Summary
- The Optus outage on 8 November 2023 was a national telecom continuity failure with a public-safety edge. The government-commissioned Bean Review estimated that around 10 million customers and nearly half a million businesses were affected, while ACMA later found that Optus failed to provide access to the emergency call service for 2,145 people.
- The technical trigger was not a simple "the internet went down" event. ACMA's investigation says a routine software upgrade in Singtel's international upstream transit network caused traffic to be rerouted, Optus received a large increase in IPv6 routing information, core routers exceeded pre-set third-party vendor safety limits, and those routers self-isolated.
- Emergency calling did not fail only because ordinary Optus service failed. The more serious continuity problem was that some 3G radio units continued radiating signals even though emergency calls could not progress through the Optus core. Some devices tried to use those Optus signals rather than camping on to another carrier, and Optus lacked the remote management path needed to force those 3G sites to wilt during the outage.
- ACMA treated this as a controllable compliance failure, not an unavoidable upstream event. Its report says Optus controlled the configuration, architecture, routing propagation, O&M network dependence, and change-management response of its own network. Optus disputed parts of that framing, but the regulator rejected the argument that the outage was beyond Optus' control for emergency-call purposes.
- Customer and stakeholder communication became a second accountability track. The Bean Review found communications with customers inadequate, said voluntary guidance did not appear to have been followed, and recommended mandatory customer-communication requirements for major outages.
- The post-outage reform record matters because it shows what had been missing: a Triple Zero custodian, six-monthly end-to-end emergency-call testing, real-time outage data sharing, mandatory post-outage reporting, direct notification duties, improved customer communications, and broader government and industry redundancy planning.
The Outage Was a Public-Safety Test, Not Just a Carrier Reliability Event
The Optus outage belongs in the same accountability family as cloud control-plane incidents, airline scheduling collapses, and payment-network outages, but with a sharper public-safety consequence. When a retail app fails, consumers may lose convenience and businesses may lose sales. When a national carrier fails, the immediate continuity question is whether customers can still call emergency services, whether hospitals can coordinate, whether transport operators can continue, whether small businesses can take payments, whether governments can share situational information, and whether vulnerable people know what to do.
The formal public record is unusually strong. The Australian Government announced a post-incident review on 9 November 2023 and later published the Review into the Optus outage of 8 November 2023, led by Richard Bean. The final report says the outage disrupted services for Optus customers and Optus reseller customers, interrupted consumers, businesses, government services, public health, and safety infrastructure, and affected around 10 million customers and nearly half a million businesses.
The Australian Communications and Media Authority then produced the enforcement record. ACMA's November 2024 release, Optus pays $12 million penalty for Triple Zero outage, says subsidiaries of Singtel Optus paid penalties totaling more than $12 million after breaches of emergency-call rules. ACMA found that Optus failed to provide access to the emergency call service for 2,145 people during the outage and failed to conduct 369 required welfare checks on people who had tried to make an emergency call.
Those two records answer different questions. The Bean Review was not an enforcement adjudication. It explicitly said technical causes, regulatory compliance, and the adequacy of any compensation value were outside its core scope. Its focus was what the system could learn about Triple Zero, government response, customer communication, complaints, compensation, and telecom resilience. ACMA's investigation report and infringement notice page, by contrast, is the regulator's compliance record under emergency-call law. A responsible article should use both without collapsing one into the other.
The combined lesson is blunt: telecommunications resilience is not only uptime. It is the carrier's ability to preserve emergency-call access, manage core-network failures, keep management channels reachable, warn other providers, share status with government and emergency actors, communicate accurately with customers, and produce evidence after the fact.
The Technical Chain Was Controllable Enough to Become a Regulatory Finding
The public story of the outage begins with routing information. The Bean Review says a large number of Optus routers automatically self-isolated after an overload of IP routing information. During a software upgrade, the Optus network received changes in routing information from an alternate Singtel peering router, and those routing changes propagated through multiple layers of the IP Core network. Around 4:05am AEDT, pre-set safety limits on a significant number of Optus network routers were exceeded, and connectivity with the core network was lost.
ACMA's investigation adds important detail. The ACMA investigation report PDF says the increase in routing information followed a routine software upgrade in one of Optus' international upstream transit networks, the Singtel internet exchange. STiX routers in North America were upgraded, traffic rerouted to an alternate Singtel peering router in Asia, and the rerouting occurred as expected for such an update. The Optus network then received a large increase in routing information, specifically IPv6 information, which propagated through multiple layers until it exceeded pre-set safety limits on some core routers.
That distinction matters. If the analysis stops at "an upstream Singtel upgrade triggered a problem," practical accountability becomes foggy. ACMA did not stop there. It accepted that the software update caused an increase in routing information, but considered the outage to have been caused by the self-isolation of Optus core routers. It said the maintenance of those routers and the architecture and configuration of the Optus network were within Optus' control. It also said the default limits had been established by a third-party equipment vendor, but could have been changed.
Optus argued that the increase in routing traffic was beyond its control and that neither the equipment vendor nor external experts had identified the router safety-limit risk before the outage. ACMA rejected the broader exculpation. Its report states that the re-routed traffic propagated through several layers of the Optus network without causing other routers in other network layers to self-isolate, and that Optus itself stated the network should have coped with the change. The regulator's accountability sentence is unusually direct: equipment-vendor or external-expert silence did not absolve Optus or transfer the risk associated with poor configuration and change management away from Optus.
This is the heart of the incident. A network operator may rely on vendors, upstream transit arrangements, default settings, external experts, and peer networks. It still owns the architecture that decides whether a reasonable routing change becomes a nationwide carrier failure. It owns route propagation controls, safety-limit review, lab testing, rollback readiness, telemetry, management-plane isolation, dependency mapping, and the business process that asks whether a planned upstream change could overload a local core.
That does not mean every detail was publicly knowable before the event. ACMA's report is redacted in places and does not publish a complete Optus network map. It also does not prove that one named engineer, vendor, or executive had direct knowledge of the precise failure chain. The accountable claim is narrower and stronger: the configuration and architecture were under Optus' practical control, and the regulator found that reasonably practicable steps could have improved resilience before the outage.
Triple Zero Failed at the Boundary Between Network Failure and Fallback Design
The most serious continuity failure was not that ordinary Optus service was down. A national carrier outage is bad enough. But the emergency-call system is supposed to have a fallback behavior when a mobile user's home network is unavailable. In broad terms, a mobile device can "camp on" to another available network for emergency calls if the home network cannot carry the call.
The Bean Review explains why that did not work reliably on 8 November. With the loss of core-network connectivity, Optus' 4G and 5G base stations automatically wilted, or shut down, so devices could search for other networks. Optus' 3G radio units, however, continued radiating signals because they maintained connectivity to the core network through a voice channel, even though calls could not progress to Triple Zero because of the core-network failure. Some devices detected those 3G signals and attempted emergency calls through Optus rather than seeking another network. The calls received an error signal from the Optus network.
ACMA's report states the same problem in enforcement language. The outage caused loss of connectivity to Optus' Operations and Maintenance network. That O&M network was used to monitor network elements, including base stations. The loss made it difficult for Optus to identify that 3G units continued to radiate a signal and maintain voice transmission capabilities during the outage. The 3G signal prevented most mobile devices from camping on to other networks when making emergency calls, even though calls could not be carried by Optus.
The fallback therefore failed at the exact point where ordinary customers could not see the difference. A person in distress would not know whether their phone was attached to a broken 3G radio, attempting to camp on to another carrier, or silently caught between access-network and core-network states. From the user's perspective, the only meaningful question is whether the emergency call is established and maintained.
That is why ACMA's emergency-call numbers matter. The regulator found 2,145 unsuccessful emergency calls listed in its attachment. It found that Optus Mobile failed to give 2,091 end-users who made emergency calls to 000 or 112 access to the emergency call service, Optus Networks failed for 41 such end-users, and Optus Internet failed for 12. It also found one failed 106 call for a fixed-line service supplied by Optus Networks. It found that 2,145 calls were not carried to the relevant termination point.
The regulatory frame rejects a paperwork-only view of emergency access. Optus argued, according to the ACMA report, that the relevant requirement was about network configuration rather than connecting actual calls. ACMA rejected that view, citing the legal concept that a person does not have access to an emergency call service unless a call can be established and maintained when attempted. In other words, emergency access is not satisfied by nominal architecture if the user cannot get through.
This is a central accountability lesson for all critical networks. A fallback does not exist because diagrams say it exists. It exists when real devices, real radio states, real core failures, and real emergency-call routing behave correctly under stress.
Out-of-Band Management Was Not a Side Issue
Out-of-band management is easy to treat as an engineering detail until the moment a network is down and the operator cannot reach the components it needs to control. In the Optus case, it became a public-safety control.
The Bean Review says two root causes of Optus' inability to ensure customers could successfully call Triple Zero through camping on to other networks were the inability to reach core infrastructure through the Operations and Maintenance network or the Out of Band network, and the inability to force 3G radio base stations to wilt. The review records that Optus said it had post-outage options if the OAM network was available, including remotely overriding automatic wilting, but that on 8 November the OAM network was not available and Optus could not manually or remotely shut down the 3G network to force wilting.
ACMA made the same point more sharply. Its report says the O&M network is essential for maintaining proper and effective network functioning because it monitors status and manages parts of the network, including mobile base stations. It found that Optus had failed to take practicable steps to implement out-of-band network connections to effectively manage the network in the event of an outage. It considered the O&M network design should have reduced dependence on the core network so the risk of cascading failures was reduced to an acceptable level.
Optus told ACMA that the OOB network was not used to carry emergency calls and therefore was not subject to the relevant section of the emergency-call determination. ACMA rejected that contention. The regulator said OOB failure was relevant because failures relating to the O&M network meant the broader network did not function properly and effectively. It said effective OOB operation could have reduced the scope, impact, and duration of the outage by providing a reliable method for maintenance on affected parts of the network, particularly the failure to wilt 3G towers.
That finding is important beyond Optus. Management networks, remote access paths, power controls, observability systems, privileged access, and emergency operational runbooks are often treated as internal reliability controls. In critical infrastructure, they become public controls. They decide whether the operator can put the network into a safer degraded state when the main service plane has failed.
The safer degraded state here was not "restore everything instantly." It was more basic: stop radiating a misleading 3G signal so handsets could attempt emergency calls through another network. The engineering task was therefore bound to the human consequence. A management-plane dependency prevented a public-safety fallback from working at scale.
Customer Communication Became Its Own Continuity Failure
The outage also exposed the limits of voluntary customer-communication practice. The Bean Review records that Optus issued its first media statement at 6:33am, about two and a half hours after the outage began, then another at 8:16am. Optus said it considered media communication the fastest and most effective route because customers could not access Optus services. It also contacted business customers, posted on its website and social channels once back online at 12:55pm, provided retail-store information from 2:00pm, and the chief executive conducted 11 media interviews.
The review did not accept that this was enough. It says Optus considered its communications adequate and appropriate, but that this view was not shared by others, including the review. It reports customer dissatisfaction, public letters and emails to the Minister for Communications, and consumer advocates' concern that the lack of timely and clear information caused distress, especially for vulnerable people, people with disabilities, lower-income users, and regional, rural, and remote communities.
The review's conclusion is plain: communication during the Optus outage was inadequate. It points to delays in advising customers, lack of detailed answers about cause and impact across the day, and lack of rectification timeframes. It also says the Communications Alliance Emergency Communications Protocol guideline was limited, left much to provider discretion, and did not appear to have been followed by Optus.
This is not merely reputational. Communication is a continuity control. A customer without mobile or internet service needs to know whether Triple Zero can be reached, whether a landline is affected, whether they should move location, whether hospitals and aged-care providers have alternate contact channels, whether payment terminals are affected, whether resellers are part of the outage, whether business services are affected, and when to stop waiting and shift to a backup provider.
For small businesses, the communication problem is especially concrete. The review estimated nearly half a million businesses were affected. A cafe that cannot process card payments, a medical practice that cannot receive calls, a courier relying on mobile data, or a sole trader waiting for customer calls needs restoration information that supports decisions. Should staff be sent home? Should cash-only processes be started? Should a backup SIM be distributed? Should appointments be cancelled? "We are working on it" does not answer those operational questions.
The review's recommendation followed naturally: ACMA should develop a standard or determination requiring carriers to communicate specific information to customers during and about outages. That is a shift from brand-managed crisis communication to regulated minimum communication.
Resellers and Other Providers Were Not Just Bystanders
The Optus network supported customers of resellers as well as direct Optus customers. That created another accountability layer: when the underlying carrier fails, downstream carriage service providers and their customers need direct, usable notification.
ACMA found that Optus Mobile and Optus Networks breached notification duties to other carriage service providers. The regulator's report says Optus Mobile provided a list of 16 CSPs and Optus Networks provided a list of 20 CSPs to which they provided relevant access. Optus primarily relied on national media channels, social media, media releases, and website updates to notify CSPs that used the Optus network. ACMA considered those statements broad public communications rather than direct notices to the CSPs themselves and found they did not meet the notification requirements. Optus acknowledged it failed to directly notify the CSPs identified in the preliminary findings.
This matters because wholesale dependency changes the shape of customer harm. A reseller customer may not know the underlying network is Optus. A reseller support desk may be flooded with complaints while lacking direct status, technical facts, emergency-call information, or restoration estimates. Downstream providers may need to push alerts, adjust customer-service scripts, warn vulnerable users, and coordinate with enterprise customers.
In a national outage, media releases cannot substitute for direct operational notification. Critical dependency chains need named contacts, escalation paths, status feeds, and pre-agreed language. The accountable operator must know who depends on its network before the outage, not discover those relationships through public confusion during the outage.
The Bean Review's broader coordination findings point in the same direction. It found communication, collaboration, and information-sharing deficiencies throughout the day and said existing protocols did not operate effectively to provide a clear and coordinated response across key stakeholders. The Protocol for Notification of Major Service Disruptions was not adhered to. The National Coordination Mechanism was activated in the afternoon and held two meetings, but the review found that earlier, clearer government-led coordination would have been valuable.
Parliamentary scrutiny widened the same record. The Senate Environment and Communications References Committee's Optus Network Outage report and its public submissions collection show how consumer groups, industry participants, government bodies, and affected stakeholders treated the outage as a public accountability event rather than a private customer-service dispute. That parliamentary material does not replace ACMA's enforcement findings, but it reinforces the point that a national carrier outage creates evidence needs across the whole ecosystem.
Carrier outages are therefore not bilateral events between a company and its retail customers. They move through resellers, emergency-service organizations, the Emergency Call Person, regulators, ministers, state and territory agencies, hospitals, transport operators, payment providers, and business customers. Responsibility follows the dependency graph.
Welfare Checks Showed the Human End of the Compliance Chain
Emergency-call failure does not end when the network returns. If someone attempted an emergency call and failed, the system must answer a human question: did the person later receive help?
ACMA found that Optus failed to conduct required welfare checks for 369 calls. Its report says Optus conducted welfare checks as soon as practicable for 183 of the 2,145 calls. It accepted that an exception applied for 31 calls because the end-user subsequently made a successful emergency call that camped on to the Telstra network. It accepted that another exception applied for 1,562 calls because the location of the mobile customer equipment had changed since the call was made. That left 369 calls requiring welfare checks. Optus acknowledged it failed to undertake the welfare checks for those calls, 361 involving Optus Mobile end-users and eight involving Optus Networks end-users.
The welfare-check duty is not a bureaucratic afterthought. It is the system's last known chance to identify a person who tried to reach help and may still be at risk. The process can involve phone or SMS contact and, if contact fails, referral to a state or territory police force. A carrier that cannot identify unsuccessful emergency calls, check whether later successful calls occurred, or perform welfare checks promptly has a continuity gap that persists after signal restoration.
This is where telecom accountability becomes most human. The failed call log is not merely a dataset. Each record may represent a person in a medical emergency, a violent incident, a fire, a road crash, or a vulnerable household. A network operator's evidence practices, call-detail records, exception logic, customer-location handling, and post-outage workflows decide whether that person disappears into the outage statistics or receives follow-up.
The ACMA release's phrasing is appropriately severe. It says Triple Zero availability is the most fundamental service telcos must provide to the public, and that when an emergency call fails to connect there can be devastating consequences for public health and safety. The release also says Optus failed to follow up on the safety and wellbeing of more than 360 customers once the outage was resolved.
No public record should overstate what is known. ACMA's report does not publish individual emergency circumstances for the 2,145 unsuccessful calls. It does not say that each failed call caused a specific injury. It does establish that emergency access and follow-up duties failed at scale, and that is enough for a high-confidence accountability conclusion.
Governance Consequences Reached the Top of Optus
The outage also produced visible executive consequences. On 20 November 2023, Singtel announced that Optus chief executive Kelly Bayer Rosmarin had resigned. Singtel's company announcement said she had led Optus through a challenging period and that the company would appoint an interim CEO while searching for a replacement. The announcement did not by itself assign legal liability for the outage, but it showed that accountability moved above engineering management.
Singtel's own financial reporting recorded the operational significance. The Singtel annual report discusses Optus as a major business and reflects a period of operational and reputational pressure following the outage and earlier cyber issues. Annual reports are not forensic incident reports, but they show how a national outage becomes a governance, brand, investment, and regulatory matter for a parent group.
The executive layer should not obscure the engineering layer. CEO resignation is not a substitute for changed route controls, emergency-call testing, OOB management hardening, reseller notification, or welfare-check discipline. But leadership turnover is relevant because a telecom carrier's resilience posture is a product of budgets, risk appetite, modernization priorities, vendor oversight, board pressure, regulator relationships, and crisis preparation.
The Bean Review's recommended reform package reinforces that the problem was not one person. It made 18 recommendations spanning emergency-call obligations, custodian oversight, six-monthly end-to-end testing, device behavior, real-time outage data sharing, post-outage reports, disruption protocols, the Emergency Call Person contract, government coordination, customer communications, complaints, compensation, temporary roaming, mutual assistance, remote access to network-management tools, government redundancy, and review of Triple Zero legislation and regulation.
The Australian Government response accepted the need for systemic reform. The government's response to the Bean Review supported or supported in principle the recommendations and committed to changes across the telecom ecosystem. That posture is important because it avoids pretending the outage was only a private company problem. Optus had direct operational responsibility for its network, but government also had to confront gaps in oversight, coordination, and emergency-call governance.
The Triple Zero Custodian Is a Governance Answer to an Ownership Gap
One of the Bean Review's most important findings is that Triple Zero operates as an ecosystem. A caller's emergency access depends on the originating carrier, device behavior, network state, the Emergency Call Person, emergency service organizations, regulators, contracts, industry committees, and state and territory responders. Before the outage, no single body had end-to-end custodial responsibility for that ecosystem.
The review says Telstra is the Emergency Call Person for 000 and 112 under contractual and regulatory arrangements, answering and transferring Triple Zero calls. It also says the ECP contract does not require Telstra to oversee end-to-end delivery of the Triple Zero service or act as custodian of the ecosystem as a whole. ACMA regulates compliance, but regulation is not the same as operational custodianship. Existing committees support coordination, but the review found they were not well adapted to acting as a custodian.
Telstra's public emergency services information is useful context for the ECP role because it describes the public-facing emergency-call pathway without turning Telstra into the owner of every originating carrier's network condition. The accountability distinction matters: the Emergency Call Person can answer and transfer calls it receives, while Optus still had to ensure its customers could reach that pathway during a network failure.
That gap became visible in the Optus outage. If a carrier's network is failing, if some radio layers behave differently from others, if a handset may or may not camp on, if other providers need real-time status, if emergency services need to understand what is happening, and if government needs a shared picture, who owns the end-to-end health of the system? The review's answer was to establish a Triple Zero custodian with oversight of and overarching responsibility for the efficient functioning of the ecosystem, including monitoring end-to-end performance.
The Department's current Triple Zero Custodian material shows that this reform moved beyond recommendation. The custodian function is meant to improve oversight, coordination, monitoring, and information sharing across the Triple Zero ecosystem. That is not the same as making one body responsible for every carrier's network design. It is a way to ensure that the system has someone looking across the whole chain rather than only at individual statutory silos.
For accountability analysis, the custodian reform changes the future standard. A carrier will still be judged on its own architecture and emergency-call obligations. But the broader system should also be judged on whether it can detect end-to-end degradation, compel real-time information sharing, coordinate public messages, and learn from near misses before a failed call becomes a tragedy.
Mandatory Testing Is the Difference Between Assumed Fallback and Proven Fallback
The review recommended six-monthly end-to-end testing of all aspects of the Triple Zero ecosystem within and across networks. It said testing should include network functionality and capability during outages of various types, behavior of all known devices in different circumstances, and interoperability from originating carrier to ECP to emergency service answering point during outages. Identified deficiencies should be reported to ACMA with remediation plans and timetables.
That recommendation targets the precise weakness exposed by Optus. The emergency camp-on feature may work in many ordinary loss-of-coverage scenarios. The question is whether it works when a carrier's 4G and 5G sites wilt but 3G sites continue radiating, when the core is unreachable, when O&M paths are down, when devices vary by model and firmware, and when a customer is moving through coverage boundaries.
Testing has to be adversarial enough to break comforting assumptions. It should include partial failures, misleading signals, stale radio states, failed management planes, reseller customers, old devices, bring-your-own-device populations, rural coverage edges, enterprise voice services, and fixed-line services. It should ask not only "does the call connect?" but "does the operator know which users failed, can failed-call records be reconciled, can welfare checks be initiated, and can public guidance be issued?"
ACMA has already updated emergency-call requirements and signaled further changes. Its release says updates were made to the Telecommunications (Emergency Call Service) Determination 2019, and that it was developing a new industry standard for customer communications during outages and changes to complaints handling. The Telecommunications (Customer Communications for Outages Industry Standard) 2024 is part of that post-outage move toward mandatory communication conduct.
The difference between voluntary guidance and mandatory testing is evidence. After the next outage, a carrier should be able to show the last cross-network emergency-call test, the device classes tested, the failure modes simulated, the deficiencies found, the remediation timeline, the regulator reports, and the governance owner. Without that record, "we believed fallback would work" is not a resilience argument.
Complaints and Compensation Were Too Individualized for a Mass Outage
The Bean Review also examined complaints and compensation. The issue was not simply whether Optus gave customers anything. Optus announced extra data for eligible mobile and prepaid customers and faster home internet speeds for the month of December for home internet customers. The review noted reported dissatisfaction with the offer and focused on whether existing complaint and compensation mechanisms were adequate for a crisis-scale outage.
The Telecommunications Industry Ombudsman plays a central role in individual complaints. The review describes the Telecommunications Industry Ombudsman as a free and independent dispute-resolution service for consumers, small businesses, not-for-profits, occupiers, and owners of property with complaints about phone or internet providers. The TIO can assist in certain compensation claims, including lost business profit due to network faults, costs of alternative services, and non-financial inconvenience in some circumstances.
But a mass outage stresses individualized complaint handling. The review recommended amending complaints handling standards and record-keeping rules so they account for network outage impacts and the community's expectations during crisis events. It also recommended an industry-wide standardized approach to resolutions available to consumers affected by crisis or large-scale outages, including possible compensation forms and penalties.
This is especially relevant for small businesses. A sole trader or small retailer may have suffered a half-day of lost payments, missed calls, failed bookings, or staff downtime. The losses may be real but hard to prove at a level that justifies formal dispute escalation. A standardized outage-compensation framework cannot capture every loss, but it can reduce the administrative burden of making thousands of people prove small claims one by one.
The ACCC and consumer-protection architecture are relevant in the background because telecom outages can produce both service-quality and market-conduct questions. The Bean Review's discussion of designated complaints mechanisms points toward collective handling of significant or systemic issues affecting consumers or small businesses. That does not mean every outage should produce automatic large payments. It means the system needs a mass-event pathway that recognizes the practical cost of individual proof.
The larger continuity lesson is that compensation is not a substitute for resilience. Extra data does not restore a failed emergency call. A bill credit does not reopen a business at the moment its payment terminal is down. But compensation and complaints design are part of accountability because they decide whether harm is acknowledged and resolved proportionately after the service failure.
Public-Sector Continuity Was Both Victim and Response
The manifest category for this article includes public-sector continuity because the Optus outage directly touched government and emergency-service functions. The Bean Review says hospitals were hampered, transport networks were disrupted, and government services were affected. It also says Australian telecommunications networks underpin essential government, public health, and safety infrastructure.
That context is not rhetorical. The Cyber and Infrastructure Security Centre's telecommunications sector information places telecommunications inside Australia's critical infrastructure framework, which is why a carrier outage can quickly become a public administration problem. The Australian Government's Crisis Management Framework and the National Emergency Management Agency provide the broader coordination backdrop for the review's criticism that outage information, escalation, and whole-of-government response needed clearer pathways.
The public sector had a dual role. It was a user of the network and a coordinator of the response. Government agencies needed connectivity and situational awareness. The National Coordination Mechanism met in the afternoon of 8 November and included representatives from Australian Government bodies and state and territory first ministers' departments and emergency response agencies. The review found those meetings operated effectively once convened, but also found that existing protocols and frameworks did not provide a clear, coordinated response across the day.
The review recommended improving the Protocol for Notification of Major Service Disruptions with clear requirements for government communication and collaboration during telecom outages through a central coordination point. It said this should cover carriers, relevant ministers, Commonwealth, state and territory agencies, the TIO, ACCC, ACMA, emergency service organizations, and other relevant parties. It also recommended that Australian governments review arrangements for maintaining their own operations during outages, including telecom redundancy for critical services.
That last point is essential. Government cannot regulate a national outage effectively if government agencies themselves have no redundant communications. Public hospitals, emergency agencies, transport control rooms, welfare services, courts, schools, and local governments should not assume that a single carrier connection is adequate for crisis operations. The carrier is accountable for its network; public bodies are accountable for knowing their own dependency on it.
This is not a call for every small office to build a telecom bunker. It is a call for tiered redundancy according to criticality: multi-carrier mobile service for emergency staff, backup internet paths for control centers, analog or radio fallback where appropriate, printed contact lists, crisis messaging channels not tied to a single provider, and tested workarounds for payments, dispatch, and patient communication.
The Optus outage was therefore a continuity audit for the country. It showed not only where Optus failed, but where hospitals, businesses, agencies, and households lacked practical fallback plans.
The Accountability Map: What Optus Controlled and What It Did Not
A fair accountability map separates trigger, controllable architecture, operational response, regulatory framework, and downstream preparation.
Optus did not directly control every upstream action in Singtel's international network. It did not manufacture every router. It did not design every handset's emergency-calling behavior. It did not manage every reseller's customer communications. It did not operate the Emergency Call Person or emergency service organizations. It did not create the pre-existing statutory fragmentation around Triple Zero ecosystem oversight.
But Optus did control, or materially influence, the architecture of its own network, the configuration of routers, the decision to retain third-party default safety limits or change them, the routing-propagation design, the O&M and out-of-band management dependence on the core network, the ability to force 3G wilting, the testing of emergency-call behavior under core failure, direct notification of downstream CSPs, public communication, business-customer communication, failed-call records, welfare-check execution, and post-outage remediation evidence.
The regulator's findings support that allocation. ACMA found the outage was preventable to the extent the self-isolation of core routers, architecture, and configuration were within Optus' control. It found Optus failed to maintain proper and effective functioning of controlled networks and facilities. It found failed emergency-call access, failed call carriage to termination points, failure to notify certain CSPs directly, and failure to perform required welfare checks.
Government controlled a different layer: whether the ecosystem had a custodian, whether mandatory communication and testing rules existed, whether disruption protocols were clear, whether agencies had redundancy, whether legislation kept pace with mobile dependence, and whether regulator powers were sufficient. The government's acceptance of reform recommendations is an implicit admission that the old system did not create enough shared assurance.
Customers and small businesses controlled the least. Some could buy backup SIMs, keep cash-handling procedures, maintain alternate internet, or use multiple carriers for critical operations. But individual customers cannot test a national carrier's 3G wilting behavior. A small business cannot inspect Optus' out-of-band network. Emergency callers cannot choose architecture during a crisis. That asymmetry is why carrier accountability must be stronger than ordinary consumer caveat emptor.
What Should Be Retested Before Trust Is Restored
The practical test after Optus is not whether the company can say it made changes. It is whether those changes can be evidenced under stress.
First, routing change assurance should be retested. Optus and other carriers should be able to show how planned upstream route changes are modeled, how IPv6 route-table growth is bounded, how router safety limits are reviewed, how default vendor settings are challenged, how lab environments reproduce failure modes, and how change freezes or rollback rules apply when critical network layers are at risk.
Second, emergency-call fallback should be retested across radio generations, including residual 3G lessons even after network shutdown. The lesson should not be treated as obsolete because 3G networks are being retired. Future failures may involve 4G, 5G standalone cores, voice over LTE, voice over Wi-Fi, enterprise voice, fixed wireless, satellite adjuncts, or device-specific behavior. The principle is that no access layer should mislead a device into attempting a call that cannot progress if another network could carry it.
Third, O&M and out-of-band access should be retested as a survival system. Management paths need independence, capacity, authentication, and operational drills. The question is not whether engineers can reach systems on a normal day. It is whether they can see and control the right components when the core network is partially down, telemetry is incomplete, and public safety depends on putting the network into a safer degraded state.
Fourth, stakeholder communication should be tested with real templates and contact lists. A national outage should trigger direct reseller notices, emergency-service status, government coordination, customer messages, media updates, website and status-page publication, retail scripts, business-customer advisories, and vulnerable-customer guidance. The ACMA customer communications standard should be treated as a floor, not as the full playbook.
Fifth, welfare-check operations should be drilled. Failed emergency-call records must be captured, deduplicated, classified under exceptions, referred when needed, and audited. The operator should be able to show how many calls failed, how many later succeeded, how many required welfare checks, how quickly checks began, and how exceptions were validated.
Finally, the reform ecosystem should be publicly reported in enough detail to support trust. The public does not need sensitive network diagrams. It does need evidence that the last outage produced tested changes, enforceable rules, named custodianship, and clear accountability for the next failure.
The Broader Lesson Is That Fallback Is a Product, Not a Promise
Optus' 8 November 2023 outage is often remembered as a day without phones and internet. That is accurate but incomplete. Its real significance is that it exposed the fragile boundary between assumed fallback and proven fallback.
Triple Zero access depended on many things working together: routers absorbing route changes, core-network connectivity, base-station wilting, handset camp-on behavior, O&M visibility, emergency-call carriage, ECP availability, reseller notification, welfare-check procedures, and public guidance. Some parts worked. Others did not. The consequence was that thousands of emergency calls could not be established and maintained.
The post-outage public record is unusually explicit about control. ACMA did not accept that upstream change, vendor defaults, or external expert silence removed Optus' accountability for its own network architecture and configuration. The Bean Review did not attempt to apportion blame in the same way, but it identified system gaps that had to be fixed: no end-to-end custodian, insufficient mandatory testing, weak communication rules, unclear coordination, and inadequate preparation for broad telecom outages.
That is the mature accountability frame. The carrier is responsible for the resilience and emergency-call behavior of its network. The regulator is responsible for enforceable minimums and compliance action. Government is responsible for system coordination and public-sector redundancy. Businesses are responsible for realistic dependency planning. Customers should not be expected to understand telecom architecture before dialing Triple Zero.
The outage also shows why public trust cannot be restored by apology alone. Trust is restored by evidence: tested routing controls, hardened management paths, proven emergency-call fallback, clear customer communication, direct stakeholder notification, completed welfare checks, standardized remedies, regulator enforcement, and public reporting that lets the community see what changed.
In that sense, the Optus outage was not just a failure of connectivity. It was a failure of accountable assurance. A carrier that sells itself as national infrastructure must be able to prove that when its main network falls, the emergency path, the management path, and the public-information path do not fall with it.

