Follow us

Online regulation has historically focused on more sinister corners of the internet, but with a rapidly evolving digital ecosphere, the Australian eSafety Commissioner has been increasing its regulatory presence and global tech companies have had to adapt.

Following the eSafety Commissioner’s second round of ‘transparency notices’ issued to online platforms (Google, Twitter, Twitch, TikTok and Discord) and this week’s announcement of the Industry  Codes, global companies with an online presence are scrambling to understand exactly what steps are required to ensure safe use of their platforms in Australia and compliance with the Online Safety Act (the Act).

We breakdown the current status of the online safety regulations and how they could apply to your business.



What are the regulations?

There is currently a three-tiered approach to regulating online safety in Australia:

  1. Online Safety Act 2021 the Act is the primary piece of legislation regulating issues including cyber-bullying, cyber-abuse, imaged-based abuse and online content.
  2. Basic Online Safety Expectations 2022 (the Expectations) set out in a Ministerial Determination, the Expectations contain a series of ‘core’ and ‘additional’ expectations which aim to increase transparency and accountability of online service providers. The Expectations centre around ensuring online service providers have adequate terms of service, moderation practices, reporting and risk processes in place to minimise online harm.
  3. Industry Codes – five out of the eight industry codes have now been published which create mandatory compliance requirements for online service providers.



Who do the regulations apply to?

The Online Safety Act protects end-users who are accessing content from Australia, regardless of whether a company has an Australian presence. While jurisdictional issues have not yet been tested, and enforcement may prove tricky when dealing with an overseas entity, businesses who are accessible by end-users in Australia should familiarise themselves with the domestic regulations in this space.

The enforcement focus of the eSafety Commissioner to date has been social media platforms, however, we expect to see this lens broaden to capture a wide range of services operating alongside the online industry. This follows the announcement of the new Industry Codes.



What are the Industry Codes?

This week, the eSafety Commissioner published five out of the eight Industry Codes, applying to:

  • social media services
  • app distribution services
  • hosting services
  • internet carriage services
  • manufacturers, suppliers, maintainers and installers of equipment used to access online services

The finalised codes will come into force on 16 December 2023 and create mandatory compliance requirements relating to moderation, risk assessments and reporting, depending on the nature of the service.

The Industry Code for search engine services has been stalled following developments in generative AI but is expected to be finalised soon.

The remaining codes applying to ‘relevant electronic services’ (including messaging and multi-player games) and ‘designated internet services’ (including all websites) have been determined to not meet the statutory requirements under the Act. The eSafety Commissioner will proceed to making an enforceable standard in replacement of these codes.

In addition to social media platforms and messaging service providers, did you know the Online Safety Act could also apply to:

  • all websites
  • search engines
  • app distributors
  • internet carriage services
  • anybody who manufactures, supplies or installs equipment used by end-users (including manufacturers of wi-fi routers, smart TVs, gaming consoles)
  • discussion forums and consumer review networks


What are the notices currently being issued to big tech?

In parallel to the development of the Industry Codes, ‘transparency notices’ are being progressively issued by the eSafety Commissioner to service providers across the online industry, requiring them to provide a report and answer questions relating to how they comply with the Expectations.



What are the consequences for non-compliance?

Failure to comply with an Industry Code carries a financial penalty of AUD$137,500 per instance of non-compliance.

While failing to respond to a transparency notice carries a financial penalty, failing to comply with the Expectations themself carry reputation harm, with the Commissioner publishing a statement to that effect on the eSafety Commissioner’s website.

There are also a number of avenues to enforce compliance relating to additional offences under the Act, including content removal and blocking notices, financial penalties and enforceable directions.



What next?

Online service providers (social media platforms in particular) who haven’t yet received a transparency notice from the Australian eSafety Commissioner may expect to receive one soon. In preparation for such a notice, service providers should familiarise themselves with the Expectations and consider implementing the ‘reasonable steps’ set out in Expectations.

In addition, online service providers should familiarise themselves with the Industry Codes and be ready to implement compliance measures by December this year.

Australian online safety series

A spotlight on Australian regulation, specifically addressing online safety

Key contacts

Kwok Tang photo

Kwok Tang

Partner, Sydney

Kwok Tang
Tania Gray photo

Tania Gray

Partner, Sydney

Tania Gray
Christine Wong photo

Christine Wong

Partner, Sydney

Christine Wong
Rachel Holland photo

Rachel Holland

Solicitor, Sydney

Rachel Holland

Stay in the know

We’ll send you the latest insights and briefings tailored to your needs