Last updated February 2024
|Organisations that have achieved accreditation under the Trusted Digital Identity Framework
An electronic document, signed by the Certification Authority which:
|Certificate Policy (CP)
|A named set of rules applying to, and providing policy and operational guidance on the deployment and use of a Certificate issued by a Certification Authority (CA).
|Storage location for certificates on a computer or device.
|Certification Authority (CA)
|An entity that issues and digitally signs certificates using the entities private key.
|Certification Practice Statement (CPS)
|A statement of the practices that a Certification Authority (CA) employs in managing the digital Certificates it issues (this includes the practices that a Registration Authority employs in conducting registration activities on behalf of that Certification Authority). These statements will describe the PKI certification framework, mechanisms supporting the application, insurance, acceptance, usage, suspension/revocation and expiration of digital Certificates signed by the CA, and the CA’s legal obligations, limitations and miscellaneous provisions.
|Public Key Infrastructure (PKI)
|The combination of hardware, software, people, policies and procedures needed to create, manage, store and distribute Keys and digital Certificates based on public Key cryptography.
How these terms and conditions apply
The myGovID Privacy Notice explains how we manage the personal information we collect.
These terms and conditions relate to how we use the myGovID system.
myGovID is a digital service administered by the Australian Taxation Office (ATO) as part of the Australian Government's Digital ID System.
When you use this service, we make it available to you on the conditions of use current as at that time. These terms and conditions may change over time. Those current at a given time are those then published on this page.
Your use of the service must be consistent with the Trusted Digital Identity Framework (TDIF). For more information on the TDIF see Digital ID system.
You are responsible for the security and use of your myGovID account and the device on which it is stored. You must comply with all security requirements and instructions provided by the ATO about your use of the myGovID system.
- not use your myGovID credential for any unlawful or improper purpose
- not disclose your myGovID passwords to any other person
- provide information that is true, accurate, current and complete to create your myGovID account and verify your identity
- always close your myGovID browser sessions and lock your device when not in use
- notify the ATO myGovID Help Desk if you believe the security of your myGovID account or myGovID credential has been compromised.
- Subscriber Agreement for the myGovID Public Key Infrastructure (PKI)
- myGovID Certification Practice Statement (CPS)
- myGovID Certificate Policy – User (CP).
The Glossary has more information about some terms used in this document.
The myGovID system includes each of the myGovID service, the myGovID credential and the myGovID software.
To use the myGovID system, you must:
- provide information that is true, accurate, current and complete to create your myGovID account and verify your identity – this includes personal information contained in a Commonwealth or state issued identity documents
- not use the myGovID system to use or create a false identity, impersonate any person or otherwise misrepresent your identity.
To the extent permitted by law, the ATO:
- provides each of those elements of the myGovID system ‘as is’ and without charge.
- gives no express or implied warranties or makes any representation (and to the full extent permitted by law excludes all statutory warranties) for each of those elements (including its availability, security, performance or fitness for a particular purpose).
- will not be liable for any loss or damage (including special, indirect or consequential) arising from or in connection with any of those elements of the myGovID system or its or their availability, use or performance either directly or through a third-party provider.
To the extent that the ATO's liability for the myGovID system (or any part of it) cannot be excluded, it is limited to the resupply of the relevant goods or services, or the cost of such resupply, at the ATO's option, or otherwise limited to the minimum amount permitted by law.
The ATO makes the myGovID app and software (Software) available to you to use, in unaltered form, solely for use with the myGovID system.
You may not:
- decompile, reverse engineer, disassemble or attempt to derive the source code for the Software
- create derivative works based the Software or modify it in any way
- distribute copies of the Software or versions of it.
You must not access the myGovID software other than through:
- the Apple App Store
- Google Play Store or
- other means approved by the ATO.
The ATO makes no guarantee that the myGovID software will function outside supported platforms.
You should ensure that the software does not interfere with your systems or devices.
You must ensure your use of the software complies with all applicable conditions of use, including third party software licensing conditions of use, relevant laws, including local laws in any relevant foreign country if you use the software outside Australia. Those laws may impact your eligibility to get or use a copy of the software.
myGovID software uses third party software under licence. Annexure A – Third Party Licences and Software contains a full listing of myGovID third party licences and software.
You can email us for information about our Software at firstname.lastname@example.org.
You can access and use your myGovID account through the myGovID service. While the ATO will use reasonable efforts to rectify any issues with the myGovID service that it is aware of:
- the ATO makes no guarantees that the myGovID service, and your access to it (and your myGovID account), will be continuously available, uninterrupted, and fault or error free.
- your access to the myGovID service (and your myGovID account) is also contingent on telecommunication services and other factors beyond the ATO’s control.
- the ATO may suspend or terminate access to the myGovID service through some or all products or to some or all users at any time.
You should take appropriate and adequate precautions to ensure that the information obtained from the myGovID service is free of viruses or other contamination that may interfere with or damage your systems, devices or data.
Your myGovID credential is a digital Certificate associated with your myGovID account and is returned by the myGovID service to the application storage on the device you use for your myGovID account.
You are responsible for all transactions and communications carried out using your myGovID credential, and for the security and use of your myGovID account, your myGovID credential and the device on which it is stored or device used to authenticate.
- not use your myGovID credential for any unlawful or improper purpose other than to establish, verify or authenticate your identity when accessing online services of participating agencies.
- not disclose the passwords for your myGovID account or myGovID credential to any other person.
- not store your myGovID credential in a certificate store to which any other person has access, or otherwise allow, grant, permit or enable any other person to use your myGovID credential.
- close your myGovID browser sessions and lock or secure your computer or device when not in use or unattended.
- not undertake any screen capture, sharing or like activities that might compromise the security of your myGovID account or myGovID credential.
- notify the ATO myGovID Help Desk on 1300 287 539 (select option 2, then option 2) as soon as you suspect or become aware that the security of your myGovID account or myGovID credential has been compromised. This can include if your identity documents have been disclosed without your consent or authorisation, for example as the result of a data breach incident or theft, or there is a device or record you don’t recognise in your myGovID setup history.
myGovID will collect, use, store and share your personal and sensitive information as detailed in the myGovID Privacy Notice. The ATO will disclose your personal and sensitive information or myGovID credentials to third parties if you have provided your consent to do so, or if authorised or required by law. We may use or disclose your information to analyse, detect, manage and investigate fraudulent activity or for another purpose allowable under the TDIF.
You acknowledge that the ATO may suspend, cancel or revoke your myGovID credential when it is permitted or required as described in the CPS. If you no longer wish to use the myGovID system, you may uninstall the app from all devices. If you choose to uninstall myGovID, we will manage your personal information under the Archives Act 1983.
Any disputes between you and any third-party provider, including another Accredited Participant of the Digital ID System, must be resolved between you and that party.
The ATO is not responsible for any fees charged by other Accredited Participants or third-party providers. You are responsible for ensuring the installation and use of the myGovID system does not cause you to exceed any data usage quotas or other limitations which may apply to your internet service, device or other third-party provider.