NAV Navbar
CDR Data Standards

V1.35.0 Release Notes

Release notes for version 1.35.0 of the CDR Data Standards.

Changes Made

Change Requests

This release addresses the following minor defects raised on Standards Staging:

This release addresses the following change requests raised on Standards Maintenance:

Decisions

This release addresses the following Decisions published on Standards:

Errata

The following corrections have been made to the changes resulting from Decision 367:

Standard Section Decision text Corrected text
Future Dated Obligations Get Transactions for Account v3
  • Data Holders MUST implement v3 of this endpoint by November 9th 2026
  • Data Holders MAY retire v2 of this endpoint from December 7th 2026
Get Transactions for Account v2
  • Data Holders MUST implement v2 of this endpoint by November 9th 2026
  • Data Holders MAY retire v1 of this endpoint from December 7th 2026
Future Dated Obligations Get Transaction Detail v4
  • Data Holders MUST implement v4 of this endpoint by November 9th 2026
  • Data Holders MAY retire v3 of this endpoint from December 7th 2026
Get Transaction Detail v3
  • Data Holders MUST implement v3 of this endpoint by November 9th 2026
  • Data Holders MAY retire v2 of this endpoint from December 7th 2026


The following corrections have been made to the changes resulting from Decision 369:

Standard Section Decision text Corrected text
Baseline Credential Requirements MUST ONLY support authenticator types as permitted by the Levels of Assurance (LoA) requirements defined by [TDIF] unless otherwise excluded by the Restricted Credentials requirements. MUST ONLY support authenticator types as permitted by the Levels of Assurance (LoA) requirements defined by [DigitalID-Accreditation] unless otherwise excluded by the Restricted Credentials requirements.
Authorisation Standards Authentication: Add or Switch Profiles Authorisation: Add or Switch Profiles
Redirect to App: Data Holders Redirect to App: Data Holders Data Holders
Redirect to App: Data Recipients Redirect to App: Data Recipients Data Recipients
Authentication Flows: Redirect to App No heading Add headings Data Holders and Data Recipients
Baseline Credential Requirements MUST ONLY support authenticator types as permitted by the Levels of Assurance (LoA) requirements defined by [DigitalID-Accreditation] unless otherwise excluded by the Restricted Credentials requirements. MUST ONLY support authenticator types as permitted by the Authentication levels (AL) requirements defined in [DigitalID-Accreditation] unless otherwise excluded by the Restricted Credentials requirements.

General Changes

Change Description Link
Authentication Schedule Decision #369: Added new section "Authentication Schedule" with following sub-sections:
  • Redirect to App
  • Decoupled Authentication
  • Fallback Authentication Flows
Authentication Schedule
Branding and minor UI updates Standards Staging #476: Applied updated DSB branding/colour palette, replaced references to 'Consumer Data Standards' and 'CDR standards' with 'CDR Data Standards', UI updates for Version Delta scrolling, updated process for adding the 'archived version' message to historical versions, CSS adjustments to avoid horizontal scrollbars in schema tables. N/A
Known Issues Standards Staging #476: Added a Known Issues item for a pending change to the Certificate Management section and a Future improvements item for Metadata Update endpoint inconsistency. Known Issues
Remove deprecated Register scope detail Standards Maintenance #671: Updated Admin & Registration scope table and Non-Normative Examples for the Register token and openid-configuration endpoints to replace placeholders and deprecated details with current values. Admin & Registration
Security Profile
Holistic Feedback Standards Maintenance #683: Documentation and schema clarifications detailed in Maintenance issue #683 and noted in the Version Delta comments. N/A

Introduction

Change Description Link
March 2025 Rules including NBL and BNPL Decision #367: Changes related to the March 2025 Rules, including the introduction of the NBL sector and BNPL products. Future Dated Obligations
FDO for Redirect to App changes Decision #369: Added FDOs for Redirect to App related changes. Future Dated Obligations
Normative References update Decision #369: Updated Normative References with following:
  • Replaced TDIF with DigitalID-Accreditation.
  • Added reference to RFC8252: OAuth 2.0 for Native Apps.
Normative References
Amend Decision 338 FDOs Decision #370: Amendment of Banking Decision 338 Obligation Dates. Future Dated Obligations
Retirement date for Get Transaction Detail v1 Standards Maintenance #681: Specified retirement date for Banking Get Transaction Detail v1 as 10th November 2025. Future Dated Obligations

High Level Standards

Change Description Link
Added Definitions section Decision #367: Added Definitions section to address usage of Banking and Non-Bank Lending language. Definitions

API Endpoints

Change Description Link
Added BNPL detail Decision #367: Updated affected Banking endpoints to accommodate BNPL products and features, and added '400 - Missing Required Header' error response. Banking APIs
Corrected Energy transaction field requirements Standards Maintenance #677: Specified the demand and otherCharges fields in EnergyBillingTransactionV3 as conditional, to match their descriptions. Energy APIs

Information Security Profile

Change Description Link
Overview update Decision #369: Removed "TDIF" from Symbols and Abbreviated terms list. Overview
Authentication Flows changes Decision #369:
  • Moved credential requirements from Baseline Security Provisions: Data Holders section to new Credential Requirements section.
  • Added new section "Redirect to App"
Authentication Flows
LoAs changes Decision #369: Update LoA Single Ordinal section by amending LoA 2 and LoA 3 and adding LoA 4 Levels of Assurance (LoAs)
Credential Requirements Decision #369: Added new "Credential Requirements" section with the following sub-sections:
  • User Identifiers
  • Baseline Credential Requirements
  • One Time Password Credential Requirements
  • Restricted Credentials
Credential Requirements
Weaken JARM Encryption Requirements Standards Maintenance #650: Updated the condition for when a Data Holder may perform authorization response encryption. Authentication Flows

Register Standards

Change Description Link
Added NBL detail Decision #367: Updated Register endpoints to accommodate Non-Bank Lending. Register APIs

Consumer Experience

Change Description Link
Added NBL detail Decision #367: Updated CX language sections to refer to Non-Bank Lending. Data Language Standards: Common
Banking and Non-Bank Lending Language
Authentication Standards Decision #369: Added following new sections to "Authentication Standards":
  • Common Authentication Standards
  • Redirect to web with One Time Password (OTP)
  • Redirect to App
Authentication Standards
Authorisation Standards Decision #369: Added new authorisation standard "Authorisation: Add or Switch Profiles". Authorisation Standards

Non-Functional Requirements

Change Description Link
Added Get Instalments endpoints Decision #367: Specified performance requirements for new Get Instalments endpoints. Performance Requirements

Shared Responsibility

None

Additional Standards

Change Description Link
Removed Non-Bank Lending Candidate Decision #367: Removed the Non-Bank Lending Candidate as the standards have now been integrated. Additional Standards

Known Issues

Change Description Link
Removed Non-Bank Lending Known Issues item Decision #367: Removed Non-Bank Lending Known Issues item regarding prior updates to the NBL Candidate. Known Issues
Metadata Update Future improvement Standards Staging #476: Added a Future improvements item for the specification of the Metadata Update endpoint. Future improvements