Dual Accreditation Burden Restricts Market Access

This provision requires all cybersecurity professionals to obtain Authority accreditation before practicing, while simultaneously prohibiting businesses from engaging unaccredited practitioners (250-20,000 penalty units). Combined with the preceding licensing requirement for service providers (50,000-100,000 penalty units), this creates a two-tier regulatory system unprecedented in OECD democracies where cybersecurity is typically unregulated. Businesses face cascading compliance obligations: verifying practitioner accreditation status, maintaining documentation, and bearing liability for engaging unaccredited individuals - creating operational costs and market access barriers that restrict competition and raise service delivery costs.