Sign up: Sign Up
When: Fortnightly on Thursday's at 3pm-4:30pm (Canberra time)
Location: Microsoft Teams (dial in details are below)

Join on your computer, mobile app or room device
Click here to join the meeting
Meeting ID: 426 030 545 881 4
Passcode: 5d7Kp73X
Download Teams | Join on the web

Dial in by phone
+61 2 9161 1229,,538826932# Australia, Sydney
Find a local number
Phone conference ID: 538 826 932#

Join on a video conferencing device
Tenant key: [email protected]
Video ID: 135 792 992 7

---

1. Introductions
2. House Keeping
3. CDR Stream updates
4. General Updates
5. Presentation
6. Q&A
7. Any other business

• 5 min will be allowed for participants to join the call.
• This call is jointly facilitated by the ACCC and the DSB, and we welcome observers from APRA, OAIC and the Treasury.

We acknowledge the Traditional Custodians of the various lands on which we meet today and pay our respects to their Elders past and present.

The Consumer Data Right Implementation Calls are recorded for note taking purposes only. Recordings and transcripts are kept securely. No identifying material is provided without the participant's consent. Participants may email [email protected] with any questions or a request to have material redacted from the record.

By participating in the Consumer Data Right Implementation Call you agree to the Community Guidelines. These guidelines intend to provide a safe and constructive space for members to discuss implementation topics with other participants and members of the ACCC and Data Standards Body.

Provides a weekly update on the activities of each CDR stream and their work.

Organisation	Stream	Member	Minutes
ACCC	Certificate transition to Digicert DC1	Sandy	All participants need to download and install the new ICA into their trusted certificate store as soon as possible and validate your systems for the dual chain of trust support before 1 October 2025. ACCC will begin issuing these certificates with the new chain from that date. Both the Trust Chain 1 and Trust Chain 2 is outlined in Certificate Management If you have any questions or require further guidance, please contact the CDR Technical Operations team at [email protected].
DSB	Consumer Experience	Michael	The energy experiment wrapped up, we are currently in the process of drafting up a report for public consumption. There has been a large amount of CX Guidelines releases this month. They relate to a few different areas: Some relate to the v7 Rules, including the conditions for an accredited ADI or NBL to become a holder of CDI data that they've collected. There are a few other touch ups and changes to things like the business consumer disclosure consent guidelines for some more complicated scenarios with amending consents. There's also a fair few releases related to the V8 rules including the non bank lenders sector on data being required in relation to consumer data for closed accounts in certain periods. This also touches on the LCCD standards changes, so that release is incorporated into those CX guidelines changes too. Changes relating to authentication uplift (the redirect to app standards), those CX guidelines for the usage of redirect to app has had minor changes to the existing redirect to web with one time password flow and guidance on the fall back framework where redirect to app is not available and fall back method might be used. Links to the updated CX guidelines are in the General Updates section of the Agenda. Monica Penn will be moving on from the DSB. She led the charge and owned the latest CX guidelines releases, she has been a huge value to the community with the immense amount of CX guidelines that she's delivered in the last few weeks.

⭐ indicates change from last week.

Type	Updated	Links
Standards	Version 1.35.0	Published: 29 July 2025 Change log
DSB Newsletter ⭐	The DSB Newsletter is published fortnightly, the next edition will be published on October 3 2025	19 September 2025 Newsletter Subscribe
Guidelines ⭐	CX Guidelines update - Pre-consent New Pre-consent artefacts and guidance to reflect Change Request 703: CX Guidelines - Pre-consent. This guidance is optional and does not include any mandatory requirements. For more information, see the change log.	Pre-consent artefacts
Guidelines ⭐	CX Guidelines update - Disclosure consents Updated CX artefacts and requirements: Accredited person disclosure consents — for more information, see the change log Trusted Adviser disclosure consents — for more information, see the change log Insight disclosure consents — for more information, see the change log Business consumer disclosure consents — for more information, see the change log These updates reflect: Consultation Draft 367: March 2025 Rules - Draft Standards Consultation Draft 369: Redirect to App - Draft Standards Change Request 691: CX Guidelines - Expanding Amending BCDC CX Guidelines Change Request 700: CX Guidelines - Redirect to App (R2A) CX Guidelines Changes Change Request 701: CX Guidelines - Data Language Standards changes stemming from CD367	Accredited person disclosure consents Trusted Adviser disclosure consents Insight disclosure consents Business consumer disclosure consents
Guidelines ⭐	CX Guidelines update - Authenticate and Amending consent Updated CX artefacts and requirements: Redirect to App — for more information, see the change log Fallback Authentication Framework — for more information, see the change log Redirect to Web with One Time Password — for more information, see the change log Amending consent — for more information, see the change log These updates reflect: Consultation Draft 367: March 2025 Rules - Draft Standards Consultation Draft 369: Redirect to App - Draft Standards Change Request 700: CX Guidelines - Redirect to App (R2A) CX Guidelines Changes Change Request 701: CX Guidelines - Data Language Standards changes stemming from CD367	Redirect to App Fallback Authentication Framework Redirect to Web with One Time Password Amending consent
Guidelines ⭐	CX Guidelines update - Authorise Updated CX artefacts and requirements: Authorisation to disclose — for more information, see the change log Amending authorisation — for more information, see the change log These updates reflect: Consultation Draft 367: March 2025 Rules - Draft Standards Consultation Draft 369: Redirect to App - Draft Standards Change Request 693: CX Guidelines - Historical date ranges for Authorisations Change Request 700: CX Guidelines - Redirect to App (R2A) CX Guidelines Changes Change Request 701: CX Guidelines - Data Language Standards changes stemming from CD367 Change Request 702: CX Guidelines - Required and voluntary data - Authorisation	Authorisation to disclose Amending authorisation
Guidelines ⭐	CX Guidelines update - Collection and use consent and Consent Management (Data recipient) Updated CX artefacts and requirements: Collection and use consents — for more information, see the change log Consent Management (Data recipient): Collection and use consents — for more information, see the change log Consent Management (Data recipient): Withdrawal — for more information, see the change log These updates reflect: Consultation Draft 367: March 2025 Rules - Draft Standards Consultation Draft 369: Redirect to App - Draft Standards Change Request 684: CX Guidelines - ADI or NBL to hold CDR data as a DH Change Request 691: CX Guidelines - Expanding Amending BCDC CX Guidelines Change Request 700: CX Guidelines - Redirect to App (R2A) CX Guidelines Changes Change Request 701: CX Guidelines - Data Language Standards changes stemming from CD367	Collection and use consents Consent Management (Data recipient): Collection and use consents Consent Management (Data recipient): Withdrawal
Guidance ⭐	New guidance on third-party data sharing use cases, and asset finance products The ACCC has published guidance to assist ADRs considering use cases involving third party data sharing. The new guidance clarifies that provided a consumer makes a clear and informed choice, use cases that enable a consumer to further share their own CDR data that an ADR has disclosed to them, or to consent to an ADR disclosing their data to an account they hold with a third party, are unlikely to raise compliance concerns for the ACCC. The guidance is available on the CDR Support Portal. The article on Assessing whether a banking or non-bank lending product is in scope for CDR has also been updated to include additional guidance on asset finance products, including to clarify when data sharing for these products may be voluntary.	CDR Support Portal Guidance Assessing whether a banking or non-bank lending product is in scope for CDR
Engineering ⭐	CDR Type Definitions library updated Our Type Definition library has been updated to align with the latest version of the Consumer Data Standards (v1.35.0). The update is available now via the relevant npm package (v7.4.0).	Type Definition library

None this week.

Questions will be received by the community via Microsoft Teams chat before the questions are opened to the floor. Participants can submit questions outside of the CDR Implementation Call to the CDR Support Portal.

In regards to topics for questions, we ask the participants on the call to consider the Community Guidelines when posing questions to the subject matter experts.

To view questions and answers from previous CDR Implementation Calls, click here.

Ticket #	Question	Answer
2582	Clarification on scope of holder of key / certificate-bound access token requirement For the admin APIs, in particular GET /admin/metrics, should this endpoint require a certificate-bound access token? i.e. should Data Holders expect that the certificate presented by ACCC in the token request and bound to the token, matches the certificate presented by ACCC in the subsequent GET /metrics request?	That is the expectation, as the admin endpoints require MTLS.
2581	Expectation of how long entries remain on the Status endpoint There are several DHs at the moment that appear to have very out-of-date entries being returned via their Get Status endpoints. Please confirm our understanding that Get Status should only be used for reporting active issues.	Get Status is only expected to show current impact. For example, the standards description for the status field includes: SCHEDULED_OUTAGE: (an advertised outage is in effect). The Outages endpoint is also only expected to include future-dated scheduled outages. It seems as though these endpoints may be misconfigured and showing all entries.
Verbal Question 1	When are the consultation papers for MI23 & MI24 going to be available please	We have received feedback from the Chair on MI23 to focus on the NBL sector as they come on board, so we are revisiting the scope that will go out for consultation which has not been finalised yet which is causing the delay. We are hoping to finalise that scope and have consultations open in early October. MI24 is unlikely to be scheduled this year while NBL whitelabelling consultation takes place. But this is yet to be confirmed.

Attendees are invited to raise topics related to the Consumer Data Right that would benefit from the DSB and ACCCs' consideration.

Minutes from 11 September Implementation Call: https://github.com/ConsumerDataStandardsAustralia/standards/wiki/ACCC-&-DSB-%7C-CDR-Implementation-Call-Agenda-&-Minutes-%7C-11-September-2025

Thursday, 3:00pm (Canberra Time)

View a number of informative and useful links in the Consumer Data Standards Guide on Information Links.

Data Standards Body	Consumer Data Right	Digital ID	Contact & Media
Chair	Standards	Accreditation Standards	Website
News	Maintenance Iteration	AGDIS Standards	Email
Advisory Committee	CX Guidelines		Calendar
	Support Portal		LinkedIn
			YouTube
			GitHub
			Newsletter