SYDNEY – Big Tech firms face increased legal and regulatory pressure in Australia after the internet regulator identified “significant gaps” in their efforts to prevent child sexual abuse and online sexual extortion.
The findings place Apple, Meta, Google, Microsoft, and Snap at a strategic crossroads as Australia pivots toward more aggressive judicial enforcement. The friction arises from a tension between corporate privacy architectures-specifically end-to-end encryption-and state-mandated safety requirements, which may impact operational costs and market access.
Regulatory Gaps in Harm Prevention
The eSafety Commissioner released a transparency report on July 14, 2026, indicating that online platforms are failing to deploy available technologies to identify coercion scripts used by sexual extortion offenders.
“In several cases, we have provided these platforms with evidence of how their services are being colonised by criminals to devastating impact, with clear guidance on how to stem the abuse,” said eSafety Commissioner Julie Inman Grant. “Even when we’ve laid this out, we haven’t seen adequate responses, despite the technology being readily available.”
The regulator identified specific shortcomings in reporting tools across several high-traffic services, including WhatsApp, iMessage, Discord, and Google Messages. These services either lack clear, accessible reporting mechanisms for sexual extortion and child abuse or fail to provide dedicated categories for these specific harms.
The report further noted that while technology to detect livestreamed child sexual abuse exists, it is not being consistently deployed across the sector, particularly in encrypted environments where platforms are relying on user reports rather than proactive scanning.
Market Impact and User Data
The findings follow a period of increased activity in sexual extortion, a form of online blackmail where perpetrators threaten to share intimate material to coerce victims. Regulators and law-enforcement officials have warned that the surge is stretching investigative capacity and exposing gaps in industry self-regulation.
Between July and December 2025, the regulator received more than 2,000 complaints regarding sexual extortion. Data indicates that young men aged 18 to 24 are the most affected demographic. A study conducted by eSafety last year found that more than one in 10 teenagers aged 16-18 had been victims of sexual extortion, with over half targeted before the age of 16.
Officials say the numbers likely understate the scale of the problem, as victims often hesitate to report due to shame and fears about reputational damage. The report argues that this under-reporting heightens the obligation on large platforms to identify patterns of coercive behaviour before it escalates into financial fraud or self-harm.
Corporate Governance and Trade Friction
These regulatory findings emerge amid a broader clash between the Australian government and US-based technology firms over who bears ultimate responsibility for online harms. In June 2026, legislation was introduced to grant eSafety the authority to pursue tech giants in court for non-compliance with a social media ban for users under 16, elevating online safety breaches from administrative disputes to potential test cases in federal courts.
Australia is the first jurisdiction to impose such a nationwide ban, though similar measures are currently being considered or implemented in Britain and various European nations. Canberra has framed the move as part of a wider shift toward hard law over voluntary industry codes, with the under-16 restrictions intended to sit alongside age-assurance and parental-consent mechanisms.
This regulatory environment has created significant tension with Meta, which has previously accused Australia of breaching a free trade agreement and has invoked US trade action in response to local regulatory pressures. Executives have argued that mandates to weaken or bypass encryption in the name of safety could set a precedent for other governments and fragment the company’s global product design.
The current oversight is part of a broader framework known as the Basic Online Safety Expectations (BOSE), which requires eight technology platforms to report every six months on their compliance regarding the detection and prevention of child sexual exploitation. BOSE sits under the Online Safety Act and gives the eSafety Commissioner powers to issue legally binding notices, request detailed technical information and, in cases of serious non-compliance, recommend substantial financial penalties.
Compliance and Mitigation Steps
Despite the reported gaps, the transparency report noted specific proactive measures taken by several firms:
- Google and Snap: Implementation of systems to proactively detect and remove known child sexual abuse material using hash-matching and related tools.
- Discord: Introduction of blocks on links leading to domains and repositories associated with child abuse content.
- Meta: Deployment of new tools designed to detect grooming and suspicious contact patterns, particularly involving minors.
- Microsoft: Deployment of technology to detect signs of live abuse during video calls, with escalation pathways to internal safety teams and, where appropriate, law enforcement.
However, the Commissioner said these initiatives are uneven across services and do not yet amount to a comprehensive “safety by design” approach embedded from product development through to day‑to‑day moderation.
Google, Meta, Snap, Microsoft, and Apple did not provide immediate comments on the findings.
The Australian government maintains its position on the under-16 social media ban, with eSafety now holding the expanded legal power to seek court-mandated compliance from platforms. The latest report signals that the next phase of the standoff will be tested not only in technical standards and product updates, but potentially in landmark cases that could redefine how far governments can go in compelling encrypted services to prioritise child safety over absolute privacy guarantees.
