World-first industry standards designed to require global tech giants to tackle the most harmful online content including child sexual abuse material and pro-terror content are set to become law.
The two standards, developed by the eSafety Commissioner and registered with the Australian Parliament in June, reached the end of their Parliamentary Disallowance period on the 18th of November and will come into force on the 22nd of December.
The Designated Internet Services (DIS) and Relevant Electronic Services (RES) standards require file and photo storage services, like Apple iCloud, Google Drive and Microsoft OneDrive, as well as chat and messaging services, to prevent their products being misused to store and distribute this harmful material.
And in another world first, they will also cover so called 'nudify apps' that use generative AI to create pornography or 'nudify' images without effective controls to prevent the generation of material such as child exploitation and abuse content. The online marketplaces that offer generative AI 'models' are also captured by the requirements.
The two standards will sit alongside six industry codes already in place covering social media services, search engines, app stores, internet service providers, hosting services and device manufacturers.
eSafety developed the two standards after the previous draft codes submitted by industry back in March 2023 were refused registration by the Commissioner for failing to provide appropriate community safeguards in relation to this highest harm class 1 content.
eSafety Commissioner Julie Inman Grant said the standards are a significant step forward in the battle to protect children online and while they are Australian law they may yet have global implications for tech firms.
"Today marks a very important day in the global fight to protect children online and Australia is taking a leading role," Ms Inman Grant said.
"These standards will be enforceable and require industry to take meaningful steps to prevent their platforms and services from being used to solicit, generate, store and distribute the most reprehensible and harmful online material imaginable, including child sexual abuse.
"There is of course no Australian internet, so these standards will require changes by companies no matter where they are headquartered.
"We know cloud-based file and photo storage services are often used by those who store and share child sexual abuse material and we also know many popular messaging services are also used by these predators to distribute this material, too.
"The companies who own and operate these services must take responsibility for this misuse and act to disrupt and deter it."
The commencement of the industry standards comes as eSafety today also announced it has granted an extension to the Australian peak bodies representing the online and tech industry to submit the second phase of draft industry codes focused on protecting children from online pornography and other high-impact content.
The extension was granted to provide industry time to consider the new social media age restrictions legislation and its potential intersections with the draft phase 2 codes which anticipates a layered approach to safety, up and down the technology stack. The draft codes are now due for submission to the Commissioner for assessment on 28 February, 2025.
"While much of the public focus has been on the new social media age restrictions legislation, this upcoming regulation is just one interconnecting element of a holistic approach to keeping children safe online which includes continued digital literacy for children and empowerment of parents," Ms Inman Grant said.
"Our codes and standards, our transparency powers and the age assurance trial currently underway can all support social media age restrictions to provide an umbrella of protection for children and young people."
The commencement of the standards and announcement of the extension for submission of the phase 2 codes comes as the Australian Government also recently announced stiffer penalties for companies of up to $49.5 million for breaches.
eSafety has also released the regulatory guidance [ Phase1-Standards-Class1A-and-1B-Regulatory-Guidance-Nov2024.pdf] for the two standards which provide information to support industry to comply.
