Introductory Info
Date of introduction: 27 August 2025
House introduced in: House of Representatives
Portfolio: Home Affairs
Commencement: The day after Royal Assent
Brief overview of Australia’s electronic surveillance laws
Australia’s electronic surveillance law landscape is a complex framework set out in the following legislation:
The complexity of the current framework, for users and stakeholders involved, has long been acknowledged. For instance, the Office of the Australian Information Commissioner has stated ‘the current [electronic surveillance] framework is long, complicated and difficult for intelligence agencies, oversight bodies and industry to understand and comply with’.
As part of a broader review of the Australian National Intelligence Community (NIC) landscape, in 2019 the Australian Government commissioned Dennis Richardson to undertake a comprehensive review into the effectiveness of the legislative framework. This resulted in the 4-volume report, the Comprehensive Review of the Legal Framework of the National Intelligence Community (Comprehensive Review). Regarding electronic surveillance laws, the Comprehensive Review recommended that:
Recommendation 75: The Surveillance Devices Act, Telecommunications (Interception and Access) Act and those parts of the Australian Security Intelligence Organisation Act governing the use of computer access and surveillance devices powers should be repealed and replaced with a new Act.
The Department of Home Affairs is currently progressing major reform to Australia’s laws governing electronic surveillance, with the goal of condensing the electronic surveillance laws into a single Act.
While this Bill relates to some parts of Australia’s electronic surveillance laws, it is not a fulsome response to the Comprehensive Review but, rather, contains targeted and confined amendments.
More recently, the Independent National Security Legislation Monitor (INSLM), the statutory office holder who independently reviews Australia’s national security and counter-terrorism laws, published a report reviewing the operation of the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 (SLAID Act). In part, the SLAID Act introduced the network activity warrant framework which the Bill amends.
Purpose and structure of the Bill
The purpose of the Telecommunications and Other Legislation Amendment Bill 2025 (the Bill) is to amend the Surveillance Devices Act 2004 (SD Act), Telecommunications (Interception and Access) Act 1979 (TIA Act) and Crimes Act 1914 to make a range of changes to certain warrants, International Production Orders (IPO) and controlled operations.
The Bill contains 5 Schedules. Schedules 1–4 relate to electronic surveillance and related obligations including:
- permitting protected network activity warrant information and network activity warrant intercept information to be used to meet disclosure obligations and admitted into evidence in some circumstances (Schedule 1)
- transferring the statutory functions of the Office of the Communications Access Coordinator—the central liaison point between the telecommunications industry, and law enforcement and national security agencies regarding obligations in the TIA Act—from the Attorney-General’s Department to the Department of Home Affairs (Schedule 2)
- allowing prescribed agencies limited access to stored communications (after they have passed over a telecommunications system), which can be used to undertake development and testing activities to ensure intelligence network security and interception technologies are fit for purpose (Schedule 3) and
- making amendments to the interception aspects of the IPO framework (Schedule 4).
Schedule 5 amends some aspects of the controlled operation framework in the Crimes Act, including the threshold requirements for approving and amending controlled operations. Schedule 5 also makes clear that authorised participants in a controlled operation targeting sex offenders can appropriately deal with material involving sexual offences and be protected from criminal responsibility and indemnified against civil liability.
Committee consideration
On 27 August 2025, the Minister for Home Affairs referred the Bill to the Parliamentary Joint Committee on Intelligence and Security for review and report into the Bill (Committee Review). The Committee Review received 5 submissions from:
- Independent National Security Legislation Monitor
- Internet Association of Australia
- National Anti-Corruption Commission
- Department of Home Affairs
- Commonwealth Ombudsman.
While most submissions broadly supported the Bill, the Internet Association of Australia (IAA) submission rejected the framing of the amendments of the Bill as being ‘primarily technical or administrative corrections in nature’:
Schedules 1 and 3 represent a function creep by expanding the admissibility of information gained via extraordinary electronic surveillance powers, and expanding the scope of stored communications access. Such changes have the potential to greatly affect both compliance obligations for the telecommunications industry and introduce privacy risks and encroachments to individual freedoms for the general public. Thus, the failure to consult stakeholders nor analyse the regulatory impact is highly problematic. (p. 2)
The IAA recommended the Bill be ‘withdrawn and redrafted following a full public consultation, completion of a regulatory impact analysis and with consideration of the INSLM report’ (p. 5).
At the time of publishing, there does not appear to be any public commentary by any political parties or independents relating to the Bill.
On 28 August 2025, a government amendment to a motion to adopt the Senate Selection of Bills Committee report provided that the Bill ‘not be referred to a committee’. An Australian Greens proposed amendment to refer the Bill to the Senate Legal and Constitutional Affairs Legislation Committee for inquiry and report was unsuccessful.
Changes to how some warrant information can be used
Network activity warrant information (Schedule 1)
The SD Act provides the framework for the issuing of certain surveillance and computer related warrants. One of these warrants – network activity warrants – enables the collection of intelligence that relates to criminal networks operating online, and is regulated by Division 6 of Part 2 the SD Act. Division 6 is set to sunset on 3 September 2026.
Network activity warrants are issued under section 27KM of the SD Act by an eligible Judge or nominated Administrative Review Tribunal member, and can be issued for no longer than 90 days (subsection 27KN(2)), with extensions of up to 90 days available (subsection 27KQ(1). Network activity warrants allow relevant authorities to obtain intelligence, including uncovering identities and discovering the scope of criminal networks.
Information obtained through network activity warrants is usually not admissible in prosecutions, as it is obtained for intelligence purposes. As Home Affairs notes (emphasis added):
Information obtained under a network activity warrant is for intelligence purposes and is not permitted to be used as evidence in a criminal proceeding. However, it can be used to support an application for other warrants, which can be used to collect evidence (e.g. a search warrant or computer access warrant). [emphasis added]
Section 45B of the SD Act provides that, unless permitted, protected network activity warrant information (defined in section 44A, SD Act) may not be admitted in evidence in any proceedings (exemptions are listed in subsections 45B(4), (5), (7) and (10)). This recognises that protected network activity warrant information is used as predominantly intelligence information, not as evidence against defendants.
Item 1 of Schedule 1 inserts proposed subsection 45B(9A). Proposed subsection 45B(9A) clarifies that protected network activity warrant information may be used for the purposes of deciding whether to bring, or continue, a prosecution for a relevant offence. As stated in the EM (p. 6):
[t]his ensures that all information held by the prosecution can be considered in making such decisions, including potentially exculpatory information [that is, information that tends to clear a person from a charge of fault or guilt].
Item 1 also inserts proposed subsection 45B(9B). Proposed subsection 45B(9B) states that protected network activity warrant information may be used for complying with relevant common law or statutory disclosure duties or obligations in criminal proceedings. However, in both instances, the disclosure of protected network activity warrant information can be resisted by claiming public interest immunity or legal professional privilege over such information, or by relying on any statutory provision that limits the obligation to disclose material (EM, p. 6).
Items 2–3 of Schedule 1 expand when protected network activity warrant information can be used in criminal proceedings. Item 3 inserts proposed subsection 45B(10A) of the SD Act. Proposed subsection 45B(10A) provides that protected network activity warrant information can be used in criminal proceedings where the warrant information is adduced or given in evidence by:
- the defendant and where the admission of the warrant information into evidence is necessary for the fair trial of the defendant (proposed paragraph 45B(10A)(a)) or
- the prosecution in response to other protected network activity warrant information admitted into evidence in the circumstances set out above (that is, adduced or given in evidence by a defendant as necessary for the fair trial of the defendant, proposed subparagraph 45B(10A)(b))).
Item 4 of Schedule 1 replicates the provisions in items 1–3 of Schedule 1 for network activity warrant intercept information pursuant to the TIA Act (see EM, p. 8).
Discussions regarding interception and warrants come in the context of the passage of the Surveillance Legislation (Confirmation of Application) Act 2024 which, among other things, sought to clarify that certain information was not intercepted information, and therefore was lawfully obtained. The legislation was introduced in the context of a number of court matters being heard in relation to information obtained by the Australian Federal Police (AFP) as part of Operation Ironside. Further information about this Act, and the relevant court matters being considered at the time, can be found in the Bills Digest for the Surveillance Legislation (Confirmation of Application) Bill 2024.
The High Court of Australia is currently considering an appeal from a South Australian Court of Appeal matter (CD & Anor v. Director of Public Prosecutions (SA) & Anor; CD & Anor v. The Commonwealth of Australia (A24/2024, A2/2025)). This case considers technical matters of communications passing over telecommunication systems for the purposes of the TIA Act. The High Court has advised that the judgment in this case will be delivered on Wednesday 8 October 2025.
As noted above, on 1 September 2025, the INSLM published a report reviewing operation of the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021 (SLAID Act). The recommendations of the INSLM included:
Recommendation 14: The secrecy provisions should be reformed in accordance with the following principles: …
(e) Potentially exculpatory material obtained under a [network activity warrant] should be able to be disclosed in accordance with the usual prosecutorial duty of disclosure (p. viii).
In his submission to the Review Committee, the INSLM observed that he was satisfied that items 1–4 of Schedule 1 effectively implement this recommendation. However, the INSLM also noted there were also ‘two relatively minor, and in my view uncontroversial, amendments in Recommendation 14 that also relate to the use and disclosure of [network activity warrant] information’ that could be given consideration (p. 3). These were:
Recommendation 14: The secrecy provisions should be reformed in accordance with the following principles:
…
(d) There should be no barrier to a person seeking legal advice about an assistance order they may be required to comply with.
…
(f) The law should be clarified to put beyond doubt that [network activity warrant] information cannot be admitted in evidence in proceedings under the Proceeds of Crime Act 2002 (Cth).
Changes to investigative and interception testing provisions
Controlled operations (Schedule 5)
Controlled operations are covert operations that permit law enforcement and civilian participants to engage in a criminal scheme, under controlled conditions, for the purpose of investigating potential serious offences and to obtain evidence that may lead to prosecution (see, for example, a description of the controlled operations framework in the Australian Federal Police and Australian Criminal Intelligence Commission’s Controlled Operations Annual Report 2023–24, pp. 3–6).
At the Commonwealth level, Part IAB of the Crimes Act regulates the processes for authorisation, conduct and monitoring of controlled operations. Schedule 5 of the Bill amends the controlled operation framework in two ways. Firstly, it amends the threshold requirements that authorising persons must be satisfied of to approve or vary a controlled operation. Secondly, it provides controlled operation participants with protection from criminal liability and civil indemnification when they are lawfully investigating sex offenders and, in doing so, may be required to engage with sexual offence material. (Under section 15GC, a participant in a controlled operation means a person who is authorised under Part IAB of the Crimes Act to engage in controlled conduct for the purposes of the controlled operation.)
Threshold changes for authorising and amending controlled operations
Law enforcement officers are required to receive authorisation before they can conduct a controlled operation on behalf of the law enforcement agency (Division 2, Part IAB, Crimes Act). Relevant authorising officers (as defined in section 15GF) must not grant authorisation for a controlled operation to occur unless they are satisfied, on reasonable grounds, of certain conditions outlined in subsection 15GI(2). One condition, set out at paragraph 15GI(2)(g) of the Crimes Act, requires that an authorising officer be satisfied that any conduct involved in the controlled operation will not:
- seriously endanger the health or safety of any person
- cause the death of, or serious injury to, any person
- involve the commission of a sexual offence against any person or
- result in significant loss of, or serious damage to property (other than illicit goods).
Item 1 of Schedule 5 inserts new subsection 15GI(2A). Proposed paragraph 15GI(2A)(a) clarifies that existing paragraph 15GI(2)(g) only requires that an authorising officer ‘be satisfied as to the direct and reasonably foreseeable consequences of the unlawful conduct of participants in the controlled operation’. A consequence is a direct consequence of unlawful conduct if the unlawful conduct causes or produces, and is not merely a minor influence on, the consequence without any intervening conduct or events (proposed paragraph 15GI(2B)).
This amendment has two consequences. Firstly, it clarifies that an authorising officer is not expected to consider potential indirect effects of unlawful conduct by participants at the time of authorisation ‘including indirect consequences which a reasonable person may consider foreseeable as well as those that are far-fetched or fanciful’. It also makes clear that paragraph 15GI(2)(g) is ‘intended to exclude consideration of effects tenuously related to the unlawful conduct, in that the contribution of the unlawful conduct may have a minor or negligible influence on a particular outcome’ (Explanatory Memorandum, p. 28).
Secondly, the amendment clarifies that for the purposes of paragraph 15GI(2)(g), an authorising officer is only required to consider the unlawful conduct of participants in the controlled operation. As set out in the Explanatory Memorandum, the amendment:
is intended to make clear the consideration of the authorising officer, under paragraph 15GI(2)(g), is only concerned with the unlawful conduct of a participant and not a suspect under investigation, unless the suspect’s conduct may be directly caused in some way by the participant’s conduct, and those consequences are reasonably foreseeable. The restriction in paragraph 15GI(2)(g) would otherwise have an absurd effect if it were read as meaning that a controlled operation to investigate a dangerous crime could not be authorised if there was risk that a suspect might continue the dangerous criminal behaviour which is under investigation. This would defeat the purpose of the Part IAB power (p. 28).
These same threshold requirements apply to the variation of a controlled operation authorisation (item 2, Schedule 5) and the consideration by a nominated Tribunal member (a member of the Administrative Review Tribunal (ART) nominated by the Minister under section 15GG) to extend the period of a formal authorisation for a controlled operation beyond 3 months (item 3, Schedule 5).
As set out in the Explanatory Memorandum, the amendment:
recognises that the authorising officer is making a point in time assessment at the very start of a controlled operation, when it is not realistic for them to foresee the full breadth of operational scenarios that may eventuate, particularly the actions of those who are not listed in the controlled operation authority, or whose identities are not known to police (p. 28).
Criminal and civil indemnification for controlled operation participants dealing with child abuse material
As set out above, an authorising officer must be satisfied on reasonable grounds that any conduct involved in the controlled operation will not ‘involve the commission of a sexual offence against any person’ (paragraph 15GI(2)(g)(iii)).
Item 1 of Schedule 5 inserts new paragraph 15GI(2A)(b). Proposed paragraph 15GI(2A)(b) clarifies that nothing in existing paragraph 15GI(2)(g)(iii) is intended to prevent an authorising officer from granting authorisation to conduct a controlled operation where a participant may be required to deal with material depicting, describing or involving a sexual offence against any person, or facilitating a person to deal with such material. In an online context where a proliferation of sexual offences involving technology are being committed, the Explanatory Memorandum (EM) states that this clarification is required to confirm that a controlled operation can be approved in circumstances where participants may be required to deal with materials of a sexual nature online when investigating sex offenders (p. 29).
Relatedly, section 15HA of the Crimes Act provides protection from criminal responsibility for participants engaging in otherwise unlawful conduct for a controlled operation. As currently outlined in subsection 15HA(2), a person will be protected from criminal responsibility only when certain conditions are met, including that the conduct does not involve the participant engaging in conduct that is likely to involve the commission of a sexual offence against any person (subparagraph 15HA(2)(d)(ii)).
Item 4 of Schedule 5 inserts new subsection 15HA(3). Subsection 15HA(3) clarifies that subparagraph 15HA(2)(d)(ii) does not prevent a controlled operation participant being protected from criminal responsibility if they deal with material involving a sexual offence against a person, or facilitate a person to deal with such material.
Finally, section 15HB of the Crimes Act provides indemnification from civil liability for participants engaging in otherwise unlawful conduct for a controlled operation. As currently outlined in section 15HB, the Commonwealth must indemnify a participant in a controlled operation against civil liability only when certain conditions are met, including that the conduct does not involve the participant engaging in conduct that is likely to involve the commission of a sexual offence against any person (subparagraph 15HB(d)(ii)).
Item 6 of Schedule 5 inserts new subsection 15HB(2). Proposed subsection 15HB(2) clarifies that subparagraph 15HB(d)(ii) does not prevent a controlled operation participant being indemnified against civil liability if they deal with material involving a sexual offence against a person, or facilitate a person to deal with such material.
International production orders (Schedule 4)
An IPO is a legal order under Schedule 1 of the TIA Act that allows certain Australian law enforcement and security agencies to obtain electronic communication information from telecommunication providers (both Australian based and overseas based) in compliance with established country agreements. As stated on the Attorney-General’s Department website, the IPO framework ‘allows Australia to enter into agreements with other countries to share electronic information for the purposes of countering serious crime’.
A prominent agreement that allows access to relevant electronic information is that between the United States of America (US) and Australia: the Agreement between the Government of Australia and the Government of the United States of America on Access to Electronic Data for the Purpose of Countering Serious Crime (AUS-US Agreement). The AUS-US Agreement
… allows Australian and United States law enforcement and national security agencies to obtain orders for data held by communications service providers in the partner nation without the need for separate review and authorisation from their own government. (Attorney-General’s Department)
Schedule 4 of the Bill amends the IPO framework to provide updates regarding 2 issues. Firstly, it omits some references to ‘intercepting’ (which is defined in section 6 of the TIA Act and generally requires listening to or recording live communications while passing over a telecommunications system, for example, listening to a live phone call) and substitutes with ‘accessing’ (which is defined in section 6AA of the TIA Act and generally requires accessing stored communications after they have passed over a telecommunications system, for example, voicemails). The EM (see, for example, p. 17) refers to the term ‘accessing’ as a technology neutral term.
The changes impact certain considerations when relevant persons are considering IPO applications including where:
- judges or relevant ART members are considering
- whether to issue an IPO (items 1, 6, Schedule 4)
- the privacy impacts of issuing an IPO (items 2, 6, Schedule 4)
- the Attorney-General is considering whether to consent to an IPO application by ASIO (item 10, Schedule 4).
Secondly, amendments are proposed to clarify that copying certain stored communications may satisfy intercept IPO requirements (despite the technical distinctions of the terms ‘access’ and ‘intercept’ as used in the TIA Act). IPOs may require a prescribed communications provider to intercept certain information. Changes proposed in Schedule 4 (items 5, 9, and 14) provide that a prescribed communications provider may comply with the interception requirement by copying stored communications that consist of things such as messages and voicemails. This clarifies that such information falls within the relevant definition of ‘intercept’, addressing ‘uncertainty’ (EM, p. 19).
The Department of Home Affairs’ submission to the Committee Review of the Bill explains:
The current framework assumes that data in response to an interception international production order will be returned to the requesting agency in a ‘livestream’ or ‘recording’ fashion. However, many companies within the intended scope of the framework do not have the technical capability to ‘livestream’ data in response to an order targeting prospective content, and establishing this capability would require significant technical investment by both Australian agencies and the US providers. As a result, Australian law enforcement and intelligence agencies have been unable to seek prospective content data from these prescribed communications providers.
The amendments in Schedule 4 to the Bill provide a technology-neutral function of what a prescribed communications provider can do in a response to an order for ‘intercepted’ communications. It allows them to transfer prospective content data to law enforcement agencies using methods other than a ‘livestream’, such as making a copy of messages from their servers and transmitting the copy to the agency (p. 8).
The EM emphasises that the proposed amendments ‘do not override existing safeguards contained in the Industry Assistance framework under Part 15 of the Telecommunications Act 1997, nor do they create new powers to compel a provider to build new capabilities’ (p. 19). Nonetheless, the Internet Association of Australia submission to the Committee Review argued the Bill’s amendments require consultation with industry (p. 4):
Given the cross-border component, industry will likely face greater compliance challenges as it pertains to ensuring privacy and legal frameworks surrounding data. Thus, it is again highly concerning that there has been no consultation with industry who will need greater time to consider the privacy implications and potential conflicts with other obligations relating to cross-border data flows. We therefore reiterate our recommendation that the TOLA Bill should not be passed until such consultations occur.
Development or testing of technologies for interception capabilities (Schedule 3)
Part 2-4 of the TIA Act provides a framework whereby a ‘security authority’ (defined in section 5) can request the Attorney-General’s authorisation under section 31A of the TIA Act, to intercept communications passing over a telecommunications system (that is, live communications) for the purpose of developing and testing technologies, or interception capabilities. If the Attorney-General provides section 31A authorisation, the agency does not need a warrant to intercept the information. However, a section 31A authorisation does not authorise access to stored communications.
As the EM draws attention to, there are circumstances where ‘stored communications may pass over the telecommunications system alongside live communications’ (p. 38), which means stored communications ‘may become inextricably intermingled with live messages passing over the network’ (p. 45).
Schedule 3 provides that relevant agencies, in limited circumstances, can access stored communications (that is, information that has ceased to pass over a telecommunication system) for the purposes of undertaking development and testing activities.
Item 4 of Schedule 3 clarifies that, for the purpose of section 31 applications for developing or testing technologies, references to ‘interception of communications passing over a telecommunications system’ includes a reference to the accessing of the communications (as stored communications) once communications have ceased passing over the telecommunications system.
Connected to this change, the definition of lawfully accessed information in section 5 of the TIA Act, is repealed and replaced by item 1 of Schedule 3. The proposed amendment will preclude stored communications obtained under a section 31A authorisation from the definition of lawfully accessed information.
Building on this definitional amendment, item 3 of Schedule 3 inserts proposed subsection 6E(2A) into section 6E. New subsection 6E(2A) states that:
reference in this Act to lawfully intercepted information includes a reference to information obtained by accessing a stored communication under a section 31A authorisation (emphasis added).
This means that the use and disclosure provisions included at Part 2-6 (Dealing with intercepted information etc.) of the TIA Act apply to stored communications obtained from a section 31A authorisation, rather than Part 3-4 (Dealing with accessed information etc.) provisions applying.
Changes to the Communications Access Coordinator (Schedule 2)
Established in 2007, the Communications Access Coordinator (CAC) functions as a liaison between security and law enforcement agencies, and the telecommunications industry. The EM notes these functions include ‘approving carriers’ interception capability plans (section 198 of the TIA Act) and granting exemption or variations from the mandatory data retention scheme (section 192 of the TIA Act)’ (p. 10).
Schedule 2 will amend section 6R of the TIA Act to transfer the statutory functions of the CAC from the Secretary of the Attorney-General’s Department to the Secretary of the Department of Home Affairs. This accords with the new Administrative Arrangement Order which transferred responsibility for the TIA Act from the Attorney-General to the Minister for Home Affairs.