Member Portal
Categories

IAA is here to help you unwrap the new compliance requirements.  

Share:

While you may be getting ready to wind down for the end-of-year break, make sure to pay attention to important regulatory reform that will likely affect your business.

Key topics in this update:

  • TCP Code – latest progress and what is expected next
  • Online Safety obligations – new requirements taking effect 27 December 2025
  • Domestic and Family Violence protections – obligations commencing early 2026

Make sure to read on for details on these changes, your compliance obligations, and what IAA is doing to assist our Members.

If you have any questions on any of the below regulatory matters, or want to provide any feedback on the increasing cost of compliance, we’d love to hear from you. Please contact us at policy@internet.asn.au.

TCP Code

The draft Telecommunications Consumer Protections Code (TCP Code) was rejected by the Australian Communications Media Authority (ACMA) in late October, and the Australian Telecommunications Alliance (ATA) was given 30 days to submit a revised TCP Code to address deficiencies identified by the ACMA, failing which, the ACMA would move to direct regulation on consumer protections by way of an industry standard. On 24 November, the ATA submitted a revised TCP Code with significant uplifts, summarised below.

These uplifts have been drafted to ensure the TCP Code is accepted and registered by the ACMA so it remains an industry code, and not a standard subject to direct regulation.

However, IAA is keen to discuss the impacts this would have on your business, particularly the disproportionate effect on small to medium-sized ISPs. Please contact us to share any feedback, which we can relay to the ACMA on a confidential basis.

While the revised TCP Code is currently with the ACMA for consideration, it is very likely that the below uplifts will become mandatory, either through a revised TCP Code or via a new industry standard. We therefore recommend CSPs read and review the changes, and begin assessing what updates may be required within your business to ensure compliance.

Key proposed uplifts include:

Overall review to improve accessibility and enforceability

  • new ‘your rights as a consumer’ section with a consumer-friendly, plain-language overview of the TCP Code;
  • stronger, more prescriptive wording to enhance the enforceability of the TCP Code – e.g. changing ‘CSPs should’ to ‘CSPs must’ and removing references to ‘best efforts’ or ‘best endeavours’.


Responsible Selling (Chapter 2 and 5)

  • sales incentive structure must also comprise compliance with responsible selling obligations;
  • cap on incentives for meeting volume/value targets to be no more than 20% of a staff member’s remuneration;
  • negative and proportional consequences for persons who benefitted from mis-selling;
  • obligation for staff to disclose to the consumer that they are operating under a sales incentive structure prior to completing an assisted sale;
  • new training and assessment obligations;
  • ability for consumers to exit contract with no early termination fees where sale was the result of mis-selling. 
    See also below on the new ‘suitability’ concept.


New ‘suitability’ concept (Chapters 3-5)

  • new end-to-end ‘suitability concept’ requiring CSPs to design and offer products that are appropriate for the consumer to address mis-selling practices;
  • new training requirement whereby customer-facing staff cannot begin selling until they have been trained and achieve a 100% pass-rate on the suitability of products and services;
  • requiring the outcome of a CSP’s suitability assessment to be included in the Critical Information Summary.
  • Mobile Coverage (Chapter 5)
  • ensuring adequate mobile coverage of a service by offering to check coverage during an assisted sale;
  • requiring consumers to acknowledge they have been prompted to check coverage;
  • expansion of refunds where mobile coverage does not meet expectations – no termination fees, allowing consumers to pay the remaining device on the same terms and payment schedule if they choose to keep the device purchased alongside the service or return the device in good working order and original packaging for a full refund.


Payment Methods (Chapter 8)

  • CSPs must offer direct debit payment flexibility as to:
  • the date of payment;
  • the frequency of payment (monthly or fortnightly); and
  • allow the customer to temporarily defer a payment;
  • earlier notification of a failed direct debit payment (2 working days following direct debit attempt);
  • new obligation to notify the consumer of the CSP’s payment assistance policy in the event of a failed direct debit attempt;
  • new obligation to not issue credit management notices where the CSP identifies a system fault that may have caused the failed direct debit payment, issue a prompt notice of system issue to the customer, and withdrawing any credit management notice that may have been sent;
  • new obligation that CSPs must not suspend/disconnect a consumer’s service for credit management reasons where the payment failure is a CSP system fault.


Disconnection (Chapter 9)

  • disconnection to only occur as a last resort, and only 20 working days after an overdue bill;
  • increased number of notices to be sent prior to a service being disconnected for credit management reasons;
  • tiered, three-stage process before disconnection (restriction, suspension, disconnection);
  • general obligation for CSPs to ensure their credit management process treats customers with fairness.


Credit Assessments (Chapter 6)

  • CSPs must complete a credit assessment where a consumer contract may result in a debt of $300 or more (for residential customers; $2,000 or more for business customers) and not only for debts that would be pursued by the CSP.


You can read more on the TCP Code review on ATA’s website.

Online Safety Code

From 27 December 2025, the Phase 2 Code for ISPs will come into effect, adding to your obligations relating to online safety (Phase 1 Code came into effect in 2023). The Phase 2 Code focuses on protecting children from sexually explicit material online. Make sure you are compliant with the new obligations before you close up shop to make sure you’re not facing enforcement action when you come back next year!

IAA has created guidance material to help Members understand and comply with their obligations. You can access the guidance material on the IAA Member Portal.

You can also read more about the Online Safety Codes on eSafety’s website.

Telco DFSV Standard

Additional obligations under the Telecommunications (Domestic, Family and Sexual Violence Consumer Protections) Industry Standard (DFSV Standard) will come into effect early next year – 1 January for larger providers with at least 30,000 SIOs, and 1 April for smaller providers with under 30,000 SIOs. These include implementing a DFV policy and delivering staff training, with specialised training for customer-facing staff. You can read more on the obligations in our guidance article.

IAA is currently working on developing template material that Members who fall under the <30,000 SIOs can use to comply with the DFSV Standard. We are also looking at organising a webinar that Members can attend and will provide further information on this in due course.

In the meantime, the ACMA have also recently published guidance material on the DFSV Standard, which we strongly encourage you to read.

Thank you for your support throughout 2025

Before you head off for a well-deserved break, thank you for your ongoing engagement with IAA. Enjoy the holidays, and we’ll continue helping you tackle these regulatory changes in 2026.

More Posts

QV1 - reign over

QV1 is gone

WA-IX’s first ever PoP in QV1 is no more. IAA has left the building. In March this year, our longest-running

Read More »
4 August 2025

Sign up to IAA's mailing list

Complete this form to receive all our latest news, events and updates.