Updated @July 20, 2022
The CDR Rules (8.11) authorise a range of data standards to be made. These include technical standards, covering Application Programming Interface (API) and information security standards, and consumer experience (CX) standards. The CX Standards are part of the overall data standards and can be found on the main standards page, which CDR Participants should refer to for a complete list of data standards.
The CX Guidelines on this website provide optional examples of key requirements and recommendations to help organisations build best practice consent models. While the CX Guidelines are not mandatory, the CDR Rules emphasise the need for CDR Participants to have regard to them. The DSB emphasises that aligning to the non-mandatory items in the CX Guidelines will help achieve ecosystem consistency, familiarity and, in turn, facilitate consumer trust and adoption.
The CX Standards are published on GitHub. The obligations on CDR participants to apply the published standards commence on the commencement of the Consumer Data Right rules:
- where the rules require compliance with the standards, non-compliance with the standards may constitute a breach of the rules.
- where the standards are specified as binding standards as required by the Consumer Data Right rules for the purposes of s56FA of the legislation, they apply as under contract between a data holder and an accredited data recipient. The legal effect of binding standards as between data holders and accredited data recipients is fully set out in s56FD and s56FE of the legislation.
For CX Standards, the key words MUST, MUST NOT, SHOULD, SHOULD NOT, and MAY are to be interpreted as described in RFC2119.
The CX Standards are now published on GitHub along with the other Data Standards. View CX Standards on GitHub.
Quick links to CX Guidelines:
