Regulation of the digital economy and AI

Online safety

On 10 December 2025, amendments to the Online Safety Act 2021 (Cth) (the Online Safety Act) came into effect, empowering the eSafety Commissioner (eSafety) to monitor and enforce the new ban on under-16s accessing age-restricted social media platforms. Platforms such as Facebook and Snapchat must now take ‘reasonable steps’ to prevent under-16 users from accessing or maintaining accounts, with eSafety able to issue penalties of up to $49.5 million for systemic breaches. While no enforcement action has yet been taken, eSafety has signalled compliance efforts will focus on platforms with the largest Australian user bases.

Complementing these rules are the Online Safety Codes and Standards, which regulate unlawful and age‑restricted material, from child sexual exploitation and pro-terror material to material classified as X 18+ and R 18+, across eight industry sectors. The last set of Codes registered for age-restricted materials will commence in early 2026, but eSafety has indicated there will be a six-month grace period where no enforcement action will be taken, except as to serious or deliberate non-compliance. Nevertheless, where eSafety has had concerns with unlawful material available on services, it has directly engaged with platforms regarding their compliance with the Codes and Standards. Most recently, after months of direct engagement following eSafety's ongoing concerns about child grooming, sexual extortion and child exploitation on the platform, Roblox committed to implementing additional safety measures by the end of 2025 to comply with the Codes and Standards—including by expanding facial age estimation across its communication features. Some of these safety measures go beyond the obligations mandated under the Codes and Standards.

eSafety has also been making greater use of the Basic Online Safety Expectations to drive platform accountability, including by issuing transparency notices requiring platforms to explain how they meet baseline safety obligations. In late 2024, eSafety issued periodic reporting notices to Apple, Discord, Google, Meta, Microsoft, Skype, Snap and WhatsApp, requiring bi-annual updates on measures being taken to address child sexual exploitation and abuse material and activity.

Spam

Spam-related enforcement action by the ACMA declined in 2025, with two penalties imposed: $4 million for Tabcorp and $871,000 to Betfair.

Separately, in investigating PointsBet, Buddybet and Tabcorp under the Interactive Gambling Act 2001 (Cth) (the IGA), the ACMA treated push notifications as regulated electronic messages, finding that even a link to a homepage can convert a 'service' message into a commercial one.¹ While the ACMA stopped short of taking a formal position under the Spam Act 2003 (Cth), a similar approach is likely.

If adopted, the implications would be significant: businesses would need to include sender identification and functional unsubscribe mechanisms within the push notification itself—something rarely done in practice.

Scams

While the ecosystem of the Scams Prevention Framework continues to be developed, the ACMA continued to take action in relation to mobile anti-scam breaches. This included:

• issuing infringement notices for alleged breaches of the mobile fraud rules (the Telecommunications (Mobile Number Pre-porting Additional Identity Verification) Industry Standard 2020), including $2.5 million for Southern Phone, $826,320 to Optus, $694,000 to Exetel and $413,160 to Circles Australia; and
• issuing directions to comply to three providers for alleged breaches of the Reducing Scams Code.

Interactive gambling

The ACMA’s compliance priorities continued to focus on interactive gambling safeguards, including enforcing industry compliance with new credit card and crypto bans, and raising awareness of BetStop—the National Self-Exclusion Register.

The ACMA conducted 94 investigations into a total of 124 gambling sites, and found 176 breaches of the IGA, issuing 52 formal warnings. The most common type of breach was prohibited interactive gambling services, followed by unlicensed regulated interactive gambling services. Three hundred and thirty-eight websites were referred to internet service providers for blocking.

Telecommunications

The ACMA continued to investigate and enforce various regulatory obligations across the telecommunications industry, including:

• issuing formal warnings to four providers for alleged breaches of the Telecommunications (Financial Hardship) Industry Standard 2024;
• issuing a formal warning to Telstra for alleged breaches of the Telecommunications (Service Provider – Identity Checks for Prepaid Mobile Carriage Services) Determination 2017; and
• investigating and taking action against a number of mobile providers for compliance with the Telecommunications (Emergency Call Services) Determination 2019.

Following the Optus outages, the Government established the Triple Zero Custodian and increased civil penalties for contraventions of the Telecommunications (Emergency Call Services) Determination 2019 from $250,000 to $30 million.²

AI

In October 2025, the Australian Government released the Guidance for AI Adoption, to update (and replace) the Australian Voluntary AI Safety Standard published a year earlier. The new guidance outlines six essential practices for responsible AI governance and adoption, streamlining AI expectations and reflecting a maturing of the operational governance framework for AI. It adds detailed, actionable implementation steps and also speaks to developer requirements.

The Government recently confirmed that it does not intend to implement AI-specific regulation in Australia, and therefore the adoption and use of AI will continue to be regulated through existing technology-neutral, principles-based instruments at both federal and state level. On 2 December 2025, the Government released the National AI Plan (which replaces the Voluntary AI Safety Standard), which formally moved away from previous proposals for mandatory AI-specific guardrails, in favour of an approach that leverages established frameworks.

Digital platforms

Marking the end of an era, in June this year, the ACCC published its final report on the Digital Platform Services Inquiry. In the report, the regulator highlighted its concerns over the potential for consumers to be misled by AI-generated output, noting the danger this can have in preventing informed decision making. The ACCC also flagged the regulatory gap present in digital markets for certain harms, such as the use of ranking algorithms to unfairly influence purchasing decisions. It recommended Australian laws keep pace by looking to practices in international jurisdictions.

ACMA, eSafety Commissioner.