I was also under the impression this can be served to individuals without the knowledge of their employer, leaving the individual in a position where they can consult a single lawyer about the legality of the request and face jail time for discussing the request with anyone else (including employers).
I would need to re-read the act, but the gov website[1] indicates you are correct that these requests are served to organisations and not individuals excepting sole traders.
The reports you read were likely based on commentary from techies who have no understanding about law, plus a handful of lawyers involved with digital rights organisations that have an incentive to play up the significance of the legislation a bit / talk about worst-case scenarios, worst possible interpretations of a dangerous law and the broadest possible interpretation of who constitutes a "designated communications provider". The government has stated that's not how they interpret the legislation, as the service provider will be the employer not the employee, and I don't think government lawyers are in the habit of arguing that the government _doesn't_ have power to do something.
I'm as suspicious about the Assistance and Access Bill as anyone, but the "telling an employee to implement a backdoor without telling their employer" is really a red herring and I don't know why the Australian tech community was so keen to go along with that.
> > especially in the US
> The app was deployed in Australia.
Australia has an even worse equivalent of US National Security Letters, allowing individual workers to be compelled to plant backdoors etc..