onlinesafety.org.au

Industry Codes

Consolidated Industry Codes of Practice for the Online Industry, Phase 1

(Class 1A and Class 1B material)

From September 2021 onwards, the steering group of industry associations developed eight Codes of Practice to protect Australians from Class 1A and 1B content under Australia’s classification scheme.

The development of the Codes was based on the provisions of Part 9, Division 7, of the Online Safety Act and was requested by the eSafety Commissioner.

On 31 March 2023, the group of industry associations submitted the Consolidated Industry Codes of Practice for the Online Industry, Phase 1 (class 1A and class 1B material) for registration to the Office of the eSafety Commissioner. The submitted Codes cover participants across eight key sections of the online industry specified in the Online Safety Act (see below).

Outcome:

On 16 June 2023,  the eSafety Commissioner formally registered the following five Codes:

  1. Social Media Services Code
  2. Apps Distribution Services Code
  3. Hosting Services Code
  4. Internet Carriage Services Code
  5. Equipment Code

     

    On 12 September 2023, the Commissioner registered the 

  6. Internet Search Engine Services Code

as a sixth Code. This Code had been re-submitted to the Commissioner to reflect recent developments in generative AI.
Each of the Codes consists of
Head Terms (identical for all six Codes) and a Schedule listing the requirements specific to the respective online section. Electronic copies of the Head Terms and registered Codes can be found further below.

Commencement:

The registered Codes will become enforceable by the Office of the eSafety Commissioner six months after registration, i.e., on 16 December 2023 and 12 March 2024, respectively. Providers of services/equipment who have reasonable grounds for not being fully compliant – such as where significant engineering or system changes are required to comply with a specific requirement a Code – may have an additional six months to comply with that requirement.

Application of the Codes:

What online material is covered by the Codes?

Broadly speaking, the online material covered under the eight Codes is child sexual exploitation and pro-terror material, as well as material that deals with crime and violence, and drug-related content.

 

Which services/equipment are covered by the Codes?
The following five online sections are covered by the Codes:

  1. social media services (e.g. Facebook, Instagram, TikTok);
  2. app distribution services used to download apps (e.g. Apple IOS and Google Play stores);
  3. hosting services (e.g. Amazon Web Services, NetDC).
  4. internet carriage services (e.g. Telstra, iiNet, Optus, TPG Telecom, Aussie Broadband); and
  5. manufacturers and suppliers of any equipment that connects to the internet, and those who maintain and install it (e.g. of modems, smart televisions, phones, tablets, smart home devices, e-readers etc).
  6. internet search engine services (e.g. Google Search, Bing) 

Do I need to comply – are my services covered?

While each registered Code applies to the entire online section, not all services/equipment in that online section face additional compliance requirements. Roughly speaking, compliance requirements depend on the risk of harm from Class 1A and 1B material associated with a respective service/equipment. Providers of relevant services or those covered by the Equipment Code are advised to check the respective Codes to understand whether further compliance activities for each of their services/equipment are required.

The Preamble of the Head Terms (and other sections of the Head Terms) also provides useful guidance in relation to the applicability of the Codes.

If your services/equipment are covered by a Code, then you are, depending on the Code, required to undertake a risk assessment and, following that risk assessment, compliance measures in accordance with your respective risk category apply. Alternatively, for Codes where no risk assessment is required, compliance measures for different types of services/equipment apply.

  • Providers of social media services are advised to check the Social Media Services Code (and Head Terms) to understand their compliance requirements.
  • Providers of app distribution services are advised to check the App Distribution Services Code (and Head Terms) to understand their compliance requirements. Note that this Code contains further guidance in relation to the provision of first-party apps vs third-party apps and other factors that may influence whether apps/services are covered by this Code.
  • Providers of hosting services are advised to check the Hosting Services Code (and Head Terms) to understand their compliance requirements. Note that this Code contains further guidance in relation to the provision of first-party hosting services vs third-party hosting services and other factors that may influence whether services are covered by this Code.
  • Internet service providers are advised to check the Internet Services Code, the Equipment Code (to the extent they manufacture, supply, install or maintain equipment that connects to the internet, including phones, tablets or modems etc.) and Hosting Services Code (to the extent they provide Hosting Services to third parties) and the Head Terms. 
  • Manufacturers and suppliers of any equipment that connects to the internet, and those who maintain and install it are advised to check the Equipment Code to understand their compliance requirements. Note that this Code contains further guidance in relation to different categories of equipment. Not all equipment has the same compliance requirements (some has none) and industry participants covered by this Code are advised to check which equipment category and which industry participant category (manufacturer, supplier, installer, maintenance) their equipment/their organisation falls into.
  • Providers of internet search engine services are advised to check the Internet Search Engine Services Code (and Head Terms) to understand their compliance requirements.


    The eSafety Commissioner declined to register the

  • Relevant Electronic Services Code (for relevant electronic services e.g., services used for messaging (including SMS and MMS) services, email, video communications, and online gaming services (e.g. Gmail, WhatsApp, services); and
  • Designated Internet Services Code (for designated internet services that includes websites and end-user online storage and sharing services (e.g. Dropbox, Google Drive),

that the group of industry associations had submitted as part of the Consolidated Industry Codes of Practice, on the basis that these two Codes fail to provide appropriate community safeguards in relation to matters that are of substantial relevance to the community.

The Office of the eSafety Commissioner has registered mandatory and enforceable Industry Standards for Relevant Electronic Services and Designated Internet Services.

The Standards, developed by the Office of the eSafety Commissioner, will come into effect on 22 December 2024. Providers of Relevant Electronic Services and Designated Internet Services are advised to visit the website of the Office of the eSafety Commissioner for further detail and a copy of the Standards.

For further information, please contact the group of industry associations at hello@onlinesafety.org.au.

Head terms for all code schedules

– as re-registered on 12 September 2023 – 
All schedules relating to different industry sections utilise a common set of Head Terms.

(The latest version of the Head Terms, dated 12 September 2023, supersedes the previous version, dated 16 June 2023, to reflect the registration of the Internet Search Engine Services Online Safety Code with no changes to the substantive provisions.)


Head Terms – Head Terms – Consolidated Industry Codes of Practice for the Online Industry (Class 1A and Class 1B Material) – PDF

Head Terms – Head Terms – Consolidated Industry Codes of Practice for the Online Industry (Class 1A and Class1B Material) – DOC

Social media services

– as registered on 16 June 2023 – 
Electronic services that enable online social interaction between 2 or more end‑users.

Schedule 1 – Social Media Services Online Safety Code (Class 1A and Class 1B Material) – PDF

Schedule 1 – Social Media Services Online Safety Code (Class 1A and Class 1B Material) – DOC

 

App distribution services

– as registered on 16 June 2023 – 
Services that enable the download of third-party apps by Australian end-users.

Schedule 2 – App Distribution Services Online Safety Code (Class 1A and Class 1B Material) – PDF

Schedule 2 – App Distribution Services Online Safety Code (Class 1A and Class 1B Material) – DOC

 

Hosting services

– as registered on 16 June 2023 –
Service that hosts stored material, that has been provided on another social media service, relevant electronic service, or designated internet service.

Schedule 3 – Hosting Services Online Safety Code (Class 1A and Class 1B Material) – PDF

Schedule 3 – Hosting Services Online Safety Code (Class 1A and Class 1B Material) – DOC

Internet carriage services

– as registered on 16 June 2023 –
Services provided by Internet Service Providers or ISPs, provided to Australian end-users.

Schedule 4 – Internet Carriage Services Online Safety Code (Class 1A and Class 1B Material) – PDF

Schedule 4 – Internet Carriage Services Online Safety Code (Class 1A and Class 1B Material) – DOC

 

 

 

Manufacturing, supplying, maintaining or Installing equipment

– as registered on 16 June 2023 – 
Manufacturers, suppliers, maintenance providers and installation providers of equipment, as well as Operating Service (OS) providers.

Schedule 5 – Equipment Online Safety Code (Class 1A and Class 1B Material) – PDF

Schedule 5 – Equipment Online Safety Code (Class 1A and Class 1B Material) – DOC

Internet search engine services

– as registered on 12 September 2023 – 

Software-based services designed to collect and rank information on the World Wide Web in response to user queries.

Schedule 6 – Internet Search Engine Services Online Safety Code (Class 1A and Class 1BMaterial) – PDF

Schedule 6 – Internet Search Engine Services Online Safety Code (Class 1A and Class 1B Material) – DOC

 

Relevant electronic services

(previously submitted as Schedule 2) – eSafety will proceed to making a Standard instead of the proposed industry code – 
Services used for messaging (including SMS and MMS), email, and online gaming.

31 March – Relevant Electronic Services Online Safety Code (Class 1A and Class 1B Material) – PDF

31 March – Relevant Electronic Services Online Safety Code (Class 1A and Class 1B Material) – DOC

eSafety summary of reasons for rejection – Relevant Electronic Services Code

 

Designated internet services

(previously submitted as Schedule 3)
– eSafety will proceed to making a Standard instead of the proposed industry code –

All websites that can be accessed by Australian end-users, including end-user online storage.

31 March  – Designated Internet Services Online Safety Code (Class 1A and Class 1B Material) – PDF

31 March – Designated Internet Services Online Safety Code (Class 1A and Class 1B Material) – DOC

eSafety summary of reasons for rejection – Designated Internet Services Code

2023 Request for registration

Details about the basis upon which the industry associations sought registration of the codes in March 2023, including details of how the codes were developed to meet the criteria of the Online Safety Act 2021 and the expectations outlined in the eSafety Position Paper.