Database

Browse Database

AUSTRALIA

N/A

Pillar Online sales and transactions  |  Indicator UNCITRAL Model Law on Electronic Signatures
Lack of adoption of UNCITRAL Model Law on Electronic Signatures
Australia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.
Coverage Horizontal

AUSTRALIA

N/A

Pillar Technical standards applied to ICT goods and online services  |  Indicator Open and transparent standard-setting process
Standards Alliance
Australia’s standard-setting framework is generally characterised by a collaborative, transparent process involving a broad range of stakeholders from both the public and private sectors, including international participants, and addressing the treatment of intellectual property (IP) issues. For instance, Technical Committees responsible for developing new standards typically include representatives from government agencies, businesses, and industry organisations.
However, this level of transparency appears more limited in the context of electrical products. In this area, the Australian Communications and Media Authority (ACMA) derives technical standards from Standards Australia, a non-governmental and not-for-profit standards body, as well as from international standard-setting organisations and foreign regulatory authorities. Standards Australia develops standards through technical committees composed of experts from technical, business, academic, governmental, and community backgrounds, nominated by eligible organisations.
Under the Structure and Operation of Standardisation Committees (SG-002) and the Nominating Organisation Guide, eligibility to act as a nominating organisation requires, inter alia, that the entity be headquartered in Australia, maintain an Australian membership base, and represent a defined constituency. SG-002 was originally published in 2001 and most recently amended in May 2024.
Coverage Electrical products

AUSTRALIA

Since May 1997, as amended in December 2018
Since July 1992, last amended in December 2024

Pillar Technical standards applied to ICT goods and online services  |  Indicator Self-certification for product safety
Telecommunications Act 1997

Radiocommunications Act 1992
To ensure compliance with the technical regulatory arrangements, suppliers must make and hold a Declaration of Conformity. The document should be signed by the Australian supplier or overseas manufacturer to certify that the product meets applicable standards. It must be signed by a senior member of the company or organisation. The signatory should have sighted the evidence that supports the declaration and be satisfied with the grounds for compliance. It should be made available by the supplier for audit purposes on request, in writing, from either the Australian Communications Authority (ACA) or the Radio Spectrum Management Group (RSM) of the New Zealand Ministry of Economic Development. Electrical products become subject to testing requirements when exported.
The Telecommunications Act of 1997 regulates telecommunications equipment. The Radiocommunications Act 1992 regulates radiocommunications equipment, electrical or electronic household products, and radio transmitters. The Australian Communications and Media Authority (ACMA) allows a self-declaration of conformity (SDoC) provided the declaration contains all the information required by Australia's Declaration of Conformity (Form C02) and acknowledges that the product complies with the ACMC standards. Whoever signs the SDoC must review the evidence that the product complies with the rules and agree that the records show it does. A supplier may also be required to submit a separate test report from a designated testing body.
Coverage Electrical products

AUSTRALIA

Since December 2014, last amended in April 2017

Pillar Intermediary liability  |  Indicator User identity requirement
Telecommunications (Service Provider — Identity Checks for Prepaid Mobile Carriage Services) Determination 2017
Under the Telecommunications (Service Provider — Identity Checks for Prepaid Mobile Carriage Services) Determination 2017, telecommunications companies must identify their customers when customers activate a prepaid mobile service. According to Part 4 of the law, to activate a new prepaid mobile service, customers must provide their telecommunication company with their name, date of birth, and home address (or business name and address if acting on behalf of a business). Proof of ID is also necessary.
Coverage Telecommunications sector

AUSTRALIA

Since June 2021
Since June 2024
Since June 2024

Pillar Intermediary liability  |  Indicator Monitoring requirement
Online Safety Act 2021 No. 76

Online Safety (Relevant Electronic Services—Class 1A and Class 1B Material) Industry Standard 2024

Online Safety (Designated Internet Services—Class 1A and Class 1B Material) Industry Standard 2024
Australia enacted an Online Safety Act that places additional responsibilities on digital platforms and internet service providers (ISPs) to monitor and remove harmful content posted on their services. Specifically, the Act reduces the time a site owner or ISP has to remove harmful content from 48 hours to 24 hours after receiving a removal notice from the eSafety Commissioner. It also provides the eSafety Commissioner with additional information collection powers and the power to require ISPs to disable access to material depicting violent conduct for a limited period during “crisis situations.”
Pursuant to Sections 19–21 of the Online Safety (Relevant Electronic Services—Class 1A and Class 1B Material) Industry Standard 2024 and Sections 20–22 of the Online Safety (Designated Internet Services—Class 1A and Class 1B Material) Industry Standard 2024, providers of “relevant electronic services” and “designated internet services”, as defined in Sections 13A and 14 of the Online Safety Act, are required to implement “appropriate systems, appropriate processes and appropriate technologies” to detect and identify specified categories of illegal content. This obligation applies in particular to known child sexual abuse material and known pro-terror material where such content is stored on the service, accessible to an end-user in Australia, or has been accessed or distributed in Australia through the service. The Standards further require providers to remove such material as soon as practicable.
Coverage Digital platforms and internet service

AUSTRALIA

Since January 1958, as amended in April 2018
Since August 2024

Pillar Quantitative trade restrictions for ICT goods and online services  |  Indicator Export restrictions on ICT goods or online services
Customs (Prohibited Exports) Regulations 1958

Defence and Strategic Goods List 2024
Pursuant to Section 13 of the Customs (Prohibited Exports) Regulations 1958, the export of goods listed in the Defence and Strategic Goods List (DSGL), as well as goods incorporating DSGL technology, is prohibited unless prior authorisation is granted by the Minister for Defence. The applicable application procedure is set out in Regulation 13EB.
The 2024 DSGL defines the current scope of goods subject to export controls. It encompasses a wide range of items organised into nine categories, including electronics, computers, telecommunications, and information security.
Coverage Several strategic goods, including electronics, computers, telecommunications, and information security

AUSTRALIA

Since May 1997, last amended in October 2025
Since December 2016, last amended in February 2023

Pillar Telecom infrastructure & competition  |  Indicator Functional/accounting separation for operators with significant market power
Telecommunications Act 1997

Carrier Licence Conditions (Networks supplying Superfast Carriage Services to Residential Customers) Declaration 2014
Australia mandates functional and accounting separation for operators with significant market power (SMP) in the telecom market. According to the Telecommunications Act (Part 9) and the Carrier Licence Conditions Declaration, functional separation is mandated for operators with significant market power. Accounting separation is mandated for the National Broadband Network Co (NBN Co), which must maintain separate accounts for its different technology units.
Coverage Telecommunications sector

AUSTRALIA

Since April 1994

Pillar Telecom infrastructure & competition  |  Indicator Signature of the WTO Telecom Reference Paper
WTO Telecom Reference Paper
Australia has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.
Coverage Telecommunications sector

AUSTRALIA

Reported in 2022, last reported in 2025

Pillar Telecom infrastructure & competition  |  Indicator Presence of an independent telecom authority
Presence of an independent telecom authority
The Australian Communications and Media Authority Act 2005 No. 44 establishes the Australian Communications and Media Authority (ACMA) as an independent telecommunications authority. Division 4 of the Act establishes that the Minister may give written directions to the ACMA in relation to the performance of its functions and the exercise of its powers. However, it is reported that the ACMA is independent from the government in the decision-making process.
Coverage Telecommunications sector

AUSTRALIA

Since June 2012

Pillar Cross-border data policies  |  Indicator Ban to transfer and local processing requirement
My Health Records Act 2012
My Health Records Act 2012 requires information relating to health records to be stored and processed within Australia unless the records do not include "personal information in relation to a healthcare recipient or a participant in the My Health Record System" or "identifying information of an individual or entity" (Section 77).
Coverage Medical and health services

AUSTRALIA

Reported in 2024

Pillar Cross-border data policies  |  Indicator Conditional flow regime
Requirement for local processing in the financial sector
It is reported that credit reporting bodies are obligated to retain all comprehensive credit information within Australia or on a cloud service that complies with the published requirements of the Australian Signals Directorate (ASD), which, in practice, is likely to be an Australia-based cloud.
Coverage Credit reporting bodies

AUSTRALIA

Since December 1988, entry into force in January 1989, as amended in March 2014, last amended in December 2024

Pillar Cross-border data policies  |  Indicator Conditional flow regime
Privacy Act 1988
Under Australian Privacy Principle (APP) 8 of the Privacy Act, APP entities that disclose personal information to overseas recipients are required to take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles (excluding APP 1), unless an exception applies. The "substantially similar regime" exception applies where the APP entity reasonably believes that the overseas recipient is subject to a law or binding scheme that, overall, affords a level of protection substantially similar to that of the APPs and provides mechanisms for individuals to enforce those protections. In December 2024, the Privacy Act was amended to allow the government to make regulations specifying jurisdictions or binding schemes that qualify under this first exception, although no such whitelist has been formally established to date. Second, data can be transferred across borders when the individual is expressly informed that, by consenting to the disclosure, APP 8.1 will not apply, and the individual subsequently provides consent. Third, the disclosure may be permitted if it is required or authorised by an Australian law or by an order of a court or tribunal. Fourth, an exception arises where a permitted general situation (excluding those related to legal or equitable claims or alternative dispute resolution) exists in relation to the disclosure. Fifth, if the APP entity is a government agency, and the disclosure is required or authorised under an international agreement to which Australia is a party that pertains to information sharing. Sixth, where the entity is an agency and reasonably believes that the disclosure is necessary for one or more enforcement-related activities conducted by or on behalf of an enforcement body, and the recipient performs similar functions or exercises comparable powers, the exception also applies.
Pursuant to Section 6, an “APP entity” includes both agencies and organisations. “Agencies” refer to Commonwealth government entities, including federal courts, as listed in the Privacy Act, while “organisations” encompass individuals, corporations, partnerships, unincorporated associations, and trusts, excluding small business operators, registered political parties, agencies, State or Territory authorities, and certain prescribed State or Territory instrumentalities.
Coverage Horizontal

AUSTRALIA

Signed in October 2016, entry into force in December 2017
Signed in March 2018, entry into force in December 2018
Signed in February 2018, entry into force in February 2020
Signed in March 2019, entry into force in July 2020
Signed in March 2019, entry into force in January 2020
Signed in August 2020, entry into force in December 2020
Signed in December 2021, entry into force in May 2023

Pillar Cross-border data policies  |  Indicator Participation in trade agreements committing to open cross-border data flows
Updated Singapore-Australia Free Trade Agreement (SAFTA)

Comprehensive and Progressive Agreement for Trans-Pacific Partnership

Australia - Peru Free Trade Agreement

Indonesia - Australia Comprehensive Economic Partnership Agreement

Australia - Hong Kong Free Trade Agreement and associated Investment Agreement

Australia - Singapore Digital Economy Agreement.

Australia - United Kingdom Free Trade Agreement.
Australia has joined several agreements with binding commitments to open transfers of data across borders. These include: Updated Singapore-Australia Free Trade Agreement (SAFTA, Chapter 14, Art. 13), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11), the Australia - Peru Free Trade Agreement (Art. 13.11), the Indonesia - Australia Comprehensive Economic Partnership Agreement (Art. 13.11), the Australia -Hong Kong Free Trade Agreement and associated Investment Agreement [Art. 11.7(2) and 11.15(1)], the Australia - Singapore Digital Economy Agreement (Annex A Art. 23), and the Australia - United Kingdom Free Trade Agreement [14.10(2)].
Coverage Horizontal

AUSTRALIA

Since December 1988, entry into force in January 1989, as amended in December 2000, last amended in December 2024
Since December 2000, entry into force in December 2001

Pillar Domestic data policies  |  Indicator Framework for data protection
Privacy Act 1988

Privacy Amendment (Private Sector) Act 2000 (No. 155, 2000)
The Privacy Act 1988 provides a comprehensive regime of data protection in Australia. The Privacy Act, which includes a set of Australian Privacy Principles, provides general personal data protection requirements and provisions, including the right to access and to be informed. Initially, the Act stipulated guidelines for how Australian government agencies should manage personal information. Subsequently, in 2000, the Privacy Amendment (Private Sector) Act extended these provisions to certain private sector organisations.
Sector-specific privacy regulations, particularly concerning telecommunications, are addressed by the Telecommunications Act 1997 and the Telecommunications (Interception and Access) Act 1979. Additional protections for healthcare information are provided under the My Health Records Act 2012 and the Healthcare Identifiers Act 2010. Businesses operating in industries such as financial services and gambling are required to adhere to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its accompanying rules. Furthermore, the Security of Critical Infrastructure Act 2018 applies to entities that own, operate, or hold direct interests in assets across various sectors, including communications, energy, defence, financial services, transport, data processing or storage, supermarket and grocery supply chains, health and medical services, education, and space.
Coverage Horizontal

AUSTRALIA

Since October 1979, as amended in October 2015

Pillar Domestic data policies  |  Indicator Minimum period for data retention
Telecommunications (Interception and Access) Act 1979
The Telecommunications (Interception and Access) Act 1979 requires a telecommunication service provider to keep specific telecommunications data relating to the services it offers for two years (187C). The dataset to be kept includes the subscriber, the accounts of telecommunications devices, the source of communication, the destination of a communication, the date, time, and duration of a communication, the type of communication, and the location of the equipment or line used (187AA). This retention scheme was inserted into the Act by the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015.
Coverage Internet and mobile service providers

Report issue     Report new measure