Basic Online Safety Expectations — the eSafety transparency reporting regime
How the Basic Online Safety Expectations Determination under the Online Safety Act 2021 lets the eSafety Commissioner require transparency reports from service providers.
What the BOSE are
The Basic Online Safety Expectations (BOSE) are established under section 45 of the Online Safety Act 2021 (Cth). They are detailed in the Online Safety (Basic Online Safety Expectations) Determination 2022, which was made by the Minister.
These expectations apply to providers of social media services, relevant electronic services, and designated internet services. They outline what is expected of these services in relation to online safety.
BOSE are not directly enforceable obligations. Instead, they form the basis for transparency reporting notices issued by the eSafety Commissioner.
Core expectations
The eSafety transparency reporting regime outlines several core expectations for online service providers. Providers are required to take reasonable steps to ensure end-users can utilise the service safely. This includes measures to foster a secure online environment for all users.
Furthermore, providers must take reasonable steps to proactively minimise material or activity on their service that is unlawful or harmful. This obligation aims to reduce the prevalence of illegal and damaging content and behaviours.
Finally, providers are expected to establish and maintain accessible and effective complaint mechanisms for users. They must also take reasonable steps to keep information about service usage and provide it to the Commissioner when requested.
Transparency reporting notices
The eSafety Commissioner has the power to issue transparency reporting notices to online service providers. These notices can be issued periodically or on a one-off basis, requiring the provider to submit a written report detailing their adherence to the Online Safety Expectations.
These reports must contain detailed information. This includes specifics about safety features implemented, the processes used for content moderation, and the prevalence of harmful material encountered on the provider’s services.
Failure to comply with a transparency reporting notice, whether through failing to provide a report or submitting a false or misleading one, constitutes a civil penalty contravention. The Commissioner also publishes summary findings from these reports, including transparency reports issued to large global platforms, which are considered a world-first initiative.
Amendments and review
The Basic Online Safety Expectations (BOSE) Determination has been updated. Amendments came into effect on 31 May 2024, focusing on enhanced safety measures for generative AI, recommender systems, and considerations relating to the best interests of children.
An independent review of the Online Safety Act 2021 was completed in late 2024. This review assessed the Act’s operation and effectiveness, including the BOSE framework.
The Australian Government intends to introduce further reforms to the Online Safety Act and the BOSE framework during 2025-26. It is important to note that industry codes registered under Part 9 of the Online Safety Act operate separately from, but in conjunction with, the BOSE expectations.
Frequently asked
Is failing to meet a BOSE expectation a criminal offence?
No. Failing to meet a BOSE expectation is not itself an offence. The Act's enforcement mechanism is transparency reporting — failing to provide a required report or providing a false report is the contravention.
Do BOSE apply to email services?
Email and certain other services can fall within 'relevant electronic services'. Detailed scoping depends on the service definition in the Online Safety Act 2021.