Optus’ emergency call outage has triggered regulatory investigations and public backlash, offering critical lessons for telcos on crisis governance, compliance, and transparency with regulators.
Key takeaways
- The Optus outage illustrates the cost of failing to act on early warnings and detect emergency call failures quickly.
- Telcos must escalate outages swiftly and ensure board-level oversight of emergency call systems.
- Early, transparent engagement with regulators can reduce penalties and reputational fallout.
Shutterstock.com/IOIO IMAGES
Optus – Australia’s second-largest telecoms provider – suffered a major network outage that left customers in South Australia, the Northern Territory, and Western Australia unable to contact emergency services on 18 September 2025.
While standard calls remained functional, more than 600 calls to 000 (Australia’s emergency number) failed.
Tragically, multiple deaths have since been linked to the outage, underscoring the human cost of service failures and the regulatory and reputational risks that follow.
Optus has initiated an independent review into the outage.
Lexology PRO takes a look at what went wrong and how regulators are reacting, and outlines some key lessons for telcos to take away from the incident.
What went wrong?
The outage occurred during a network upgrade, when a technical failure disrupted the routing of emergency calls.
The Australian Communications and Media Authority (ACMA) is investigating whether the incident amounts to a breach the Telecommunications (Emergency Call Service) Determination 2019, which requires telcos to:
- provide access to 000 free of charge; and
- ensure emergency calls can be made even if the customer’s network is down, by enabling a “camp-on” mechanism, allowing mobile phones to connect to another network to make 000 calls if their provider fails.
This is not Optus’ first failure in this area. In 2024, the ACMA fined the company A$12 million (US$7.9 million) for failing to provide emergency call access to over 2,000 people during an outage in 2023. Optus also failed to follow up with 369 affected individuals.
Optus’ compliance record
Other failures by the company – beyond network outages – have drawn criticism from other Australian regulators.
In 2022, a cyber-attack on Optus exposed the personal data of 9.5 million Australians. The Office of the Australian Information Commissioner is now suing Optus for alleged privacy law breaches.
In a separate case, the Australian Competition and Consumer Commission (ACCC) fined Optus A$100 million (US$66 million) in June 2025 for unconscionable conduct in selling telecom services to vulnerable consumers.
How have regulators responded?
Regulators have been quick to come down on the company for its latest failure. The ACMA has launched a formal investigation into whether Optus complied with its obligations Telecommunications (Emergency Call Service) Determination 2019. The investigation will examine whether Optus:
- notified Telstra (the emergency call handler) promptly;
- communicated effectively with customers and the public; and
- alerted key stakeholders, including the relevant ministerial department, the Telecommunications Industry Ombudsman, and the National Emergency Management Agency.
Federal Communications Minister Anika Wells described the incident “an enormous failure” and warned that Optus should expect “significant consequences.” Optus could also face an investigation from the ACCC, given the failures to consumers.
What lessons can other telcos learn?
This incident offers critical lessons for telecoms providers globally, particularly those with emergency service obligations. Repeat offences are likely to attract escalating penalties, so it is paramount that telcos get it right the first time. Here’s how:
Establish robust escalation protocols
The outage began at 12:30am on 18 September 2025 and Optus became aware that emergency calls were failing at 1.30pm. This means Optus took around 13 hours to detect the outage, despite receiving two complaints from the Telecommunications Industry Ombudsman early that morning. According to the CEO, these warnings were not escalated appropriately.
This delay points to a failure in internal crisis governance.
As of 30 June 2025, new rules have required telecoms companies in Australia to improve their processes for handling and escalating complaints. Under the Telecommunications (Consumer Complaints Handling) Industry Standard Amendment 2025 (No. 1), telcos must appropriately recognise, accept and handle the resolution of complaints about network outages and get customers’ disconnected services restored promptly.
These processes should help telecoms companies identify and address critical outages faster.
Engage and notify regulators early
According to reports, Optus’ press release announcing the outage was 40 hours after the incident occurred. Additionally, Optus did not notify regulators until the issue had been resolved. This delay may have compounded the company’s legal exposure.
Under the Telecommunications (Customer Communications for Outages) Industry Standard 2024, a “responsible carrier who detects a major outage or a significant local outage must communicate to relevant stakeholders […] as soon as possible after the carrier detects the outage; updates about the outage […] and information about the restoration of all relevant carriage services affected by the outage as soon as practicable after the services are restored.”
ACMA encourages companies to self-report potential breaches and cooperate with investigations. “These matters are taken into account when enforcement action is considered,” according to the regulator.
Prepare a clear communication strategy
Following a crisis – such as a network outage – telecoms businesses should refer to their prepared response plan, which should include a clear communication strategy.
A clear, well-defined communication protocol is critical to responding effectively in a crisis. Optus’ failure to inform the public for more than a day fuelled public outrage and intensified media scrutiny. In crisis situations, especially those involving potential loss of life, technical fixes are not enough.
A communication strategy should establish who is authorised to speak on behalf of the company, how information will be disseminated internally and externally, and determine the channels used (such as website updates or social media announcements).
In addition to these communication plans, business continuity plans provide a detailed strategy and set of systems designed to ensure a company can prevent or rapidly recover from a significant disruption to its operations.