Associations representing members of Australia's online industry have submitted to the eSafety Commissioner final draft codes designed to protect children from age-inappropriate content, including pornography, high-impact violence and material relating to self-harm, suicide and disordered eating.
The Commissioner will now decide if the eight codes - covering a wide range of services, including app stores, search engines, social media services, internet service providers, hosting services, instant messaging and chat services, equipment manufacturers and suppliers, and other services - provide appropriate community safeguards in order to be registered, as required under Australia's Online Safety Act (the Act).
In July 2024 eSafety issued notices requesting that industry create codes and released a position paper setting out our expectations for these codes. In response, industry has provided drafts of the codes and eSafety has provided feedback on those initial drafts.
"In line with that earlier feedback, I notified industry in April of my preliminary view that the codes, as submitted to me in February and March, did not provide sufficient safeguards for different forms of pornography and violent material which children may be exposed to, nor did they sufficiently address harms relating to AI chatbot and companion services simulating sexualised interactions with children," eSafety Commissioner Julie Inman Grant said.
"The earlier draft codes placed the onus for safety largely on parents and carers, requiring them to enable protections for children online which should be on by default.
"Further, there was a concerning absence of age assurance measures across key codes, leaving gaps in protections across the technology stack. This means that we couldn't be confident that the default safety protections proposed for children under the codes would actually be applied to children and protect them from accessing harmful content."
These and other concerns were raised in a letter sent by the eSafety Commissioner to industry last month. Similar concerns were raised in response to multiple previous drafts of the codes received by eSafety since October 2024.
These concerns included the predominant theme that all sectors of the technology industry should be providing layered safety protections to prevent children from accessing harmful content and conduct so that there is not a single point of failure, and that all players are held accountable for providing appropriate community safeguards for children.
This call was echoed in feedback provided by third parties in the codes public consultation undertaken by industry from October-November 2024.
"eSafety has engaged in constructive dialogue with industry since April about many of these concerns," Ms Inman Grant said
Industry was given a final opportunity to provide revised codes or make submissions for the Commissioner's consideration by 20 May 2025.
The next step will be for the eSafety Commissioner to consider the final draft codes against the requirements set out under the Act.
If a code does not meet the statutory requirements, the eSafety Commissioner has the power under the Act to determine a mandatory industry standard.
Once codes or standards are in place, they will be enforceable and eSafety will be able to receive complaints and investigate potential breaches.
These new codes will complement existing codes and standards already in force in relation to seriously harmful and unlawful content, such as child sexual abuse material. The existing codes and standards have now been in force for six months.
eSafety will be considering closely services' compliance with existing codes and standards with a view to taking enforcement action where appropriate.
Failure to comply with codes or standards may result in civil penalties of up to $49.5 million per breach.
Background:
The codes were originally due to be submitted for assessment on 19 December 2024. In December 2024 and again in February 2025. The eSafety Commissioner granted two extensions at the request of industry to enable consideration of domestic and international regulatory developments.
In accordance with those extensions, industry associations submitted drafts of the codes on 28 February and 27 March 2025.
In April 2025 the eSafety Commissioner wrote to industry reinforcing concerns raised with them in respect of multiple drafts of codes received since October 2024.
