This article is authored by Tanvi Mehta Krensel, Partner and Eman Mourad, Paralegal
At a Glance
What’s Changing?
From December 2025, the eSafety Commissioner’s Phase 2 Online Safety Codes introduce new obligations for online services to manage access to lawful but restricted content – including pornography, simulated gambling, graphic violence and restricted AI-generated material.
Who’s Affected?
The codes apply across eight sectors of the online stack, including social media, messaging apps, websites or applications, app stores, hosting providers, search engines, device manufacturers, internet service providers (ISPs) and generative AI services.
What’s Required?
Providers must risk assess their services and, where required, implement reasonable age assurance and access control measures to prevent children from accessing restricted content. These may include age verification, biometric age estimation and parental consent. In addition, some providers must continually seek to improve their online detection tools for such content, as well as implementing appropriate safety and reporting tools to reduce the likelihood and number of children viewing such content.
In this article, we break down what these changes mean for businesses by providing practical steps, legal considerations and sector-specific guidance.
