Compliance for Telecommunications carriers / CSPs
Carriers and carriage service providers under the Telecommunications Act.
Published obligations that apply to telecommunications carriers / csps (13)
- criticalCWLTHNotifiable Data Breach (NDB) scheme
Under the NDB scheme, APP entities must notify the OAIC and affected individuals of an eligible data breach likely to cause serious harm — assessed within 30 days.
- criticalCWLTHReport cyber security incidents to ASD (SOCI)
Critical infrastructure asset operators must report critical incidents within 12 hours and other incidents within 72 hours.
- criticalCWLTHComply with online safety industry codes (Phase 1 + 2)
Eight industry sections covered by binding codes under the Online Safety Act 2021.
- highCWLTHAvoid unfair contract terms in standard form consumer & small business contracts
From November 2023, unfair contract terms carry pecuniary penalties — up to $100M per term (from 28 March 2026).
- highCWLTHHonour consumer guarantees under the Australian Consumer Law
Goods and services supplied to consumers come with automatic statutory guarantees that cannot be excluded.
- highCWLTHComply with the Spam Act 2003 (consent, identify, unsubscribe)
All commercial electronic messages must have consent, identify the sender, and offer a working unsubscribe.
- highCWLTHWash outbound marketing lists against the Do Not Call Register
Lists must be washed within 30 days of the call/SMS unless valid consent.
- highCWLTHComply with Basic Online Safety Expectations + industry codes
Social media services, app distribution services, and other captured providers must meet the BOSE and industry codes.
- highCWLTHComply with Telecommunications Consumer Protections (TCP) Code
Telcos must comply with the binding TCP Code covering credit assessment, billing, complaint handling and unwelcome contact.
- highCWLTHComply with the Reducing Scam Calls and Scam SMs Industry Code
CSPs must implement controls to detect, trace and block scam calls and SMs, including SMS Sender ID Register.
- highCWLTHComply with Customer Service Guarantee (CSG) for standard phone services
Telstra + other carriers must meet CSG performance benchmarks for installations + faults.
- highCWLTHPublish a Privacy Policy compliant with APP 1
Every APP entity needs a clearly-expressed Privacy Policy covering APP 1.4 requirements.
- highCWLTHTelco data retention — 2 years (Part 5-1A Telecommunications Act)
Carriers + CSPs must retain telco metadata for 2 years.