Home

Special Edition : 20 June 2023

Events

Events

Hot Topics

  • ACOMMS 2023: 27 July 2023 - Hilton Sydney
    • Register here
 

rnd-twitter-orange Follow us on Twitter here rnd-facebook-orange Like us on Facebook here rnd-linkedin-orange Follow us on Linkedin here

Enforceable Online Safety Codes Registered by the eSafety Commissioner

Background:

Over the past 20 months, a group of six industry associations (comprised of Communications Alliance, BSA | the Software Alliance, the Australian Mobile Telecommunications Association (AMTA), the Consumer Electronics Suppliers Association (CESA), the Digital Industry Group Inc (DIGI) and the Interactive Games and Entertainment Association (IGEA)) has developed eight Codes of Practice to protect Australians from Class 1A and 1B content under Australia’s classification scheme.

The development of the Codes is based on the provisions of Part 9, Division 7, of the Online Safety Act and was requested by the eSafety Commissioner.

On 31 March 2023, the group of industry associations submitted the Consolidated Industry Codes of Practice for the Online Industry, Phase 1 (class 1A and class 1B material) for registration to the Office of the eSafety Commissioner. The submitted Codes cover participants across eight key sections of the online industry specified in the Online Safety Act (see below).

Outcome summary: five Codes were registered by the eSafety Commissioner, two Codes were rejected for registration (Standards are being developed), and the decision on the Search Engine Services Code was deferred.                                                                                                                                                                                                                                                                                                                           

1) Registered, enforceable by eSafety2) Mandatory & enforceable
            Standards to be developed by eSafety		3) Decision deferred
Social Media Services CodeRelevant Electronic Services CodeSearch Engine Services Code
Apps Distribution Services CodeDesignated Internet Services Code 
Hosting Services Code  
Internet Carriage Services Code  
Equipment Code  

Outcome:

1.  On 16 June 2023,  the eSafety Commissioner formally registered the following five Codes:

Each of the Codes consists of Head Terms (identical for all five Codes) and a Schedule listing the requirements specific to the respective online section.

Commencement:

The registered Codes will become enforceable by the Office of the eSafety Commissioner six months after registration, i.e., on 16 December 2023. Providers of services/equipment who have reasonable grounds for not being fully compliant – such as where significant engineering or system changes are required to comply with a specific requirement a Code – may have an additional six months to comply with that requirement.

Application of the Codes:

What online material is covered by the Codes?

Broadly speaking, the online material covered under the eight Codes is child sexual exploitation and pro-terror material, as well as material that deals with crime and violence, and drug-related content.

Which services/equipment are covered by the Codes?

The following five online sections are covered by the Codes:

        
  • social media services (e.g. Facebook, Instagram, TikTok);
    •     
  • app distribution services used to download apps (e.g. Apple IOS and Google Play stores);
    •     
  • hosting services (e.g. Amazon Web Services, NetDC);
    •     
  • internet carriage services (e.g. Telstra, iiNet, Optus, TPG Telecom, Aussie Broadband); and
    •     
  • manufacturers and suppliers of any equipment that connects to the internet, and those who maintain and install it (e.g. of modems, smart televisions, phones, tablets, smart home devices, e-readers etc).

Do I need to comply – are my services covered?

While each registered Code applies to the entire online section, not all services/equipment in that online section face additional compliance requirements. Roughly speaking, compliance requirements depend on the risk of harm from Class 1A and 1B material associated with a respective service/equipment. Providers of relevant services or those covered by the Equipment Code are advised to check the respective Codes to understand whether further compliance activities for each of their services/equipment are required.

The Preamble of the Head Terms (and other sections of the Head Terms) also provides useful guidance in relation to the applicability of the Codes.

If your services/equipment are covered by a Code, then you are, depending on the Code, either required to undertake a risk assessment and, following that risk assessment, compliance measures in accordance with your respective risk category apply. Alternatively, for Codes where no risk assessment is required, compliance measures for different types of services/equipment apply.

        
  • Internet service providers) are advised to pay special attention to the Internet Services Code, the Equipment Code (to the extent they manufacture, supply, install or maintain equipment that connects to the internet, including phones, tablets or modems etc.) and Hosting Services Code (to the extent they provide Hosting Services to third parties) and the Head Terms. Carriage service providers (including internet service providers) are advised to also pay attention to the Industry Standards that are being developed by the Office of the eSafety Commissioner (see below).
    •     
  • Manufacturers and suppliers of any equipment that connects to the internet, and those who maintain and install it are advised to check the Equipment Code (and Head Terms) to understand their compliance requirements. Note that this Code contains further guidance in relation to different categories of equipment. Not all equipment has the same compliance requirements (some has none) and industry participants covered by this Code are advised to check which equipment category and which industry participant category (manufacturer, supplier, installer, maintenance) their equipment/their organisation falls into.
    •     
  • Providers of hosting services are advised to check the Hosting Services Code (and Head Terms) to understand their compliance requirements. Note that this Code contains further guidance in relation to the provision of first-party hosting services vs third-party hosting services and other factors that may influence whether services are covered by this Code.
    •     
  • Providers of social media services are advised to check the Social Media Services Code (and Head Terms) to understand their compliance requirements.
    •     
  • Providers of app distribution services are advised to check the App Distribution Services Code (and Head Terms) to understand their compliance requirements. Note that this Code contains further guidance in relation to the provision of first-party apps vs third-party apps and other factors that may influence whether apps/services are covered by this Code.

2.  The eSafety Commissioner declined to register the

        
  • Relevant Electronic Services Code for relevant electronic services e.g., services used for messaging (including SMS and MMS) services, email, video communications, and online gaming services (e.g. Gmail, WhatsApp, services); and
    •     
  • Designated Internet Services Code for designated internet services that includes websites and end-user online storage and sharing services (e.g. Dropbox, Google Drive),

that the group of industry associations had submitted as part of the Consolidated Industry Codes of Practice, on the basis that these two Codes fail to provide appropriate community safeguards in relation to matters that are of substantial relevance to the community.

The Office of the eSafety Commissioner will now move to develop mandatory and enforceable Industry Standards for Relevant Electronic Services and Designated Internet Services.

The draft Standards, once developed by the Office of the eSafety Commissioner, will be subject to a public consultation period of at least 30 days. Providers of Relevant Electronic Services and Designated Internet Services are advised to monitor the website of Office of the eSafety Commissioner for further developments.

3. The eSafety Commissioner reserved a decision on the Search Engine Services Code to allow industry to reflect recent developments in relation to generative AI. The industry associations will submit a revised Search Engine Services Code in late June. The eSafety Commissioner will then decide whether to register this Code as  a sixth enforceable Code or whether to proceed to developing a mandatory and enforceable Industry Standard for this online section.

Further information on the Codes development process and copies of the registered Codes can be found on https://onlinesafety.org.au/. The Office of the eSafety Commissioner also keeps a public register of registered Industry Codes and Standards.
For further information, please contact the group of industry associations at hello@onlinesafety.org.au or info@commsalliance.com.au.   

Current Consultations

Below is a list of currently open telecommunications-related consultations being conducted by Government and other organisations that provide an opportunity for you to have your say.


Organisation/Closing Date

ACMA - 24/07/2023

ACMA - 7/07/2023

DISR - 26/07/2023

Feedback
We welcome your feedback on our newsletter.
Email info@commsalliance.com.au

Contact Tel: (61) 2 9959 9111
www.commsalliance.com.au