Australia enacted an Online Safety Act that places additional responsibilities on digital platforms and internet service providers (ISPs) to monitor and remove harmful content posted on their services. Specifically, the Act reduces the time a site owner or ISP has to remove harmful content from 48 hours to 24 hours when served with a removal notice by the eSafety Commissioner. It also provides the eSafety Commissioner additional information collection powers and the power to require ISPs to disable access to material depicting violent conduct for a limited period during “crisis situations.”

The general standard-setting process in Australia is collaborative and transparent. It includes a wide range of stakeholders (international, private/public sector) and the treatment of intellectual property (IP) issues. For example, the Technical Committee, which is responsible for developing new standards, includes representatives from government agencies, businesses, and industry organisations and associations. However, the process does not seem transparent when it comes to electrical products.
To regulate electrical products, the Australian Communications and Media Authority (ACMC) derive technical standards from the Standards Alliance, a non-government and not-for-profit standards organisation, if not from international standard bodies or national regulatory agencies. In developing standards, the Standards Alliance forms technical committees consisting of technical, business, academic, government, and community experts as representatives from nominating organisations. According to the Structure and Operation of Standardisation Committees (SG-002) and Nominating organisation Guide, to be eligible as a nominating organisation, it must have its headquarters based in Australia, have an Australian membership base, and represent a constituency, among other requirements. SG-002 was published in 2001 and recently amended in September 2020.

Australia has joined several agreements with binding commitments to open transfers of data across borders. These include: the Singapore-Australia Free Trade Agreement (SAFTA, Chapter 14, Art. 13), the Australia-Peru Free Trade Agreement (Art. 13.11), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11), the Indonesia - Australia Comprehensive Economic Partnership Agreement (Art. 13.11), the Australia-Hong Kong Free Trade Agreement and associated Investment Agreement [Article 11.7(2) and 11.15(1)], and the Australia-United Kingdom Free Trade Agreement [14.10(2)].

The Privacy Act 1988 provides a comprehensive regime of data protection in Australia. The Privacy Act, which includes a set of Australian Privacy Principles, provides general personal data protection requirements and provisions, including the right to access and to be informed. Initially, the Act stipulated guidelines for how Australian government agencies should manage personal information. Subsequently, in 2000, the Privacy Amendment (Private Sector) Act extended these provisions to certain private sector organisations.
Sector-specific privacy regulations, particularly concerning telecommunications, are addressed by the Telecommunications Act 1997 and the Telecommunications (Interception and Access) Act 1979. Additional protections for healthcare information are provided under the My Health Records Act 2012 and the Healthcare Identifiers Act 2010. Businesses operating in industries such as financial services and gambling are required to adhere to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its accompanying rules. Furthermore, the Security of Critical Infrastructure Act 2018 applies to entities that own, operate, or hold direct interests in assets across various sectors, including communications, energy, defence, financial services, transport, data processing or storage, supermarket and grocery supply chains, health and medical services, education, and space.

The Telecommunications (Interception and Access) Act 1979 requires a telecommunication service provider to keep specific telecommunications data relating to the services it offers for two years (187C). The dataset to be kept includes the subscriber and the accounts of telecommunications devices, the source of communication, the destination of a communication, the date, time and duration of a communication, the type of communication, and the location of equipment or a line used (187AA). This retention scheme was inserted into the Act by the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015.

The Telecommunications (Interception and Access) Act 1979 grants criminal law enforcement agencies the authority to intercept real-time communications of users without the need for a warrant. The Act addresses various types of interception warrants, including an interception warrant (Section 10), a telecommunications service warrant (Section 11A), a foreign communications warrant (Section 11C), and a stored communications warrant (Section 110). However, in cases of emergency (Section 30) or for the purpose of developing and testing interception capabilities (Section 31A), law enforcement officers or agencies may intercept live communications without obtaining a warrant.

Sections 317L-317RA of the Telecommunications Act 1997 (as amended by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018) provide for a type of notice, called a technical assistance notice, that a security or law enforcement agency can issue to communications providers that require them to take specified steps which would help the agency in relation to its functions relating to national security or enforcing the criminal law. All designated communications providers, broadly defined so as to include not only telecommunications carriers and service providers but any entity that supplies an electronic service (including websites and secure messaging apps), are required to receive a technical assistance notice to provide technical assistance to law enforcement. In other words, certain Australian law enforcement agencies can require a cloud service provider, for example, to decrypt encrypted communications for the purposes of law enforcement. The Telecommunications Act enables law enforcement agencies to require this assistance without a warrant.

Sections 36 and 101 of the Copyright Act contain safe harbour protections for carriage service providers such as Internet infrastructure providers and Internet Service Providers (ISPs). To qualify, these organisations must implement mechanisms to enable copyright owners to report infringing content on their platforms and request that action is taken to prevent the infringement (for example, disabling access to the content or terminating the accounts of infringing users).

A basic legal framework on intermediary liability beyond copyright infringement is absent in Australia's law and jurisprudence. It is reported that the basis on which third parties are liable for the actions of individuals online is confusing and, viewed as a whole, largely incoherent. The result is a great deal of uncertainty.

According to Art. 34 of the Telecommunications Act 1997, telecommunications carriers have statutory rights of access to other carriers' towers and ducts, but such access is not mandated. Passive infrastructure sharing is practised in Australia in the mobile sector: co-location is negotiated on a commercial basis. Carriers have regulated rights of access to towers owned by other carriers for the purposes of providing carriage services. The Telecommunications Act 1997 provides for carriers to provide other carriers with access to telecommunications transmission towers, the sites of telecommunications transmission towers and eligible underground facilities. The Australian Competition and Consumer Commission has made a code which sets out conditions that are to be complied with in relation to the provision of access.
In addition, passive infrastructure sharing is also practised in Australia in the fixed sector: the Australian Competition and Consumer Commission has declared the following services: - line sharing service (LSS) - local carriage service (LCS) - fixed originating access service (FOAS) - fixed terminating access service (FTAS) - unconditioned local loop service (ULLS) - wholesale line rental (WLR) - wholesale ADSL service (WADSL). Once a service is declared, a network owner must provide access to the service upon request.

According to Section 8BG of the Telstra Corporations Act 1991 (as amended by Act No. 53 of 1999), foreign ownership of Telstra (the incumbent telecommunication company) is limited to 35% and individual foreign investors are only allowed to own up to 5%.

According to the National Broadband Network Companies Act 2011 (Subdivision A, Division 2, Part 3), the Commonwealth must retain full ownership of National Broadband Network Co (NBN Co). In addition, this ownership structure could be terminated only in limited circumstances (Subdivision B).

National Broadband Network Co (NBN Co) is a wholly government-owned enterprise tasked with designing, building, deploying, and operating a high-speed (internet) access network across Australia.

Australia mandates functional and accounting separation for operators with significant market power (SMP) in the telecom market. According to Act No. 47 and the Carrier Licence Conditions Declaration, functional separation is mandated for operators with significant market power. On the other hand, accounting separation is mandated only in some cases: National Broadband Network Co (NBN Co) is required to maintain separate accounts for its different technology units.

Australia has appended the World Trade Organization (WTO) Telecom Reference Paper to its schedule of commitments.