E-markets offer convenient platforms to provide access to products and services through government-enabled marketplaces. This standard for e-markets seeks to provide advice to Commonwealth entities developing business cases, new policy proposals and Cabinet submissions to ensure they align with whole-of-government (WofG) digital and ICT policies and priorities.
Identify similar e-markets for potential reuse, using cross-APS archetypes to identify best-fit solutions
To minimise risk, improve consistency, accelerate delivery and lower the total cost of e-market development, agencies should consider reusing an existing investment/s.
Across government, e-market systems can be broadly categorised into either:
- Informational platforms – offer advice, assistance and best practice guidance on how to best source goods and services needed by entities or their clients.
- Transactional platforms – offer direct access to the goods and services needed by agencies and their clients.
Understanding the use case requirements, and thus platform focus, allows comparability to previous investment across government and the potential avenues for reuse. Aligning to an archetype can help agencies find a reusable, suitable investment efficiently.
Apply human-centred design practices when building e-markets
The Australian Public Service (APS) is tasked with supporting all Australians throughout their lives. Adopting a human-centred design approach ensures services meet populations’ needs by being as accessible and user friendly as possible.
The Digital service standard v2.0 is a set of best-practice principles to help entities design and build digital services that are simple, clear, and fast. Following the Digital service standard ensures digital services provide public value and meet user needs, with ongoing service improvements based on evidence and learnings.
Adopt a consistent, effective and efficient approach for identifying businesses and individuals participating in e-markets
E-markets may facilitate the exchange of sensitive data between multiple parties who may have had no previous relationship with each other. As such, it is critical that both parties are authorised, and where possible identity-verified, to reduce the risk of inadvertent access or damage to sensitive data.
Businesses are encouraged to create authorisations for employees and other individuals who work on behalf of the business. Businesses are responsible for maintaining the integrity of their records. Using global authentication gateways such as PRODA (Provider digital access) is recommended.
Businesses and individuals using e-markets should be verified by an identity system. An identify system is an online environment for identity management transactions governed by a set of system rules (also referred to as a trust framework) where individuals, organisations, services and devices can trust each other because authoritative sources establish and authenticate their identities.
Relevant identity exchange/attribute provider accreditation standard models that should be considered in e-markets design include the Australian Government digital ID system (AGDIS).
User data is at the core of e-markets. E-market solutions should:
- protect user privacy by ensuring that practices relating to the collection and use of user data are lawful, transparent, fair, enable user participation and choice, and provide reasonable security safeguards
- manage digital security risk and implement security measures for reducing or mitigating adverse effects relating to user participation in e-markets.
The Australian Signals Directorate produces the Information security manual (ISM). The purpose of the ISM is to outline a cyber security framework that entities can apply to protect their systems, including those related to e-markets, and associated data from cyber threats. Details in the ISM can be accessed here: Information security manual (ISM).
Ensure e-markets are used to provide products and services in a manner that prevents unfair conduct
Businesses and individuals should adopt fair practices when building and engaging in e-markets by:
- not engaging in conduct that is unfair or deceptive or is likely to mislead or deceive
- not making false or misleading representations about the products or services they supply
- not engaging in unconscionable conduct (such as collecting data from competitors on price on products or services)
- ensuring that there is clear demonstration of intent to buy or sell products or offer services
- ensuring participating businesses are compliant with fair trading laws and operating fairly and competitively. Fair trading laws ensure that businesses inform and protect customers.
The participating businesses should consider:
- Fair trading laws
- The Australian Consumer Law and your business
- The Competition and Consumer Act
- Australian standards
- Codes of conduct.
When selling products or services, businesses need to understand and be compliant with:
- Australia's trade measurement laws
- Displaying prices
- Product labelling
- Secure card payments
- Warranties and refunds.
Australian product safety laws apply to e-markets and at every stage of the supply chain. These laws mean that participating businesses:
- must comply with Australian mandatory safety standards
- must not supply banned products
- must report the death or serious injury or illness of a person that occurred as a result of a consumer product supplied by the vendor
- should immediately recall a product if it may present a safety hazard, does not comply with a safety standard, or is banned – and notify the Australian Commonwealth Minister responsible
- must comply with any recall notices issued under the Australian Consumer Law
- should be aware that compliance with international or other trusted safety standards does not automatically mean compliance with Australian safety standards or bans.
It is businesses’ responsibility to understand Australian product safety laws and make sure they sell safe, compliant products. These obligations have been summarised by the Australian Competition and Consumer Commission.
See: Selling online | Product Safety Australia.
Address data and information privacy and legislative requirements
E-market users should respect privacy by providing clear information about how personal data is handled. Businesses must use and store personal information responsibly, ensuring customer consent, proper security, and anonymisation where appropriate. These practices follow the Australian Privacy Principles, which offer flexible, technology-neutral guidelines for handling personal data.
There are key legislative regimes governing digital information assets of Commonwealth entities:
- The Archives Act 1983 (Cth), aimed at imposing record keeping obligations in respect of Commonwealth records. Digital information assets used in government business are Commonwealth records to be managed in accordance with the Archives Act 1983 (Cth).
- The Data Availability and Transparency (DAT) Act 2022 (Cth) is intended to improve public sector data accessibility, facilitate its consistent sharing with privacy safeguards, enhance integrity and transparency, instil confidence in its use, and establish institutional sharing arrangements.
- The Privacy Act 1988 (Cth) is intended to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.
There are other key pieces of legislation that may apply depending on the operating context of an entity and information set. Each entity should review relevant federal, state and local requirements to ensure full compliance.
For additional information see: Information asset management and Privacy protection.
Adhere to reuse principles
Numerous instances of e-market solutions and platforms exist across government, several of which may be suitable for reuse through either shared service models, creating new instances of existing cloud implementations, or leveraging existing patterns. Using existing e-marketplaces is preferred to the development of new platforms.
Reuse and reuse potential are also enhanced by greater uniformity in data structures, specifically where data is organised and stored in a consistent manner, and uniformity in integration protocols is developed and maintained.
Agencies should look for the existing reusable designs on the AGA website, get in direct contact with entities with comparable use cases, or leverage the existing WofG arrangements and inter-government memorandums of understanding.
The Australian Government Architecture provides information for entities on reuse.