What Is an Enforceable Undertaking? Australian Business Compliance Guide

Navigating compliance can feel overwhelming, especially when you hear terms like “enforceable undertaking” used by regulators. The good news? Once you understand what an enforceable undertaking is, when it’s used, and what it requires, you can manage risks confidently and keep your business moving forward.

In this guide, we break down enforceable undertakings in plain English, explain how they work in Australia, and share practical steps to stay compliant and protect your brand.

What Is an Enforceable Undertaking?

An enforceable undertaking is a formal, written promise given by a business (or individual) to a regulator in response to concerns about potential breaches of the law. It’s a legally binding commitment to take certain actions (or stop certain conduct) to address issues and prevent them happening again.

In Australia, enforceable undertakings are commonly used by regulators such as the Australian Competition and Consumer Commission (ACCC), the Australian Securities and Investments Commission (ASIC), the Fair Work Ombudsman (FWO), and work health and safety (WHS) regulators in each state and territory (for example, SafeWork NSW, WorkSafe Victoria and others), as well as Comcare for the Commonwealth jurisdiction.

The key idea is cooperation and remediation. Rather than proceeding straight to court, the regulator may accept an undertaking that sets out concrete steps you’ll take to fix problems, compensate affected people where appropriate, and improve your systems.

Are They Really “Enforceable”?

Yes. Once accepted by a regulator, an enforceable undertaking is legally binding. If a business does not carry out its commitments, the regulator can apply to the relevant court for orders to enforce the undertaking. Depending on the legislation involved, the court can order compliance and impose consequences for non-compliance.

Importantly, accepting an enforceable undertaking does not give you a free pass. Regulators generally reserve the right to take action if you breach the undertaking, if new issues arise, or if the undertaking is not appropriate for the conduct in question.

When Do Regulators Use Enforceable Undertakings in Australia?

Regulators consider enforceable undertakings in a range of situations, often where they’re confident an issue can be addressed quickly and transparently without a lengthy court process. Typical scenarios include:

• Suspected breaches with a credible plan to fix them: For example, misleading advertising under the Australian Consumer Law (ACL), payroll underpayments, or gaps in WHS systems.
• Systemic or widespread issues that need structured remediation: Think ongoing compliance failures that affect many customers or workers.
• Early resolution: Where the business cooperates, acts promptly, and can commit to practical remedies, an undertaking may be more effective than immediate litigation.
• Voluntary proposal: A business may offer an undertaking, but regulators are not obliged to accept it if they consider other enforcement action more appropriate.

Common Areas Where Undertakings Appear

• Consumer protection: Misleading or deceptive conduct (for example, statements caught by section 18 of the ACL) or false representations (such as conduct addressed in section 29).
• Employment and workplace: Wage underpayments, sham contracting, or record-keeping failures investigated by the FWO.
• Work health and safety: Safety incidents or system failures overseen by state/territory WHS regulators or Comcare (not Safe Work Australia, which sets national policy but does not accept undertakings).
• Financial services and credit: Conduct regulated by ASIC, including compliance program failures and consumer remediation.
• Environmental and other regulated sectors: Where a statute provides for undertakings as a compliance tool.

What Can an Enforceable Undertaking Require?

Every undertaking is tailored to the issues at hand, but most include clear, measurable actions and timeframes. Typical commitments might include:

• Stopping the problematic conduct: Cease or amend the practices that led to the alleged breach.
• Independent reviews or audits: Engage an external auditor to review your systems (e.g. payroll, product claims, safety procedures) and report findings.
• Compliance improvements: Build or upgrade training, policies and controls to prevent repeat issues; sometimes overseen by an independent compliance officer.
• Remediation and rectification: Refund consumers, back-pay employees, or otherwise compensate affected stakeholders.
• Transparency measures: Provide corrective advertising, customer notifications, or public statements where appropriate.
• Reporting to the regulator: Periodic progress reports, audit outcomes and attestations of compliance, often for a set period.

For example, if a retailer’s advertising overstated product features, an undertaking might require corrective advertising, staff training on advertising standards, a review of approval processes, and periodic compliance reporting to the ACCC.

How Are Enforceable Undertakings Monitored and Enforced?

Once in place, undertakings are closely monitored. Regulators typically require:

• Regular reporting: Written updates that demonstrate progress and completion of key milestones.
• Independent oversight: External audits or reviews, with the auditor’s reports provided to the regulator.
• Documented evidence: Policies, training records, system changes and remediation records are often requested.

If a business fails to comply, regulators can apply to the relevant court for orders to enforce the terms. Non-compliance can also trigger separate investigations or enforcement action under the underlying legislation.

It’s also worth noting that undertakings are commonly published, which means stakeholders and the media may scrutinise your progress. Meeting every commitment on time is critical for rebuilding trust.

Practical Compliance Steps For Australian Businesses

Most businesses will never need an enforceable undertaking if they invest in good compliance up front. A practical, risk-based approach includes:

1) Map Your Legal Obligations

• Consumer law: Make sure advertising and claims are accurate and proved by evidence. This includes avoiding misleading conduct captured by provisions like section 18 and false or misleading representations addressed in section 29.
• Employment and workplace: Pay correct rates, keep records, and provide a safe workplace. Put a clear Employment Contract in place for each staff member and support it with appropriate workplace policies.
• WHS obligations: Identify hazards, implement controls, and provide training in line with your state or territory’s WHS laws (or Comcare if relevant).
• Privacy and data: If you’re an APP entity under the Privacy Act (for example, many businesses with annual turnover over $3 million, or smaller businesses in certain categories like health service providers or those trading in personal information), you must manage personal information lawfully and keep it secure. Even if you’re exempt, publishing a clear Privacy Policy is good practice and often expected by customers.

2) Build Strong Internal Controls

• Train staff regularly and keep records of that training.
• Document approval workflows for higher-risk activities (e.g. marketing claims, payroll changes, safety procedures).
• Carry out periodic audits so you spot issues early.

3) Set Clear Terms With Customers and Suppliers

• For online businesses, publish fair and transparent Website Terms and Conditions and ensure your refund processes align with the ACL.
• If you process or share sensitive information, put suitable confidentiality protections in place, such as a Non-Disclosure Agreement.
• Review standard form contracts for unfair terms risks; many businesses conduct a periodic unfair contract terms review to reduce exposure.

4) Respond Early If a Regulator Contacts You

• Engage with the regulator respectfully and gather the facts quickly.
• Don’t offer or agree to an undertaking without understanding the full scope, costs, and timeframes.
• Get tailored legal guidance before committing to any terms - your obligations will be public and enforceable.

Key Legal Documents To Reduce Compliance Risk

Well-drafted, tailored documents make it easier to meet your obligations day-to-day and demonstrate a mature compliance posture if regulators come knocking. Consider the following:

• Employment Contract: Sets clear duties, entitlements and expectations for staff, supporting Fair Work compliance. See Employment Contract.
• Workplace Policies: Procedures for leave, conduct, WHS, bullying and harassment, and complaints handling help you prevent issues and manage them consistently. See Workplace Policy.
• Privacy Policy: Explains how you collect, use and store personal information and aligns your practices with the Privacy Act if you’re an APP entity. See Privacy Policy.
• Website Terms and Conditions: Clarifies how your site can be used, payment and delivery terms, and how you handle returns and disputes. See Website Terms and Conditions.
• Non-Disclosure Agreement (NDA): Protects confidential information shared with suppliers, consultants or partners. See Non-Disclosure Agreement.
• Unfair Contract Terms (UCT) Review: Reviews your standard form contracts to remove terms that could be considered unfair under the ACL, reducing enforcement risk. See UCT Review and Redraft.

You may not need every document right away, but getting the essentials in place - and keeping them up to date - goes a long way toward preventing compliance problems and showing regulators you take your obligations seriously.

Key Takeaways

• An enforceable undertaking is a legally binding commitment to a regulator to fix issues and improve compliance; it’s an alternative to immediate court action, not a free pass.
• Regulators like the ACCC, ASIC, the FWO, and state/territory WHS regulators (and Comcare) use undertakings where cooperation and structured remediation make sense.
• Typical terms include ceasing problematic conduct, independent audits, compliance training, remediation for affected customers or workers, and regular reporting.
• Failure to comply can lead to court enforcement and further action, and undertakings are often published - so transparency and timely delivery matter.
• Strong foundations - clear Employment Contracts, practical workplace policies, a transparent Privacy Policy, and fair Website Terms and Conditions - reduce the risk of issues arising in the first place.
• If a regulator contacts you, get tailored advice before offering or accepting an undertaking so you understand the obligations, costs and timelines involved.

If you’d like a consultation about enforceable undertakings or your compliance obligations in Australia, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.