Mandatory Accreditation Gatekeeps Cybersecurity Innovation

This provision requires all cybersecurity professionals and practitioners to obtain Authority accreditation before practicing, with penalties of 250-20,000 penalty units for violations. The requirement creates significant barriers to market entry for new practitioners, startups, and independent consultants who must obtain government approval before offering services. Combined with the organizational licensing requirement in 15, this establishes a dual-layer gatekeeping system unusual in technology sectors. The undefined scope of "cybersecurity professional or practitioner" could capture security researchers, educators, or consultants, chilling innovation and informal knowledge-sharing. The provision lacks criteria for accreditation, appeal mechanisms, or recognition of international qualifications, concentrating discretionary power in the Authority without transparent standards.