Skip to content
LegalVision

How to Respond to a Request For Access to Encrypted Data

James Adler

By James Adler
Senior Lawyer

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Summarise with: ChatGPT logo ChatGPT Perplexity logo Perplexity Microsoft Copilot logo Microsoft Copilot
Table of Contents

In December 2018, the so-called ‘encryption laws’ were passed, allowing law enforcement agencies to ask or compel technology or communication-based companies to assist with law enforcement investigations. These agencies have already started issuing notices and requests. Therefore, you should have a detailed internal plan when you do get a request or notice. This article will explain how your business can handle a request for access to encrypted data under the new encryption laws. 

Encryption Laws Overview 

The new encryption laws aim to crack down on serious crimes such as terrorist activity and child pornography. Law enforcement agencies such as the Australian Federal Police can issue certain requests or notices to anyone who is a “designated communications provider”.

That broad definition can include:

  • hosting service providers;
  • software developers;
  • e-commerce stores; and
  • software as a service (SaaS) providers. 

If you are a software developer, read our article on How Can Developers Comply with New Encryption Laws?

You may receive one (or more) of these types of requests or notices, such as: 

  • TARs (technical assistance requests);
  • TANs (technical assistance notices); or
  • TCNs (technical capability notices).

For more information about the laws, read FAQs on Australia’s New Encryption Laws.

What does the Request or Notice Involve?

The law enforcement agency can send the notice or request to a registered address or email address of your business. If you are a sole trader, you will directly receive the notice or request. Companies can receive the notice at their registered office. 

Technical Assistance Requests

Complying with a TAR is voluntary. You may have to provide technical assistance in any way that the relevant agency believes will assist their investigation. You are not required to act at all if you receive a request, although you can choose to comply with the request. 

For example, you could be asked to: 

  • supply customer data;
  • create a new version of your software that enables or disables certain behaviour; or
  • provide the government agency with administrator access to information hosted by you.

Technical Assistance Notices

Complying with a TAN is compulsory. The law provides a list of activities that you must do if you receive the notice. The TAN will rely on the company’s existing features for law enforcement. 

For example, a notice may ask you to:

  • remove electronic protection from your products (such as removing end-to-end encryption on messaging);
  • provide technical information on the operation of the product or service;
  • ensure any obtained information appears in a particular format; and
  • change certain features of your service. 

Technical Capability Notice

Complying with a TCN is also compulsory. A TCN is a legal step-up from a TAN, where law enforcement officials will ask you to build new features into your product so they can carry out their enforcement activities. 

For example, a notice could ask you to build a software feature that creates custom reports on data patterns that could signal criminal activity.

Continue reading this article below the form
Loading form

Who Can I Tell About the Request or Notice?

If your business receives a request or notice, you are not allowed to disclose that you have received one. You also cannot disclose the contents of the request or notice. Those restrictions apply to:

  • businesses;
  • employees of the business;
  • contractors of the business; and
  • employees of the contractors.

There are some exceptions to this rule. 

For example, you can disclose the notice to existing staff, contractors, suppliers and other individuals that is necessary for being able to comply with the notice. 

Internal Process Checklist

Complying with a request or notice can be an overwhelming experience, especially if you are a startup or small business with few resources. The checklist below provides an overview of the steps you can take to comply with your encryption law obligations.

Encryption Notice/Request Compliance Checklist

Click here to view and download the checklist.

Key Takeaways

Law enforcement agencies have already issued requests or notices under the laws. You should know what you could be asked to provide as part of a specific notice or request. Be sure to educate your staff on these issues. If you have any specific concerns or would like assistance on how to comply, get in touch with LegalVision’s IT lawyers on 1300 544 755 or fill out the form on this page.

Register for our free webinars

Demystifying M&A: What Every Business Owner Should Know

Online
Understand the essentials of mergers and acquisitions and protect your business value. Register for our free webinar.
Register Now

Social Media Compliance: Safeguard Your Brand and Avoid Common Pitfalls

Online
Avoid legal pitfalls in social media marketing and safeguard your brand. Register for our free webinar.
Register Now

Building a Strong Startup: Ask a Lawyer and Founder Your Tough Questions

Stone & Chalk Tech Central, Level 1 - 477 Pitt St Haymarket 2000
Join LegalVision and Bluebird at the Spark Festival to ask a lawyer and founder your startup questions. Register now.
Register Now

Construction Industry Update: What To Expect in 2026

Online
Stay ahead of major construction regulatory changes. Register for our free webinar.
Register Now
See more webinars >
James Adler

James Adler

Read all articles by James

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

Related articles

FAQs About Australia’s New Encryption Laws

How Can Developers Comply with the New Encryption Laws?

How to Avoid Preventable Data Breaches

How to Comply with the Mandatory Data Breach Notification Scheme

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards