If the entity or the data is in Australia, then the cloud service provider could be subject to Australian subpoenas/warrants, etc., in the normal way.

However, in terms of particularly onerous/out of the ordinary Australian requirements, Part 15 of the Telecommunications Act 1997 (Cth) ("Telco Act") enables relevant law enforcement agencies to issue various requests and orders to "designated communications providers," including the following:

• Technology assistance requests (requesting voluntary assistance)
• Technology assistance notices (requiring certain types of assistance to law enforcement agencies)
• Technology capability notices (these could be used to compel a designated communications provider to build new capabilities to enable assistance)

There are some limitations on this (e.g., see Section 317ZG of the Telco Act), but the acts or things that a designated communications provider could be required to do could be broad; there is a long list in the legislation that includes removing one or more forms of electronic protection. This could also potentially include building a capability to provide access to encrypted communications and data.

"Designated communications providers" include the following:

• A service that facilitates, or is ancillary or incidental to, the supply of a listed carriage service
• An electronic service that has one or more end users in Australia
• A service that facilitates, or is ancillary or incidental to, the provision of an electronic service that has one or more end users in Australia
• A person who develops, supplies or updates software used, for use, or likely to be used, in connection with the following:
  • A listed carriage service
  • An electronic service that has one or more end users in Australia