Log in

Australian Cyber Law Map

You are here: Cyber Law » Australian Cyber Law Map » Real Property Law

Real Property Law

14 November 2025 - 14:30 | Version 8 |

Overview

  • In Australia, interests in land are regulated by legislation in each State and Territory that establishes a registry of land title based on the Torrens system, supplemented by common law principles. Nowadays, transfers of land occur electronically through a process known as "e-conveyancing".
  • The e-conveyancing process is governed by the national Electronic Conveyancing National Law (ECNL), which has been amended to regulate the operation of different electronic lodgment network operators and mandate interoperability. This is supported by a detailed policy and regulatory framework, including cyber security and data handling rules for both the system operators (or ELNOs) and the legal practitioners (or Subscribers) who use the system

Background

  • Under the ECNL, conveyancing transactions in mandated jurisdictions (such as NSW) must be undertaken through an online settlement platform operated by an approved ELNO.
  • Following reviews and legislative amendments, the ECNL was updated in 2022 to mandate interoperability. The objective of this reform was to introduce competition by allowing multiple ELNOs to operate and enabling a subscriber on one network (e.g., Property Exchange Australia (or PEXA)) to transact with a subscriber on another. As of late 2025, while the new framework and its supporting rules are in place, the technical implementation of interoperability has been paused by the national regulator, Australian Registrars' National Electronic Conveyancing Council (or ARNECC), pending further review of the functional-technical requirements.
  • Key features of an e-conveyancing platform include:
    • Lawyers and conveyancers (as Subscribers) digitally sign and lodge registry instruments on behalf of their clients, having first completed a Client Authorisation and verified the client's identity.
    • The platform facilitates the electronic transfer of settlement funds between financial institutions.
    • It obviates paper deeds, bank cheques, and in-person settlements, thereby improving the ease and efficiency of the conveyancing process.

Conveyancing Act 1919 (NSW)

Under s 54A of the Conveyancing Act 1919 (NSW), all contracts in relation to the sale of land must be in writing, unless the test for part performance is satisfied. Equivalent rules apply in other Australian jurisdictions.

Real Property Act 1900 (NSW)

Part 6 of the Real Property Act 1900 (NSW) establishes the Torrens register of interests in land. Part 7 of the Real Property Act regulates transfers and dealings with interests in land, such that indefeasible title is acquired upon registration, subject to certain exceptions such as fraud.

Electronic Conveyancing National Law

The ECNL governs the provisioning and operation of electronic conveyancing in Australia. It is implemented by separate legislation in each State and Territory.
  • The Electronic Conveyancing (Adoption of National Law) Amendment Act 2022 (NSW) reformed the ECNL.
  • The operative purpose of these amendments was to mandate competition by requiring ELNOs to establish and maintain interoperability between their networks.
  • The amendments also expanded the Registrar's powers and the scope of the supporting rules to regulate the new, multi-operator environment, including new rules for data standards, interoperability, and the separation of services provided by an ELNO.

Model Operating Requirements (MORs)

The MORs are binding rules made under s 22 of the ECNL that govern the conduct of the Electronic Lodgement Network Operators (ELNOs). The new Model Operating Requirements (Version 7) impose cyber security and data management obligations on the operators to manage the risks of the interconnected system. Such obligations include:
  • Information Security (OR 7.1): ELNOs must establish, implement, operate, monitor, review, maintain and keep current a documented Information Security Management System (ISMS) that is Fit for Purpose.
  • Data Location (OR 7.5): ELNOs must ensure that any computer infrastructure in which Land Information is entered, stored or processed is located in Australia.
  • Data Breach Notification (OR 7.11): If an ELNO becomes aware of a Data Breach, it must Promptly provide the Registrar, any of its affected Subscribers and any ELNOs with which it Interoperates, all details in respect of that event.
  • Vulnerability Testing (OR 7.13): ELNOs must ensure that, at least once a year, an appropriately qualified independent security professional undertakes a vulnerability assessment and penetration testing of its ELNO System.
  • Cloud Security (OR 7.12): Imposes specific security, data location, and audit requirements (such as providing a SOC 2 Type 2 Report) when using a Cloud Service.

Model Participation Rules (MPRs)

The MPRs are binding rules made under s 23 of the ECNL that govern the conduct of Subscribers (the lawyers and conveyancers) who use the system. The new Model Participation Rules (Version 7), which came into effect in 2024, impose cyber security and data handling obligations on Subscribers, including:
  • Identity Verification (Rule 6.5): The Subscriber must take reasonable steps to verify the identity of their Clients, mortgagors, and their own staff (Signers) in accordance with the Verification of Identity Standard.
  • Data Retention (Rule 6.6): The Subscriber must retain the evidence supporting an electronic Registry Instrument for at least seven years from the date of Lodgment, including the Client Authorisation and evidence supporting verification of identity.
  • Information Protection (Rule 6.10): The Subscriber must take reasonable steps to ensure that information provided to the Subscriber is protected from unauthorised use, reproduction or disclosure,
  • Protection Measures (Rule 7.1): Subscribers must take reasonable steps to comply with the ELNO's security policy, including the protection of Security Items (like digital certificates and passwords).
  • Cyber Security Training (Rule 7.2.1): Subscribers must ensure that each of their Users (staff) has received training appropriate to their use of an ELN, including cyber security awareness training covering as a minimum secure use of the ELN, secure use of the Subscriber's Systems and secure use of email.

Regulatory and Policy Framework

  • The national e-conveyancing framework is regulated by ARNECC, which develops the binding model rules under the ECNL. Following the 2022 ECNL amendments, this framework has been overhauled to manage interoperability, with a focus on cyber security.
  • Security of Critical Infrastructure Act 2018 (Cth) (SOCI Act) — The e-conveyancing system is designated as a Critical Infrastructure Asset (see Security of Critical Infrastructure (Definitions) Rules (LIN 21/039) 2021). This means the ELNOs are also regulated by the Cyber and Infrastructure Security Centre (CISC) and must comply with the SOCI Act. This includes obligations such as:
    • Adopting a Critical Infrastructure Risk Management Program (CIRMP).
    • Mandatory Cyber Incident Reporting to the ACSC (within 12 hours for a "significant impact" incident and 72 hours for a "relevant impact" incident).
    • Notifying data service providers that they are handling data for a critical infrastructure asset.

Relevant Organisations

This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding AustLII Communities? Send feedback
This website is using cookies. More info. That's Fine