Skip to content

ACCC & DSB | CDR Implementation Call Agenda & Minutes | 4 December 2025

Jump to bottom
Rob Sorrentino edited this page Dec 4, 2025 · 6 revisions

imp-call_header

Agenda

Sign up: Sign Up
When: Fortnightly on Thursday's at 3pm-4:30pm (Canberra time)
Location: Microsoft Teams (dial in details are below)

Join on your computer, mobile app or room device
Click here to join the meeting
Meeting ID: 426 030 545 881 4
Passcode: 5d7Kp73X
Download Teams | Join on the web

Dial in by phone
+61 2 9161 1229,,538826932# Australia, Sydney
Find a local number
Phone conference ID: 538 826 932#

Join on a video conferencing device
Tenant key: teams@vc.treasury.gov.au
Video ID: 135 792 992 7

Agenda

  1. Introductions
  2. House Keeping
  3. CDR Stream updates
  4. General Updates
  5. Presentation
  6. Q&A
  7. Any other business

Introductions

imp-call_intro

  • 5 min will be allowed for participants to join the call.
  • This call is jointly facilitated by the ACCC and the DSB, and we welcome observers from APRA, OAIC and the Treasury.

Acknowledgement of Country

We acknowledge the Traditional Custodians of the various lands on which we meet today and pay our respects to their Elders past and present.

House Keeping

imp-call_house-keeping

Recording

The Consumer Data Right Implementation Calls are recorded for note taking purposes only. Recordings and transcripts are kept securely. No identifying material is provided without the participant's consent. Participants may email contact@dsb.gov.au with any questions or a request to have material redacted from the record.

Community Guidelines

By participating in the Consumer Data Right Implementation Call you agree to the Community Guidelines. These guidelines intend to provide a safe and constructive space for members to discuss implementation topics with other participants and members of the ACCC and Data Standards Body.

CDR Stream Updates

imp-call_stream-updates
Provides a weekly update on the activities of each CDR stream and their work.

Organisation Stream Member Minutes

General Updates

imp-call_updates

⭐ indicates change from the last call.

Type Updated Links
Standards CDR Data Standards v1.35.1 was published 8 October 2025. The release contains changes from Decision 377 (Amendments to certificate management section).
Standards ⭐ Decision 376 Made - White label brand arrangements
The Data Standards Chair has approved Decision 376 on Friday 28 November.
Decision 376 amends the data standards to improve support for white label brand arrangements in the banking and non-bank lenders (NBL) sectors. It includes changes which will impact the ACCC, Banking, NBL, and Energy sector data holders and data recipients. These changes will be incorporated into a new release of the data standards.
Maintenance ⭐ Update on Maintenance Iterations
The DSB is currently revising how we implement maintenance releases due to audit review findings and direct feedback from external parties. As part of this transition, the MI 23/24 maintenance releases will no longer proceed in their originally planned form.
The changes that were scheduled for these releases will be reconsidered once the updated maintenance and change procedures have been finalised and endorsed. Our aim is to ensure that future standards releases are carried out efficiently, following a clearer, more structured process that incorporates feedback from the community. All of the valuable analysis and contributions shared by stakeholders during the MI23 and MI24 forums will be retained and fully incorporated into the next steps. These efforts provide a critical foundation for the robust analysis and decision-making that will guide our approach moving forward.
During this period, we ask that you continue using the current processes for raising issues or proposing changes. All items submitted will continue to be logged, prioritised, and assessed so that they can be incorporated into future releases once the new procedure is in place.
We are working to finalise the revised approach and will provide further details, timelines, and guidance shortly. Updates will be communicated through the newsletter and other standard DSB channels to ensure stakeholders are well informed of next steps.
Guidance ⭐ Non-bank lender data holders with CDR obligations
The ACCC has published a list of entities that have notified the ACCC that they are data holders that are either an ‘initial provider’ or ‘large provider’ as defined in the CDR Rules, and have mandatory CDR data sharing obligations. This information is provided to inform stakeholders of potential data availability following the commencement of data sharing obligations. It will be updated as new information is received.
Guidance ⭐ Closed accounts in the banking and non-bank lenders sectors
The ACCC has published guidance on the treatment of closed accounts in the banking and non-bank lenders sectors. The article consolidates existing guidance on closed accounts, and provides updated guidance to reflect changes to the CDR rules to make data sharing from closed accounts voluntary.
DSB Newsletter ⭐ The DSB Newsletter is published fortnightly, the final edition for 2025 will be published on 12 December 2025.

Presentation

imp-call_presentation

None this week.

Q&A

imp-call_q+a

Questions will be received by the community via Microsoft Teams chat before the questions are opened to the floor. Participants can submit questions outside of the CDR Implementation Call to the CDR Support Portal.

In regards to topics for questions, we ask the participants on the call to consider the Community Guidelines when posing questions to the subject matter experts.

To view questions and answers from previous CDR Implementation Calls, click here.

Answers provided

Ticket # Question Answer
2608 Seeking some clarification on the CX guideline updates that were released in September 2025, such as Amending authorisations & Authorisation to disclose.

Within the guidelines there is no date stated by which the changes need to occur - hoping to get more information around this.		 Since the CX Guidelines (obligation type) are an an optional best practice example of a key requirement or recommendation, they don’t have an obligation date.
However, the CX Standards do. I have gone through the Change Log for Authorise: Authorisation to disclose v1.35.0.2025.09.24 and Authorise: Amending authorisations v1.35.0.2025.09.24 and double checked the noted standards changes for any obligation dates. I have outlined it below.

Authorise to Disclose

Default example
  • new checklist item: 3AU.00.28 — Decision Document 369 notes that the data standards outlined in the document (aside from 4.3 Redirect to App and 5.2 Authentication Flows) takes effect the day after publication on CD369.
  • updated checklist item: 3AU.02.14 — Data Language Standard updated to include the non-bank lending sector. For obligation dates, please refer to Division 6.1, Schedule 3 of the CDR Rules
  • updated checklist item: 3AU.02.24 — Same as above re: updated Data Language Standard
Unavailable accounts
  • updated checklist item: 3AU.03.05 — This reference was retired because it is not applicable to this flow. The standard remains in force in other places.
Selection functionality
  • new checklist item: 3AU.05.07 — This standard was also introduced in Decision Document 369. If the consumer authorises on the data holder app, this standard is in effect. This may occur in scenarios such as Redirect to App authentication and decoupled authentication. See page 2 on the decision document for more details on obligation dates.

Amending authorisations

Default example
  • new checklist item: 3AU1.00.27 — Decision Document 369 notes that the data standards outlined in the document (aside from what is noted in the table under Obligation Dates on page 2) takes effect the day after publication on CD369.
  • updated checklist item: 3AU1.02.14 — Data Language Standard updated to include the non-bank lending sector. For obligation dates, please refer to Division 6.1, Schedule 3 of the CDR Rules
  • updated checklist item: 3AU1.02.25 — Same as above re: updated Data Language Standard
Unavailable accounts
The CX Guidelines are optional to follow, but the CDR rules require CDR participants to have regard to them. The CX Standards differ in that they are binding data standards that must be followed.
2610 Some of the mandatory claims in the ID token are name, family name, given name. But then there is a requirement that the ID Token should not include PII claims, and names are PII. Could you clarify the misalignment? Some of what you've referred to as mandatory claims relate to the userinfo endpoint.
ID tokens must not contain PII.

Any Other Business

imp-call_any-other-business

Attendees are invited to raise topics related to the Consumer Data Right that would benefit from the DSB and ACCCs' consideration.

Minutes from 20 November Implementation Call: https://github.com/ConsumerDataStandardsAustralia/standards/wiki/ACCC-&-DSB-%7C-CDR-Implementation-Call-Agenda-&-Minutes-%7C-20-November-2025

The Next CDR Implementation Call

The Next CDR Implementation Call

This is the final Implementation Call for 2025. Information about the 2026 series will be communicated via email.

Useful Links

imp-call_useful-links View a number of informative and useful links in the Consumer Data Standards Guide on Information Links.

Data Standards Body Consumer Data Right Digital ID Contact & Media
Chair Standards Accreditation Standards Website
News Maintenance Iteration AGDIS Standards Email
Advisory Committee CX Guidelines Calendar
Support Portal LinkedIn
YouTube
GitHub
Newsletter

Getting Started

Meetings

Maintenance Iterations

CDR Implementation Call

Clone this wiki locally