Director IDs, deregistration and digital-first registers: unpacking changes to the Director Identification Number Regime
Changes to the Director Identification Number Regime affect how you appoint and report directors, how you lodge information with ASIC – and what happens if you get it wrong.
On 30 June 2026, the Treasury Laws Amendment (Business Registries Stabilisation and Uplift) Bill 2026 passed both Houses of Parliament, ushering in a significant package of reforms to Australia's business registry framework.
The Bill amends the Corporations Act 2001 and related legislation to enhance the Director Identification Number (DIN) regime, strengthen ASIC's powers to administer business registers and stabilise the broader registry architecture following the cessation of the Modernising Business Registers (MBR) program.
For companies, directors and their advisers, the reforms demand immediate attention. The changes affect how directors are appointed and reported, how information is lodged with ASIC, and the consequences of getting it wrong.
What is in the Treasury Laws Amendment (Business Registries Stabilisation and Uplift Bill
The Bill is structured across three Schedules, each addressing a distinct limb of the reform.
Schedule 1: Enhancing DIN requirements
The DIN regime has operated since November 2021 as part of reforms to strengthen corporate transparency and combat unlawful activity such as illegal phoenixing behaviour.
Until now, DINs have existed somewhat in isolation from ASIC's registers. However, from 1 July 2027, DINs will be fully integrated into ASIC's Companies Register, becoming a functional prerequisite to completing director appointments and associated reporting.
The key changes are:
Mandatory reporting of DINs to ASIC. From 1 July 2027, companies and registrable bodies will be required to provide DINs to ASIC as part of standard corporate registration and reporting, including applications to register a company, notification of director appointments and cessations, changes to personal details and annual reporting.
Directors must provide their DIN to the company. From 1 July 2027, directors will be required to give their DIN to the company within seven days of appointment. A limited grace period will apply where a director does not yet hold a DIN: the director has seven days from receipt of the number and the company will have 14 days from that point, to lodge with ASIC.
New disqualification power. From 1 July 2026, ASIC will be empowered to disqualify a person from managing corporations for up to three years if they fail to apply for a DIN when directed by the Registrar. ASIC will use this power where a director has wilfully refused to apply for a DIN or has applied in a manner calculated to result in refusal.
Consolidated enforcement. From 1 July 2026, the Bill repeals the Registrar's infringement notice powers, confirming ASIC as the sole enforcement agency for the DIN regime.
Registrar corrections power. From 1 July 2026, the Bill gives the Registrar express power to authenticate, verify, validate, store, correct, integrate or link information it holds, enabling DIN records to be kept accurate without imposing additional compliance burdens on directors.
Schedule 2: ASIC powers
Schedule 2 delivers a suite of enhanced powers to ensure ASIC can administer business registers effectively in a modern regulatory environment. The key changes include:
Deregistration for misleading information. From 1 July 2026, ASIC can deregister a company where it has reason to believe that information provided by or on behalf of the company is materially incomplete, misleading, false or deceptive. Deregistration decisions will be subject to merits review by the Administrative Review Tribunal.
Alternative address for service. Commencing on the earlier of Proclamation or 1 July 2027, the Bill removes the existing restrictions that limited who could use an alternative address on the register. Now, any officer of a company may nominate an alternative Australian address for service, provided they still supply their usual residential address to both the company and ASIC for regulatory purposes. This enhances personal privacy and reduces the risk of misuse of personal data.
Electronic address. From 1 July 2027, companies will be required to provide ASIC with an electronic address (such as an email) in addition to a physical address, enabling ASIC to communicate electronically and reduce reliance on postal correspondence. Directors and company secretaries must also provide an electronic address.
Flexible lodgement requirements. From 1 July 2026, ASIC gains discretion to approve the manner or format in which documents or information must be lodged with or given to it, supporting modern digital submission processes and reducing administrative burden.
Corrections power. From 1 July 2026, ASIC may correct any error in, or omission from, a register it administers, across the Corporations Act 2001, Business Names Registration Act 2011, National Consumer Credit Protection Act 2009 and Superannuation Industry (Supervision) Act 1993, without having to wait for a request from the affected entity or a Court order.
Public interest disclosure. From 1 July 2026, ASIC has discretion to publish or disclose information on its registers where it reasonably believes the benefits outweigh the risks and disclosure is in the public interest, having regard to prescribed factors including consumer protection, privacy, commercial sensitivity and the administration of justice.
Restricting access. From 1 July 2026, ASIC may restrict access to information on its registers on a class basis by legislative instrument, where the benefits of restriction outweigh the risks. This can include restricting outdated, irrelevant or privacy-sensitive information to certain classes of authenticated users.
Information sharing. From 1 July 2026, the Bill expressly authorises disclosure of protected registry information from the Registrar to ASIC for the purpose of ASIC performing its functions or powers.
Schedule 3: Stabilising business registers
Schedule 3 gives effect to the decision to unwind the MBR program. It repeals the majority of MBR amendments before their scheduled commencement on 1 July 2026, and reverses a small number that had already commenced. The result is that ASIC remains responsible for the registries it administered prior to the MBR legislation, the pre-MBR framework continues to apply, and ASIC is named in primary law as the responsible administering entity. The Commonwealth Registers Act 2020 remains in force and the Registrar framework continues to be used for DIN.
What this means for companies
The Bill has direct implications for corporate governance, compliance planning and operational processes, including the following:
Director onboarding to become a gating requirement. The compressed timeframes – seven days for a director to provide their DIN, 14 days thereafter for the company to lodge – mean that DIN verification is not a background administrative task. For many organisations, particularly large corporate groups – and cross-border appointments where identity verification for foreign directors may delay issuance – the DIN will need to be obtained prior to or immediately following appointment. Boards and company secretaries should review appointment processes now to ensure they accommodate the new timing requirements before 1 July 2027.
Heightened enforcement risk. The shift to more active enforcement is real. ASIC's new power to disqualify a person from managing corporations for up to three years if they fail to apply for a DIN when directed, combined with its consolidated role as an enforcement agency, signals that failures previously treated as procedural are more likely to attract regulatory attention and sanction.
Review lodgement and communication processes. Companies will need to provide electronic addresses to ASIC and prepare for ASIC's digital-first communication approach. Failure to update an electronic address within 28 days is a strict liability offence with a maximum penalty of 60 penalty units. Internal governance processes should be updated to capture and maintain current electronic contact details for organisations.
Data integrity and privacy trade-offs. The Bill's reforms to disclosure and access create a more nuanced registry environment. While the alternative address provisions enhance personal privacy, the tiered access model may constrain the information available to parties conducting due diligence, credit assessment or enforcement.
Deregistration risk for misleading information. Companies with incomplete, outdated or potentially inaccurate information on the ASIC register face a new risk: ASIC can now deregister a company on that basis alone, regardless of whether it has otherwise complied with administrative requirements. This creates a clear incentive to audit and correct registry information proactively.
Transitional arrangements for existing directors. For current directors whose DIN information has not been lodged with ASIC, the company must lodge notice of the DIN with ASIC before the end of the two-week period following the company's next review date, or the end of the 28-day period following the next change in the person's personal details (whichever is the earlier). Failure to do so is an offence punishable by a maximum fine of 120 penalty units.
Get in touch