A sending service provider (SSP) is a digital service provider (DSP) that transmits Single Touch Payroll (STP) reports to the ATO on behalf of other DSPs and their employer or /registered agent clients. They carry out the following actions on behalf of another DSP:
- facilitate the transformation of STP compliant data received from a STP compliant product
- transmit STP conforming data to the ATO.
A product is considered STP compliant if it has been developed in compliance with the Single Touch Payroll: Business implementation guide (STP BIG). The output data of a STP product is categorised into two groups:
- STP compliant data – Complies with the STP BIG. All necessary data required to meet the schema needs of the Payroll Event (PAYEVNT). STP compliant data can be in any proprietary format such as CSV, TXT or XML.
- STP conforming data – STP compliant data is used to undertake validation using the ATO issued schema and validation rules.
SSPs do not generate an employer’s STP data and do not alter its business content or accuracy. Their role is secure, compliant transmission, using trusted credentials and maintain message integrity.
Who should read this page:
- SSPs operating a gateway or platform that submits STP on behalf of other providers. For detailed guidance, see Guide for SSPs to submit STP reports.
- DSPs whose payroll products connect to the ATO through an SSP. For detailed guidance, see Guide for DSPs using an SSP.
- Employers/agents using a payroll product that lodges via an SSP.
On this page
- Roles and responsibilities
- Guidance and resource for SSPs and DSPs
- Guidance and resources for Employers and Payroll Agents
Roles and responsibilities
SSPs
- Provide the transmission service for STP lodgments on behalf of DSPs/employers
- Implement and maintain SBR ebMS3 connectivity
- Conform with ATO security and operational requirements (including OSF)
- Support DSPs and their customers to onboard and lodge successfully
- Maintain traceability and integrity of messages: cooperate with ATO monitoring and audits. ATO may audit, monitor, or suspend an SSP’s access in the event of non-compliance, misuse, or systematic failure
- Generate and manage Software Subscription IDs (SSIDs) used for cloud authorisation
DSPs (payroll product providers)
- Build STP-compliant output per the STP BIG
- Facilitate the export and/or transmission of STP compliant data to the SSP
- Present required declarations/authorisations in-product
- Ensure product metadata (BMS name, version, Product ID) matches what was registered using SBR onboarding
- Provide client instructions and support for onboarding, authorisation and error handling
Employers and agents
- Use a registered payroll product that supports STP connectivity
- Complete Access Manager nomination using the SSID provided by your provider
Guidance and resources for SSPs and DSPs
- Cloud software authentication and authorisation (CAA)
- Information and artefacts for DSPs that report employer obligations - including PAYEVENT (STP)
Guidance and resources for Employers and Payroll Agents
- Sending service providers and software IDs
- Access Manager for business software users
- Unique software ID notification request
- Withholding payer number holders reporting through STP
Contact us
For further information and to provide feedback email DPO@ato.gov.au.