• National legislation seeks to regulate how telecommunications service providers operate and maintain their networks and services. This area of law is subject to frequent amendments that seek to address developments in telecommunications technology and security threats.


Telecommunications Act 1997 (Cth)

  • Under Part 14 of the Telecommunications Act 1997 (Cth), carriers and carriage service providers must do their best to prevent telecommunications networks and facilities from being used to commit offences and provide help as is reasonably necessary to authorities and officers of Commonwealth and state agencies for the purposes set out in section 313(3).
  • Following the TSSR amendments, carriers and carriage service providers also have security and notification obligations. The security obligation is a risk-based obligation to do their best to protect telecommunications networks and facilities from unauthorised interference, or unauthorised access, for the purposes of security. This duty requires ‘competent supervision’ and ‘effective control over’ the telecommunications networks or facilities that a provider owns or operates.
  • Carriers and certain carriage service providers must notify changes to telecommunications services or systems that are likely to have a material adverse effect on their capacity to comply with the security obligation.
  • The Home Affairs Minister may give directions to a carrier or a carriage service provider in certain circumstances, such as a direction to not supply a service where it would be prejudicial to security to do so, or a direction where there is a risk of unauthorised interference or access concerning telecommunications networks or facilities.

Telecommunications (Interception and Access) Act 1979 (Cth)

  • The Telecommunications (Interception and Access) Act 1979 (Cth) provides a legislative framework that criminalises the interception and accessing of telecommunications.
  • The Act also prescribes exceptions that enable law enforcement, anti-corruption and national security agencies (e.g. ASIO) to apply for warrants to intercept or access stored communications when investigating serious crimes and threats to national security. The warrant regime provides these agencies with lawful access to telecommunications content.
  • Chapter 2 regulates the interception of 'live' communications that pass over a telecommunications system, which includes telephone and internet communications.
  • Chapter 3 regulates the interception of communications stored within the apparatus of a telecommunications provider (e.g. email, text and voicemail).
  • Part 5-1A requires telecommunications and internet service providers to retain and encrypt telecommunications data for a period of two years for the purposes of access by national security authorities, criminal law-enforcement agencies and enforcement agencies.

Cloud Service Providers

  • Cloud service providers use telecommunications networks and services to deliver their services. They may operate in the telecommunications sector and have telecommunications clients. In addition, some carriers offer cloud storage and other cloud services.
  • Besides rules applying to carriers, carriage service providers and content service providers generally, the Telecommunications Sector Security Reforms imposed a set of security obligations on telecommunications service providers that may be applicable to certain cloud service providers. This framework has the potential to impact cloud providers who fall within the definition of carriage service provider or content service provider.
  • Whether a cloud service provider is captured by the definitions in the Telecommunications Act 1997 (Cth) will depend on the products and services it offers. For example, cloud providers offering data storage will not be considered a carriage service provider (depending on the service, the cloud provider could be a content service provider). In contrast, webmail service providers may be considered a carriage service provider if they enable end-users to access the internet.
  • On 6 July 2022, the Minister for Communication made security information obligations for carriers and eligible carriage service providers, requiring carriers and service providers to undertake asset registration and cyber incident reporting.
  • The licence conditions were introduced to avoid duplication, as the Telecommunications Act 1997 (Cth) contains an existing, well-established sectoral framework. The new conditions import the provisions from the SOCI Act. See: ‘Security information obligations for carriers and eligible carriage service providers’, Department of Infrastructure, Transport, Regional Development, Communications and the Arts (Web Page, 25 February 2022)

Regulatory & Policy Framework

Relevant Organisations

Inquiries & Consultations

Industry Materials

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info. That's Fine