Skip to content
News update

Linking Director IDs to the Companies Register

Treasury’s proposals for changes to the ASIC Companies Register could affect how directors’ and officers’ personal information is handled.

Smart ID card form lines, triangles and particle style design.

Ensuring the integrity and accessibility of information on the registers is crucial for maintaining trust, supporting efficient markets, and enabling effective regulatory oversight. For this reason, the Governance Institute has been actively involved in the ASIC registry project since it began. We are fully supportive of the project, and our members report that some of the recent improvements to ASIC’s business registers are beginning to make company administration less burdensome.

We have, however, consistently raised concerns about the continued public availability of directors’ and officers’ personal information. Currently, for a small fee, anyone can access information such as home addresses, dates of birth, and full names of a director or officer of a company registered under the Corporations Act. This can create serious risks, including privacy breaches, identity theft, cybercrime, and even personal safety concerns. These risks have become magnified over time, particularly following recent events.

The Companies Register project

On 12 December 2025, Treasury kicked off a consultation on plans to upgrade the Companies Register.

One big change on the table is linking Director IDs – unique numbers issued by the Australian Business Register and maintained by the ATO – to the ASIC Register from 1 July 2027. Treasury believes that this will boost transparency, make it easier to track directors across different companies, and help stop illegal phoenixing and identity fraud.

Availability of personal information

Once Director IDs are linked to the Companies Register, Treasury plans to remove directors’ dates of birth from the Register. However, this change will not take place for some time.
According to the Background Paper, the only personal details shown would be a Director ID and a service address (or residential address if no service address is provided). But here’s the catch – this is just a proposal for now and isn’t in the legislation yet.

Preferred approach

Governance Institute’s long-stated preference is for directors’ and officers’ home addresses not to appear on the register and to be replaced by a service address for all Australian companies. This change should be made as a matter of urgency, and this approach has already been adopted in other jurisdictions. ASIC should still collect residential addresses which would be available to regulators and those authorised by ASIC to access this information. There should still be the ability for appropriate advisers such as insolvency practitioners and other professionals to apply to ASIC to obtain access to a residential address for a legitimate purpose.

Given that Director IDs will be linked to companies’ records there would still be a unique identifier for each director meaning that the policy objectives of transparency and minimising opportunities for phoenixing are still addressed. Our suggested approach not only has the benefit of simplicity it also reduces the potential compliance burden on individuals, not all of whom have access to resources and advice.

Privileged access group

Treasury also proposes different levels of access to personal information. The general public will only be able to view limited details on the Register, and they’ll need to complete a simple authentication step, like providing an email address or a security key.

However, there’s a proposed group called ‘special use access’ users who could see much more personal information. Who’s in this group? That’s still being decided. Regulators, insolvency practitioners, financial institutions, journalists, victim representatives, and litigants are all under consideration.

Director IDs and penalties

Under the proposals, from 1 July 2027 companies will need to provide ASIC with Director ID details whenever they update a director’s information or complete their annual review. In other words, all companies must supply Director ID details by 30 June 2028.

There’s also a new offence coming for companies that don’t provide Director ID information when appointing a new director or updating details. This will sit alongside existing offences like failing to apply for a Director ID, applying for multiple IDs, or misrepresenting one. The proposals also include strict liability offences (which may be directly enforced against the company secretary).

Anyone who doesn’t apply for a Director ID could be disqualified from managing companies altogether.

Next steps

The Registry Project has a few design challenges to solve before it can meet its goals and improve the current system. Some of the key issues include making sure directors who sit on multiple boards don’t have to send or receive multiple notifications under the new system, ensuring the rules work smoothly when directors appoint agents and creating provisions for directors who live outside Australia and don’t have a Director ID. Governance Institute will make a submission to the Treasury consultation and will continue to engage with key stakeholders.

The generation that will shape AI is also the most worried about it

Next article