# Access Models
source: https://developer.mastercard.com/open-finance-au/documentation/access-and-config/access-models/index.md

Note: If you are unsure what access model is applicable to your organisation, please [contact support](https://developer.mastercard.com/open-finance-au/documentation/support/index.md#get-help).

## CDR Access Models {#cdr-access-models}

Under the Consumer Data Right (CDR) regulations, there are several access models that can facilitate access to consumer data. Each access model has different requirements and conditions which govern the way data can be collected and used.

When partnering with Mastercard Open Finance, one of three access models will be applicable to your organisation:

* **Outsourced Service Provider (OSP).** This model is applicable to organisations who have been accredited by the Australian Competition and Consumer Commission (ACCC) as [Accredited Data Recipients (ADRs)](https://www.oaic.gov.au/consumer-data-right/consumer-data-right-legislation,-regulation-and-definitions/consumer-data-right-participants#ADR). Under this model, your organisation is known as the ADR and Mastercard is acting as your [OSP](https://www.oaic.gov.au/consumer-data-right/consumer-data-right-guidance-for-business/privacy-obligations/cdr-outsourcing-arrangement-privacy-obligations-for-an-outsourced-service-provider) pursuant to a written agreement.

* **CDR representative model.** This model is applicable to organisations who do not have their own accreditation but wish to access CDR data to provide their product and/or services. Under this model, Mastercard will collect CDR Data on your behalf using our accreditation. Your organisation will be appointed as a CDR Representative of Mastercard, pursuant to a written agreement.

* **Business Consumer Disclosure Consent (BCDC) model.** This model is applicable to organisations who wish to access data shared by business customers. Under this model, Mastercard will collect CDR Data using our accreditation and obtain a business consumer disclosure consent from end users to disclose it to you.

Note: By default, all credentials under Sandbox are associated with CDR representative model. To update your `partnerID` to OSP or the BCDC model, please [contact support](https://developer.mastercard.com/open-finance-au/documentation/support/index.md#get-help). This is not required to use the sandbox but it will affect the appearance of the Connect flows. Note: If your organisation obtains its own [accreditation](https://www.cdr.gov.au/for-providers/become-accredited-data-recipient) whilst acting as a CDR Representative of Mastercard under the CDR Representative model, you will need to transition to the OSP model (and all current Consents will cease and Customers will be required to re-establish Consent).

## Responsibilities {#responsibilities}

It is important to understand the various obligations that apply to the collection and use of CDR data that apply to participants under each access model. For more information, see [Privacy obligations](https://www.oaic.gov.au/consumer-data-right/consumer-data-right-guidance-for-business/privacy-obligations).

Mastercard will provide you with support to help ensure compliance with these requirements. For example, Mastercard can facilitate [notifications](https://developer.mastercard.com/open-finance-au/documentation/consent/consent-notifications/index.md) to alert you when a Customer's Consent expires or is revoked, which may trigger an obligation to delete the Customer's CDR Data.

## Next Steps {#next-steps}

To register your application with Mastercard, you will need to use the Mastercard Open Finance APIs. Learn more about how you can [authenticate](https://developer.mastercard.com/open-finance-au/documentation/access-and-config/applications/index.md) to start using the API.