Australia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Australia has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

According to the Guidelines on the Interpretation of Policy Rules for Open 2LDs, in Australia, it is not possible to register directly under a ".au" domain, and therefore it is required to have a registration under the open second level domains such as ".com.au" or ".org.au." A company that wants to register for the second-level domain needs to be a registered Australian company or a foreign company licensed to trade in Australia. For certain second-level domains such as "id.au", the registrants must be an Australian citizens or residents. The domain name policies were approved in 2012.

The law Competition and Consumer Act 2010 provides a comprehensive framework for consumer protection that also applies to online transactions. The Act provides a set of guarantees for all Australian consumers when they purchase certain goods or services from physical and online Australian retailers. In addition, electronic signatures are regulated and permitted under the Electronic Transactions Act 1999 (Section 10).

According to Australia's de minimis rule goods with a value of up to USD 750 are exempted from taxes and duties collected by customs. Under the New Tax System Act 1999, as amended in 2018, Goods and Services Tax (GST) applies to retail sales of low-value goods, services, or digital products (AUD 1,000 or less, equivalent to 750 USD) to Australia, when purchased by consumers. For low-value goods, GST is collected through the sale, not at the border, thereby replacing the de minimis rule. Prior to July 1, 2018, consumers in Australia could purchase products from international sellers and have them imported duty and tax-free as long as the product value was less than AUD 1,000 (750 USD). The change was intended to increase the competitiveness of domestic retailers, as opposed to foreign retailers.

The standard-setting process is a collaborative and a transparent process. It includes a wide range of stakeholders (international, private/public sector) and the treatment of intellectual property (IP) issues. For example, the Technical Committee, responsible for developments of new standards include representatives from government agencies, business, and industry organizations and associations. However, the process does not seem transparent when it comes to electrical products.
To regulate electrical products, the Australian Communications and Media Authority (ACMC) derive technical standards from Standards Alliance, a non-government and not-for-profit standards organization, if not from international standard bodies or national regulatory agencies. In developing standards, Standards Alliance form technical committees which can consist of technical, business, academic, government, and community experts as representatives from nominating organizations. According to the Structure and Operation of Standardisation Committees (SG-002) and Nominating Organization Guide, to be eligible as a nominating organization, it must have its headquarters based in Australia, have an Australian membership base, and represent a constituency among other requirements. SG-002 was published in 2001 and recently amended in September 2020. An article reported in 2014 also reports that a standard-setting process for IT governance by Standards Alliance was not transparent.

To ensure compliance with the technical regulatory arrangements, suppliers must make and hold a Declaration of Conformity. The document should be signed by the Australian supplier or overseas manufacturer to certify that the product meets applicable standards. It must be signed by a person who holds a senior position in the company or organisation. The signatory should have sighted the evidence that supports the declaration and be satisfied of the grounds for compliance. It should be made available by the supplier for audit purposes on request, in writing, from either the Australian Communications Authority (ACA) or the Radio Spectrum Management Group (RSM) of the New Zealand Ministry of Economic Development Electrical products become subject to testing requirements when exported.
The Telecommunications Act 1997 regulates telecommunications equipment. The Radiocommunications Act 1992 regulates radiocommunications equipment, electrical or electronic household products, and radio transmitters. The Australian Communications and Media Authority (ACMC) allows a self declaration of conformity (SDoC) as long as the declaration contains all of the information in Australia's Declaration of Conformity (Form C02) and acknowledges that the product complies with the ACMC standards. Whoever signs the SDoC must see the evidence that the product complies with the rules and agree that the records show that the product complies with the rules. A supplier may be required to submit a separate test report from a designated testing body as well.

The Treasury Laws Amendment (News Media and Digital Platforms Mandatory Bargaining Code) Act 2021, which was passed in both Houses in February 2021, imposes an obligation upon digital platform corporations, such as social media platforms, designated by the Australian Communications Media Authority to bargain with and pay news businesses for content posted by users of those platforms (Division 6). The law was passed to protect local media outlets and publishers whose content is shared in social media platforms like Facebook and search engines like Google without being remunerated, and to prevent giant search engines or social media corporations from dominating the local advertising market. A government-appointed arbitrator may determine the final price that a designated digital platform will have to pay local news businesses, provided that a deal cannot be reached independently.

Australia enacted an Online Safety Act that places additional responsibilities on digital platforms and internet service providers (ISPs) to monitor and remove harmful content posted on their services. Specifically, the Act reduces the time a site owner or ISP has to remove harmful content from 48 hours to 24 hours when served with a removal notice by the eSafety Commissioner. It also provides the eSafety Commissioner additional information collection powers and the power to require ISPs to disable access to material depicting violent conduct for a limited period during “crisis situations.”

A basic legal framework on intermediary liability beyond copyright infringement is absent in Australia's law and jurisprudence. It is reported that the basis on which third parties are liable for the actions of individuals online is confusing and, viewed as a whole, largely incoherent. The result is a great deal of uncertainty.

According to the Telecommunications (Service Provider — Identity Checks for Prepaid Mobile Carriage Services) Determination 2017, telecommunication companies must identify their customer when that customer wants to activate a prepaid mobile service. According to Part 4 of the law, to activate a new prepaid mobile service, customers need to give their telecommunication company their name, date of birth, and home address (or business name and address if acting on behalf of a business). Proof of ID is also necessary.

The Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019, subjects Internet service providers and content providers to criminal penalties for the failure to report or remove "abhorrent violent material" that the providers have reasonable grounds to believe records or streams abhorrent violent conduct in Australia (Section 434.33-34). The Act has been criticized largely for its ambiguous terms such as "terrorist act," "expeditiously," and who will be prosecuted, if found to be in violation of the Act, within the business organization. It was reported that the Act, because of its vague standards and high penalties, would incentivize rational service providers to err on the side of taking down more material than necessary. Although the Act does not establish a blanket content monitoring obligation, it does stipulate that in cases involving "abhorrent violent conduct," Internet hosts are expected to exert reasonable efforts to monitor and promptly deactivate such materials.

The Telecommunications (Interception and Access) Act 1979 authorizes criminal law-enforcement agencies to intercept real-time communications of users also without a warrant. The Act deals with an interception warrant (Section 10), telecommunications service warrant (Section 11A), foreign communications warrant (11C), and stored communications warrant (Section 110). However, in cases of emergencies (Section 30) or for developing and testing interception capabilities (Section 31A), police officers or the agencies may intercept live communications without a warrant.
The Australian Security Intelligence Act 1979 creates a computer access warrant (Section 25A). This warrant may be issued to allow the use of a telecommunications facility operated by a carrier for the purpose of obtaining access to data that is relevant to a security matter and is held in the target computer at any time while the warrant is in force.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 grants industry assistance powers. These powers ensure that industry can assist with the facilitation and execution of these warrants and support the discharge of lawful and appropriately approved powers. Section 317ZH provides that these requests and notices have no effect to the extent that the requested or noticed act would require a warrant under different statutes, including the Telecommunications (Interception and Access) Act 1979 and the Australian Security Intelligence Act 1979.
Under this regime, certain security and law enforcement agencies may issue to communications providers three types of requests or notices. Among them, the Freedom House reported in 2019 that technical assistance requests under this law were issued on seven occasions between July 2018 and July 2019. While these requests are voluntary requests to assist the requesting agencies to access user information, technical assistance notices and technical capability notices allow the agencies to compel tech companies to assist or comply with requests to build capabilities into products to facilitate access.
For example, if information obtained under a warrant was encrypted, under the new framework an agency could ask that a provider who currently encrypts and decrypts information according to business needs to decrypt the lawfully accessed information for public safety purposes. While the law prohibits assistance that would undermine encryption or security for users at large, according to the Freedom House, "critics have noted that, in practice, it is difficult (and in some cases impossible) to enable authorities’ access to one user’s data without creating exploitable vulnerabilities that could affect others." Equally, an agency could request that a provider restore a password that was temporarily changed to enable a judicially approved computer access warrant to be executed. Despite the requirement of warrants, it has been reported that companies remained reluctant to allow government interference.

Sections 317L-317RA of the Telecommunications Act 1997 (as amended by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018) provide for a type of notice, called a technical assistance notice, that a security or law enforcement agency can issue to communications providers that require them to take specified steps which would help the agency in relation to its functions relating to national security or enforcing the criminal law. All designated communications providers, broadly defined so as to include not only telecommunications carriers and service providers but any entity that supplies an electronic service (including websites and secure messaging apps), are required on receiving a technical assistance notice to provide technical assistance to law enforcement. In other words, certain Australian law enforcement agencies can require a cloud service provider, for example, to decrypt encrypted communications for the purposes of law enforcement. The Telecommunications Act enables the law enforcement agencies to require this assistance without a warrant.

Section 36 and 101 of the Copyright Act contain safe harbour protections for carriage service providers such as Internet infrastructure providers and Internet Service Providers (ISPs). To qualify, these organizations must implement mechanisms to enable copyright owners to report infringing content on their platforms and request that action is taken to prevent the infringement (for example disabling access to the content or terminating the accounts of infringing users).