The fintech landscape in Australia is rapidly evolving and legislators, policymakers and regulators have been increasingly active as a result. The International Comparative Legal Guide to Fintech Laws and Regulations Australia 2025 provides legal practitioners with an analysis of the most current Australian laws and regulations regarding fintech.
1 The Fintech Landscape
1.1 Please describe the types of fintech businesses that are active in your jurisdiction and the state of the development of the market, including in response to the COVID-19 pandemic and ESG (Environmental, Social and Governance) objectives. Are there any notable fintech innovation trends of the past year within particular sub-sectors (e.g. payments, asset management, peer-to-peer lending or investment, insurance and blockchain applications)?
The COVID-19 pandemic, uncertainty in global markets and various international conflicts have significantly impacted the Australian fintech landscape over the last few years. Despite these disruptors, fintech and the rapid digital evolution of the financial sector has remained a key focus of the market with many fintech businesses developing and refining product and service offerings to better meet shifting consumer preferences and reflect innovations and opportunities created by technology.
As of 2025, fintech creation, development, adoption and investment continues to grow with the Australian fintech community broadening product offerings and the Australian Government (Government) and regulators seeking to enhance Australia’s policy and regulatory approach. While previous fintech offerings were limited to operating on the periphery of traditional financial services (including lending, personal finance and asset management), the sector has now moved to disrupt the core product offering of many Australian institutional financial service providers, including payments, stored value, supply chain, wealth and investment, data and analytics and decentralised finance. In the data and investment sector in particular, there have been opportunities for fintechs to assist businesses with growing investor preferences for sustainable investing by collating and analysing ESG data. Payments dominated fintech investments in 2024, with a continued focus on the modernisation of real-time payments, embedded payments and business-to-business payments.
2024 saw the continued global economic slowdown due to concerns regarding the possibility of recession, rising inflation and interest rates, uncertainties relating to the Russia-Ukraine and Israel-Palestine conflicts and continued issues with global supply chains. As a result of sustained inflation, both the total number and average size of fintech deals decreased in 2024, with the market shrinking in step with trends seen in 2023.
Regulators and the Government face the challenge of adapting and aligning existing financial regulation to new products and services, balancing innovation with consumer protection. Regulators such as the Australian Securities and Investments Commission (ASIC), Australian Prudential Regulation Authority (APRA) and Australian Transaction Reports and Analysis Centre (AUSTRAC) have become more proactive on licensing, conduct and disclosure and have taken a more rigorous approach to enforcement. In particular, ASIC has become significantly more active in litigious enforcement, targeting disclosure issues with respect to design and distribution obligations (DDOs), scams, crypto assets, misleading conduct in relation to sustainable finance (including greenwashing), predatory lending practices, non-compliance with reporting obligations, misconduct in relation to superannuation and insurance practices and general enforcement actions targeting poor distribution of financial products.
Australia’s financial services policy and regulatory context continues to be informed by the findings of the 2017–2019 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (Royal Commission). A raft of legislative changes followed to implement the findings and fintechs – particularly those that are motivated to provide financial services in a way that is more convenient, personalised and simplified for consumers – have been well placed to adapt to these changes, and seize the opportunity presented by public dissatisfaction with traditional providers. Regulators and legislators are also looking beyond the findings of the Royal Commission to modernise the regulation of financial services as the financial services sector continues to evolve.
There has been several targeted reviews and regulatory reform in this space, including:
In October 2023, Treasury consulted on proposals to regulate digital asset platforms (DAPs) under the existing financial services licensing framework. Under the proposals, entities operating and providing financial services in relation to “digital asset facilities” (i.e. DAPs that hold client assets and allow clients to transact in platform entitlements) will be required to hold an Australian financial services licence (AFSL). The proposals also apply minimum standards for facility contracts and entities that provide “financialised functions” for non-financial product tokens, including token trading, staking, asset tokenisation and funding tokenisation. It is also expected that enhanced conduct obligations and consumer protections will be imposed in respect of digital asset facilities. The consultation closed on 1 December 2023.
On 8 December 2023, as part of Treasury’s broader Strategic Plan for Australia’s Payment System (Payments Strategic Plan), Treasury released its second consultation paper in relation to an enhanced regulatory framework for Australian payment service providers (PSPs).
On 9 July 2024, in response to the Government’s Quality of Advice review, Schedule 1 of the Treasury Laws Amendment (Delivering Better Financial Outcomes and Other Measures) Bill 2024 was passed, providing a raft of changes to regulatory requirements relevant to accessing financial advice.
On 9 September 2024, Parliament passed Treasury Laws Amendment (Financial Market Infrastructure and Other Measures) Bill 2024 (Cth), introducing a mandatory framework for climate-related financial disclosures in line with global ISSB-aligned standards. The reporting regime commenced on 1 January 2025.
On 7 November 2024 the Government introduced the Scams Prevention Framework Bill 2024 (Scams Bill) to Parliament. The Scams Bill drives action against scams through the implementation of onerous scams compliance obligations under the Scams Prevention Framework, which intends to outline the responsibilities of the private sector in relation to scam activity, focusing on banks, telecommunications providers and digital platforms. The Scams Bill was passed by Parliament on 13 February 2025 (see question 3.4).
On 29 November 2024, Parliament passed the Anti- Money Laundering and Counter-Terrorism Financing Amendment Bill 2024 (AML/CTF Bill). The AML/CTF Bill made sweeping reforms to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/ CTF Act) to modernise Australia’s AML/CTF regime in line with international standards, with reforms set to commence on 31 March 2026.
On 29 November 2024, Parliament passed the Treasury Laws Amendment (Responsible Buy Now Pay Later and Other Measures) Bill 2024, requiring buy now, pay later (BNPL) providers to obtain an Australian Credit Licence (ACL) and comply with a reduce set of obligations under the National Consumer Credit Protection Act 2009 (Cth).
On 6 December 2024, ASIC consulted on updating Information Sheet 225: Crypto-assets. This information sheet sets out guidance and ASIC’s expectations regarding engagement in crypto-related activities. The consultation paper includes worked examples of crypto asset-related activities and ASIC’s views on whether these activities involve the provision of a regulated service. The consultation process closed in February 2025.
On 11 December 2024, AUSTRAC released the exposure draft of the AML/CTF Rules in support of the AML/CTF Bill.
On 21 March 2025, the Government released the “Statement on Developing an Innovative Australian Digital Asset Industry”, outlining the Government’s future approach to regulating digital assets (see response to question 3.1).
On 21 March 2025, the Government released a response to the Board of Taxation’s review of the tax treatment of digital assets and transactions in Australia, confirming that existing tax laws are applicable to digital assets and transactions, while also recognising that the Australian Taxation Office can assist improving certainty amongst the digital asset industry by issuing targeted guidance.
On 31 March 2025, following public consultation and passing of climate reporting legislation, ASIC published Regulatory Guide 280: Sustainability reporting (RG 280). RG 280 provides guidance for reporting entities on ASIC’s proposed enforcement to sustainability reporting following the introduction of mandatory sustainability reporting requirements that took effect from 1 January 2025.
For the past few years there has been sustained attention on blockchain technology and a growth in interest in the technology by established businesses in the financial services sector. In particular, there has been growing interest in how decentralisation and new governance models such as decentralised autonomous organisations (DAOs) can exist and be regulated. It is expected that further clarity on the application of the Australian regulatory regime to such models will come in due course – the Senate Select Committee on Australia as a Technology and Financial Centre recommended the introduction of a new DAO legal entity in Australian corporate law and this recommendation has been agreed to by the Government.
1.2 Are there any types of fintech business that are at present prohibited or restricted in your jurisdiction (for example cryptocurrency-based businesses)?
In 2023, a number of major Australian banks imposed restrictions on customers from contracting with certain “high-risk” cryptocurrency exchanges in an attempt to reduce cryptocurrency related scams. In May 2023, Westpac Banking Corporation banned customers from transferring funds to certain highrisk cryptocurrency exchanges. The Commonwealth Bank of Australia (CBA) followed by instigating an AUD 10,000 limit on transfers to lower-risk cryptocurrency exchanges. CBA has not imposed limits on withdrawals from cryptocurrency businesses to individual accounts. The National Australia Bank and the Australia and New Zealand Banking Group enacted customer bans to exchanges deemed high risk. It is anticipated that there may be changes to this position as the crypto regulatory environment continues to develop in Australia. In 2023, AUSTRAC released guidance on debanking to guide financial institutions’ approach to providing services to higher risk sectors like cryptocurrency and assist cryptocurrency businesses in understanding what information may be required by financial institutions to assess risk.
ASIC also has a product intervention power under which it can intervene where a financial product or credit product has resulted, will result or is likely to result in significant consumer detriment. This power allows ASIC to take a more proactive approach to regulating. ASIC has made product intervention orders relating to various products including preventing the provision of short-term credit and continuing credit contracts with significant fees, bans on providing binary options to retail clients and imposing conditions on the issue and distribution of contracts for difference to retail clients.
Otherwise, there have not been any regulatory prohibitions or restrictions on specific fintech business types. Cryptocurrency-based businesses are permitted in Australia, provided such businesses comply with applicable laws (including financial services and consumer laws).
2 Funding For Fintech
2.1 Broadly, what types of funding are available for new and growing businesses in your jurisdiction (covering both equity and debt)?
(1) Equity funding
Businesses can raise equity using traditional private and public fundraising methods (e.g. private placement, initial public offering (IPO), and seed and venture capital strategies), through grants and initiatives offered by Government and State/Territory agencies, and through crowdfunding.
In late 2017, a regulatory framework was introduced for crowd-sourced equity funding (CSEF) by unlisted public companies from retail investors. CSEF involves a company offering its ordinary shares to investors in return for a small cash investment. Unlisted public companies with less than AUD 25 million in assets and annual turnover are eligible to raise funds under the CSEF regime. Eligible companies may raise up to AUD 5 million in any 12-month period under the CSEF framework. While reducing the regulatory barriers to investing in small and start-up businesses, the framework also created certain licensing and disclosure obligations for CSEF intermediaries (i.e. persons listing CSEF offers for public companies). This regime was extended in 2018 to also apply to proprietary companies. While there are a range of reporting requirements imposed on proprietary companies engaging in crowdfunding, there are also a number of concessions made with respect to restrictions that would otherwise apply to their fundraising activities.
There are obligations and investor protections that apply to CSEF offers, including:
an investor cap of AUD 10,000 per annum per company for retail investors;
the provision of a CSEF offer document containing minimum information and a prescribed risk warning; and
a five-day cooling-off period.
Under the CSEF framework, there are exemptions for persons operating markets and clearing and settlement (CS) facilities from the licensing regimes that would otherwise be applicable to those facilities. These additional exemptions provide a means by which a person operating a platform for secondary trading can seek an exemption with tailored conditions from more onerous licensing requirements.
ASIC has released Regulatory Guide 261: Crowd-sourced funding: Guide for Companies and Regulatory Guide 262: Crowdsourced funding: Guide for intermediaries to assist companies seeking to raise funds through CSEF and intermediaries seeking to provide CSEF services, respectively.
(2) Debt funding
There have been calls to extend the existing crowdfunding framework to debt funding, and the Government has previously indicated that it intends to consult on this. Debt financing is less common than equity financing in the Australian fintech sector; however, businesses can approach financial institutions, suppliers and finance companies in relation to debt finance.
(3) Asia Region Funds Passport and Corporate Collective Investment Vehicles
The Asia Region Funds Passport (Passport) was introduced in 2018 and is a region-wide initiative designed to facilitate the offer of interests in certain collective investment schemes, established in Passport member economies to investors in other Passport member economies. It aims to provide Australian fund managers and operators with greater access to economies in the Asia-Pacific region by reducing regulatory hurdles.
The Government introduced a new type of corporate fund vehicle known as a “corporate collective investment vehicle” (CCIV) from 1 July 2022. The policy behind the CCIV regime was to introduce a new type of investment vehicle which is attractive to foreign investors, thereby improving the competitiveness of Australia’s managed funds industry. It is intended to complement the Passport by making Australian funds more accessible to foreign investors.
The Australian funds market is dominated by unit trusts, a structure that historically has been unfamiliar to many offshore jurisdictions where corporate and limited partnership investment vehicles are the norm throughout the Asia-Pacific region. The CCIV was intended to provide an internationally recognised investment vehicle which will be able to be more readily marketed to foreign investors (including through the Passport). However, in practice, unit trusts have continued to be the preferred fund structure for most asset classes.
2.2 Are there any special incentive schemes for investment in tech/fintech businesses, or in small/medium-sized businesses more generally, in your jurisdiction, e.g. tax incentive schemes for enterprise investment or venture capital investment?
Incentives for investors
(1) Early stage innovation company incentives
Incentives are available for eligible investments made in start-ups known as Early Stage Innovation Companies (ESICs), which are generally newly incorporated entities with low income and expenses. Investments of less than 30% of the equity in an ESIC would generally qualify for a 20% non-refundable carry forward tax offset (capped at AUD 200,000 per investor and their affiliates combined in each income year, including any offsets carried forward from the prior year’s investment) and a 10-year tax exemption on any capital gains arising on disposal of the investment (provided they are held for at least one year but less than 10 years).
(2) Venture capital investments
Fintech investment vehicles may be structured as venture capital limited partnerships (VCLPs) or early stage venture capital limited partnerships (ESVCLPs), and receive favourable tax treatment for eligible venture capital investments. For VCLPs, benefits include tax exemptions for foreign investors (limited partners) on their share of any revenue or capital gains made on disposal of the investment by the VCLP, and concessional treatment of the fund manager’s carried interest in the VCLP. For ESVCLPs, the income tax exemption for VCLPs is extended to both resident and non-resident investors, plus investors obtain a 10% carry forward non-refundable tax offset for new capital invested in the ESVCLP.
Incentives for tech and fintech businesses
The Research & Development (R&D) Tax Incentive programme is available for entities incurring eligible expenditure on R&D activities, which includes certain software R&D, innovation and product development activities commonly conducted by tech and fintech businesses. Claimants under the R&D Tax Incentive programme may be eligible for one of the following incentives:
(a) Small businesses (less than AUD 20 million aggregated turnover): a refundable offset of 18.5% plus the claimant’s corporate tax rate, which is 25% (if the claimant is eligible for the lower corporate tax rate), providing a total 43.5% refundable tax offset; or
(b) Other businesses (aggregated turnover of AUD 20 million or more): a non-refundable tax offset of the claimant’s corporate tax rate, plus an incremental premium of either 8.5% (for R&D expenditure between 0% and 2% R&D intensity) or 16.5% (for R&D expenditure above 2% R&D intensity).
A claimant’s incremental premium is based on its R&D intensity, which is the proportion of the claimant’s eligible R&D expenditure as a percentage of total business expenditure.
General tax concessions for small/medium-sized businesses
Small/medium-sized businesses with aggregated turnovers under certain thresholds can access a range of tax concessions, including, but not limited to, small business restructure rollover relief, simplified depreciation and trading stock rules, and various capital gains tax concessions. Each concession has different eligibility requirements, which must be reviewed each year. These concessions are intended to support small/medium-sized businesses, reduce their tax burden, simplify compliance and encourage growth.
2.3 In brief, what conditions need to be satisfied for a business to IPO in your jurisdiction?
The ASX sets out 20 conditions to be satisfied in its Listing Rules. Briefly, these include the entity having at least 300 non-affiliated security holders each holding the value of at least AUD 2,000, and the entity satisfying either the profit test or the assets test (which requires particular financial thresholds to be met).
2.4 Have there been any notable exits (sale of business or IPO) by the founders of fintech businesses in your jurisdiction?
The fintech sector experienced a downturn in notable exits throughout 2024, which was in part due to market instability, inflation and various global pressures. 2024 saw a total of 29 listings, representing a significant decline in exit activities compared to the previous years, where there were 30 IPOs in 2023 and 88 IPOs in 2022. Despite this, fintech companies have continued to make a notable impact on the IPO market. This includes DigiCo Infrastructure REIT (ASX: DGT) IPO, a Real Estate Investment Trust specialising in the development, ownership and operation of data centres across Australia and North America. In December 2024, DigiCo Infrastructure REIT raised AUD 1.995 billion, marking the first IPO to surpass the AUD 1 billion threshold since 2021. Another substantial capital raising event was undertaken by Cuscal Limited (ASX: CCL), a prominent payments provider, which successfully raised AUD 336.8 million.
3 Fintech Regulation
3.1 Please briefly describe the regulatory framework(s) for fintech businesses operating in your jurisdiction, and the type of fintech activities that are regulated.
Broadly, the regulatory framework that applies to fintech businesses includes financial services and consumer credit licensing, registration and disclosure obligations, consumer law requirements, privacy and anti-money laundering and counter-terrorism financing (AML/CTF) requirements.
Licensing obligations apply to entities that carry on a financial services business in Australia or engage in consumer credit activities. The definitions of financial service and financial product are broad, and will generally capture any investment or wealth management business, payment service (e.g. non-cash payment (NCP) facility), advisory business (including robo-advice), trading platform, and crowdfunding platform, triggering the requirement to hold an AFSL or be entitled to rely on an exemption. Similarly, engaging in peer to- peer lending activities will generally constitute consumer credit activities and trigger the requirement to hold an ACL or be entitled to rely on an exemption.
Financial services licensing in relation to payments is set to change. In July 2023, Treasury closed a consultation on its proposal to modernise the financial services licensing framework PSPs. The consultation proposes a tiered, risk-based licensing framework to be incorporated in the existing AFSL regime. Regulation will be based on the relevant payment function provided, with corresponding regulatory obligations balanced against the level of risk posed to end customers. The consultation proposes to regulate two main payments categories: stored value facilities (SVF); and payment facilitation services (PFS), which are further broken down into seven defined payment functions. On 8 December 2023, Treasury released a second consultation paper building on the initial consultation, proposing to impose the AFSL requirement (and accompanying obligations) on PSPs. Treasury has now recommended replacing the NCP facility financial product definition with a new “payment product” definition and including “payment service” as a new financial service. The consultation also includes a range of payment-specific AFSL exemptions and product exclusions as part of the proposed regime. Treasury proposes to implement the payments licensing requirements 18 months after the passage of legislation. The consultation closed on 2 February 2024, with legislation set to follow. In addition to this PSP licensing consultation and the Government’s October 2023 DAP regulatory consultation, on 21 March 2025 the Government released its “Statement on Developing an Innovative Australian Digital Asset Industry” (Statement) outlining the Government’s approach to transforming regulation of the digital assets industry. The Statement aims to position Australia as a global leader in the digital asset ecosystem through balancing innovation with adequate consumer protections and upholding market integrity. The four primary areas of reform in the Statement underpinning Australia’s approach to digital asset reform are:
introducing a framework for regulating DAPs, focusing on DAP operators. DAPs are platforms that provide common digital platforms with an underlying custody arrangement, including trading platforms, custody products and some brokerage arrangements, as well as businesses that provide services such as operating and dealing in DAPs and issuing and redeeming tokenised SVFs. The DAP regime will not introduce regulatory burden on digital asset issuers themselves or businesses that create or use digital assets for non-financial purposes. See also response to question 1.1;
introducing a framework for payment stablecoins which will be treated as a type of SVF under the Government's broader payments licensing reforms (see above);
reviewing Australia's Enhanced Regulatory Sandbox (ERS) in 2025; and
introducing initiatives to investigate ways to safely unlock the benefits of digital asset technologies across financial markets in areas such as tokenisation, central bank digital currencies and decentralised finance.
The proposed reforms will leverage the existing AFSL regime, including complying with established general obligations imposed on all financial services providers (i.e. providing financial services honestly, fairly and efficiently, avoiding conflicts of interests, etc). DAPs and tokenised SVF issuers will also be required to comply with rules for safeguarding customer assets based on existing rules, token redemption requirements and new obligations tailored to address the unique risks associated with DAPs and tokenised SVFs.
Under the proposed reforms, businesses will not need a financial markets licence to provide certain stablecoins and wrapped tokens. Dealing or secondary market trading in these products will be not treated as a dealing activity, and platforms where they are traded will not be treated as operating reason of the trading activity. The Government is considering transitional relief to ensure these businesses will not have to restructure temporarily during the transition to the reforms. The Statement notes that the Government will release draft legislation in 2025 for public consultation, pending the result of the upcoming Federal election in May 2025.
The Statement also notes that the Government’s future focus will be around the development of a crypto asset reporting framework, reviewing the ERS, working with the RBA to explore the feasibility of an Australian dollar central bank digital currency and tokenisation of assets.
Fintech businesses may also need to hold an Australian market licence where they operate a facility through which offers to buy and sell financial products are regularly made and accepted (e.g. an exchange). If an entity operates a CS mechanism which enables parties transacting in financial products to meet obligations to each other, the entity must hold a CS facility licence or otherwise be exempt.
The Australian Consumer Law (Consumer Law) applies to all Australian businesses that engage or contract with consumers. The Australian Competition and Consumer Commission (ACCC) has regulatory oversight of the Consumer Law. Obligations include a general prohibition on misleading and deceptive conduct, false or misleading representations, unconscionable conduct and UTCs in relation to the offer of services or products. The ASIC Act generally reflects the consumer protections under Consumer Law and is applicable to the provision of financial services and products.
Fintech businesses may also be captured by the UCT regime as regulated by Consumer Law and the ASIC Act. The UCT regime aims to protect consumers against unfair terms in standard form consumer contracts or small business contracts. On 9 November 2023, changes to the UCT regime came into effect, making UCTs illegal. UCTs are now subject to significant penalties and the UCT regime vastly expanded the types of small business contracts now captured which may impact fintech businesses. Terms that are of a standard form consumer or small business contract with an unfair term will now be deemed void by the new regime. The test of how a term is deemed is unfair is assessed on whether the term is (a) not reasonably necessary, (b) causes a significant imbalance in the rights and obligations on the parties, and (c) would cause detriment to the other party if relied upon. The updated UCT regime has also given additional powers to the courts in relation to UCTs; for example, providing the power to injunct people in the future from making contracts that rely on the UCT or from applying or relying on an UCT in an existing contract.
Additionally, in 2018, ASIC received a delegation of power from the ACCC enabling it to take action where there is potential misleading and deceptive conduct associated with crypto assets.
The AML/CTF Act applies to entities that provide “designated services” with an Australian connection. Generally, the AML/CTF Act applies to any entity that engages in financial services or credit (consumer or business) activities in Australia. Obligations include enrolment with AUSTRAC, reporting and customer due diligence.
The Banking Act 1959 (Cth) regulates those engaged in the business of banking to be authorised by APRA (i.e. be an “authorised deposit-taking institution” (ADI)) before engaging in such business. It also contains the Banking Executive Accountability Regime, which is also administered by APRA and establishes, among other things, accountability obligations for ADIs and their senior executives and directors, and deferred remuneration, key personnel and notification obligations for ADIs.
The PSRA provides powers to the Reserve Bank of Australia (RBA) to regulate purchased payment facility providers in relation to SVFs. Generally, such holders of stored value must be an ADI or be exempt from the requirement. In 2021, the RBA reviewed the regulatory framework for retail payments. A key outcome of the review was the creation of a policy framework designed to encourage least-cost routing functionality that allows contactless (tap-and-go) dual-network debit card transactions at the point of sale to be processed through whichever network on the card is less costly for the merchant.
PSRA reform continues to be a key focus of the Government. Following the release of the Payments Strategic Plan, Treasury released a draft bill and explanatory memorandum for industry comment on proposals to update the PSRA. One such proposal includes expanding the definition of “payment system” under the PSRA to broaden the scope of arrangements caught to capture non-monetary digital assets and other PFS, as well as introducing a new financial service for payment technology and enablement services. The draft legislation proposes to widen the definition of “participants” to all entities in the payments value chain, including those that are both directly and indirectly associated with payment systems (i.e. capturing non-traditional payment entities such as ApplePay and Google Wallet). The consultation closed on 1 November 2023. Subject to amendments stemming from the consultation, legislation is expected later in 2025.
The Financial Sector Collection of Data Act 2001 (Cth) (FSCODA) is designed to assist APRA in the collection of information relevant to financial sector entities. FSCODA generally applies to any corporation engaging in the provision of finance in the course of carrying on business in Australia, and APRA collects data from registered financial corporations under FSCODA. Generally, registered financial corporations with assets greater than AUD 50 million need to regularly report to APRA statements of financial position.
The Financial Sector (Shareholdings) Act 1998 (Cth) creates an ownership limit of 20% in a financial sector company without approval from the Treasurer.
3.2 Are financial regulators and policy-makers in your jurisdiction receptive to fintech innovation and technology-driven new entrants to regulated financial services markets, and if so how is this manifested? Are there any regulatory ‘sandbox’ options for fintechs in your jurisdiction?
Regulators in Australia have generally been receptive to the entrance of fintechs and technology-focused businesses. The financial services regulatory regime adopts a technology-neutral approach, whereby services will be regulated equally, irrespective of the method of delivery. However, further concessions have been made by regulators in order to support technologically-focused start-ups entering the market and numerous reviews are ongoing or have recently been completed in connection with how cryptocurrency, payments and stored value should be regulated.
ASIC has made certain class orders establishing a fintech licensing exemption and released Regulatory Guide 257, which detailed ASIC’s framework for fintech businesses to test certain financial services, financial products and credit activities without holding an AFSL or ACL by relying on the class orders (referred to as the regulatory sandbox). ASIC has since withdrawn this regulatory guide and now guides participants to Information Sheet 248: Enhanced Regulatory Sandbox (INFO 248).
Under INFO 248, the ERS allows for testing of a broader range of financial services and credit activities for a longer duration. There are strict eligibility requirements for both the type of businesses that can enter the regulatory sandbox and the products and services that qualify for the licensing exemption. Once a fintech business accesses the regulatory sandbox, there are restrictions on how many persons can be provided with a financial product or service and caps on the value of the financial products or services which can be provided. The Government recently announced that it will commence reviewing the ERS in 2025 to ensure that it is fostering innovation (see response to question 3.1). This review forms part of the broader initiative to integrate digital asset technology across financial markets and the Australian economy. Note that the status of this review is subject to the results of the Federal election in May 2025.
Regulators have also committed to helping fintech businesses more broadly by streamlining access and offering informal guidance to enhance regulatory understanding. Both ASIC and AUSTRAC have established Innovation Hubs to assist start-ups in navigating the Australian regulatory regime. AUSTRAC’s Fintel Alliance has an Innovation Hub targeted at combatting money laundering and terrorism financing and improving the fintech sector’s relationship with the Government and regulators. The Innovation Hub also assesses the impact of emerging technologies such as blockchain and cryptocurrency.
ASIC has also entered into a number of cooperation agreements with overseas regulators under which there is a crosssharing of information on fintech market trends, encouraging referrals of fintech companies and sharing insights from proofs of concepts and innovation competitions. It is also the intention of a number of these agreements to further understand the approach to regulation of fintech businesses in other jurisdictions, in an attempt to better align the treatment of these businesses across jurisdictions.
It is of note, however, that ASIC has been substantially more active with respect to its investigations and enforcement. Between July 2022 and June 2024, ASIC issued 88 DDO stop orders (including 87 interim and one final stop order) to prevent consumers and investors being targeted by products inappropriate to their objectives, financial situation and needs. ASIC has also pursued a number of high-profile enforcement actions (including commencing proceedings in the Federal Court) for alleged unlicensed activities against fintechs and crypto businesses. This approach is consistent with public statements by ASIC regarding its pursuit of strategic litigation and ASIC’s 2024–25 Corporate Plan (Corporate Plan), which outlines key focus areas for ASIC to take enforcement action in. ASIC’s Corporate Plan highlights strategic priorities as improving consumer outcomes, addressing financial system climate change risk, better retirement outcomes and member services, advancing digital and data resilience and safety and driving consistency across markets and products. Focus areas under the strategic priorities include, among other matters, greenwashing, scams and use of artificial intelligence (AI), the design and distribution of financial products and new market participants. Fintech providers and technology-driven new entrants must be cognisant of their financial services obligations when entering the Australian market to ensure adherence to financial services laws.
3.3 What, if any, regulatory hurdles must fintech businesses (or financial services businesses offering fintech products and services) which are established outside your jurisdiction overcome in order to access new customers in your jurisdiction?
Regulatory hurdles include registering with ASIC in order to carry on a business in Australia (generally satisfied by incorporating a local subsidiary or registering a branch office), satisfying applicable licensing, registration and disclosure requirements if providing financial services or engaging in consumer credit activities in Australia (or qualifying to rely on an exemption to such requirements), as well as privacy requirements, and complying with the AML/CTF regime. Broadly, these regulatory hurdles are determined by the extent to which the provider wishes to establish an Australian presence, the types of financial products and services provided, and the type of Australian investors targeted.
In the past, it has been common for foreign financial services providers (FFSPs) to provide financial services to wholesale clients in Australia by relying on ASIC’s “passport” or “limited connection” relief from the requirement to hold an AFSL. In March 2020, ASIC repealed both passport and limited connection relief and announced the implementation of a new foreign AFSL regime and funds management relief. As part of the 2021–2022 Budget, the Government of the time announced its intention to “restore previously well-established regulatory relief for foreign financial service providers”. On 17 February 2022, the Government introduced the Treasury Laws Amendment (Streamlining and Improving Economic Outcomes for Australians) Bill 2022, which sought to introduce:
the comparable regulator exemption, exempting FFSPs authorised to provide financial services in a comparable regime from the requirement to be licensed when dealing with wholesale clients;
the professional investor exemption, exempting FFSPs that provide financial services from outside Australia to professional investors from the requirement to be licensed in Australia; and
an exemption from the fit and proper person assessment to fast track the AFSL process for FFSPs authorised to provide financial services in a comparable regulatory regime.
However, this Bill lapsed as a result of a change in Government.
Subsequently, on 7 August 2023, Treasury released much-anticipated consultation and related exposure draft legislation on licensing exemptions for FFSPs. The licensing exemptions were broadly based on the 2022 legislation, including a professional investor exemption, comparable regulator exemption, market maker exemption and fit and proper person test exemption. On 30 November 2023, the Treasury Laws Amendment (Better Targeted Superannuation Concessions and Other Measures) Bill 2023 was introduced to Parliament, an updated bill considering the feedback from the August 2023 consultation. In December 2024, the Senate agreed to split the FFSP reforms to Treasury Laws Amendment (Miscellaneous Measures) Bill 2024. However, due to the announcement of the Federal election in May 2025, the updated bill lapsed before the Senate. It is expected that the bill will be reintroduced in the House of Representatives after the election. The updated timing on FFSP law reform is unknown. Pending further legislative developments, FFSPs may rely on transitional relief for sufficient equivalence and limited connection until 31 March 2026. Given the timing of the Federal election and the status of the bill, it is likely that this transitional relief will be further extended.
3.4 How is your regulator approaching the challenge of regulating the traditional financial sector alongside the regulation of big tech players entering the fintech space?
Australian regulators have adopted a multifaceted approach to regulating the traditional financial sector alongside the emergence of big tech players in the fintech space, striving to balance innovation with consumer protection and market integrity. Regulators have sought to take a “technology neutral” approach such that products and arrangements are captured regardless of the underlying technology that is used. In recent years, the Government has passed or proposed to pass a raft of law reforms that amend existing regulations to modernise the law to encompass tech providers, such as BNPL products, and the proposed Payments Strategic Plan. The Payments Strategic Plan seeks to subject digital wallets like Apple Pay, Samsung Pay and Google Pay (i.e. payment solutions offered by big tech companies) to the same level of regulatory scrutiny as traditional financial institutions (that previously has not existed) to maintain the stability and integrity of Australia’s payment system (see question 3.1).
The Government has supported the Council of Financial Regulators (CFR), a committee comprising the RBA, ASIC, APRA and Treasury, to address evolving regulatory demands. Established in 1998, the CFR's mission is to promote the stability of Australia's financial system and facilitate effective and efficient regulation by the Australia’s financial regulatory agencies. The CFR members work together to monitor and discuss regulatory issues, including the integration of big tech into financial services, to achieve a coordinated regulatory response.
The CFR’s approach to harmonised regulation includes:
identifying significant issues and trends within the financial system, particularly those that could affect Australia's financial stability;
facilitating information exchange and regulatory perspectives among regulatory bodies, aiding coordination in areas of overlapping responsibilities;
streamlining regulatory and reporting requirements to minimise regulatory costs;
ensuring collaboration among agencies when planning for and responding to financial instability; and
engaging with international institutions, forums and regulators regarding financial system stability.
Additionally, Australian regulators are intensifying efforts to regulate both big tech and traditional financial service providers through a unified strategy to tackle scams. On 7 November 2024, the Scams Bill was introduced to Parliament, proposing amendments to the Competition and Consumer Act 2010 (Cth). The Scams Bill seeks to establish a framework requiring in scope service providers to implement measures against scams associated with their services. This includes imposing substantial penalties for non-compliance, with maximum fines for serious breaches reaching up to AUD 50 million, and creating dispute resolution pathways for consumer redress.
Under the framework, the Minister for Financial Services will have the authority to determine which sectors are captured. These sectors’ participants will be mandated to:
actively engage in detecting, preventing and disrupting scams;
adhere to sector-specific codes as mandated;
report scam-related intelligence to the ACCC and outline scam disruption measures;
develop comprehensive governance policies concerning scams; and
establish both internal and external dispute resolution schemes to address customer complaints related to scams.
The Scams Bill was passed by Parliament on 13 February 2025 and received Royal Assent on 20 February 2025. The framework has now commenced and is in force for banks, telecommunications companies and digital platform service providers (including social media and search engines).
The Australian regulatory approach to fintech and big tech is characterised by a proactive stance that seeks to ensure the safety and integrity of the financial system while fostering innovation. The ongoing legislative efforts and the collaborative work of the CFR reflect a commitment to adapting the regulatory framework in response to the dynamic nature of the fintech landscape.
4 Other Regulatory Regimes / Non-Financial Regulation
4.1 Does your jurisdiction regulate the collection/use/transmission of personal data, and if yes, what is the legal basis for such regulation and how does this apply to fintech businesses operating in your jurisdiction?
The Privacy Act
In Australia, the Privacy Act 1988 (Cth) (Privacy Act) regulates the handling of personal information by Commonwealth Government agencies and private sector organisations with annual turnover of more than AUD 3 million. In some instances, the Privacy Act will apply to businesses (e.g. credit providers and credit reporting bodies) regardless of turnover.
The Privacy Act includes 13 Australian Privacy Principles (APPs), which impose obligations on the collection, use, disclosure, retention and destruction of personal information.
The Privacy Act includes a Notifiable Data Breaches (NDB) scheme. The NDB scheme mandates that entities regulated under the Privacy Act are required to notify any affected individuals and the Office of the Australian Information Commissioner (OAIC) in the event of a data breach which is likely to result in serious harm to those individuals.
In December 2019, the Attorney-General announced that the Commonwealth Government would conduct a review of the Privacy Act. The review formed part of the Commonwealth Government’s response to the ACCC’s Digital Platforms Inquiry, with the aim to investigate the effectiveness of Australia’s current privacy regime. Following the release of the Issues Paper in October 2020 and a Discussion Paper in October 2021, on 16 February 2023 the Attorney-General released the Privacy Act Review Report (Privacy Report). The Privacy Report detailed 116 proposals at a principles level but does not provide an exposure draft of any reform legislation. The Government published its response to the Privacy Report on 28 September 2023 indicating that it “agreed” with 38 of the 116 proposals and “agreed in principle” with a further 68.
On 12 September 2024 the Government introduced the Privacy and Other Legislation Amendment Bill 2024 (Cth) (Privacy Bill) into Parliament. The Privacy Bill implements 23 of the 25 “agreed” proposals that were specifically directed at legislative change. The Privacy Bill introduced a range of measures to protect the privacy of individuals with respect to their personal information, including expanding the OAIC powers, facilitating information sharing in emergency situations or following eligible data breaches, requiring the development of a Children’s Online Privacy Code, providing protections for overseas disclosures of personal information, introducing new civil penalties, and increasing transparency about automated decisions which use personal information. The Privacy Bill also proposed to introduce a statutory tort in the Privacy Act to provide redress for serious invasions of privacy and amend the Criminal Code Act 1995 to introduce criminal offences targeting the release of personal data using a carriage service in a manner that would be menacing or harassing (known as “doxxing”).
On 29 November 2024, the Privacy Bill was passed by both Houses of Parliament, receiving Royal Assent on 10 December 2024, with the amendments enforceable from 10 December 2026. The Privacy Bill implemented most of the original amendments listed above, however key changes relate to new OAIC powers to issue compliance notices and amendments to the tort for serious invasions of privacy.
Consumer data right and access
In response to the Productivity Commissions’ report on Data Availability and Use, the Government is implementing the national consumer data right (CDR) framework, which will give customers a right to share their data with accredited service providers (including banks, comparison services, fintechs or third parties), encouraging the flow of information in the economy and competition within the market.
The banking sector was the first sector to be subject to the CDR framework under the “Open Banking” regime. Under this framework, consumers are able to exercise greater access and control over their personal banking data as well as data connected to home loans, personal loans, overdrafts, and business finance. These sharing arrangements are intended to facilitate easier swapping of service providers, enhancement of customer experience based on personal and aggregated data, and more personalised offerings.
In November 2022, the Government introduced the Treasury Laws Amendment (Consumer Data Right) Bill 2022 (Data Right Bill) into Parliament, which would implement action initiation (also known as “write access”) under the Open Banking regime. The Data Right Bill will allow consumers to instruct accredited organisations to initiate actions, such as payments, on their behalf. The Data Right Bill passed both houses on 15 August 2024 and received Royal Assent on 26 August 2024.
4.2 Do your data privacy laws apply to organisations established outside of your jurisdiction? Do your data privacy laws restrict international transfers of data?
Yes, the Privacy Act has extra-territorial operation and applies to acts and practices undertaken outside Australia and its external territories in respect of entities that have an “Australian link”. That is, where the entity is either an Australian citizen or otherwise established in Australia or “carries on business” in Australia (an APP entity).
Under the framework for cross-border disclosure of personal information, APP entities must take reasonable steps to ensure that overseas recipients handle personal information in accordance with the APPs, and the APP entity is accountable if the overseas recipient mishandles the information.
4.3 Please briefly describe the sanctions that apply for failing to comply with your data privacy laws.
The Privacy Act confers on the OAIC a variety of investigative and enforcement powers to use in cases where a privacy breach has occurred, but it is largely a complaints-based regime. The enforcement regime empowers the OAIC to:
investigate a matter following a complaint made by an individual or on the OAIC’s own initiative;
make a determination requiring the payment of compensation or other remedies, such as the provision of access or the issuance of an apology;
require enforceable undertakings;
seek an injunction; and
seek civil penalties not exceeding the greater of: 50 million for a body corporate; or
three times the benefit directly or indirectly obtained from the contravention, if this can be determined by a court; or
if the court cannot determine the value of the benefit obtained from the contravention, 30% of turnover during the breach period.
4.4 Does your jurisdiction have cyber security laws or regulations that may apply to fintech businesses operating in your jurisdiction?
Cyber security regulation has been a key focus of regulators and the Government given the recent high-profile cyber-attacks and the interplay between financial services, financial products and new technologies. However, there are no specific, standalone mandatory cyber security laws or regulations which would apply to fintech businesses.
In August 2020, the Government released its Cyber Security Strategy 2020, which will invest AUD 1.67 billion over 10 years in a tripartite approach to protecting, improving and enforcing Australia’s cyber resilience. This will be delivered through action by governments, businesses and the community. The Government has also established an Industry Advisory Committee to shape the delivery of short- and longer-term actions as set out in its strategy. Following a number of high-profile cyber-attacks, in November 2023 the Government released a 2023–2030 Australia Cyber Security Strategy (Cyber Strategy) and a 2023–2030 Australia Cyber Security Action Plan (Cyber Action Plan). The Cyber Strategy captures the Government’s vision to collaborate with industry to improve Australia’s management of cyber risks. The Cyber Action Plan supplements the Cyber Strategy and provides clear steps and deliverables to be undertaken across the next two years in pursuit of a stronger cyber environment. Alongside the Cyber Strategy and Cyber Action Plan, the Government has released a consultation paper and is seeking public input in relation to the future of Australian cyber security and resilience. Submissions closed March 2024.
ASIC provides a number of resources to help firms improve their cyber resilience, including reports, articles and practice guides. ASIC has previously provided guidance regarding cyber security in Report 429: Cyber Resilience – Health Check and Report 555: Cyber resilience of firms in Australia’s financial market. In these reports, ASIC examined and provided examples of good practices identified across the financial services industry and questions board members and senior management of financial organisations should ask when considering their cyber resilience. ASIC’s Regulatory Guide 255 also sets out the standards and frameworks against which providers of digital advice should test their information security arrangements, and nominated frameworks setting out relevant compliance measures which should be put in place where cloud computing is relied upon.
In December 2019, ASIC released the first report into the cyber resilience of firms in Australia’s financial markets (REP 651). ASIC has since released an updated report for 2020–2021 (REP 716). The reports identify key trends in cyber resilience practices and highlights existing good practices and areas for improvement. REP 651 identified investment, education, acquisition and retention of skilled resources, and strong leadership from senior management as being core factors to maintaining strong cyber resilience. However, ASIC expressed concern towards the trend of outsourcing non-core functions to third-party providers, as this created difficulty when managing cyber security risks in a business’ supply chain. In the December 2021 report, ASIC notes a general improvement in cyber reliance but states that there were no material improvements in supply chain risk management and encourages firms to consider supply chain risk management as an ongoing priority.
Australia has ratified the Council of Europe Convention on Cybercrime (the Budapest Convention), which codifies what constitutes a criminal offence in cyber space and streamlines international cyber crime cooperation between signatory states. Australia’s accession was reflected in the passing of the Cybercrime Legislation Amendment Act 2011 (Cth).
4.5 Please describe any AML and other financial crime requirements that may apply to fintech businesses in your jurisdiction.
The AML/CTF Act applies to entities that provide “designated services” with an Australian connection. Fintech business will often have obligations under the AML/CTF Act as financial services and lending businesses typically involve the provision of designated services. Obligations include:
enrolling with AUSTRAC;
conducting due diligence on customers prior to providing any designated services;
adopting and maintaining an AML/CTF programme; and
reporting annually to AUSTRAC and as required on the occurrence of a suspicious matter, a transfer of currency with a value of AUD 10,000 or more, and all international funds instructions.
Digital currency exchange providers also have obligations under the AML/CTF Act and must register with AUSTRAC or face a penalty of up to two years’ imprisonment or a fine of up to AUD 156,500 (or both) for failing to register. Digital currency exchange providers must renew registration every three years. Exchange operators are required to keep certain records relating to customer identification and transactions for up to seven years.
On 11 September 2024, the Attorney-General introduced the AML/CTF Bill to Parliament. The AML/CTF Bill sought to align Australia’s AML/CTF laws with international standards to address three key objectives – capturing higher risk “gatekeeper” professions, simplifying the AML/CTF regime and modernising the regime to reflect changing technologies and illicit financing methodologies. The sweeping reforms to the AML/CTF Act include:
expanding the AML/CTF regime to additional high-risk services provided by Tranche II entities (namely, lawyers, accountants, trust and company service providers, real estate professionals, and dealers of precious stones and metals);
extending regulation under the AML/CTF regime for virtual asset and value transfer (payments) services (including payment intermediaries);
simplifying and clarifying the AML/CTF regime to increase flexibility, reduce regulatory impacts and support businesses to better prevent and detect financial crime; and
broadening AUSTRAC’s information gathering powers.
The reforms significantly expand the AML/CTF obligations applicable to virtual asset providers, value transfer services and other fintech businesses.
On 29 November 2024, Parliament passed the AML/CTF Bill. The Government made several changes to the initial AML/CTF Bill, including clarifying reporting entities obligations in AML/CTF policies, moving the commencement date of the tipping-off offence-related changes forward to 31 March 2025, updating the simplified outline in the AML/CTF Bill in respect of obligations relating to transfers of value, and amending obligations relating to reports of cross-border transfers of value, among other things. The changes take effect from 31 March 2026.
Additionally, on 11 December 2024, AUSTRAC released a public consultation on the new AML/CTF Rules in support of the AML/CTF Bill. This exposure draft of the new Rules covers obligations relating to AML/CTF programmes, reporting groups (formerly “designated business groups”), customer due diligence, travel rule, compliance reports, keep open notices (formerly “Chapter 75 notices”), and correspondent banking relationships. The consultation closed on 14 February 2025.
Current (and future) fintech businesses operating in Australia should closely assess the law reform to ensure that any AML/CTF policies and procedures are future proof for the upcoming law reform.
4.6 Are there any other regulatory regimes that may apply to fintech businesses operating in your jurisdiction (for example, AI)?
An entity that conducts any “banking business”, such as taking deposits (other than as part-payment for identified goods or services) or making advances of money, must be licensed as an ADI. For locally incorporated entities, APRA offers a restricted pathway to becoming an ADI, known as a restricted ADI (RADI) licence. Becoming a RADI may be appealing to new entrants that do not have the resources and capabilities to establish an ADI and need time to develop these resources and capabilities. The restricted pathway allows entrants to conduct limited banking business as a RADI for a maximum of two years, before needing to meet the requirements of the full prudential framework and applying for an ADI licence. The initial conditions on a RADI licence are more restricted than those of a full ADI licence, reflecting the restricted range of activities permitted under the licence. This pathway can assist entrants in seeking the investment required to operationalise the business while progressing compliance with the full prudential framework and an ADI licence application. Entrants that cannot meet the requirements of an ADI are expected to exit banking business. Generally, APRA will subject new ADIs and RADIs to greater prudential supervision than established ADIs in the initial years of being licenced. This includes APRA accounting for the heightened risk profile of new ADIs and RADIs by adopting adjusted capital requirements, contingency planning and deposit restrictions. For new ADIs, APRA will assess the sustainability and track record of the new ADI when determining whether the ADI is established and these adjustments are no longer necessary.
Australia’s approach to regulating AI has generally been a soft-law, principles-based approach. This approach has led to the development of a set of eight voluntary principles by the Government Department of Industry, Science and Resources (AI Ethics Principles). The AI Ethics Principles are designed to be utilised by participants when developing, designing, integrating or implementing AI systems to achieve safer, more reliable outcomes. The AI Ethics Principles are part of a larger AI Ethics Framework which is holistically aimed at assisting businesses and governments to responsibly develop and implement AI – known as the AI Action Plan. The AI Action Plan has not been developed in isolation but is to be employed alongside other AI initiatives (such as the Australian Human Rights Commission’s Human Rights and Technology Project and the OECD’s Principles on AI). Although there are legal regimes that impact how AI is used in the Australian landscape (for example, the privacy regime), there are currently no current laws or regulations that apply specifically to AI in Australia, and it is not anticipated that Australia will move away from the current approach.
Fintech businesses are subject to the prohibitions laid out in Consumer Law, which is administered by the ACCC.
5 Technology
5.1 Please briefly describe how innovations and inventions are protected in your jurisdiction.
Patent protection is available for certain types of inventions in Australia. A standard patent provides long-term protection and control over a device, substance, method or process, lasting for up to 20 years from the filing date. The requirements for a standard patent include:
an invention or technology must be “patentable”, as not all inventions can be protected by patent registration. For example, the High Court of Australia recently held that only software that creates an “artificial state of affairs” and a “useful result” can be protected by patent registration (see Aristocrat Technologies Australia Pty Ltd v Commissioner of Patents [2022] HCA 29);
the invention must be new and not publicly known;
there must be an inventive step; and
the invention must have “utility”.
Previously, inventions could be patented under an innovation patent (targeted at inventions with short market lives), however, these can no longer be applied for.
In Australia, provisional applications can be filed as an inexpensive method of signalling an intention to file. A provisional application will provide the applicant with the priority date from the date the provisional application was filed provided the applicant files a standard patent application within 12 months.
Registered design protection is available for designs that are both new and distinctive. Where patent registration protects an invention or process, design protection grants an applicant a monopoly over the visual features of a product for a maximum period of up to 10 years. Australia is presently considering amendments to extend rights of designs to “virtual designs”, being “designs for intangible (non-physical) things whose use results in the display of visual features through electronic means”. This would extend to graphical user interfaces, animated icons and products in a virtual reality. Further developments in this space are expected this year. Inventions or “know-how” may also be protected as a trade secret/confidential information provided the information is clearly articulated, has the necessary quality of confidentiality and was provided to another person on a confidential basis.
5.2 Please briefly describe how ownership of IP operates in your jurisdiction.
The person or business that has developed intellectual property (IP) generally owns that IP, subject to any existing or competing rights. In an employment context, the employer generally owns new IP rights developed in the course of employment, unless the terms of employment contain an effective assignment of such rights to the employee. Contractors, advisors and consultants generally own new IP rights developed in the course of engagement, unless the terms of engagement contain an effective assignment of such rights to the company by whom they are engaged.
the Copyright Act 1968 (Cth) (Copyright Act), creators of copyright works such as literary works (including software) also retain moral rights in the work. Moral rights are rights that automatically arise when someone creates work (e.g. art, music, writing, etc.), and include: (i) the right to be identified as the creator or author of a work; (ii) the right not to have others being credited as the creator; and (iii) the right to not have their work used in a way that hurts their reputation.
Moral rights cannot be sold or given away, so “consents” from the creators are needed in relation to these rights when the works are used by third parties to allow someone to use a creator’s works without referencing them (for example).
5.3 In order to protect or enforce IP rights in your jurisdiction, do you need to own local/national rights or are you able to enforce other rights (for example, do any treaties or multi-jurisdictional rights apply)?
Options available to protect or enforce IP rights depend on the type of IP.
Copyright in software (including source code for software) is automatically protected under the Copyright Act. Australia is a signatory to the Berne Convention for the Protection of Literary and Artistic Works, meaning that copyright-protected material that is created overseas is also recognised and protected in Australia.
In relation to registered IP rights, such as patents, trade marks and designs, it is necessary to have a local registration in order to enjoy protection in Australia. An owner may apply to IP Australia for registered protection of these types of rights. Further, an Australian patent application can be made by way of a Patent Convention Treaty (PCT). Similarly, Australia is a signatory to the Madrid Protocol, which means it is possible to register a trade mark within Australia through the Madrid “international” trade mark application system.
Finally, Australia does not have a registration scheme or explicit ownership scheme for trade secrets, confidential information and trade secrets are protectable through a cause of action known as breach of confidence. Australian authorities also recognise a principle known as the “springboard doctrine”, meaning that even if confidential information is not used directly by the recipient, a breach of confidence will still arise if the knowledge of the confidential information enables the recipient to bring its own solution to market more quickly.
5.4 How do you exploit/monetise IP in your jurisdiction and are there any particular rules or restrictions regarding such exploitation/monetisation?
In Australia, there several popular approaches to commercialising IP. These are:
Assignment: An outright sale of IP, transferring ownership to another person without imposing any performance obligations.
Direct in-house use of IP: Owners of IP may commercialise the IP within an existing entity already in their control.
Licensing: Permission is granted for IP to be used on agreed terms and conditions. There are three types of licence (exclusive licence, non-exclusive licence and sole licence) and each comes with conditions.
Franchising: A method of distributing goods and services, where one party (franchisor) grants another party (franchisee) the right to use its trade mark or trade name as well as the use of its business systems and processes in return for payment and royalties. These licensed rights are used by the franchisee to provide goods or services to agreed specifications controlled by the franchisor.
Start-up or spin-off: Where a separate company (either new (start-up) or partitioning from an existing company (spin-off)) is established to bring a technology developed by a parent company to the market. IP activities to be carried out for spin-offs include due diligence, confidentiality, employment contracts, assignment agreements and licence agreements.
Broadly, a business can only exploit or monetise IP that the business in fact owns or is entitled to use. Restrictions apply to the use of IP that infringes existing brands, and remedies (typically injunctions and damages) are available in circumstances of infringement.