Skip to main content

Search

Welcome to our Support Hub

🔐 Understanding "Evidence of Association" Under the Gatekeeper PKI Standard

  • Updated

As part of the Australian Government’s Gatekeeper Public Key Infrastructure (PKI) framework, organisations applying for digital certificates must complete a process called organisation identity proofing. This process helps confirm that:

  • The organisation is a legally recognised business entity, and

  • The individual requesting or authorising the certificate has a verifiable relationship with that entity.

A frequent question we receive is:
What constitutes valid "evidence of association" between an individual and the organisation?

This page outlines what’s required under the Gatekeeper standard, and how different types of businesses—including subsidiaries of multinational corporations—can meet these requirements.

✅ What Is "Evidence of Association"?

“Evidence of association” refers to the documentation that proves an individual has legal authority or binding connection to act on behalf of a business entity when applying for a digital certificate.

This is a mandatory requirement for identity proofing in the Gatekeeper framework.

📄 Accepted Evidence Types

The framework outlines two options to satisfy this requirement:

Option 1: ABR Notice with Public Officer

  • Provide an original or certified copy of a document issued by the Australian Business Register (ABR), showing:

    • The business entity’s legal name and ABN

    • The name of a Public Officer with authority (owner, senior officer, or employee with decision-making power)

  • This document is sufficient on its own if it meets both conditions.

  • Also required: Online verification of the ABN to the business name via the ABR.

Option 2: Alternative Legal or Regulatory Document

If the ABR notice isn't applicable or doesn't include the necessary personal link, you may submit a legal or regulatory document that:

  • Binds the Authoriser (individual) to the business entity

  • Examples include:

    • ASIC extract showing company directors

    • Board resolution appointing the individual

    • Letter of appointment or delegation of authority

    • Power of attorney or equivalent legal instrument

  • Also required: Online verification of the ABN to the business name via the ABR.

🏢 For Multinational and Corporate Groups

For global organisations (e.g., NASDAQ-listed companies with Australian subsidiaries), the traditional documentation (like a single ABR notice) may not be sufficient to demonstrate individual authorisation. In such cases:

You can use:

  • ASIC company extract listing directors or local authorised personnel

  • Letter of delegation from the parent or regional HQ confirming signing authority

  • Board resolution authorising local representation

  • Any legal document that clearly ties the individual to the entity with decision-making power

These documents fulfill Option 2 of the Gatekeeper requirements and are accepted under the framework for issuing certificates.

Related to