracking — implementing systems that monitor expiry dates for licences, training certifications, first aid qualifications, and other time-sensitive credentials, with proactive alerts before deadlines
• Audit readiness — maintaining records in a format that can be readily produced for regulatory audits, client reviews, or legal proceedings without scrambling to compile documentation
• Training management — tracking which operators have completed which training units, identifying gaps against current requirements, and scheduling professional development to maintain currency

Technology plays an increasingly important role in managing this complexity. Platforms like EP-CP provide security companies with purpose-built tools for compliance management, integrating licence tracking, training records, and operational documentation into a single command platform. For organisations operating across multiple Australian states and territories, this kind of centralised compliance infrastructure transforms regulatory management from a reactive burden into a proactive capability.

The regulatory environment for Australian security will continue to evolve. Companies that invest in robust compliance systems and maintain a culture of professional accountability will not only avoid penalties — they will differentiate themselves in a market where clients increasingly value demonstrated regulatory adherence alongside operational excellence.