Conformance Test Suite for data recipients

Following the registration of Treasury Laws Amendment (Consumer Data Right) Act 2024, the name ‘Data Recipient Accreditor’ has changed to ‘CDR Accreditor’. We are working towards making this name change in all ACCC documentation, guidelines and online information.

Until this is completed, the term ‘Data Recipient Accreditor’ should be read as a reference to ‘CDR Accreditor’. The name change does not change the functions and powers of the CDR Accreditor or impact applications, data recipients, data holders or consumers.

Conformance Test Suite process

The Australian Competition and Consumer Commission (ACCC) manages the Conformance Test Suite, which is a key part of the Consumer Data Right on-boarding process.

The Consumer Data Right Conformance Test Suite confirms the technical conformance of your production-ready software using a range of test scenarios targeting specific areas.

The Conformance Test Suite has two modes allowing for either provider (also known as participant) type, data holder and data recipient, to perform relevant tests. If you are a data recipient, the tests provide a simulated data holder and a simulated Register to support the test scenarios. You test in isolation against the simulated providers and the simulated Consumer Data Right Register, so you don’t interact with live consumer data.

The diagram below shows how data recipients each interact with the Conformance Test Suite.

Data recipient interaction Conformance Test Suite

The Conformance Test Suite is not a testing tool to assist you during the development of your software (see Participant tooling), rather, it is available to you during on-boarding, once you are accredited as a data recipient and before you become activated on the Register.

The Conformance Test Suite tests your conformance with the Consumer Data Standards before entering into the Consumer Data Right system. You should have a production-ready software product before undertaking the Conformance Test Suite.

Completing the Conformance Test Suite

The Conformance Test Suite is an automated testing suite and can be completed within an hour if all provider configurations are completed correctly and no errors are encountered. It is important to ensure your solution has been adequately tested before executing the Conformance Test Suite to minimise the test completion period.

If errors are encountered, the completion period can be lengthy (for example, days or weeks) as errors need to be diagnosed and resolved, and your solution made ready for retesting.

Conformance Test Suite tests for data recipients

The Conformance Test Suite for accredited data recipients comprises several competencies that are crucial for ensuring compliance. These competencies include:

Dynamic Client Registration: this test confirms whether the data recipient can successfully register with the CTS data holder.
Establishing Consent: this test verifies the data recipient's ability to securely establish authorization and consent.
Data Recipient Initiated Consent Revocation: this test ensures that the data recipient can withdraw a customer consent from the CTS data holder.
Data Holder Initiated Consent Revocation: this test ensures that a data recipient can successfully revoke a consumer consent when a request is received from a CTS data holder.

The Conformance Test Suite: version history and guidance page provides in-depth information on each of these competencies.

Using the Conformance Test Suite to test as a data recipient

The Conformance Test Suite accredited data recipient guidance material provides more information about how to prepare, execute and complete the Conformance Test Suite.

Data recipients need to follow the below steps for testing using the Conformance Test Suite.

Step 1: Prepare to take tests

have a valid account to the Consumer Data Right participant portal
pass accreditation
sign and submit your ACCC PKI Subscriber Agreement, CDR Trademark License Agreement and Relying Party Agreement through the portal
complete and submit your Conformance Test Suite enrolment form and Conformance Test Suite acknowledgement through the portal
request your CTS test certificate from the participant portal
review the technical instructions on how to start Conformance Test Suite tests.

Step 2: Configure your system using the CTS Connection Datasheet

apply the CTS client certificate to your software product
establish trust with the CTS Certificate Authority by configuring the root and intermediate certificates
if necessary, configure your solution to interact with the Conformance Test Suite. Infrastructure changes, such as firewall rules or IP allowlisting, may need to be configured
update your solution to use the CTS Register connection details
create a mock user in your software product to simulate a consumer.

Please refer to the Connection Datasheet for data recipients for further information.

Step 3: Execute the tests

use your Authorised CTS tester account to log into the Conformance Test Suite participant portal
execute the assigned test cases.

Step 4: Analyse test results

pass all the tests specified on your Conformance Test Suite enrolment form
run report of test results in the Conformance Test Suite and analyse the results
submit the results through the Conformance Test Suite
notify the ACCC On-boarding Team via email for final assessment.

Conformance Test Suite release notes

The Conformance Test Suite: version history and guidance page provides details of current and past versions of the Conformance Test Suite including the standards they align with, the release date, the test scenarios included, and the high level scenario changes between versions.