Data reporting – frequently asked questions

Skip to:

General questions

Why must certifying authorities report data about building certification?

The data reporting requirements for certifying authorities will provide the NSW Government with centralised, real-time information about development.

Benefits of this include:

  • more targeted and effective, evidence-based regulation
  • safer and more compliant buildings, enabled by data-sharing with local councils to increase their ability to monitor developments in their area and take action if a development breaches legislative requirements
  • increased community confidence in the certification system and the professionalism of certifiers
  • better dissemination of data across government, leading to smarter service delivery. Currently, development data reported by councils to the Australian Bureau of Statistics is inaccessible by the NSW Government.
What data needs to be reported?

The Building Professionals (Provision of Information) Order 2018 sets the required data fields.

You can also download a summary of the required data fields.

How will certification data be used?

The data is being used to:

  • streamline regulation where appropriate
  • improve the evidence base for more effective regulation
  • assist councils in monitoring development in their local area.

Note: the data is not publicly available (see ‘Who will access the data and how is my privacy protected?’ below).

How does reporting of certification data relate to the Planning Portal?

The reporting of certification data and the NSW Planning Portal complements each other.

Certification data reporting covers certificates issued, critical stage inspections and important details such as performance solutions which are not captured in the Planning Portal.

Both systems gather some basic data needed to verify the location, dates and responsible parties for a development. 

Information for councils and certifiers

Which categories of certifiers must report data?

Only category A1, A2 and A3 certifiers must report data, and only when appointed as principal certifying authority (PCA). All other certifiers do not need to report data, but must still meet their existing legislated recordkeeping requirements, which have not changed.

Certifiers with multiple categories of accreditation including A1-A3 only need to report work done under their A1-A3 accreditation, and only when appointed as PCA.

Local councils and accredited bodies corporate must also report data for their PCA work.

Example: if you are an A2 certifier who carries out a critical stage inspection on behalf of the PCA of a development, you do not have to report data for that inspection.

What should I do now?

Three data reporting options are available, and most certifiers and councils are already reporting.

Certifying authorities should already have decided on their reporting option and can start reporting whenever they’re ready.

Updates for certifiers will be sent to the address in the online certifier register, so keep your contact details up to date and subscribe to our e-news for updates.

When did data reporting become mandatory?

Reporting was mandatory from 1 July 2018.

What works do NOT need to be reported?

Data do not need to be reported for:

  • swimming pools
  • demolition, when there is no building work (i.e. the development only involves demolition)
  • subdivision, when there is no building work
  • Crown building work
  • mining development.

Certifiers’ existing recordkeeping requirements for all their certification work still apply.

Do I have to report projects that pre-date 1 July 2018?

No. Mandatory data reporting requirements only apply to building work that commenced on or after 1 July 2018. Pre-existing PCA appointments do not have to be reported. However, if you start reporting data before 1 July, you must continue to report data for those projects.

How much does it cost?

The CertAbility web app is free to use.

API and SFTP users should consult their IT support/service provider to implement any necessary software and/or hardware changes. Costs will vary depending on the nature of the changes. It is free to access the Government's API and SFTP channels.

Which reporting option should I choose?

There are three reporting options, each designed for a different type of certification practice.

Find out which option will suit your certification practice.

Can I change my reporting option?

Yes, but keep in mind:

  • it may incur a cost (e.g. to install or modify software, or retrain staff)
  • existing certification projects must be finished using the same reporting option that each was started with.

It’s recommended to choose the reporting option that best meets your needs from the start.

You cannot change options midway for an individual project (but see below about transferring work). For example, if you use CertAbility to report a critical stage inspection, you can’t use the API to report the next inspection for that development.

How to transfer your works to a new reporting option

First, contact the Board asking to have all your building works transferred.

If works are not transferred properly, it may create a duplicate record if you submit data for an existing work using a different reporting method. Duplicate records will impact the accuracy of the database. For regulatory decision making, it is important to have data as accurate as possible.

Can I use more than one reporting option?

Yes, but you may only use one reporting option for each individual development. If you submit data for a building via a particular option (e.g. API), you must continue with this option until the work is complete (i.e. a final occupation certificate is issued).

You may however change options as your business needs change (see previous question).

Each reporting option suits a different business model, so it’s unlikely you’ll want or need to use more than one option at the same time. Find out how to choose the right data reporting option for you.

Can office staff report data on a certifier’s behalf?

Yes. A non-accredited person, such as a certifier’s colleague or spouse, can enter data on behalf of a certifier.

The PCA is responsible for data reporting done on his/her behalf.

Note: Administrative staff can create an 'other'-type CertAbility account without first seeking the Board's approval. They should not use the PCA's account.

Which software providers have updated their software to enable data reporting?

The listed products are the only products verified by the NSW Government as meeting requirements.

Please contact your software provider or IT support for more information.

Who can access the data and how is my privacy protected?

Access to the data is restricted by section 82A of the Building Professionals Act 2005, which lists relevant agencies and purposes for data-sharing.

The Minister has authority to enter into data-sharing arrangements with local councils. Councils already receive and hold records from private certifiers, so data-sharing arrangements will not compromise a certifier’s privacy or that of their clients. Councils will only receive data that is relevant to their local government area.

Giving a council real-time updates as developments progress will help the council take more effective enforcement action if required. This benefits certifiers and the broader community.

How often do I need to report data?

PCAs must provide data at each reporting stage within 2 days of the event (such as completing an inspection). The first time data must be reported for an individual development is no later than 2 days before building work commences.

CertAbility and API data transfers instantly to our database. Users should report data as soon as practicable after each certificate or notice is issued and each inspection completed.

SFTP processing occurs every day, including public holidays at approximately 7pm. This is an 'insert new and update' process. You don't need to send every record all the time, just new items and amendments.

Does the data reporting replace other recordkeeping requirements for certifying authorities?

Not at present, though the Government intends, over time, to streamline reporting requirements for councils and certifiers, where possible without compromising building safety or compliance.

Are there penalties for not reporting data?

Legislation has always required certifiers to keep certain records and forward certain information and documents to local councils. This has not changed.

Reporting was mandatory from 1 July 2018. Certifying authorities who fail to meet their reporting requirements may be subject to investigation and disciplinary action.

The maximum penalty for failing to report is a $5,500 fine and/or a penalty infringement notice of $1,500 for individuals ($3,000 for corporations).

What if no final OC is issued?

The record for that building work will remain open in our database if no final occupation certificate (OC) is issued. There is no penalty for having an ‘open’ record.

This important information will show how many developments, and which types of development, are not finalised.

What if the PCA changes?

The outgoing PCA will report all certification work on the development that is carried out up to the date of the change of PCA. The new PCA will then commence reporting for the development after the change of PCA date.

Depending on the reporting method used, the new PCA may or may not need to re-enter data for certification work by the previous PCA.

  • If both PCAs use CertAbility, the outgoing PCA can use the app’s ‘transfer work’ function to transfer the building work to the new PCA. The new PCA can then accept the work within the app and will not need to re-enter data.
  • If the outgoing PCA uses CertAbility, and the new PCA uses the API or SFTP, the outgoing PCA can generate an export file (csv format) from the app and send it to the new PCA. Although the new PCA will need to re-enter the data, the file will provide a reference point.
  • If the outgoing PCA uses the API or SFTP, and the new PCA uses CertAbility, the new PCA will need to re-enter data for work by the previous PCA.
How do I report a staged DA?

Simply report each construction certificate (CC) as an additional CC for that DA. All three data reporting channels allow multiple CCs to be recorded for a DA.

Questions about the API and SFTP

This section contains information that relates only to the API and SFTP. Other sections of this page have information that applies to all three reporting options.

How do I access the API or SFTP specifications?

Visit the data reporting options page for technical specifications and instructions.


  • These are technical documents. If you do not have expertise in software development, forward the documents without alteration to your software provider.
  • The SFTP document is not a template to fill out. It is an explanation of how to create a set of txt files that are zipped and sent via SFTP.
Some data fields in the specifications are marked ‘required’. Are the rest optional?

No, all data is required. PCAs are expected to have completed all data fields* by the time a final OC is issued.

‘Required’ only means ‘required’ in a technical sense – the minimum data required for the uploaded file to be accepted by our database. Some data fields (e.g. final inspection date) can only be known late in the process, so can’t be required at the start.

*Our database can use the address data to automatically populate the latitude and longitude fields, but complete these fields if you can.

How do I access the test and production databases?

When you’re ready to test your updated software or system, email requesting access to the test database.

Once you have submitted data without error to the test database, you will be given access to send data to the production database (i.e. the ‘real’ database).

Do I have to send all records with each data transfer?

No, you only need to send amendments and updates. However, you may send all data for all developments if you prefer.

For the SFTP, is it one zip file per building work or one overall?

Upload one zip file in total for all building works. The zip file must contain 13 txt files. Each txt file can have data about multiple building works.

Questions about the CertAbility web app

This section contains information that relates only to the app. Other sections of this page have information that applies to all three reporting options.

Can I use my CertAbility mobile app account for the web app?
Do I need to transfer my CertAbility mobile app data to the web app?

No. Your data is already there.

How do I register a new account?
  1. Email with your full name to be added to our approved users list.
  2. Wait two business days, then register your account and log in (the approval process takes about one business day).

Administrative staff don’t need the Board’s approval to register an 'other'-type account.

How do I use CertAbility?

Download the CertAbility user guide.

Note: IT support for the 'mobile-only' CertAbility app is being scaled back to support the new web-based app.

Can I use CertAbility on a desktop PC, mobile, laptop and tablet?

Yes. Use any computer or mobile device to access CertAbility.

How can an accredited body corporate (company) use CertAbility?

The accredited company will have its own CertAbility account. Use the company account for projects where the company is the PCA.

A1-A3 certifiers who work for the company may also have their own account to use if they are individually appointed as PCA.

Questions for councils

Do the certification data reporting requirements replace the need to report to other agencies?

Not at present. In time, the Government intends to streamline council reporting requirements, to reduce red tape and improve building safety and compliance.

Do councils have to report certificates lodged with the council by a private certifier PCA?

No. As PCA, the certifier is responsible for reporting it.

Are building information certificates reported on?

No, building information certificates issued by a council do not need to be reported.