Public Key Infrastructure (PKI) certificates enable secure and private communications between participants within the Consumer Data Right ecosystem. The ACCC, as the CDR Registrar, is responsible for issuing PKI certificates to participants.
The operational requirements relating to the use of the digital PKI certificates are governed by two, non-negotiable agreements; the Subscriber Agreement and the Relying Party Agreement .
The Subscriber Agreement establishes the basis on which digital PKI certificates are issued to participants. Subscriber Agreements also establish the role subscribers are required to play in safeguarding and managing PKI certificates issued to them in order to maintain the overall integrity, security and stability of the Register and ecosystem more broadly.
ACCC certification services, and the use of PKI certificates, are governed by the ACCC Certificate Policy, which is incorporated in its entirety in the Subscriber Agreement. Full details of the role and obligations of all entities associated with operation of the ACCC PKI are included in the Certificate Policy.
The Subscriber Agreement contains important provisions governing the subscriber’s responsibility and legal liability for using a PKI certificate.
Relying Party Agreement
The Relying Party Agreement establishes the basis on which participants rely on information protected by ACCC digital PKI certificates.
It contains important provisions governing the relying party’s responsibility and legal liability in relying on a certificate.
Policy and procedural documents
Two policy and procedural documents underpin the use of PKI certificates in the ecosystem:
- the Certificate Policy document, which defines the overarching framework for management and administration of the ACCC PKI.
- the Certification Practice Statement, which is a detailed procedural document describing how the ACCC intends to implement its Certificate Policy.
These documents are part of the agreements, so that the obligations in them are part of the contractual responsibility held by relying parties and subscribers.
Accepting the agreements
The agreements can be accepted on the CDR Participant Portal.
See the CDR Participant Portal User Guide for more information on viewing and accepting the agreements. Only users with a Legal Authority Contact role can accept agreements in the CDR Participant Portal.