Compliance & Governance
Last updated: 4 June 2026
Who We Are
EmergencyAPI is operated by SEY Solutions (ABN 13 531 353 123), a registered Australian business.
We aggregate real-time emergency incident and warning data from official Australian government feeds across all 8 states, plus a few clearly-flagged community-decoded sources and national data (Geoscience Australia, satellite hotspot data), into a single standardised API.
We Operate as a Warnings Republisher
Under the Australian Institute for Disaster Resilience (AIDR) framework, EmergencyAPI is classified as a "Privately owned warning publisher or disseminator". The same category includes global digital platforms (Google, Facebook), insurers providing customer alerts, and private weather services.
This designation was confirmed in a formal reply from the Bureau of Meteorology (CAP-AU Custodian), on 16 April 2026. AIDR publishes a guidance document for operators in our category, the Warnings Republishers Companion (AIDR 2021, CC BY 4.0), which lists twelve operational obligations.
This page documents our posture against each of those obligations, plus adjacent concerns (CAP-AU standards alignment, agency engagement, data licensing, security, privacy) that matter to customers evaluating us.
The 12 AIDR Obligations: Our Status
Our self-audit against the twelve obligations in the AIDR Warnings Republishers Companion, reviewed as of 29 April 2026:
| # | Obligation | Status |
|---|---|---|
| 1 | Establish prior relationship with statutory provider (MoU or informal) | Partial |
| 2 | Platform robust under high demand | Satisfied |
| 3 | Warnings are current and republished in a timely manner | Satisfied |
| 4 | Preserve intent of warning (wording and spatial representation) | Partial |
| 5 | Include original source, date, and time of publication | Satisfied |
| 6 | Republish revisions, updates, and de-escalations | Satisfied |
| 7 | Indicate unofficial sources clearly | Satisfied |
| 8 | Verify unofficial information against official sources | Satisfied |
| 9 | Remove, retract, or correct inaccurate content promptly | Satisfied |
| 10 | CAP-AU-STD compliance consideration | Satisfied |
| 11 | Comply with relevant legislation, regulations, privacy and data laws | Satisfied |
| 12 | Understand legal responsibilities and liability as a republisher | Satisfied |
Summary: 10 fully satisfied, 2 partial. Retraction schema, upstream cancellation detection, and unofficial-source verification policy shipped in v1.9.0. Remaining partial items: prior relationships (ongoing outreach) and warning intent preservation (certainty-field audit).
CAP-AU and OASIS Standards
EmergencyAPI is designed to conform to OASIS Common Alerting Protocol (CAP) v1.2, the international XML standard for public warning messages, and its Australian profile (CAP-AU-STD, maintained by the Bureau of Meteorology).
- Response schema maps cleanly to CAP-AU concepts (severity, urgency, certainty, eventType, geometry).
- CAP-AU-formatted responses are available via
?format=cap-auon the incidents endpoint. - Native CAP-AU ingestion from WA DFES and ACT ESA without lossy transformation.
- Schema designed to the underlying OASIS v1.2 baseline per Bureau of Meteorology guidance. OASIS is the permanent international standard underneath the Australian profile.
- We monitor the 12-month CAP-AU review cycle announced by BOM in April 2026.
Agency Engagement
We maintain a transparent paper trail of our engagement with every agency whose data we consume. Customers can verify our standing directly with the relevant agency using the contacts below.
| Agency / Body | Jurisdiction | Status | Basis |
|---|---|---|---|
| WA DFES | Western Australia | Open licence | Data published under CC BY-ND 4.0 by the Government of Western Australia (DFES), which confirmed commercial use is permitted with conditions: ingest only from a designated feed (SLIP, RSS, or CAP-AU) and do not alter the content. Our CAP-AU warnings feed is on a designated source. The incidents feed is currently on the non-designated public API while a SLIP token issue is resolved; restoring the designated SLIP source is an open item. See emergency.wa.gov.au/about for licence details. |
| BOM CAP-AU Custodian | Commonwealth | Engaged | Formal correspondence with Bureau of Meteorology. Governance-level engagement on CAP-AU alignment and republisher status, ongoing since April 2026. |
| NT PFES | Northern Territory | Progressing | NT Open Data team responded April 2026 confirming they are making internal enquiries with the PFES business area. We replied confirming we will proceed with PFES feed integration. Awaiting formal clearance. |
| QLD QFD | Queensland | Open licence | Queensland Fire Department data published under Creative Commons Attribution 4.0 (CC BY 4.0). Commercial use explicitly permitted. Attribution satisfied via our /api/v1/attribution endpoint. |
| ACT ESA | Australian Capital Territory | Open licence | ACT Emergency Services Agency data published under CC BY 4.0. Commercial use explicitly permitted. |
| Geoscience Australia | Commonwealth | Open licence | GA earthquake data published under CC BY 4.0. National seismology data explicitly open for commercial use. |
| NSW RFS | New South Wales | Pending reply | Written request for commercial redistribution permission sent to NSW Rural Fire Service media mailbox on 13 April 2026. Awaiting reply. AIDR Warnings Republishers framework referenced in the request. |
| VIC EMV | Victoria | Pending reply | Developer-access application sent to Emergency Management Victoria on 13 April 2026. Awaiting reply. The OSOM and EMSINA feeds carry no published licence, so we treat them as not cleared for commercial use pending confirmation from EMV. The separate VIC CFA fire-danger feed is CC BY 4.0. |
| SA SAFECOM | South Australia | Pending reply | Commercial licence request sent to SAFECOM on 13 April 2026 covering CFS, MFS, and SES agency feeds. Awaiting reply. |
| TAS TasALERT | Tasmania | Progressing | Data published under CC BY-SA 3.0 AU. Licensing clarification sent April 2026; TasALERT replied April 2026 that they are seeking advice from TFS. Whether ShareAlike attaches to our derived output is an open legal question still under review; we do not treat the 'Collection, not Adaptation' position as settled. |
| AIDR (AFAC) | National | Pending reply | Outreach sent 21 April 2026 declaring EmergencyAPI as a warnings republisher, requesting AWS hazard-icon usage guidance, and requesting Community of Practice inclusion. Awaiting response. Note: AIDR Knowledge Hub database content is Crown copyright (custom licence), not CC BY. AIDR publications are CC BY 4.0. |
| DEA Hotspots (GA) | Commonwealth | Open licence | Digital Earth Australia Hotspots satellite fire detection data published by Geoscience Australia under CC BY 4.0. Commercial use explicitly permitted. Safety caveat: DEA Hotspots is not to be used for safety of life decisions (per GA documentation). |
| NEMA | Commonwealth | Progressing | Email sent 14 April 2026 referencing Royal Commission Recommendations 13.1 and 13.2 (unified national alerting). NEMA acknowledged 24 April, forwarded to relevant internal team during high-tempo operational period. |
- Approved. Written or verbal approval received.
- Engaged. Formal governance-level engagement.
- Progressing. Internal agency enquiries underway.
- Open licence. Data published under a licence that explicitly permits our use.
- Pending reply. Written request sent, awaiting reply.
Data Sources and Licensing
Full per-source attribution, including the licence under which each feed is provided and whether the source is an official statutory agency or a community-decoded feed, is available at our attribution endpoint:
emergencyapi.com/api/v1/attribution
Every source carries an official: boolean flag. Statutory government feeds return true. A small number of community-decoded sources (SA pager dispatches via urgmsg.net, which decode public GRN radio transmissions under the Australian Radiocommunications Act) return false. Customers who need statutory-only data can filter on that flag.
Security Posture
- External security audit: A grade (90/100). SSL/TLS 100, Security Headers 85, Supply Chain 95, Best Practices 100.
- Authentication: API keys (SHA-256 hashed at rest). IP-based rate limiting on auth routes.
- Transport: HTTPS enforced via Vercel. HSTS, CSP, and X-Frame-Options headers applied.
- Infrastructure: Self-healing container pipeline on dedicated hardware. Supabase Pro database with daily automated backups and 7-day retention.
Privacy
We comply with the Australian Privacy Act 1988. Our full Privacy Policy is at /privacy, including how we collect, store, and protect account information and API usage data.
Legal Posture and Liability
Our Terms of Service at /terms include warnings-republisher-specific clauses aligned with the AIDR framework, including:
- Explicit disclaimer that EmergencyAPI is not a substitute for official emergency warnings.
- Commitment to best-effort propagation of upstream revisions, updates, and de-escalations (ToS §5).
- Explicit disclosure that community-decoded pager feeds are not statutory sources (ToS §13).
- Limitation of liability under Australian law (ToS §6).
Review and Update Cadence
This page is reviewed quarterly. The next scheduled review is 19 July 2026. Re-audit is also triggered by:
- Any new AIDR Companion version.
- CAP-AU standard revision (the current 12-month review cycle is in progress).
- Material changes to our feed sources or ingest posture.
- Any regulatory inquiry or incident.
Contact for Compliance Inquiries
For procurement, compliance verification, or partnership conversations:
