The Federal Government has laid out its new safety expectations for tech firms.

The Federal Government has published minimum safety expectations that ‘big tech’ companies will need to adhere to under controversial new online safety laws.

The Department of Infrastructure, Transport, Regional Development and Communications put out the basic online safety expectations (BOSE) over the weekend. 

The draft document says any providers that offer a social media service, “relevant electronic service” or “designated internet service”, must adhere to the demands, including nine principle-based “core expectations” included in the Act.

The document also covers a series of “additional expectations” and “reasonable steps” that providers can take to meet core expectations.

Communications Minister Paul Fletcher says companies must take “actions against such emerging risks such as ‘volumetric attacks’ where ‘digital lynch mobs’ seek to overwhelm a victim with abuse”.

Providers must also take reasonable steps to ensure a service is safe by introducing processes to “detect, moderate, report and remove… material or activity… that is or may be unlawful or harmful”.

The BOSE calls on encrypted services to “take reasonable steps to develop and implement processes to detect and address material or activity on the service that is or may be unlawful and harmful”.

Providers would also be required to prevent anonymous accounts from being “used to deal with material, or for activity, that is or may be unlawful or harmful”, potentially through “verification of identity or ownership of accounts”.

Providers will additionally be expected to “detect high volume, cross-platform attacks (also known as volumetric or ‘pile-on’ attacks)”.

The new measures require providers stop children from accessing ‘class two’ material such as a film or games intended for person over the age of 18, by implementing age assurance mechanisms or child safety risk assessments.

Providers will also need to ensure their service has a “clear and readily identifiable mechanisms that enable end users to report, and make complaints”, and keep a record of that complaint for five years.

The BOSE system allows providers 30 days to come up with a statement that sets out the number of complaints made to the provider for a specified period of time when asked by the eSafety Commissioner.

Providers will also be asked how long it took to remove content if issued with a removal notice.

Submissions on the new regime are open until October 15.