6 min read

The Online Regulation Series | Australia

You can access the ORS Handbook here

Australia’s regulatory framework:

Main bodies overseeing online regulation:

  • The e-Safety Commissioner is empowered under the Enhancing Online Safety Act 2015.

    • The Commissioner administers the Online Content Scheme and can issue notices to service providers for content in violation of the Criminal Code Amendment Act 2019.

    • The Commissioner can also give written directions to ISPs to block Australian access to material that exposes the community to online terrorist and extreme violent material during crisis events.

Key takeaways for tech companies:

  • All internet content and service providers operating in Australia are to comply with the Online Content Scheme, which provides a legal basis for prohibited online content.

  • Violation of the Criminal Code Amendment Act 2019 – by either providing a content service or hosting service which can be used to access abhorrent violent material, and by failing to ensure expeditious removal or cease hosting of it following notification from authorities, or failing to refer details to the Australian Federal Police after becoming aware of such content being available on their service – can be sanctioned by:

    • A fine of AU$2.1 million (around $1.5 million) or up to three years in prison (for an individual providing the content services or hosting services).

    • A fine up to AU$10.5 million or 10% of annual revenue for each offense (for a company).

  • The e-Safety Commissioner can initiate investigations relating to online content and is able to take enforcement actions, such as by issuing notices:

    • The Commissioner can trigger the blocking of access in Australia to certain content hosted overseas by notifying the Australian ISPs of the content.

    • The e-Safety Commissioner can issue a notice, under the Criminal Code Amendment Act 2019, triggering the presumption that a service provider has been “reckless” about its service hosting abhorrent violent material.

  • Tech companies should keep up to date with advancements on the Australian Government’s proposed Online Safety Act, which finished its consultation process in February 2020 and is pending a government response.

“Harmful and illegal” online content

Harmful and illegal online content have been regulated in Australia since the late-1990s via the Broadcasting Services Amendment (Online Services) Act of 1999, which established the legislative framework for online content regulation in the country.

Under this framework, online content is regulated under Schedule 5 and 7, through the Online Content Scheme which establishes a complaints-based mechanism. Schedule 5 outlines provisions in relation to internet content hosted outside Australia, while Schedule 7 focusses on content services and user-generated content on the internet and mobile services hosted in or provided from Australia. Schedule 7 additionally defines “prohibited” or “potentially prohibited” content, where “prohibited” content is content that has been classified by the Classification Board as X18+ or RC (refused classification). Generally, the Online Content Scheme places restrictions on the types of online content that can be hosted or provided by internet service providers (ISPs) and content service providers.

Under the Enhancing Online Safety Act 2015, which promotes online safety for all Australians, the Online Content Scheme came into the administration of the newly established Australian e-Safety Commissioner. The e-Safety Commissioner oversees the regulation of access to illegal and “harmful” online content (“prohibited content” and “potential prohibited content”).

The Commissioner responds to content complaints and has the capacity to initiate certain investigations relating to online content. The e-Safety Commissioner is able to take enforcement action, and indeed frequently reports particularly serious content to international law enforcement for investigation and removal. Although it cannot issue takedown notices for overseas hosted content, it can trigger the blocking of access to certain overseas hosted content through notifying Australian ISPs of the content. The Commissioner releases annual reports including evidence on their performance, key corporate information, and details against the mandatory reporting requirements. These reports include the number of investigations conducted into potentially prohibited online content, the number of URLs hosting material identified as likely to be prohibited, and the amount of notices to overseas services conducted in related to abhorrent violent material.

“Abhorrent violent material” and recklessness

Most recently, the Australian government enacted the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019 – amending the 1995 Code. This amendment applies to ISPs, content service providers and hosting service providers anywhere in the world, including websites, social media platforms, and content management or cloud solution providers.

The Act creates two new types of offenses under the Criminal Code. The first is the failure by a service provider to notify the Australian Federal Policy within a “reasonable time” that “abhorrent violent material” relating to a conduct that is occurring in Australia is accessible on a service. According to the Act, the new category of content, “abhorrent violent conduct”, refers to terrorism, murder, attempted murder, torture, rape or kidnapping. The second is the failure by a service provider to “expeditiously” remove, or cease to host, abhorrent violent material that is accessible within Australia. It is not clear how much time a platform has to comply with the legislation’s requirements, since the Act does not define “expeditious”. The Act further introduced the notion of “recklessness”, stating that a company has been “reckless” if its service is being used to access or host abhorrent violent material.

The Criminal Code amendment empowers the e-Safety Commissioner to issue a notice triggering the presumption that a service provider has been “reckless” about its service hosting abhorrent violent material, unless the service provider can prove otherwise. According to Evelyn Douek, the law passed through both houses of parliament in a remarkably short time, limiting the possibility of any consultation from the industry or civil society. The UN special rapporteurs on counterterrorism and human rights and freedom of expression shared their comments on the law with the government via a letter, noting that the law raises serious concerns about freedom of expression, such as a consequence of imposing heavy fines and imprisonment on Internet intermediaries. The letter also addresses concerning ambiguities in the law, namely the definition of a “terrorist act” and “expeditiously”.

Future proposals – The Online Safety Act

The Australian Government is currently looking into proposing a new Online Safety Act in order to reform and expand the online safety laws. This proposed Act would introduce a range of new aspects, including 24 hour take-down deadlines for harmful online content, and further empower the e-Safety Commissioner to direct Australian ISPs to block access to sites hosting terrorist or extreme violent material for a defined period where an online crisis event occurs.

The government also published an Online Safety Charter, defining their expectations of online service providers to protect Australians online, such as requesting service providers to take preventative steps to ensure that their service is less likely to facilitate, inflame or encourage illegal and inappropriate behaviours.

Legislation on Encryption

In 2018, the Australian federal parliament enacted the Telecommunications and Other Legislation Amendment (Assistance and Access) Act (TOLA), also known by the Media as the ‘encryption laws’. This legislation enables law enforcement and intelligence agencies to require technical assistance from ‘designated communications providers’, encompassing 15 company types and spanning from social media companies to small hardware and software suppliers. The legislation permits a near unlimited range of technical assistance, going beyond decryption to include modifying consumer products and services.

However, the TOLA includes inspection and reporting requirements by the Commonwealth Ombudsman and the Home Affairs Minister. The Commonwealth Ombudsman may inspect the records of an interception agency to determine the extent of compliance by the agency and may conduct a written report to the Home Affairs on the results of the inspections. Furthermore, the Home Affairs Minister must prepare a written annual report that outlines the number of technical assistance requests and notices, as well as technical capability notices, that were given during the year by the chief of officers of interception agencies.

The legislation has been criticised by legal, civil society, and human rights organisations for having been enacted in a short timeframe and with little public consultation, as well as for its extensive powers, lack of clarity, and limited transparency requirements for the tech sector. Many groups quickly wrote submissions to the Bill, including: Apple Inc., Australian Human Rights Commission, Australian Information Industry Association, Australian Information security Association, Digital Industry Group, and the Law Council of Australia. Despite the many issues raised, the Bill was passed in a single day. The enacted version of the Bill did include a list of amendments introduced by the government; however, none addressed the most commonly cited concerns, including the vagueness of possible technical assistance and a lack of judicial oversight.

Reviews into the TOLA have been conducted by the Parliamentary Joint Committee on Intelligence and Security (PJCIS) and the Independent National Security Legislation Monitor (INSLM). Although the INSLM has published its report, the PJCIS has yet to publish its review.


Arboleda Nico, (2020), “Telcos, Govt Reach Agreement on How to Block Terrorist Content”, CRN

Baker McKenzie (2019),  "Unprecedented Penalties for Enabling the Sharing of Abhorrent Violent Material Online"

Baker McKenzie (2020), “Australian Government Opens Consultation on New Online Safety Act”

Department of Communications and the Arts (2019), Online Safety Legislative Reform Discussion Paper, Australian Government

Douek Evelyn (2019), “"Australia’s New Social Media Law Is a Mess” , Lawfare Blog

Kaye David, Special Rapporteur on the Right to Freedom of Expression, Aolain Fionnula Ni, Special Rapporteur on Human Right and Fundamental Freedom while Countering Terrorism (2019), Letter to the government of Australia

Hardy Keiran (2020), Australia’s encryption laws: practical need or political strategy?, Internet Policy Review