Digital service provider Architecture Reference Group (DARG) – 19 November 2025

The DSP Architecture Reference Group (DARG) meeting was held in Brisbane on 19 November 2025.

Participation is available to those Digital service providers listed as DARG members for the 2025–26 year.

Key outcomes

Summary

Below is a summary of key outcomes. Note: the full key messages and artefacts are available on the DSP Hub.

Landscape overview

Reflections from the DSP Strategic Working Group (SWG)

Meeting topics and points of interest from the SWG held on 14 October 2025 were brought to the group, including the new ATO Corporate Plan, Payday Super update and Future direction of Digital Identity.

A TPB workshop focussed on issues DSPs experience when trying to innovate in software and the constraints they face complying with the Tax Agent Services Act (TASA). It also addressed what the future might look like and the systems needed.

Joint NZ Digital Advisory Group & DSP Strategic Working Group (SWG)

Highlights from the joint NZ Digital Advisory Group & SWG held on 14 November 2025 were brought to the group, including Tax administration 3.0, Trans-Tasman eInvoicing Interoperability, Regulating intermediaries, and Security. Inland New Zealand Revenue (INR) are working on how to bring DSPs into their legislation.

Cyber security update & Implementation of Transport Layer Security (TLS) 1.3

Transition has been extended and is on track for TLS 1.2 to be turned off 31 January 2026. Note: If the security landscape changes and there is an increased risk around TLS 1.2, the ATO will disable TLS 1.2 across all environments immediately.

REST standard feedback

The REST standard document was made available to group members for review and feedback. Updates and improvements are required to align the document with current Whole of Government and ATO standards and templates.

Delivery insights and future program

An overview of current initiatives was provided, including:

• Implementation of a global and domestic minimum tax (OECD Pillar 2) to enable adoption of reporting requirements.
• Better Targeted Super Concessions – start has been deferred to 1 July 2026 and introduces two thresholds – $3m (indexed $150k) and $10m (indexed $500k).
• Denying Deduction for ATO interest charges – removing the ability for taxpayers to claim deductions for General Interest Charges and Shortfall Interest Charges Incurred. Deductions schedule to be converted to XML.

Prefill enhancements will include updates to IITR Prefill to return current ABN related data, and prior year closing stock data, and updates to IITR Lodge to enable enhanced prefill for Taxable Payments (TPAR) and Government Grants payments.

Further details in the DWIS Product and Program Delivery Roadmap on the DSP Hub.

Polling guidance document overview

An overview was provided of the DRAFT ATO SBR Polling Guidance document, created to give current DSPs a quick reference to, and new DSPs an understanding of, existing information in the ATO ebMS3 Implementation Guide (DOCX, 1.26MB) (Section 2.3.1).

The ATO is looking to expand the error messaging to provide clarity when issues arise causing uncertainty around when to stop polling.

Payday Super

On 6 November 2025, Payday Super legislation received Royal Assent to take effect 1 July 2026.

Draft guidance PCG 2025/D5 has been published on the ATO’s compliance approach for employers for the first year of Payday Super. The proposed approach will recognise that employers who try to do the right thing from 1 July 2026 to 30 June 2027, should not be the focus of ATO compliance action.

The Small Business Superannuation Clearing House (SBSCH) will be retired from 1 July 2026. Current users will need to transition to an alternative service prior to 1 July 2026.

Updates to SuperStream and Fund Validation Services include:

• fast payments through New Payments Platform (NPP) will be mandatory from 1 July 2026
• a new SuperStream Member Verification Request (MVR) message for employers to verify employee’s fund details.

The ATO will provide updates for Single Touch Payroll, including information about What payments are qualifying earnings.

EVTE release is currently scheduled for December 2025.

DSP Landscape Report

Members were given a preview of the enhanced, streamlined DSP Landscape report which focuses on supporting DSPs to understand how they fit within the broader tax, super and registries landscape, and provides an historical view of ATO wholesale services and how those services are consumed by DSPs.

Member suggestions for inclusion on the report:

• Relative amounts of batch v synchronous – break down the percentages.
• Support ticket reasons and pain points; provide an overview of pain points.
• Support ticket types; explanation of types, expected resolution timeframes.

Workshop – defining data requirements for verified identity records

DSPANZ is working with the ATO, Department of Finance and Treasury to create an Identity Verification Best Practice guide for reducing unnecessary storage of identity documents. 

Priorities to progress include; technical standards and interoperability requirements, clear, aligned government policy and guidance, and customer education resources to support adoption.

Member suggestions included:

• stipulate a timeframe for both the retention and subsequent deletion of records
• use explicit language that leaves no questions of the requirements
• documents should be deleted, regardless of identity verification outcome
• deletion must be permanent and include backups and any other location possibilities.

Small business future tax administration – Rules as Code Proof of Concept

Initial findings from the Rules as Code Proof of Concept (RaC PoC) indicate the concept is technically feasible with potential benefits in reducing interpretation errors, improving compliance, and enabling automation for DSPs and taxpayers. 

More analysis is required for technology, design and governance elements, including TASA requirements. The creation of Large Language Models (LLMs) was discussed – standardisation of the logic could be used in a range of different ways and read via an LLM.

Next steps are being determined, and will include DSP involvement to ensure viability of the desired outcomes. 

Maturing the Operational Security Framework (OSF)

Based on recent vulnerability assessments, OSF will be uplifted and, identity and authorisation requirements strengthened. The proposal is to shift all DSP products that implement medium or high risk APIs to the highest OSF category. 

Impacted categories:

• DSP hosted that use medium/high risk APIs < 10,000 client records (Category B) and Client hosted that use medium/high risk APIs (Category D).
• SOC2 Type 2 certification is being considered to satisfy the certification requirement for DSP hosted medium/high risk with > 10,000 client records (Category A).

Challenges raised include; difficulties for client hosted products satisfying the organisational controls, and obtaining the complete findings of audit reports from DSPs.

Tax Practitioner Board (TPB) workshop overview

Members were provided insights from a TPB workshop held at the 14 October SWG that explored perceived ambiguity and constraint within TASA as it applies to DSPs. Clarity is needed to support modern digital services.

Other business

Support services will close at noon AEDT on Wednesday 24 December 2025 and re-open at 8:00 am AEDT on Friday 2 January 2026. The production environment will be available during the closure period, however, the testing environments will be unavailable. 

Next meeting TBC

Any questions or suggestions for agenda items can be sent to the secretariat at DPO@ato.gov.au or by lodging a ticket via the DSP Service Desk.

If you have any questions, contact the secretariat by email at DPO@ato.gov.au or raise a ticket through the DSP service desk.