Conformance Test Suite process 

The Australian Competition and Consumer Commission (ACCC) manages the Conformance Test Suite, which is a key part of the Consumer Data Right on-boarding process. 

The Consumer Data Right Conformance Test Suite confirms the technical conformance of your production-ready software using a range of test scenarios targeting specific areas.

The Conformance Test Suite has 2 test suites – one for each type of provider (also known as participant): data holders and data recipients. If you are a data holder, the tests provide a simulated data recipient and a mock Register to support the test scenarios. You can test in isolation against the simulated providers and the mock Consumer Data Right Register, so you don’t interfere with live consumer data.

The diagram below shows how data holders each interact with the Conformance Test Suite. 

Data holder interaction with Conformance Test Suite: The data holder, the conformance test suite mock register and the conformance test suite simulated data recipient all interact with one another to form a small mock ecosystem in which test cases can be executed.

The Conformance Test Suite is not a testing tool to assist you during the development of your software. Rather, it is available to you during on-boarding, once registered as a data holder, before you become activated on the Register.

The Conformance Test Suite tests your conformance with the Consumer Data Standards before entering into the Consumer Data Right system. You should have a production-ready brand before undertaking the Conformance Test Suite.

Completing the Conformance Test Suite

The Conformance Test Suite is an automated testing suite and can be completed within a short period (for example, within an hour) providing all provider configuration is completed correctly and no errors are encountered. So, it is important for you to ensure your solution has been adequately tested before executing the Conformance Test Suite to minimise the test completion period.

The completion period can be lengthy (for example, days or weeks) if issues are encountered, as errors need to be diagnosed and resolved, and your solution made ready for retesting.

Conformance Test Suite tests for data holders 

The Conformance Test Suite for data holders supports a collection of scenarios that can be composed to test plans based on the data holder conformance needs. Through the Conformance Test Suite user interface (UI), a data holder test plan can be created and completed.

There are 7 key Conformance Test Suite tests available for data holders.

  • Dynamic client registration tests whether the data holder could respond to a data recipient data sharing request for dynamic client registration to validate the data sharing request against the Register, and return a client ID.
  • Single consent tests for facilitating authorisation for once-off data sharing request and data sharing request with duration.
  • Concurrent consent tests for establishing multiple (2) consent arrangements for a single data recipient–consumer pairing.
  • Revoke consent tests for whether the data holder can send a revocation request to a simulated data recipient. It also tests for whether the data holder could receive a revocation request from an accredited data recipient and facilitate consent revocation.
  • Revoke refresh token tests for revocation of refresh token.
  • Application Programming Interface (API) tests initiating calls to banking APIs.
  • Register interaction tests for the latest data recipient status from the Register and correct usage of the data recipient status in data disclosure, consent and registration management.

More information about the test cases will be made available to providers who have begun on-boarding with the ACCC.

Using the Conformance Test Suite to test as a data holder

The Conformance Test Suite for data holders supports a user interface (UI) where you can log in, using a valid account, and self-manage the test runs, including result submissions.

Conformance Test Suite data holder guidance material provides more information about how to prepare, execute and complete the Conformance Test Suite.

Data holders need to follow these steps for testing using the Conformance Test Suite.

  • be registered as a data holder
  • have a valid account to the Consumer Data Right Participant Portal
  • complete and submit your Conformance Test Suite enrolment form 
  • sign and submit your Conformance Test Suite acknowledgement form, ACCC PKI Subscriber Agreement and Relying Party Agreement 
  • receive your test certificate and apply it to your brand
  • review the technical instructions on how to initiate the Conformance Test Suite tests.
  • complete any IP whitelisting required to interact with the Conformance Test Suite
  • perform configuration on data holder brand solution where needed.  
  • use your Participant Portal account to log into the Conformance Test Suite for data holder user interface (UI)
  • execute the test cases.  
  • pass all the tests in your Conformance Test Suite test plan
  • access Conformance Test Suite test run report through the Conformance Test Suite and analyse the results
  • submit the results through the Conformance Test Suite
  • notify the ACCC On-boarding Team via email for final assessment.

Timeline for future releases 

​​​​​​The Conformance Test Suite is being developed over time and its functions will expand to cover critical points of failure. The Conformance Test Suite is already available for providers to begin testing, with future iterations to be delivered in 2021 to include wider testing, usability enhancements and other important technical aspects to support version 2 of the Consumer Data Right Rules.

Conformance Test Suite roadmap

The planned roadmap for the data holder Conformance Test Suite is provided below.

December 2020

January 2021   

February 2021   

April 2021   

  • Additional Register scenarios
  • Additional consent scenarios
  • Additional info security tests






Previous Conformance Test Suite release notes

October 2020

The October 2020 release included:

  • single consent (once off, with duration)
  • concurrent consents (arrangement_id)
  • consent management (arrangement API)
  • PAR (modify consents)
  • revoke (arrangements)
  • endpoints (JWKs, status). 

Related links