open it

Digital Service Provider OR Add-on Developer

The ATO's Operational Framework and the SSAM outline different requirements for Digital Service Providers (DSPs) and third party add-on developers.

Use this table to self assess whether your application should be certified under the ATO's Operational Framework or the SSAM.


Digital Service Provider (DSP) Third Party App/Add-on
Purpose
  • Accounting for business or taxation purposes;
  • Corporate compliance or ASIC entity management;
  • E-invoicing access point;
  • Income tax or GST calculation, reporting and lodgment;
  • Payroll calculation, reporting and lodgment;
  • Superannuation calculation, reporting and lodgment;
  • Superannuation gateway or clearing house.
    • Any other business purpose

    eg. Point of sale, inventory, expense claim management

    ATO Integration
    • ATO Integration - Direct or indirect connection using SBR1, SBR2, PLS or ELS channel.
    • Including via a data intermediary such as a Sending Service Provider or Superannuation Gateway.
    • No connection to ASIC or the ATO via API.
    API ecosystem
    • Provides a public or private API allowing third parties to connect and send/receive data.
    • Consumes an API endpoint provided by a DSP (eg. Xero, QBO, MYOB).
    Hosting
    • Desktop or cloud
    • Cloud only
    TFN data stored or used in application
    • Yes
    • No
    Personal or financial data stored or used in application
    • Yes
    • Maybe
    Certification
    • Yes, ISO 27001 or IRAP
    • Maybe
    Applicable Standard

    You can download a copy of the standard (PDF) here: Security Standard for Add-on Marketplaces (SSAM). Last updated August 2019.


    How to register as a DSP

    If your application qualifies you as a Digital Service Provider, then you will need to register your software with the Digital Partnership Office at the ATO and complete the Operational Framework Security Questionnaire. Click here for more information

    Previous Page


    Next Page