Director IDs four years on: Purpose, progress, and what’s next for company directors in Australia

Since November 2021, all company directors in Australia have been required to apply for and hold a Director Identification Number (Director ID). The reform, part of the Australian Government’s Modernising Business Registers (MBR) program, was a key step towards improving transparency in corporate governance, curbing illegal phoenix activity, and creating a more secure environment for business and regulatory oversight.

Now four years on, the regime has largely transitioned from implementation to enforcement, with the Australian Business Registry Services (ABRS) and Australian Securities and Investments Commission (ASIC) continuing to educate, monitor and enforce compliance.

What is the Director ID?

The Director Identification Number is a unique 15-digit identifier that company directors must apply for and retain for life. It is issued by the ABRS and remains with the individual even if they:

• change companies,

• move interstate or overseas,

• cease to be a director,

• change their name.

The Director ID is required for all directors of:

• Companies registered under the Corporations Act 2001 (Cth), and

• Aboriginal and Torres Strait Islander corporations under the Corporations (Aboriginal and Torres Strait Islander) Act 2006 (Cth).

The deadline for applying for a Director ID varied depending on the date of appointment, but as of 30 November 2022, all directors were expected to have complied.

Why Was the Director ID Introduced?

The Director ID is one of several reforms targeting corporate fraud and phoenix activity, where directors strip company assets and transfer them to another company, leaving debts unpaid. It also responds to calls for stronger identity verification within corporate structures.

The main objectives of the regime include:

• Preventing fraudulent director identities, such as the use of false or stolen identities;

• Improving data integrity across ASIC and ATO systems by enabling traceability of directors across companies;

• Detecting and deterring phoenix activity by holding directors accountable for their company history;

• Supporting regulators to better track the relationships between individuals and entities over time.

These goals are consistent with a broader international trend toward increased corporate transparency, as seen in jurisdictions such as the UK, EU, and the US.

How Has the Requirement Been Received?

The general response from the business and legal community has been mixed but ultimately compliant.

Positive Reception:

• Legal and accounting professionals generally welcomed the reform as a long overdue mechanism to strengthen corporate responsibility.

• Regulators saw it as a vital tool to close loopholes in ASIC’s registry systems, which historically did not adequately verify the identity of company directors.

• Larger businesses and listed entities reported minimal disruption, as they already maintained rigorous governance standards.

Concerns and Criticism:

• Small businesses and sole director companies, particularly in rural or non-English speaking communities, found the process confusing or inaccessible, particularly where digital literacy was limited.

• There was initial pushback around the requirement to apply personally, with no option for a lawyer or accountant to complete the process on behalf of the director (unless acting as an authorised agent with myGovID).

• The reliance on myGovID caused friction, especially among older directors unused to digital identity platforms.

Despite this, ABRS reported a strong uptake, with over 2.5 million directors having applied by the end of 2022. As at 2025, the ABRS has not published updated data on compliance, but anecdotal evidence suggests that non-compliance persists, particularly among dormant or shelf companies.

Enforcement and Penalties

Failure to apply for a Director ID is a criminal offence under s1272C of the Corporations Act 2001, and directors may face:

• Criminal penalties of up to $13,320 (60 penalty units), and/or

• Civil penalties of up to $1.11 million (5,000 penalty units).

To date, the ABRS has focused on education and awareness, rather than prosecution. However, in late 2024, ASIC confirmed that enforcement action may begin against repeat or wilfully non-compliant directors, particularly those involved in illegal phoenixing.

While no major public prosecutions have been reported yet, directors who continue to operate without an ID are now firmly on notice.

Has the Director ID Been Effective?

The effectiveness of the Director ID scheme is best viewed in light of its long-term aims. While it’s early to quantify its impact on phoenix activity, there are several clear benefits already emerging:

1. Improved Data Accuracy

The ABRS and ASIC now maintain more reliable records of company officers, helping with enforcement of disqualification orders and regulatory action.

2. Better Cross-Government Tracking

The Director ID enables linkages across government agencies, including the ATO, Fair Work Ombudsman and AUSTRAC, allowing earlier detection of patterns suggesting phoenixing or misconduct.

3. Enhanced Due Diligence

Professionals conducting corporate due diligence or background checks are better positioned to verify a director’s history.

That said, critics argue that unless paired with more proactive enforcement and improvements in other registry areas, the Director ID regime will have limited deterrence value on its own.

Hiccups and Headaches

No reform of this size is without implementation issues. Key pain points included:

1. Digital Access Barriers

Many directors encountered issues navigating myGovID, which is distinct from the myGov account used for services like Medicare or Centrelink. Some struggled with identity verification due to changes of name or lack of supporting documents.

2. Confusion Around Deadlines

There was widespread confusion in 2022 about who needed to apply and by when. Last-minute extensions and inconsistent messaging from government channels caused anxiety among company directors and advisers.

3. Dormant or Legacy Companies

Numerous legacy companies with inactive directors or those living overseas created compliance gaps. The ABRS continues to engage with directors residing outside Australia, but enforcement in these cases remains complex.

4. Lack of Proxy Application Mechanism

The requirement that each director apply personally – even where advisors are engaged – remains a source of friction. For older or non-tech-savvy directors, this has led to delays and frustration.

Are New Requirements for Directors Coming?

The Director ID is part of a broader regulatory push to modernise corporate oversight in Australia. While no major new director identification requirements have been legislated since 2021, there are several developments on the horizon:

1. Beneficial Ownership Transparency

The Federal Government has signalled a move toward greater beneficial ownership disclosure, requiring companies to maintain accurate registers of individuals who ultimately control them. A public registry of beneficial ownership may follow.

2. Modern Slavery and ESG Compliance

Directors, particularly of medium-to-large companies, face increasing expectations to oversee compliance with modern slavery laws, environmental obligations, and corporate social responsibility reporting.

3. Cybersecurity Governance

In light of major data breaches across Australia, the role of directors in overseeing data security is under scrutiny. ASIC has issued guidance warning that directors may be in breach of duties if they fail to implement adequate cyber governance frameworks.

4. Increased Penalties for Breaches

ASIC continues to seek stronger penalties and broader powers, especially in the context of director duties and misleading conduct under the Corporations Act.

What Company Directors Should Do Now

With the Director ID now firmly embedded in the corporate landscape, all directors should:

• Ensure their ID is valid and stored securely;

• Update ASIC records if personal details change;

• Monitor future regulatory developments impacting directors’ responsibilities;

• Regularly review governance processes, especially in areas of ESG, cybersecurity, and recordkeeping;

• Seek legal or accounting advice if unsure about compliance, particularly for complex or cross-border structures.

Conclusion

The introduction of the Director ID in 2021 represented a significant step toward strengthening corporate transparency and tackling unlawful conduct such as phoenixing. While initial challenges – particularly around digital access – created hurdles, most directors have now adapted to the requirement.

As with many regulatory tools, the true impact of the Director ID will depend on ongoing enforcement, public education, and complementary reforms. Directors should treat the Director ID not as a one-off compliance task, but as part of a broader responsibility to maintain ethical and lawful corporate governance.