Brunei is a party to the Patent Cooperation Treaty (PCT).

The Competition and Consumer Act 2010 provides a comprehensive framework for consumer protection that also applies to online transactions. The Act provides a set of guarantees for all Australian consumers when they purchase certain goods or services from Australian retailers, whether physical or online. In addition, electronic signatures are regulated and permitted under the Electronic Transactions Act 1999 (Section 10).

Australia has not signed the United Nations (UN) Convention on the Use of Electronic Communications in International Contracts.

Australia has adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce.

Australia has not adopted national legislation based on or influenced by the United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Signatures.

Australia’s standard-setting framework is generally characterised by a collaborative, transparent process involving a broad range of stakeholders from both the public and private sectors, including international participants, and addressing the treatment of intellectual property (IP) issues. For instance, Technical Committees responsible for developing new standards typically include representatives from government agencies, businesses, and industry organisations.
However, this level of transparency appears more limited in the context of electrical products. In this area, the Australian Communications and Media Authority (ACMA) derives technical standards from Standards Australia, a non-governmental and not-for-profit standards body, as well as from international standard-setting organisations and foreign regulatory authorities. Standards Australia develops standards through technical committees composed of experts from technical, business, academic, governmental, and community backgrounds, nominated by eligible organisations.
Under the Structure and Operation of Standardisation Committees (SG-002) and the Nominating Organisation Guide, eligibility to act as a nominating organisation requires, inter alia, that the entity be headquartered in Australia, maintain an Australian membership base, and represent a defined constituency. SG-002 was originally published in 2001 and most recently amended in May 2024.

To ensure compliance with the technical regulatory arrangements, suppliers must make and hold a Declaration of Conformity. The document should be signed by the Australian supplier or overseas manufacturer to certify that the product meets applicable standards. It must be signed by a senior member of the company or organisation. The signatory should have sighted the evidence that supports the declaration and be satisfied with the grounds for compliance. It should be made available by the supplier for audit purposes on request, in writing, from either the Australian Communications Authority (ACA) or the Radio Spectrum Management Group (RSM) of the New Zealand Ministry of Economic Development. Electrical products become subject to testing requirements when exported.
The Telecommunications Act of 1997 regulates telecommunications equipment. The Radiocommunications Act 1992 regulates radiocommunications equipment, electrical or electronic household products, and radio transmitters. The Australian Communications and Media Authority (ACMA) allows a self-declaration of conformity (SDoC) provided the declaration contains all the information required by Australia's Declaration of Conformity (Form C02) and acknowledges that the product complies with the ACMC standards. Whoever signs the SDoC must review the evidence that the product complies with the rules and agree that the records show it does. A supplier may also be required to submit a separate test report from a designated testing body.

According to Australia's de minimis rule, goods with a value of up to AUD 1.000 (approx. 650 USD) are exempt from taxes and duties collected by customs. This is above the 200 USD threshold recommended by the International Chamber of Commerce (ICC).

Pursuant to Section 1.5.2 of the .au Domain Administration Rules, a person may apply to register a ".au" domain name licence, provided that the domain name is available and the applicant satisfies the Australian presence requirement. For these purposes, “Australian presence” includes: (i) an individual who is ordinarily resident in Australia and is either an Australian citizen or the holder of a permanent resident visa; (ii) a company registered under the Corporations Act 2001 (Cth); (iii) an incorporated association established under State or Territory legislation; among other eligible entities.

It is reported that credit reporting bodies are obligated to retain all comprehensive credit information within Australia or on a cloud service that complies with the published requirements of the Australian Signals Directorate (ASD), which, in practice, is likely to be an Australia-based cloud.

Under Australian Privacy Principle (APP) 8 of the Privacy Act, APP entities that disclose personal information to overseas recipients are required to take reasonable steps to ensure that the overseas recipient does not breach the Australian Privacy Principles (excluding APP 1), unless an exception applies. The "substantially similar regime" exception applies where the APP entity reasonably believes that the overseas recipient is subject to a law or binding scheme that, overall, affords a level of protection substantially similar to that of the APPs and provides mechanisms for individuals to enforce those protections. In December 2024, the Privacy Act was amended to allow the government to make regulations specifying jurisdictions or binding schemes that qualify under this first exception, although no such whitelist has been formally established to date. Second, data can be transferred across borders when the individual is expressly informed that, by consenting to the disclosure, APP 8.1 will not apply, and the individual subsequently provides consent. Third, the disclosure may be permitted if it is required or authorised by an Australian law or by an order of a court or tribunal. Fourth, an exception arises where a permitted general situation (excluding those related to legal or equitable claims or alternative dispute resolution) exists in relation to the disclosure. Fifth, if the APP entity is a government agency, and the disclosure is required or authorised under an international agreement to which Australia is a party that pertains to information sharing. Sixth, where the entity is an agency and reasonably believes that the disclosure is necessary for one or more enforcement-related activities conducted by or on behalf of an enforcement body, and the recipient performs similar functions or exercises comparable powers, the exception also applies.
Pursuant to Section 6, an “APP entity” includes both agencies and organisations. “Agencies” refer to Commonwealth government entities, including federal courts, as listed in the Privacy Act, while “organisations” encompass individuals, corporations, partnerships, unincorporated associations, and trusts, excluding small business operators, registered political parties, agencies, State or Territory authorities, and certain prescribed State or Territory instrumentalities.

Australia has joined several agreements with binding commitments to open transfers of data across borders. These include: Updated Singapore-Australia Free Trade Agreement (SAFTA, Chapter 14, Art. 13), the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP, Art. 14.11), the Australia - Peru Free Trade Agreement (Art. 13.11), the Indonesia - Australia Comprehensive Economic Partnership Agreement (Art. 13.11), the Australia -Hong Kong Free Trade Agreement and associated Investment Agreement [Art. 11.7(2) and 11.15(1)], the Australia - Singapore Digital Economy Agreement (Annex A Art. 23), and the Australia - United Kingdom Free Trade Agreement [14.10(2)].

The Privacy Act 1988 provides a comprehensive regime of data protection in Australia. The Privacy Act, which includes a set of Australian Privacy Principles, provides general personal data protection requirements and provisions, including the right to access and to be informed. Initially, the Act stipulated guidelines for how Australian government agencies should manage personal information. Subsequently, in 2000, the Privacy Amendment (Private Sector) Act extended these provisions to certain private sector organisations.
Sector-specific privacy regulations, particularly concerning telecommunications, are addressed by the Telecommunications Act 1997 and the Telecommunications (Interception and Access) Act 1979. Additional protections for healthcare information are provided under the My Health Records Act 2012 and the Healthcare Identifiers Act 2010. Businesses operating in industries such as financial services and gambling are required to adhere to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its accompanying rules. Furthermore, the Security of Critical Infrastructure Act 2018 applies to entities that own, operate, or hold direct interests in assets across various sectors, including communications, energy, defence, financial services, transport, data processing or storage, supermarket and grocery supply chains, health and medical services, education, and space.

The Telecommunications (Interception and Access) Act 1979 requires a telecommunication service provider to keep specific telecommunications data relating to the services it offers for two years (187C). The dataset to be kept includes the subscriber, the accounts of telecommunications devices, the source of communication, the destination of a communication, the date, time, and duration of a communication, the type of communication, and the location of the equipment or line used (187AA). This retention scheme was inserted into the Act by the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015.