The New SPF Threshold Question for Digital Platforms: Who Is In, Who Is Out, and Who Still Has to Prove It

One of the most important changes in the latest SPF draft is that digital platform scope is becoming more concrete. That may sound like a technical drafting issue, but it has large practical consequences. Once scope becomes more concrete, inclusion becomes a proof question. And proof questions tend to create new operational burdens.

The draft rules do not simply say that platforms are regulated in some broad intuitive sense. They introduce threshold logic around active Australian users and revenue. At first glance, that may look like a helpful narrowing exercise. In practice, it is likely to create a new layer of scope complexity.

This issue compounds the service-chain accountability questions raised in our earlier piece on outsourcing and white-label risk — scope is not only about which entity nominally owns the customer, but also about how that responsibility is evidenced.

The two thresholds that now define platform scope

The draft rules indicate that a digital platform service is intended to fall within SPF scope only where two conditions are satisfied: the relevant service meets the active Australian user threshold, and the entity meets the revenue threshold.

The active Australian user test is framed around an average monthly active Australian user number of 200,000 or more, assessed against the most recently ended 12-month financial reporting period and tested on 1 January each year. The revenue test is set at $1 billion or more and looks through a broader group structure, including controlled entities and controlling entities, while avoiding double counting where consolidated revenue already captures the relevant figures.

This is significant because it means scope is not simply a question of how large a single local service feels. It is tied to both service-level user activity and broader group-level financial structure. For context, the SPF overview explains how this designation logic fits within the broader framework.

Why the thresholds look simple but are not

The attraction of threshold tests is obvious. They provide a way to avoid pulling every small or marginal service into a major regulatory regime. But threshold logic only looks simple until firms have to apply it in real life.

For example, what counts as an active Australian user in practice? The consultation guide says the intention is to capture users who accessed the service from within Australia at least once during the relevant month. Firms will need consistent measurement logic, service-level attribution and confidence that their internal counting methods would withstand scrutiny. The same is true of revenue. The test is intended to apply on a global basis and includes entities that are part of a multinational group with global revenue over $1 billion — which means some firms modest in one local context may still be drawn into scope because of their broader group structure.

Where practical friction is likely to emerge

Several friction points are easy to foresee.

• The first is timing. The rules assess both tests on 1 January each year, but financial reporting periods do not always align with the calendar year.
• The second is service granularity. Large digital businesses often operate multiple products, features or monetisation layers. The user question is not only “how many users do we have?” but also “which service exactly is being counted, and on what basis?”
• The third is documentary burden. Once scope depends on thresholds, the ability to evidence those thresholds becomes important. A platform may believe it is out of scope, but the operational question is whether it can prove that position credibly if challenged.

This documentary burden is directly connected to what the evidence framework analysis describes — SPF increasingly rewards organisations that can reconstruct and defend their decisions.

Why this is not just a threshold story

The danger is to think the platform conversation stops at who is in and who is out. It does not. Once a platform is in scope, the real burden begins. The draft code for digital platforms moves into user verification, advertiser additional verification, advertisement checks, suspicious behaviour and message detection, monitoring and assessment of advertisements, disruptive action during investigation, removal of content following investigation, and limiting scam advertising.

That means threshold analysis is only the front gate. The heavier question is what lies behind it. This is why scope is such an important strategic issue — it is not just about whether a firm falls under SPF, but about whether the firm is prepared for the operational shift that follows. And the definition of what obligations apply is closely connected to the question of what exactly counts as a scam, explored in detail in our next article: The SPF Definition Fight: What Counts as a Scam, and What Gets Carved Out.

Why proof may matter as much as policy intent

A business may not only need to decide whether it is likely in or out. It may need to be able to support that decision with clear internal measurement, governance and reporting. That brings this topic much closer to the broader SPF shift toward evidence and structured accountability. In that sense, the platform threshold debate is not a side issue. It is part of the larger story of how SPF is becoming more operational, more testable and more demanding of internal clarity.

FAQ