Identity Service Provider (ISP) consent [draft]

Disclaimer: This page contains draft content intended for internal agency use. It is not intended for public distribution or reference. The information may be incomplete, subject to change, and should not be considered final or formally endorsed.

This guidance provide examples for how to implement express consent Identity Service Providers (ISPs) in the Australian Government Digital ID System (AGDIS).

‣

On this page

Overview

Identity Service Providers (ISPs) may choose to obtain consent from individuals to share attributes. ISPs should, however, carefully consider the end-to-end user experience and consent fatigue risk, since individuals would likely need to provide multiple consents during a single interaction. This guidance is intended for accredited ISPs participating in the AGDIS.

When asking an individual to give consent, an ISP must:

ensure that the process for an individual to provide express consent, or to withdraw or vary that consent, is described in clear, simple and accessible terms; and
meet other requirements within the the Digital ID rules and standards

This section provides examples illustrating how the guidance may be implemented. It also includes design patterns based on best practices and user research which are are not mandatory requirements.

For additional information on consent related obligations, please refer to Digital ID Rules 2024, Digital ID (Accreditation) Rules 2024, Digital ID (AGDIS) Data Standards 2024, Digital ID (Accreditation) Data Standards 2024 and OAIC’s guidance on Express consent in Australia’s Digital ID System.

This diagram illustrates where ISP consent fits within the end-to-end AGDIS digital ID experience. For simplicity, ASP consents are omitted from the diagram as they only occur when business attributes are requested.

Wireframes and guidance

Note: The wireframes shown are examples of how to implement key rules, standards, and guidance. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.

Default example

The following wireframes show a basic example of ISP express consent.

‣

See key requirements and guidance

‣

See prototype [TBC]

Download open source asset

Open sources design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for Identity Service Provider (ISP) consent, including:

Default example

Download design asset [update filter options]

For past versions, refer to .

‣

About open source assets

About this page

References

The artefacts on this page were informed by the following sources. [update filter options]

Last updated

This page was updated @March 26, 2025

Note: This document provides general guidance only. It does not constitute legal or other professional advice and should not be relied on as a statement of the law. As this is only a guide, it may contain generalisations. We encourage participants to obtain their own professional advice to ensure they understand their obligations under the Digital ID framework.

Have your say

Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:

Request new guidance or changes to existing guidance through the UX guidance Consultation process
Request new Standards or changes to existing Standards through the Standards Maintenance process
Log a ticket for any questions about the rules, standards, or guidelines through the Digital ID Support Portal
Email your feedback to cx@dsb.gov.au