Minutes - 21 Jun 2023

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 21 June 2023
Location: Held remotely via MS Teams
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 54

Download meeting minutes (PDF 237KB)

Attendees

  • Andrew Stevens, Data Standards Chair
  • Alysia Abeyratne, NAB
  • Damir Cuca, Basiq
  • Chris Ellis, Finder
  • Prabash Galagedara, Telstra
  • Melinda Green, Energy Australia
  • Chandni Gupta, CPRC
  • Peter Leonard, Data Synergies Pty Ltd
  • Drew MacRae, Financial Rights Legal Centre
  • Greg Magill, Westpac
  • Colin Mapp, Toyota Finance Australia
  • Deen Sanders OAM, Deloitte
  • Lisa Schutz, Verifer
  • Stuart Stoyan, Fintech Advisor & Investor
  • Zipporah Szalay, ANZ
  • Tony Thrassis, Frollo
  • Barry Thomas, DSB
  • James Bligh, DSB
  • Ruth Boughen, DSB
  • Rob Hanson, DSB
  • Terri McLachlan, DSB
  • Michael Palmyre, DSB
  • Hemang Rathod, DSB
  • Mark Verstege, DSB
  • Steph Homewood, ACCC
  • Chad Batshon, OAIC
  • Andre Castaldi, OAIC
  • Sarah Croxall, OAIC
  • Emily Martin, Treasury
  • James Kelly, Treasury
  • Nathan Sargent, Treasury
  • Aidan Storer, Treasury
  • Rowan Doyle, UOM
  • Talib Esufali, UOM
  • Koto Qalo, UOM
  • Lachlan Scott, UOM
  • Khang Tran, UOM
  • Booshana Manikku Wadu, UOM
  • Luke Barlow, AEMO
  • Jill Berry, Adatree
  • Aakash Sembey, Origin Energy

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 54.

The Chair acknowledged the traditional owners of the lands upon which they met.  He acknowledged their custodianship of the lands and paid respect to their elders, past, present and those emerging.  He joined the meeting from Gadigal land.

The Chair welcomed colleagues from University of Melbourne who have been working with the Data Standards Body’s (DSB) Technical Team.  They presented on their student project “MoneyTalks” a social platform to encourage financial discussion, powered by the Consumer Data Right (CDR). 

The Chair noted that over the last month version 1.24.0 of the Consumer Data Standards has been published,  Noting Paper 307 – LCCD Consultation Approach had been published and the Product Comparator Demo had been updated to support version 4 of Get Product Detail.

The Chair noted that members Luke Barlow (AEMO), Jill Berry (Adatree) and Chandni Gupta (CPRC) were apologies for this meeting.  

The Chair noted that Daniel Ramos (ACCC) was also an apology and Steph Homewood would provide the ACCC update at this meeting.      

Minutes

Minutes

The Chair thanked the DSAC Members for their comments on the Minutes from the 10 May 2023 meeting. The Minutes were formally accepted.   

Action Items

The Chair noted that all Action Items were either covered-off in this meeting or had been completed. 

Working Group Update

A summary of the Working Groups was provided and these DSAC Papers were taken as read.

Presentation on CDR Innovation Project “MoneyTalks”

The Chair welcomed Rowan Doyle (Supervisor) and students Khang Tran, Booshana Manikku Wadu, Koto Qalo, Lachlan Scott and Talib Esufali from the University of Melbourne (UoM).  They had developed a presentation around a use case called MoneyTalks, which was a social platform to encourage financial discussion, powered by the CDR. 

The DSB noted they had previously partnered with students from UoM who undertook a 12-week innovation course which was beneficial.  The DSB now had a rolling programme and this semester Hemang Rathod, the API Architect from the DSB had been mentoring the students. 

The DSB noted that the intent of the course was to give students a very simple project brief, which was to use the CDR and come up with a smart innovative idea. 

UoM noted that MoneyTalks was a social media platform where users registered using their bank account data provided with their consent by the CDR.  When consent was provided, it created a profile and used their data to match them with other users, based on similar interests, financial position or location. 

They were tasked with coming up with a solution that used CDR in an innovative way that provided value to many consumers.  They conducted research and interviews and asked themselves how might they promote awareness of the CDR to address a lack of trust between consumers and service providers, how might they address the gap in knowledge and how can they align the goals to encourage economic benefit for both parties.

Based on their research, they said it was evident that banking customers approached banking challenges in silos. Their solution, MoneyTalks was a social platform for connecting banking consumers.  This match-making was established through a variety of factors through the data provided by the CDR, whether by investment, interest, location or spending opportunities or a combination of each.  The app would use this data to tailor the users experience, matching them with people in similar situations, or people who share the same goals. The consumer can, once on the platform, create a discussion thread based on financial topics of interest, ask questions or details anecdotes or give reviews on a previously used service. From this, other consumers would be given the chance to find out about existing services and find relatable discussions surrounding them.

UoM noted that the benefits included contributing ideas, hacks and methods on how they have or can overcome financial bottlenecks.  Consumers also have the option to revoke consent at any time, which removes the data from their profile or any association of the data that has been made to their profile.

One of the proposed monetisation options was from advertisements. For those that wanted to avoid advertisements and obtain tailored service from professional financial advisors, they could subscribe to the service for a fee.

UoM noted that one of the challenges was how to initially get users onto the platform.  The first method was to partner-up with financial organisations and provide a free service as a trial, which could act as an initial lure for MoneyTalks.  Another option was to buy advertising space on relevant websites.

Another challenge was moderating the discussion space and limiting those with malicious intent with the use of regular data.  There’s already a barrier in place but for more security, user reports could be implemented with a moderation team in place to process the reports. 

In terms of the value it generates.  As MoneyTalk only accesses CDR data, personal data can only be shared with an individual’s explicit consent. The requirement of consent ensures that their personal data is being used securely.  The open forum nature of MoneyTalks and user input of preferences of individuals also ensures that they get relevant recommendations from people like them in a conveniently accessible app.

Also, small businesses would get further insights from the customers they serve, promotion of the CDR and a more competitive market that helps economic growth.

To make MoneyTalks more of a reality, the next step would be to further refine moderation, monetisation and market strategy as well as to finalise the services available with subscription on its release. 

One member asked if the team could expand on how they intend to moderate the discussion?  UoM noted that they were still at the concept stage and would need to work through this. 

One member asked in terms of the subscription model and the non-subscription free model that would have advertising linked to it.  Because of the sensitive data that was being shared and the profile created, how will that be used in terms of the advertising a user would see?  Also what happens when a user leaves the system?  They were also interested in how bank account data would be used to match up users and what data points and profiles would be created to help match users up?

UoM noted that they see Money Talks as advertising the service and what it can provide and not advertising personal data. They said it would target the psychological bottlenecks of the financial systems and how that could be used as a net to rope in the target audience.  As they are at the concept stage, they said they did not have a target market in mind and more research was required. 

One member asked had they thought about potential competitors in the market as some things might be relatable to other market comparison sites. 

UoM noted that they wanted something that linked to people and not to another service – i.e. more community driven which would differentiate them from other platforms.

One member noted that it would be beneficial in using the wisdom and experience of a group like this to determine the user profiles and the needs of those markets.  They said we are not in the game to endorse or support any particular products or platforms but we are in the market of understanding how different users solve different problems through this particular lens.  It would be good to hear what people want, how they access systems, tools and data.  For our benefit, our utility is what’s the specific demographic, the specific usage patterns they are expecting in this particular community, and what might they extract from that for other types of communities.  They said this would be a powerful exercise for this group.   

One member asked what the process was in terms of building in “safety by design” for this app to ensure that users don’t get presented with scams on the app.

UoM noted that by having a requirement of sharing your CDR data from a bank, the bank does the verification, so at least that person behind the profile is the actual real person.  Moderation and user reports were also options.

The Chair noted that in terms of the importance of the explicit consent mechanism.  Do they see this as a big hurdle, or was this something that the customers would have no challenge with?

UoM noted that they would follow through with the CDR framework on how they provide consent to share data before signing up.  In terms of sharing data, they would follow the framework that’s being used with de-identifying your data before sharing it.      

The Chair thanked the students for the all the work they had done and for presenting today. 

Technical Working Group Update

A further update was provided on the Technical Working Group by James Bligh as follows:

The DSB noted that with the recent budget announcements they had been doing a lot of thinking internally and they have been focussing on deepening and preparing for action initiation (AI) and Non-Bank Lending (NBL).  The DSB said they would begin detailed standards development consultations in the next month or so.

The DSB noted that they had just completed Maintenance Iteration # 15 (MI15) and were due to kick off MI16.  The MI recently focussed on a number of InfoSec items like the journey of FAPI 1.0 to FAPI 2.0 compliance and helping to resolve issues that were occurring in the ecosystem around accredited data recipients (ADRs) doing client registration etc. 

The team was working on extracting value out of product reference data (PRD) which was a really critical set of data clusters.  They were now starting to see the APIs being used more heavily which was resulting in data quality issues.  They were working on some updates to particularly enhance in banking account and PRD detail so it could be used to support consumers to switch.  The Decision Proposal for this was forecast to come out shortly.

The DSB noted that Decision Proposal 288 – Non-Functional Requirements (NFR) Revision had been finalised and was with the Chair for a decision. This was another indication of the work being done operationally in order to support the ecosystem to assist the regulator.  The DSB had also found that the standards development process wasn’t necessarily the optimal way to manage NFRs operationally and they will be holding some workshops in August.  Dates were to be announced shortly.

The DSB noted that they were also working with Australian Banking Association (ABA) on an experiment around account origination in banking with the idea of getting a couple of banks and ADRs to come together for a week to try something in the account origination space as a way of delving into some of the underlying issues and surfacing them so they can provide feedback to Treasury (TSY) and also talk to industry.  They hoped to do this with a number of topics.

The DSB noted that they had been very grateful to the ABA for their ongoing support.

One member asked in terms of DP 288 and the upcoming workshops.  As the Chair had the DP for approval, why were the workshops needed?

The DSB noted that DP 288 came out of requests for change to the NFRs going back to November 2022 and was focussed on solving a couple of specific problems around site-wide Transaction Per Second (TPS) and peak TPS thresholds.  The request was not to delay fixing this problem as everyone needs lead time.  The banking sector provided the DSB with data so they were able to get the thresholds correct and they have deliberately structured the proposal so no one should be actively impacted. Most DHs will get a reduction in obligations because it is quite clear that the 300 TPS set as a blanket across all DHs is way too high, particularly for the second-tier retailers and banks etc.

The DSB noted they also received feedback that the way they did standards on GitHub worked for Standards but it didn’t work for discussion around NFRs so they needed to start testing other processes to manage NFRs in the Standards in a more collaborative approach. Hence the workshops.

One member asked about NFRs, coming from the NBL lending sector they found it very hard to break down the metrics of the one-off consents vs the ongoing consents.  A lot of the volume seemed to be recurring consents but for their sector one off consents was very timely and they didn’t want to get caught up in other thresholds. 

The DSB noted that the goal of the workshops was to get things on the table and discuss them with the community.  The first half of the workshops would focus on how do we, as a community, manage NFRs and the second half we would focus on what were the issues people see in NFRs in the next 12 to 18 months so we can be proactive. The workshops would be open to all of the community.

One member noted that we needed accurate data to ensure that we were measuring the right things in order to make the right decisions. 

The DSB noted that one of the topics at the workshops would be around what data would be useful and how could that data be shared so that everyone could see it and get access without compromising anyone’s commercial sensitivities etc.  The ability to get the data had been the number one problem for NFR development in the Standards and they can’t rely on six monthly reporting from the ACCC or the GetMetrics data.

Consumer Experience (CX) Working Group Update

A further update was provided on the CX Working Group by Michael Palmyre as follows:

The DSB noted that in terms of the Action Item around scam and fraud issues raised at the last meeting.  This was around things like multi-factor authentication and speed bumps in the banking industry to help mitigate risks regarding fraud and scammers etc. They noted that a lot of this is inherent in the ongoing work in CX and more broadly in the context of authentication uplift.

The DSB had finished the third round of CX research on decoupled.  The CX research report and an executive summary had now been published in the NP280 discussion. They hoped to present on this at the Implementation Call in early July and they would also cover the overarching position on authentication uplift. 

The DSB noted in terms of AI, they are collaborating with TSY on further rounds of research to conduct, which currently included A/B testing options for payment initiation, and action consents to open new products/services. Findings from this research were being used to internally progress the thinking on action initiation before any public consultation occurs.

The DSB noted that the publication of the Consent Review Design Paper and the accompanying CX research report were still pending. TSY and the DSB were considering issues to be explored in further consent review work, which includes technical analysis in relation to FAPI 2.0 (RAR) functionality.

The DSB encouraged everyone to participate in the upcoming consultations. 

One member noted that they had heard the Assistant Treasurer speak recently about AI and other things coming up and he seemed to stress that it would be focussed on particular use cases. But in today’s discussion they noted that there didn’t appear to be much focus on identifying which use cases are more useful.  They said it would be good to understand how TSY would work out which use cases come ahead of other ones.

The DSB noted that from their perspective they hoped to share those in upcoming consultations.  They said they would leave it to TSY to respond around the prioritisation of actions to be declared and designated.    

The Chair noted that the DSB provided advice and input into the process and we need to do some work in AI and screen scraping scenario so that we understand the Standards related implications of various scenarios. 

One member asked whether the DSB was looking to fall in line with any of the international standards around FAPI 2.0 or do anything ahead of?  

The DSB noted that in CX they were quite excited about FAPI 2.0 and rich authorisation requests because it had the potential to improve and simplify consent flows.  Examples included specifying the accounts needed by an ADR so that they could be listed and filtered, and potentially even pre-selected in the authorisation flow as opposed to where a user needed to actively select each account and that raised issues for things like non individual consumers if they had hundreds of accounts and therefore how we could simplify amending consents, which would become more important with AI coming in. 

The DSB noted in terms of aligning internationally, whilst there was the technical alignment it needs an actual business use case or a CX use case and they had been keen not to rush ahead. With the consent review and the authentication uplift work, technically they had been looking towards where FAPI 2.0 had been going.  There were some significant changes on how Open ID Foundation had considered FAPI 1.0 vs FAPI 2.0.  They noted that FAPI 1.0 was gifted to the international community by UK Open Banking – it was originally the security profile out of the UK.  That then became a set of Open ID Foundation Standards.  They had then taken the lessons learnt vs what didn’t work and simplified that into the FAPI 2.0 profile.  They’ve also moved away from the two-tier profile (“baseline” and “advanced”) and talking about a family of profiles which would allow a more modular composition of security profiles.

The DSB noted that one of the key aspects they saw for the adoption of FAPI 2.0, particularly around some of the RFC Standards that were part of the profile, was to fund the formal technical security proofing of those standards.  This had resulted in a number of changes to the draft FAPI 2.0 profile where there were gaps.  We now had a robust set of standards that we could adopt and form a technical implementation.

The DSB noted that when they consulted on doing FAPI 1.0, they also looked at where FAPI 2.0 was going, and the Australian ecosystem was now what they would consider as FAPI 1.5 as they had adopted some of the previously approved components like JARM, PKCE and other improved security elements that were in FAPI 2.0 but weren’t in FAPI 1.0.  They noted that a lot of the hard work had been done and now it’s about use case driven adoption for some of the additional profile components. 

The Chair noted that wherever possible we must make use and align where possible with global standards.  The DSB was actively involved with ODIF and others and because of the nature of the CDR, we were an important use case and use environment for global standards.

One member asked about the momentum around digital identity from a regulatory perspective following the recent announcements.  They said they were keen to understand what the DSB had in mind as part of the consent reviews and how we might have interoperability between digital identity solutions and the CDR, particularly as we deepen the regime.

The DSB responded that if you looked at the trusted Digital Identity Framework and implementations like Connect ID, the Data Standards were getting a lot of exposure at the moment.  From a technical perspective they were aligned, they used FAPI 2.0 and therefore from an interoperability perspective there’s cohesion.  

The DSB noted they’ve taken the approach with the Standards, with regards to identity, to be agnostic.  That was because the CDR was cross sectoral and therefore it was pragmatic and also because it was not within their scope. There was no designation or Rules to drive implementation or adoption or standardisation on the identity front, we are about securing data sharing.    

The DSB noted that they regularly attended meetings with Open ID working Groups both on FAPI and other security profiles.  It was also a member of Connect ID and other internationals that had similar standards and regulatory open data ecosystems. 

One member asked whether the DSB would run a hypothetical process flow on when AI was withdrawn and what happened at that point? 

The DSB noted that in CX the consent model needed to include management and not just the consent flows. The ability to manage included the ability to withdraw after the fact which was important to consumers. They were always considering dashboards, and the hypothetical flows would consider withdrawal flows and from the analyses they had been conducting, it occurred to them that it was very important to highlight because of the proposition that the CDR offered on that front compared to things outside of CDR. 

The DSB noted that there was an opportunity with AI for certain actions to be withdrawn and for there to be a one-to-one relationship, for example it could be something like an ongoing variable payment that was initiated by a third party and it could be through the CDR dashboard a consumer withdraws their consent that immediately stops the payment, because it was something that was initiated on an ongoing basis by that third party. The flows were quite simple and there was a lot of parity with what CDR could do today on these fronts, and some differences and complexities that would need to be considered.

One member noted that we don’t have a CDR road map or a view of how things fit together.  They understood that it was cross agency but it would be good to have a CDR map or view of how everything fits together which he thought was the missing piece.

The member also noted that he had presented on consents and stats on consents in the past and when it got to consent authorisations this was where this came into it.  They had done some more work on collecting information around failures or where consents were not successful over the last 5 weeks.  They planned to present to the committee on this at an upcoming meeting.

The DSB noted that they would be discussing at an upcoming Implementation Advisory Committee their position, which was currently being drafted, about some improvements that could be made around consent review and authentication uplift, and how that could address the issues. 

ACTION:  Frollo to present on consent authorisation at the September meeting

The DSB noted that the idea of a roadmap presentation would be really helpful and they would reach out to the DSB’s Engagement Team to suggest that potentially they could put a video explaining the concept. 

ACTION:  DSB to potentially put together a video around the roadmap presentation concept

One member noted there was a need to have a competitive comparison of CDR versus screen scraping.  Because if prefill increased the take up of CDR so that it was compelling versus screen scraping then there was something of interest here. 

They also noted that there was a competitive analysis, app-to-app would be the minority of cases, so realistically whatever the secret sauce is to fix that issue, this was probably the most important thing. 

DSB noted that they had been doing internal analyses of what CDR could do compared to screen scraping.  One of the key complaints they’ve had with the authentication approach in CDR was having to remember your customer ID, which is also present with screen scraping. They did note that app-to-app would not be the solution in all cases, so we can assume that it would be a better experience, but not one that’s prevalent at the same time.

DSB noted that FAPI 2.0, authentication uplift and consent review represent the greatest opportunity for CDR to improve in the next one to two years and then that competitive comparison of CDR versus non-CDR solutions like scraping becomes much more compelling.

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers, which were taken as read. 

Issues Raised by Members

The Chair noted a member raised an item for discussion about feedback received around the design Rules in NBL.  He noted that TSY would provide an update on this as part of their regular update. 

Treasury Update

James Kelly, the new First Assistant Secretary of the Market Conduct and Digital Division (MCDD) at TSY provided an update as follows: 

TSY noted that there were a few salient points coming out of the CEDA speech that the Hon Stephen Jones MP gave on the 7 June including the next version of Rules, roadmaps, and scoping.  They were hoping to get decisions from government when Parliament finished their sitting period. 

TSY noted that they were beginning to work up their approach to screen scraping and the initial key part of that work was understanding the landscape and doing the discovery to inform that.

TSY noted that there was a lot of work going on in government around the feedback and the previous draft Bill on digital identification.  They were looking at the strategy and thinking about what government was doing and how that connected with private sector efforts and face verification etc.  They were hoping the Bill would be out by the end of the year. 

TSY noted that in terms of roadmaps, it is in their mind that it would not just be a road map of what the CDR was doing, but a roadmap that understood all these other bits and how they potentially fit in, digital ID being one.  The Treasurer also gave a speech on the payment roadmap which leads to the obvious area of use cases in AI. 

TSY noted that the commitment and the CEDA speech was to take time to understand what they’re doing on action and payment initiation.

TSY noted that in taking forward the Government’s CDR priorities, the Minister indicated in his CEDA speech that a decision would be made soon on the version 5 rules package.

TSY noted in terms of extending the CDR to non-bank-lending (NBL), they had been doing a lot of work on preparing exposure draft rules following design paper consultation at the beginning of the year. They would seek the agreement of the Minister to publish non confidential submissions from the design paper consultation which would give everyone a sense of the stakeholder feedback.  The next phase would be consultation on the exposure draft rules and they were preparing to engage with the office on this.

One member asked if they had any idea when the draft exposure Rules would be ready.

TSY noted that they had done a lot of work internally over the last couple of months and were well prepared to move quickly once the Minister makes a decision. However, the priority at the moment is the version 5 rules package as decisions on this have a flow-on impact to other pieces of work.  

James Kelly noted that he hoped to meet DSAC members and proposed to reach out to find times for a call or catch-up when he was next travelling. 

ACCC Update

Steph Homewood, the Executive Director, Solution Delivery & Operations of the Consumer Data Right Division at Australian Competition and Consumer Commission (ACCC) provided an update as follows:

ACCC noted that they had activated a further two new software products. No new DH, DRs or ADRs have been accredited, although they were expecting one through that week.  They had deactivated one software product on 29 May. 

ACCC noted that the team had their next quarterly planning workshop on the 19 & 20 July.  They would extend an invite to TSY to DSB to ensure that the plans were aligned for the next quarter. 

ACCC noted that they were working with the schedule and the details that TSY had provided in terms of the Minister’s announcements and the expectations for the next couple of years. 

ACCC had a release on the 15 June that introduced version 4.3.0 of the DH test plan into a default state.  Their next major release was planned for mid-August and that would be upgrading to their new dynamics platform which would have lots of security features. Communications would be sent out closer to that date to make sure stakeholders were aware of any potential outages that they were still working through. 

ACCC noted that in terms of Decision Proposal 288, as part of that process ACCC committed to providing a transition plan to support participants for transitioning between those API versions and to ensure that the metrics data was able to be retained so they could compare historical data with the new data.  They were still in the midst of completing that planning and expect participants to be able to retire version 3 and version 4 towards the middle of next year.  They were working through the delivery of their new data platform, which will determine those dates.  The ACCC is aiming to provide a draft schedule to DSAC members before the next meeting if sufficient planning has been completed.

ACCC noted that they had been working with Frollo over the last couple of weeks about a solution around multiple dashboards, this was an action item from the previous meeting.  They had provided a written response to Frollo, which included that ADRs were expected to provide a single dashboard where appropriate, however the CDR Rules and Standards do not deal with situations where an ADR may consider it appropriate to provide more than one consumer dashboard, e.g. for a test product. The ACCC noted there were similar complexities in the DH space where a data holder has multiple brands.  The ACCCs view was that if the CDR consumer had accounts across multiple DH brands, then the DH can require the CDR consumer to authorise CDR data sharing for each distinct brand (which may include requiring the consumer to use separate dashboards for separate brands).  In the same vein, there may be circumstances in which it was appropriate for an ADR to have more than one consumer dashboard for a single CDR consumer.  They recommend that participants seek independent advice on how to comply with the Rules and Standards in specific situations.

ACCC noted that in terms of the action item around different scenarios for consent continuity, they thought TSY would be better placed to answer this question because they were the one’s leading the consent review.

One member noted that the DSB presented to the DSAC in February on “Consent Continuity for Accredited Data Recipients and Data Holders”.  DSAC members acknowledged at the time that this topic should be explored because the Rules currently may not allow for circumstances that customers expected which needed to be looked at.  Because this was cross agency i.e. there was a policy and Standards piece to it, they asked what was the next step and who would take leadership of that?  

The Chair noted that it was not provided for in the Rules and therefore you can’t comply with nor can they make Standards or separate from the Rules.  The whole thing needs to be looked at holistically and it was now a question for TSY to consider and come back to us on. 

The member noted that the DSB presentation included a number of different scenarios and acknowledged that there were some gaps potentially in the Rules.  They said if the ACCC needed to enforce the Rules, and the Standards follow the Rules so they agreed this was probably something for TSY to respond to.

ACTION:  TSY to consider the different scenarios for consent continuity and provide and update at the next DSAC

The Chair asked given that there was an obligation date for other than top tier energy retailers approaching, could the ACCC provide an update on the engagement with those retailers?

The ACCC noted that there was a fair bit of engagement and the regulatory team met with retailers recently making sure they were prepared for the obligation date and specifically around those that hadn’t chosen a vendor as yet.  The ACCC said these retailers were looking pretty good from their side. 

One member noted that there was a looming date coming up which is the 10 July for authenticated code flow (ACF). They were not confident as to whether the DHs had implemented and tested that flow and if not, it would cause a lot of work for ADRs.   

The ACCC noted that they did not have that information on hand. 

The DSB noted that this was a “MAY” date so presumably the DH who weren’t ready won’t decommission hybrid. But said it would be helpful if ADRs could see people retiring hybrid who weren’t fully on board with the authorisation code flow, because that would be good information to raise to the regulator.

Meeting Schedule

The Chair advised that the next meeting would be held remotely on Wednesday 12 July 2023 from 10am to 12pm. 

The Chair would be absent for this meeting and Barry Thomas will Chair the next meeting.  

Other Business

The Chair noted that he hoped the Minister would attend the September DSAC meeting.  We would provide an update on this in due course.

One member noted that for the AI Bill, it is not tabled for sitting this week.  Could they assume that it would be tabled at the end of July? 

TSY noted that they confirmed with the Minister’s office that it wouldn’t be on the programme this week.  It was just about the volume they had in the senate at the moment.  They would continue seeking to get this onto the programme but it was ultimately a decision for government as Parliamentary business.

TSY noted that it didn’t stop them from doing the work around AI.  They had the time to do the careful policy and design work, and what the legislation was needed for was for the Minister to actually make a declaration on an action.  They had the Senate Committee report recommending that it was passed so there was bipartisan support, it’s just when it could get onto the programme.

Closing and Next Steps

The Chair thanked the DSAC Members and Observers for attending the meeting.  

Meeting closed at 11:55