Australian Compliance
LYRE is built for Australian regulatory compliance from the ground up. This guide covers the legal requirements for AI voice agents operating in Australia and how LYRE enforces them.
AI disclosure requirement
Under the ACMA Telemarketing and Research Industry Standard 2017 and emerging AI-specific guidance, automated calls must disclose their nature at the start of the conversation. LYRE enforces this by default.
compliance.ai_disclosure_message.Default disclosure message
"Just so you know, I'm an AI assistant. This call may be recorded for quality and training purposes. Is that okay with you?"
Custom disclosure in agent config
"compliance": {
"ai_disclosure": true,
"ai_disclosure_message": "Hi there! I'm Ava, an AI assistant from Acme Solar. This call is recorded. How can I help?"
}Recording consent
Australian recording consent laws vary by state and territory. LYRE defaults to the strictest standard — all-party consent— which is legally safe nationwide.
| Jurisdiction | Consent required | Legislation |
|---|---|---|
| NSW | Single party | Surveillance Devices Act 2007 (NSW) |
| VIC | All party | Surveillance Devices Act 1999 (Vic) |
| QLD | Single party | Invasion of Privacy Act 1971 (Qld) |
| WA | All party | Surveillance Devices Act 1998 (WA) |
| SA | Single party | Surveillance Devices Act 2016 (SA) |
| TAS | All party | Listening Devices Act 1991 (Tas) |
| ACT | Single party | Listening Devices Act 1992 (ACT) |
| NT | All party | Surveillance Devices Act 2007 (NT) |
all_party consent. Since you typically cannot know which state the caller is in, all-party consent satisfies the strictest requirements (VIC, WA, TAS, NT) and is safe everywhere.LYRE's recording consent modes:
| Mode | Behaviour |
|---|---|
| all_party | Agent asks for explicit verbal consent before recording starts. If denied, call continues without recording. |
| single_party | Agent announces the call is being recorded. No explicit consent required. |
| none | No recording. Audio is processed in real-time only and not stored. |
Do Not Call Register (DNCR)
The DNCR is administered by ACMA. Businesses making unsolicited telemarketing calls must wash their call lists against the register. LYRE automates this.
dncr_check: true, LYRE checks every outbound phone number against the DNCR before dialling.failed with reason dncr_match.Calling hours
ACMA restricts the times at which telemarketing calls can be made. LYRE enforces these by default for all outbound calls.
| Day | Permitted hours | Timezone |
|---|---|---|
| Monday to Friday | 9:00 AM – 8:00 PM | Recipient's local time |
| Saturday | 9:00 AM – 5:00 PM | Recipient's local time |
| Sunday | No calls permitted | — |
| Public holidays | No calls permitted | — |
LYRE determines the recipient's timezone from the area code for Australian landlines or from the registered location for mobile numbers. When uncertain, LYRE defaults to Australia/Sydney (AEST/AEDT).
Custom calling hours in agent config
"compliance": {
"calling_hours": {
"timezone": "Australia/Sydney",
"weekday_start": "09:00",
"weekday_end": "20:00",
"saturday_start": "09:00",
"saturday_end": "17:00",
"sunday": false
}
}Privacy Act and APPs
The Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) govern how personal information is collected, used, stored, and disclosed. Key requirements for AI voice agents:
APP 1 — Open and transparent management
Your privacy policy must describe how AI voice agents collect and use personal information, including recordings and transcripts.
APP 3 — Collection of solicited information
Only collect personal information that is reasonably necessary for the agent's function. Do not prompt for unnecessary personal details.
APP 5 — Notification of collection
At or before collection, inform the individual of what is being collected, why, and who it may be disclosed to. The AI disclosure and recording consent prompts help satisfy this.
APP 8 — Cross-border disclosure
If audio or transcripts are processed outside Australia (e.g. via US-based STT providers), you must ensure the overseas recipient handles information in accordance with APPs, or obtain consent. Use sovereign providers to avoid cross-border disclosure entirely.
APP 11 — Security of personal information
LYRE encrypts all recordings and transcripts at rest (AES-256) and in transit (TLS 1.3). Data is stored in Australian data centres. Retention policies are configurable per-tenant.
Penalties
Non-compliance with Australian telemarketing and privacy laws carries significant penalties.
| Violation | Regulator | Maximum penalty |
|---|---|---|
| Calling DNCR-listed number | ACMA | $313,000 per call (body corporate) |
| Calling outside permitted hours | ACMA | $313,000 per call (body corporate) |
| Failure to identify caller | ACMA | $313,000 per call (body corporate) |
| Illegal recording (all-party states) | State police | Up to 5 years imprisonment |
| Serious Privacy Act breach | OAIC | $50 million, or 3x benefit, or 30% turnover |
| Notifiable data breach (failure to notify) | OAIC | $50 million (body corporate) |
LYRE compliance defaults
Every new LYRE agent is created with these compliance defaults. They represent the safest configuration for Australian operations.
Default compliance configuration
{
"compliance": {
"ai_disclosure": true,
"ai_disclosure_message": "Just so you know, I'm an AI assistant. This call may be recorded. Is that okay?",
"recording_consent": "all_party",
"dncr_check": true,
"calling_hours": {
"timezone": "Australia/Sydney",
"weekday_start": "09:00",
"weekday_end": "20:00",
"saturday_start": "09:00",
"saturday_end": "17:00",
"sunday": false
}
}
}Compliance checklist
Before going live with outbound AI voice calls in Australia:
Next: Sovereign AI (SCX.ai) →