Why Employers Must Act on Emergency-Calling Risks — Not Wait for Telcos

For Australian organisations, emergency response is no longer just a telecommunications issue — it is a workplace safety, governance, and enterprise risk management obligation.

Triple Zero (000) underpins emergency response across Australia. For many years, the assumption was simple: any phone can call 000. That assumption is no longer universally true.

Network changes, the national 3G shutdown, and the ongoing circulation of grey-market and outdated mobile phones mean some devices cannot reliably access emergency services — even though users believe they can. This creates a hidden risk for BYOD policies, Work Health and Safety (WHS) compliance, and executive IT governance.

While telecommunications providers and regulators have issued awareness campaigns, employers cannot outsource their duty of care — especially once public attention fades.

What Changed: ACMA, Grey Phones, and Outdated Devices

The Australian Communications and Media Authority (ACMA) has been clear: not all mobile devices are suitable for use on Australian networks, particularly when it comes to emergency calling.

Grey-Market Phones

Grey-market phones — devices imported outside official Australian distribution channels — may:

• Lack full compatibility with Australian carrier networks

• Use firmware and radio configurations designed for overseas markets

• Fail to meet Australian emergency-calling standards

ACMA has warned that non-compliant devices may not be able to access Triple Zero, even if they appear to function normally for calls, data, and messaging.

Outdated Phones After the 3G Shutdown

Australia’s 3G shutdown removed the fallback many older phones relied on to make emergency calls. As a result:

• 3G-only devices no longer function at all

• Some early 4G devices cannot reliably place 000 calls

• Phones that appear “usable” day-to-day may still fail during emergencies

This is why carriers now actively identify and restrict devices that cannot reliably access emergency services.

The BYOD Assumption Problem

Many organisations operate under an unspoken belief:

“Employees carry mobile phones, so they can call 000 if needed.”

That belief is increasingly unsafe.

Most BYOD policies:

• Do not define minimum device standards

• Do not verify emergency-calling capability

• Do not address grey-market or non-compliant phones

• Implicitly rely on personal devices as safety controls

From a WHS and corporate governance perspective, this creates a serious gap between assumed protection and actual capability.

If emergency communication is assumed and fails, responsibility remains with the employer, not the carrier.

The Overlooked Risk: “Just in Case” Phones in the Workplace

One of the most underestimated risks is the presence of old phones kept “just in case.”

These are commonly found:

• In desk drawers and cupboards

• In vehicles, site offices, and depots

• In first-aid stations and emergency kits

• Among legacy IT equipment awaiting disposal

These devices may be:

• 3G-only

• Grey-market imports

• Incompatible with current Australian emergency-calling standards

Yet in a crisis, people will reach for the nearest phone, assuming it can call 000.

If a device is kept on site, it is implicitly trusted.
If it cannot reliably access emergency services, it should not be there at all.

The “Safe Staff” Risk: Why Handing Down Old Phones Creates Hidden Liability

Some organisations attempt to manage legacy devices by informally allocating them to “safe” or “low-risk” staff — such as:

• Warehouse, facilities, or field teams

• Contractors and casual workers

• Temporary staff and interns

• Site or vehicle-based roles

This practice creates a false risk transfer.

From a WHS, governance, and legal perspective, there is no such thing as a “low-risk” employee in an emergency. If a device cannot reliably access Triple Zero, assigning it to any staff member extends — not reduces — organisational liability.

Why This Is a Policy Failure

Handing down old or unverified phones:

• Normalises the use of non-compliant or grey-market devices

• Creates a two-tier safety model — where some staff have reliable emergency access and others do not

• Undermines duty of care and WHS obligations

• Weakens IT governance and audit defensibility

• Increases privacy and data security exposure if devices are not properly wiped and managed

In an incident, the question will not be who the phone was given to — it will be why the organisation allowed a non-compliant device to remain in service at all.

What Companies Should Do: Remove, Retrieve, and Dispose

This risk cannot be solved by awareness alone. It requires physical, auditable action.

Organisations should:

• Conduct sweeps of offices, sites, vehicles, and storage areas

• Retrieve and remove outdated or incompatible mobile devices

• Treat legacy phones as safety hazards, not dormant assets

• Securely wipe and responsibly recycle all retired devices

This is not just IT hygiene — it is risk elimination, the highest order of safety control.

The Risk of “Gifting” Company Phones to Staff

When an organisation no longer requires a mobile device, a common and well-intentioned practice is to give the phone to the employee who last used it.

While this may seem efficient, it introduces hidden legal, safety, and governance risk that spans WHS, privacy, procurement, and ESG accountability.

A phone that leaves the organisation is no longer just an asset — it becomes a potential:

• Emergency-calling risk if the device is outdated or non-compliant with Australian network requirements

• Data protection risk if any corporate data, credentials, or application access remains

• Governance and audit risk if the organisation cannot demonstrate how the asset was retired

• Reputational and ESG risk if the device is later misused, resold, or disposed of improperly

If a former company device later fails to access Triple Zero — whether used by an employee or a family member — the link back to the organisation can still raise duty-of-care and brand-trust questions.

Policy Statement: Corporate Mobile Device Transfer & Retirement

Corporate-owned mobile devices must not be gifted, sold, or informally transferred to employees, contractors, or third parties when they are retired from service.

All devices removed from operational use must be processed through an approved Mobile Device Lifecycle Management pathway, including:

• Secure removal of all corporate data and credentials

• Verification of emergency-calling compliance status

• Certified recycling or formally authorised resale

Transfer of ownership may only occur through a documented, auditable process that preserves records for WHS, privacy, procurement, and ESG compliance.

End-to-End Lifecycle Management: Where VoicePlus Atrium Fits

This is where structured, enterprise-grade Mobile Device Lifecycle Management becomes critical.

The VoicePlus Atrium Platform provides an end-to-end Managed Mobility Service that helps organisations move beyond ad-hoc clean-ups to a repeatable, defensible governance process.

Key capabilities include:

• Device Lifecycle Management — controlled deployment, tracking, retrieval, and retirement of mobile devices

• Secure removal of corporate data — reducing information security and privacy risk

• Environmentally responsible recycling and disposal programs

• Full visibility and reporting — ensuring legacy devices are removed from circulation, not left in drawers or handed down informally

• Integration with enterprise Telecom Expense Management (TEM) and procurement workflows — aligning safety, cost control, and compliance

By closing the loop — from procurement through to disposal — organisations reduce:

• Emergency-calling risk

• Data leakage and compliance risk

• Environmental impact (ESG exposure)

• The false confidence created by “just in case” devices

Lifecycle management turns device disposal into a safety, security, and sustainability control, not an afterthought.

Why Companies Must Communicate — Not Rely on Telcos

Carriers and regulators have issued warnings. Media attention has followed. But:

• Not everyone read or understood the messaging

• New staff may never have seen it

• Over time, people forget

• Old devices quietly remain in circulation

Silence does not equal safety.

Organisations should explicitly communicate that:

• Not all phones can call Triple Zero

• Grey-market and outdated phones may fail in emergencies

• Stored or personal devices must not be assumed safe

This should be embedded into:

• WHS briefings and toolbox talks

• BYOD and IT governance policies

• Onboarding and induction programs

• Executive risk and compliance reporting

Staff and Families: The Same Rule Applies at Home

This risk does not stop at the workplace.

Many households keep old phones:

• In drawers “for emergencies”

• As hand-me-downs for children

• As backup devices in cars or bags

If a phone cannot reliably access Triple Zero, it creates false confidence.

Staff and families should:

• Remove outdated or incompatible devices from the home

• Use approved recycling programs

• Avoid passing on phones that cannot reliably access emergency services

Conclusion: Eliminate False Safety

Triple Zero remains vital — but access to it now depends on device compatibility, not intention.

For executives, procurement leaders, WHS managers, and CIOs:

• Convenience does not equal safety

• Storage does not equal preparedness

• Assumption is not a control

By implementing clear communication, removing legacy devices, and adopting end-to-end Managed Mobility Services through the VoicePlus Atrium Platform, organisations can eliminate hidden risk rather than leaving it to chance.

Because in an emergency, false confidence can be as dangerous as no phone at all.