All writing
18 min read

The Essential Eight is being retired. Australian CISOs have nine days to shape what replaces it.

ASD is retiring the Essential Eight and consulting on Essentials for Enterprise IT until 12 July 2026. Here is what actually changes, why ML2 is about to move, and what CISOs should do this week.

WT
Wai Tech Editorial
Written with AI assistance

The Australian Signals Directorate has quietly done the most important thing it will do all year. On 20 June 2026 the ACSC published a consultation notice confirming that the Essential Eight, the framework that has anchored Australian cyber controls for a decade and become the de facto floor for Commonwealth procurement, will be deprecated within twelve months and retired within twenty four. Its replacement, a broader series called Essentials, opens with a first chapter titled Essentials for Enterprise IT. Feedback closes at the ACSC Cyber Security Partnership Program portal on 12 July 2026.

That deadline is nine days away. Most Australian CISOs and Heads of Security this week are still running Essential Eight uplift programs against the old maturity model. Most Australian MSPs have their PSPF ML2 offers priced against the current definition of Application Control, Restrict Administrative Privileges, and Multi-Factor Authentication. Most Australian cyber insurance renewals opening in Q1 FY27 will still cite Essential Eight compliance as a pricing input. The framework everyone is working against is changing under them, and the window to influence what it changes into is closing.

This is not a rebadge. It is the biggest reset in Australian civilian cybersecurity guidance since the Essential Eight was published in 2017. Read it carefully.

What ASD actually announced

ASD is not deleting the Essential Eight in one step. There is a deliberate handover. The Essential Eight remains a live document alongside Essentials during the transition, and ASD has been explicit that the investment organisations have made under the current framework carries forward. The controls do not disappear. The way they are described, measured, and connected to the wider architecture is what changes.

Three initial chapters are planned. Essentials for Enterprise IT is the direct successor to the Essential Eight and the one currently open for consultation. Essentials for Operational Technology and Essentials for Cloud will follow, addressing environments the Essential Eight was never designed for. A fourth chapter on agentic AI has been flagged by ASD as likely, but has not yet been formally scoped. That is a very deliberate signal to the market, and one worth reading in detail below.

The design philosophy is where the real work is. The Essential Eight is a prescriptive control ladder: apply these eight mitigations, at these maturity levels, against these specific technologies. Essentials for Enterprise IT is outcomes based. It describes the security result an organisation needs to achieve, references ASD's Modern Defensible Architecture work as the target state, and gives organisations flexibility to reach it with whatever tooling suits their environment.

That sounds subtle. It is not. It reshapes how Australian firms buy, audit, and defend security programs.

Why the outcomes model is a bigger change than it looks

The Essential Eight was easy to sell and easy to audit precisely because it was prescriptive. A CFO could read a maturity level definition, sign off on the tooling required to hit it, and move on. An MSP could productise a package labelled ML2. An assessor could tick a control against a specific configuration and report a maturity number.

Outcomes based guidance breaks that. Under Essentials for Enterprise IT the question is not whether Application Control is configured to a defined ML2 pattern. The question is whether the organisation can demonstrate that unauthorised code cannot execute on its endpoints in the ways ASD expects a modern defensible enterprise to prevent. Two organisations achieving the same outcome with different tooling both pass. An organisation ticking the old ML2 configuration box without achieving the outcome does not.

For a security team this is a promotion. It rewards architects and detection engineers who understand attacker behaviour rather than compliance specialists who understand control catalogues. For a CIO buying MSP services this is a re tender event. The mid market MSP whose ML2 package was defined against 2019 Windows fleets now has to prove it can deliver the same outcomes on a stack that includes SaaS, containers, non person identities, and agentic AI. Most cannot.

The commercial consequence is that the Australian security services market will bifurcate over the next twelve months. Firms that can articulate outcomes and demonstrate architecture will move up market. Firms that were productising ML2 checklists will be repriced.

Modern Defensible Architecture is the new anchor point

Essentials for Enterprise IT does not sit in isolation. It draws heavily on ASD's Modern Defensible Architecture work, which was consulted on in early 2025, updated on the back of feedback from more than 240 stakeholders, and formally published in the current form as ten foundational secure design and architecture practices. The MDA foundations are the target state Essentials is written against.

MDA is a zero trust framework in Australian language. It anchors on three principles: never trust, always verify, assume breach, and verify explicitly. It emphasises defence in depth over perimeter, protection of the "crown jewels" over undifferentiated hardening, and secure by design as a procurement expectation rather than a post hoc check. It was co developed with international partners including CISA, NCSC, and cyber agencies from Canada, New Zealand, Germany, Japan, and South Korea, which matters because it means Australian outcomes guidance will be interoperable with Five Eyes and allied partner controls in a way the Essential Eight never was.

For an Australian CISO the practical read is this. The security architecture posture that Essentials for Enterprise IT will assess against was already written down. It sits on cyber.gov.au. Any organisation whose FY27 program is not building toward MDA is building toward something that will fail the new framework on outcomes even if it passes the old checklist.

ML2 is the number that will move

The single most important commercial detail in this shift concerns Maturity Level 2. Under the current framework, ML2 is the mandatory baseline for non corporate Commonwealth entities under the Protective Security Policy Framework. It is written into government supplier contracts, defence supply chain assurance programs, APRA regulated financial services expectations, and the cyber insurance underwriting questions that decide whether an Australian mid market firm gets covered, gets covered with exclusions, or gets refused.

Under Essentials for Enterprise IT the concept of a numbered maturity ladder is being deemphasised. The consultation draft does not commit to a direct 1:1 mapping between ML1, ML2, and ML3 and equivalent Essentials tiers. What the framework will provide instead is a set of prioritised, threat informed outcomes, with reference implementations that map to the current maturity levels during the transition.

Practically that means three things. First, an organisation that has hit ML2 today has done work that will still count under Essentials, and ASD has said so directly. Second, the certainty that "ML2 equals compliant" will erode. An organisation will need to be able to describe the outcome it is achieving, not just the level it holds. Third, PSPF language, procurement clauses, and insurance forms will need to be rewritten during the transition. Anyone with a Commonwealth contract renewing in 2027 should assume the clauses they signed in 2024 no longer describe the assurance model they will be measured against.

That is the reality Australian Heads of Compliance and General Counsel need to be planning for now, not in twelve months.

The agentic AI signal is the important one

The line in the ASD consultation notes that reads "agentic AI may warrant its own chapter" deserves more attention than it has received. Read at face value it is a hedge. Read as a signal from a Five Eyes cyber authority that has already co signed the CISA and NSA led Careful Adoption of Agentic AI Services guide, released on 1 May 2026, it is a statement of intent.

The joint Five Eyes guide identifies five distinct risk categories that agentic systems introduce to enterprise networks: privilege, design and configuration, behavioural, structural, and accountability risks. It calls out non person identity management as the single most under addressed control gap. It recommends that each agent operate under a verified, cryptographically secured identity, use short lived credentials, and encrypt all inter agent and agent to service communications. It flags prompt injection embedded in emails and documents as a route by which an agent can be persuaded to download malware on behalf of the user it is acting for.

None of that is a natural fit for the Essential Eight. Application Control was written for user launched executables, not for agentic loops running under service principals. Restrict Administrative Privileges was written for human role definitions, not for AI agents that need scoped access to email, calendar, SharePoint, and CRM data on behalf of a user. Patch Applications and Patch Operating Systems were written for a version cadence that does not apply to a foundation model behind an API.

An agentic AI chapter under Essentials is the mechanism by which ASD closes that gap. It is likely to include specific identity requirements for non person entities, credential lifecycle expectations for agent identities, tenant boundary controls for tools an agent can invoke, prompt injection resistance as a design outcome, and accountability chain requirements that force human sign off on high impact actions. Every Australian firm currently piloting AI agents in production, and there are many, will be building against those expectations whether or not the chapter is formalised in this consultation round.

Firms deploying agentic AI in customer service, in engineering, in finance, or in HR should treat the coming Essentials for Agentic AI chapter as the framework that will define whether their deployment is auditable and insurable. The prudent move is to build to that expectation now, not to retrofit against it in 2027.

Nine days to influence the framework

The consultation on Essentials for Enterprise IT is not a rubber stamp. ASD has been explicit that feedback from government, industry, and organisations currently operating against the Essential Eight will shape the framework. The Modern Defensible Architecture consultation that ran across 2025 attracted 240 formal submissions from Australian critical infrastructure, ICT vendors, MSPs, and government agencies, and materially altered the final document. There is no reason to expect the Essentials consultation to be different.

Submissions go through the ACSC Cyber Security Partnership Program portal at partners.cyber.gov.au. Membership in the partnership program is free and available to organisations of any size. Feedback is due by 12 July 2026.

The most valuable submissions will not be lists of preferences. They will be concrete, situated observations from Australian security teams. What breaks when an outcomes based framework replaces a prescriptive one. Where the transition from ML2 to an equivalent Essentials posture creates gaps in a specific PSPF or APRA context. What the appropriate baseline should be for a 200 seat professional services firm running Microsoft 365 with a small internal IT function and one MSP. What the framework needs to say about identity management for agentic AI before organisations deploy at scale.

An Australian firm that has done material Essential Eight work over the last three years has data ASD does not have and cannot easily get. That data, submitted concisely into the consultation before 12 July, will shape the definition that governs the next decade of Australian enterprise cyber programs. Nine days is enough to have a considered say. It is not enough for a firm that has not started thinking about it yet.

What to do this week

The disciplined move for an Australian CISO or Head of Security this week is short and sequenced.

Read the ASD consultation notice on cyber.gov.au and the Modern Defensible Architecture Foundations document. If a firm's FY27 security roadmap does not reference MDA, treat the next two weeks as a road map re baselining exercise.

Audit current Essential Eight ML positioning honestly against the outcomes the Essentials framework will assess. Where the tooling was configured to pass a checklist rather than achieve the outcome, that is now technical debt on a clock.

Identify the two or three transition risks that matter most in your context. For a Commonwealth supplier, that is the moment PSPF procurement clauses stop referring to ML2 and start referring to Essentials outcomes. For an APRA regulated firm, it is the interaction between Essentials, CPS 234, and the CPS 230 operational resilience obligations. For a mid market firm relying on an MSP, it is whether the MSP has an Essentials aligned service offering ready to sell.

Submit written feedback to the ACSC Partnership Program portal before 12 July. Keep it specific. Cite the environment, cite the outcome, cite the point at which the framework as currently drafted helps or hinders it.

Begin scoping the agentic AI risk chapter as a live workstream, not a monitoring item. Use the Five Eyes Careful Adoption of Agentic AI Services guide as the current best statement of what Australian regulators expect. Any AI agent going into production between now and mid 2027 should already be built to that guide's identity, privilege, and accountability recommendations.

The bigger frame

Australia is not moving to Essentials because the Essential Eight failed. It is moving to Essentials because the enterprise IT environment the Essential Eight was written for is not the environment Australian organisations now run. Cloud is dominant. SaaS is where the sensitive data actually sits. Non person identities outnumber employees inside most enterprise tenants. Agentic AI is being provisioned at seat level by Business Standard customers who could not describe their zero trust posture if asked. The threat surface changed. The controls needed to change with it.

The Essential Eight will be remembered as one of the most successful pieces of cybersecurity guidance any English speaking government has produced. It set a floor that pulled thousands of Australian firms into a defensible posture. What Essentials for Enterprise IT is being asked to do is harder. It is being asked to hold the same floor while accommodating cloud, OT, and AI, in a form that organisations of very different maturities can implement without turning into a checklist exercise.

Whether the framework achieves that depends materially on what Australian industry submits to the consultation over the next nine days. This is the last window in which industry gets to influence what the floor looks like before it becomes the reference for procurement, insurance, PSPF, and Board risk appetite for the rest of the decade.

Wai's ARC platform is built on the same architectural principles the Modern Defensible Architecture foundations describe: zero trust anchored, identity centred, outcomes measured, agent aware. The organisations we work with are already building to the framework Essentials will formalise, because they were building to the underlying problem before the framework changed. That is the correct posture for any Australian technology firm heading into the second half of 2026.

Frequently asked questions

Is the Essential Eight being retired in 2026?

The Essential Eight is being deprecated within approximately twelve months and formally retired within approximately twenty four months, based on ASD's June 2026 announcement. During the transition, both the Essential Eight and the new Essentials series will remain live documents. Investments made under the Essential Eight will continue to be recognised under Essentials.

When does the consultation on Essentials for Enterprise IT close?

Consultation on the first chapter of the Essentials series, Essentials for Enterprise IT, is open through the ACSC Cyber Security Partnership Program portal and closes on 12 July 2026. Feedback is being solicited from government, industry, regulators, and organisations currently operating against the Essential Eight.

What is Essentials for Enterprise IT?

Essentials for Enterprise IT is the direct successor to the Essential Eight and the first chapter of ASD's broader Essentials series. It shifts from prescriptive controls tied to specific technologies toward outcomes based, threat informed mitigations, and is anchored to ASD's Modern Defensible Architecture. Additional chapters will cover Operational Technology and Cloud, with an Agentic AI chapter likely to follow.

Do Australian businesses still need to meet Essential Eight Maturity Level 2?

Yes, during the transition period. ML2 remains the mandatory baseline for non corporate Commonwealth entities under the Protective Security Policy Framework, and it is still referenced in Commonwealth procurement contracts, cyber insurance underwriting, and critical infrastructure assurance programs. Over the next two years, those references will migrate to Essentials outcomes. Work completed against ML2 will carry forward, but organisations will increasingly need to describe the outcomes they achieve, not just the maturity level they hold.

How will agentic AI be covered under the new framework?

ASD has indicated that agentic AI may warrant its own chapter under Essentials, distinct from Enterprise IT, Cloud, and Operational Technology. That chapter is expected to address non person identity management for AI agents, short lived credentialing, tool boundary controls, prompt injection resistance as a design outcome, and accountability chains for high impact agent actions. The Five Eyes Careful Adoption of Agentic AI Services guide, co signed by ASD's ACSC in May 2026, is the current best statement of the expected direction.

How do I submit feedback on the Essentials framework?

Submissions are made through the ACSC Cyber Security Partnership Program portal at partners.cyber.gov.au. Partnership Program membership is free and open to organisations of any size. Effective submissions are concrete, situated observations from Australian security teams rather than general preferences.

What is Modern Defensible Architecture?

Modern Defensible Architecture is a zero trust anchored security architecture framework published by ASD in collaboration with international partners. It describes ten foundational secure design and architecture practices covering identity, network, endpoint, data, and application security, and it forms the target state that Essentials for Enterprise IT will assess organisations against.

What should CISOs do before the 12 July deadline?

Review the Essentials for Enterprise IT consultation and the Modern Defensible Architecture Foundations document. Audit current Essential Eight positioning against the outcomes the new framework will assess. Identify the two or three transition risks most material to your context. Submit written feedback through the ACSC Partnership Program portal. Begin scoping agentic AI as a live workstream against the Five Eyes joint guidance.

Keep reading

More writing.

A few more pieces along the same thread. See the full index for everything.

Subscribe

One short note, as it happens.

The writing above, delivered to your inbox when we publish it. No other emails, no tracking pixels, and you can leave in a click.