Australians soon to face age checks when viewing adult websites

On 9 September 2025, the eSafety Commissioner, Mrs Julie Inman Grant (Commissioner), registered six (6) new codes (New Codes) under the Online Safety Act 2021(Cth) (Online Safety Act) aimed at protecting children from the “clear and present” dangers of harmful AI chatbots and other online adult content. On 9 March 2026, these New Codes will require Australians to verify their age, through website or app-enforced measures, before they can enter a platform containing “adult” content.

Context for the New Codes

The eSafety industry codes and standards are a regulatory system implemented to shift the responsibility of regulating and removing harmful online content from the Government and individual users to online service providers.

Industry Codes are enforceable rules and obligations for specific sectors of the online industry, requiring service provides to take steps to address harmful content. They are drafted by industry stakeholders voluntarily or at the request of the Commissioner, who determines if they are satisfactory. If the Industry Code is deemed to be appropriate by the Commissioner, there is no scope for parliamentary review, and it is registered. If deemed to be unsatisfactory, the Commissioner can draft Industry Standards, which are also enforceable guidelines, but are subject to Parliamentary review.

The eSafety Strategy 2022-2025 was divided into two (2) phases to address illegal digital content as a priority, then harmful lawful content as a close second.

There are six (6) Phase 1 Industry Codes and two (2) Industry Standards in operation that contain measures to address ‘class 1A’ and ‘class 1B’ online material. These classes cover the most seriously harmful online content, such as child sexual exploitation material and pro-terror material, and were in full effect on 12 March 2024.^[1]

There are nine (9) Phase 2 Industry Codes, focusing on ‘class 1C’ and ‘class 2’ material, such as online pornography that is inappropriate for children. Three (3) Industry Codes were registered on 27 June 2025 and will come into effect on 27 December 2025.^[2] These apply to hosting services, internet carriage services and search engine services such as Google and Microsoft Bing.

The six (6) New Codes were registered on 9 September 2025 and will come into effect starting on 9 March 2026.

Overview of the Codes

The New Codes are as follows:

Who has to comply with the New Codes?

The New Codes will apply broadly, impacting the following entities:

App distribution services: also called app stores.
Designated internet services: a broad category covering online services (mainly websites) that provide entertainment, education or information. It also covers some generative AI services and AI model distribution platforms.
Equipment providers: including operating software providers. This typically relates to phones, tablets and laptops, or other devices that allow direct interaction between people, are portable and allow you to search the internet.
Hosting services: covers the servers and infrastructure that make websites or online services accessible on the internet.
Internet service providers: including phone and home broadband services.
Relevant electronic services: covers email, messaging, online chatrooms and dating services, as well as services for playing online games together.
Social media services: such as Facebook, Instagram and Snapchat.
Search engines: such as Google or Bing.

Under each relevant New Code, these entities will be required to verify the age of users before allowing access to content deemed harmful or age inappropriate. This includes platforms that host or facilitate access to pornography, self-harm material, simulated gaming, and very violent content.

The New Codes are set to be implemented shortly after the Federal Government’s ban on the use of social media platforms by children under the age of sixteen (16), which will take effect 10 December 2025.^[3]

Age assurance process

For services or providers required to carry out age checks under the New Codes, the method used is optional, so long as it meets the definition of “appropriate age assurance”. Although no one specific technological measures is required, the Commissioner suggests the following are acceptable methods to verify age:^[4]

confirmation by a parent of age;
photo identification;
facial age estimation;
credit card checks;
digital identity wallets or systems;
use of artificial intelligence technology to estimate age based on relevant data inputs; and
a third-party age-assurance vendor.

Companies are also required to continually test and monitor the effectiveness of their age assurance systems. Whatever the chosen method, it must minimise the collection of personal information and comply with applicable privacy laws, including the Privacy Act 1988(Cth).

These age checks are managed entirely by online service providers rather than the Australian Government or Commissioner. The New Codes do not require individuals to be identified or linked to their activity, nor do they require or allow any such data to be shared with the Government.

Penalties

The Commissioner may take enforcement action where a civil penalty provision of the Online Safety Act has been contravened including when enforceable notices are not complied with. Enforcement action may include:

giving a formal warning;
giving an infringement notice;
accepting an enforceable undertaking;
seeking a court-ordered injunctions;
seeking court-ordered civil penalties; and
seeking other orders in the Federal Court.

Under section 143 of the Online Safety Act, companies that fail to comply with these New Codes may face fines up to $49.5 million. The Commissioner may also apply to the Federal Court to order that the provider of or particular social media platforms, electronic or designated internet service stop providing that service in Australia.^[5]

Takeaways

With the registration of the New Codes, companies providing access to social media, apps, search engines, messaging platforms, hosting services, internet services, or device operating systems must prepare for significantly stricter age verification obligations.

If a platform provides access to unlawful or restricted content, it will need to implement robust and ongoing age assurance checks that both comply with privacy laws and are resilient against circumvention attempts.

The 9 March 2026 deadline for compliance means that businesses should treat age verification as a regulatory compliance priority to mitigate the risk of severe financial and operational penalties.

Links and further references

Legislation

Online Safety Act 2021 (Cth)

Privacy Act 1988 (Cth)

Further information about age verification compliance

If you need advice on ensuring your business can comply with the pending age verification requirements, contact us for a confidential and obligation-free discussion:

Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
T: +61 7 3221 0013 (preferred)
M: +61 419 726 535
E: mburrows@dundaslawyers.com.au

Disclaimer

This article contains general commentary only. You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstance

[1] eSafety Commissioner, Phase 1 Codes (Class 1A and Class 1B Material) Regulatory Guidance, Updated December 2024 (Report, December 2024) https://www.esafety.gov.au/sites/default/files/2024-12/Phase-1-Codes-1A-and-1B-Regulatory-Guidance-Updated-Dec2024_2.pdf.

[2] eSafety Commissioner, Industry Codes (Web page) https://www.esafety.gov.au/industry/codes#about-the-phase-2-industry-codes.

[3] Australian Government Department of Infrastructure, Transport, Regional Development and Communications, Social Media Minimum Age – Fact Sheet (Fact sheet, July 2025) https://www.infrastructure.gov.au/sites/default/files/documents/social-media-minimum-age-and-age-assurance-trial-fact-sheet-july-2025.pdf.

[4] eSafety Commissioner, Frequently Asked Questions about Access to Online Porn and Other Adult Content (Web page, 8 September 2025) https://www.esafety.gov.au/industry/codes/faq-access-to-online-porn-and-other-adult-content.

[5] Online Safety Act 2021 (Cth) ss 156–159.