Connected vehicles and the Telecommunications Act

23 June 2025

Jason Kwan
Partner
Sparke Helmore Lawyers

Jason Kwan
Partner
Sparke Helmore Lawyers
t: +61 3 9291 2376

Jason is a senior technology lawyer with over 15 years’ experience advising clients in the information technology space, including in relation to information technology procurement, data, privacy, digital infrastructure, telecommunications and information security related issues.

As vehicles become increasingly connected—offering live telematics, embedded SIMs (eSIMs), over-the-air (OTA) updates, and infotainment powered by mobile data—Original Equipment Manufacturers (OEMs) are venturing closer to activity regulated by Australia’s telecommunications framework. In particular, there is a risk that unless extra care is taken, OEMs may be classified as Carriage Service Providers (CSPs) under the Telecommunications Act 1997 (Cth) (Telecommunications Act), with consequential regulatory obligations.

Historically, compliance in this area has been somewhat unclear, with a lack of understanding regarding key obligations. As cars become increasingly connected, and as the means to providing connectivity services are better understood, stricter compliance is likely to become essential.

This article explores how OEMs may trigger CSP classification and outlines the steps OEMs can take to manage this risk. It follows on from our previous article, Navigating privacy in the age of connected vehicles, which discussed some of the key privacy considerations for connected vehicles.

What is a Carriage Service Provider?

Under s 87 of the Telecommunications Act, a CSP is any person who supplies a carriage service to the public using infrastructure owned by a carrier or under a nominated carrier declaration.[1] A carriage service broadly refers to the transmission of communications by electromagnetic energy, whether guided (e.g. fibre) or unguided (e.g. mobile networks).[2]

This regulatory framework, originally designed for telecommunications companies, is becoming increasingly relevant to the automotive industry as vehicles are equipped with computer hardware that integrates connectivity not only to the manufacturer (for service and mechanical issues) but also with other vehicles and the internet more generally.

How might OEMs be caught?

Several scenarios might lead to OEMs being classified as CSPs as a result of the in-car technology they offer:

Regulatory obligations for CSPs

If an OEM is deemed to be a CSP, it may become subject to several legal obligations:

Risk management for OEMs and Australian based distributors

To minimise regulatory risk, OEMs and their in-country retailers and distributors should:

Map their connectivity offerings to determine whether their activities mean they fall within the definition of a CSP.
Ensure they have in place clear contractual arrangements with licensed telecommunications providers (both domestic and international) to clarify who is delivering the carriage services to end users. While the OEM may be party to agreements with offshore telecommunication providers, local access to Australian mobile networks will ultimately involve a local carrier, and compliance responsibilities must be clearly defined. This includes assigning responsibility for local compliance, network provisioning, switching, billing,[12] and ensuring appropriate risk allocation.
Include product disclosures for multimedia or connectivity packages if included with the vehicle, clarifying that the telecommunications service is provided by a third party and subject to their licensing and terms.
Ensure appropriate consumer awareness and consent is obtained (e.g. consent to the collection of personal information such as location or other vehicle telemetry data is collected or transmitted), and any data handled by it in its capacity as a CSP complies with APPs as well as CSP metadata obligations.[13]

Conclusion

OEMs must understand the regulatory obligations that apply if they are deemed to be a CSP. This understanding is crucial for making informed decisions about whether to offer those services and how to contractually manage the risk, particularly through their arrangements with carriers and distributors. Ultimately, OEMs should structure their connected vehicle operations in a way that aligns with their intended role in the telecommunications ecosystem. This alignment will be increasingly important as OEMs navigate evolving regulatory expectations.

[1] Telecommunications Act 1997 (Cth) s 87.

[2] Ibid s 7.

[3] Department of Infrastructure, ‘Connected Vehicles and the Telecommunications Act’ (Discussion Paper, 2023)

[4] Ibid.

[5] Ibid.

[6] ACMA, About carriers and carriage service providers (Web Page, 2022)

[7] Telecommunications Act 1997 (Cth), s 313.

[8] Telecommunications (Interception and Access) Act 1979 (Cth), Part 5-1A.

[9] Telecommunications Act 1997 (Cth), Part 14.

[10] Security of Critical Infrastructure Act 2018 (Cth), s 30BC and s 30BD.

[11] Telecommunications (Consumer Protection and Service Standards) Act 1999 (Cth), ss 105, 106, 128,132.

[12] Telecommunications Act 1997 (Cth) s 87 (definition of CSP); Australian Communications and Media Authority, Guidance on Third-Party Provisioning (Web Page, 2022)

[13] Department of Home Affairs, Data Retention Guidelines for Service Providers (Guidelines, Australian Government, 2025)

We would like to acknowledge the contribution of Stefanie Constance.

18-12-2025 | 2025 year end cyber reflections

16-12-2025 | Ex tempore decision in Services Australia v Anatoly Kern

11-12-2025 | 12 Days of (Christmas) FOI

08-12-2025 | FOI Secondees – letters 'home' for Christmas

04-12-2025 | Information as to existence of certain documents – s 25 of the FOI Act

03-12-2025 | Case note: Aveo Group Limited and Australian Competition and Consumer Commission (Freedom of information)

Media room