Compliance & Governance

Compliance & Governance

Last updated: 4 June 2026



Who We Are

EmergencyAPI is operated by SEY Solutions (ABN 13 531 353 123), a registered Australian business.

We aggregate real-time emergency incident and warning data from official Australian government feeds across all 8 states, plus a few clearly-flagged community-decoded sources and national data (Geoscience Australia, satellite hotspot data), into a single standardised API.



We Operate as a Warnings Republisher

Under the Australian Institute for Disaster Resilience (AIDR) framework, EmergencyAPI is classified as a "Privately owned warning publisher or disseminator". The same category includes global digital platforms (Google, Facebook), insurers providing customer alerts, and private weather services.

This designation was confirmed in a formal reply from the Bureau of Meteorology (CAP-AU Custodian), on 16 April 2026. AIDR publishes a guidance document for operators in our category, the Warnings Republishers Companion (AIDR 2021, CC BY 4.0), which lists twelve operational obligations.

This page documents our posture against each of those obligations, plus adjacent concerns (CAP-AU standards alignment, agency engagement, data licensing, security, privacy) that matter to customers evaluating us.



The 12 AIDR Obligations: Our Status

Our self-audit against the twelve obligations in the AIDR Warnings Republishers Companion, reviewed as of 29 April 2026:

#ObligationStatus
1Establish prior relationship with statutory provider (MoU or informal)Partial
2Platform robust under high demandSatisfied
3Warnings are current and republished in a timely mannerSatisfied
4Preserve intent of warning (wording and spatial representation)Partial
5Include original source, date, and time of publicationSatisfied
6Republish revisions, updates, and de-escalationsSatisfied
7Indicate unofficial sources clearlySatisfied
8Verify unofficial information against official sourcesSatisfied
9Remove, retract, or correct inaccurate content promptlySatisfied
10CAP-AU-STD compliance considerationSatisfied
11Comply with relevant legislation, regulations, privacy and data lawsSatisfied
12Understand legal responsibilities and liability as a republisherSatisfied

Summary: 10 fully satisfied, 2 partial. Retraction schema, upstream cancellation detection, and unofficial-source verification policy shipped in v1.9.0. Remaining partial items: prior relationships (ongoing outreach) and warning intent preservation (certainty-field audit).



CAP-AU and OASIS Standards

EmergencyAPI produces CAP output that validates against OASIS Common Alerting Protocol (CAP) v1.2, the international XML standard for public warning messages, and its Australian profile (CAP-AU-STD v3.0, maintained by the Bureau of Meteorology).

  • Response schema maps cleanly to CAP-AU concepts (severity, urgency, certainty, eventType, geometry).
  • A standards-validated CAP Atom feed is available via ?format=cap-atom, plus per-incident CAP documents via /incidents/[id]?format=cap-au. Both validate against the OASIS CAP 1.2 schema and the CAP-AU Profile v3.0 (confirmed with the Google CAP Validator). The older ?format=cap-au list output is a non-standard wrapper, kept for backward compatibility but deprecated.
  • Native CAP-AU ingestion from WA DFES and ACT ESA without lossy transformation.
  • Schema designed to the underlying OASIS v1.2 baseline per Bureau of Meteorology guidance. OASIS is the permanent international standard underneath the Australian profile.
  • We monitor the 12-month CAP-AU review cycle announced by BOM in April 2026.


Agency Engagement

We maintain a transparent paper trail of our engagement with every agency whose data we consume. Customers can verify our standing directly with the relevant agency using the contacts below.

Agency / BodyJurisdictionStatusBasis
WA DFESWestern AustraliaOpen licenceData published under CC BY-ND 4.0 by the Government of Western Australia (DFES), which confirmed commercial use is permitted with conditions: ingest only from a designated feed (SLIP, RSS, or CAP-AU) and do not alter the content. Our CAP-AU warnings feed is on a designated source. The incidents feed is currently on the non-designated public API while a SLIP token issue is resolved; restoring the designated SLIP source is an open item. See emergency.wa.gov.au/about for licence details.
BOM CAP-AU CustodianCommonwealthEngagedFormal correspondence with Bureau of Meteorology. Governance-level engagement on CAP-AU alignment and republisher status, ongoing since April 2026.
NT PFESNorthern TerritoryProgressingNT Open Data team responded April 2026 confirming they are making internal enquiries with the PFES business area. We replied confirming we will proceed with PFES feed integration. Awaiting formal clearance.
QLD QFDQueenslandOpen licenceQueensland Fire Department data published under Creative Commons Attribution 4.0 (CC BY 4.0). Commercial use explicitly permitted. Attribution satisfied via our /api/v1/attribution endpoint.
ACT ESAAustralian Capital TerritoryOpen licenceACT Emergency Services Agency data published under CC BY 4.0. Commercial use explicitly permitted.
Geoscience AustraliaCommonwealthOpen licenceGA earthquake data published under CC BY 4.0. National seismology data explicitly open for commercial use.
NSW RFSNew South WalesPending replyWritten request for commercial redistribution permission sent to NSW Rural Fire Service media mailbox on 13 April 2026. Awaiting reply. AIDR Warnings Republishers framework referenced in the request.
VIC EMVVictoriaPending replyDeveloper-access application sent to Emergency Management Victoria on 13 April 2026. Awaiting reply. The OSOM and EMSINA feeds carry no published licence, so we treat them as not cleared for commercial use pending confirmation from EMV. The separate VIC CFA fire-danger feed is CC BY 4.0.
SA SAFECOMSouth AustraliaPending replyCommercial licence request sent to SAFECOM on 13 April 2026 covering CFS, MFS, and SES agency feeds. Awaiting reply.
TAS TFS / TasALERTTasmaniaOpen licenceTasmania Fire Service publishes its data feeds under CC BY 4.0 and expressly permits third-party republication (TFS feeds terms, fire.tas.gov.au). We attribute TFS, show each record's update time, and carry the TFS disclaimer that data is extracted from its incident-management system and may not be real-time. This supersedes our earlier CC BY-SA 3.0 AU reading; ShareAlike does not apply.
AIDR (AFAC)NationalPending replyOutreach sent 21 April 2026 declaring EmergencyAPI as a warnings republisher, requesting AWS hazard-icon usage guidance, and requesting Community of Practice inclusion. Awaiting response. Note: AIDR Knowledge Hub database content is Crown copyright (custom licence), not CC BY. AIDR publications are CC BY 4.0.
DEA Hotspots (GA)CommonwealthOpen licenceDigital Earth Australia Hotspots satellite fire detection data published by Geoscience Australia under CC BY 4.0. Commercial use explicitly permitted. Safety caveat: DEA Hotspots is not to be used for safety of life decisions (per GA documentation).
NEMACommonwealthProgressingEmail sent 14 April 2026 referencing Royal Commission Recommendations 13.1 and 13.2 (unified national alerting). NEMA acknowledged 24 April, forwarded to relevant internal team during high-tempo operational period.
State water agencies (gauges)NSW, VIC, QLD, SAOpen licenceRiver gauge observations from WaterNSW, the Victorian Water Measurement Information System, the Queensland water monitoring portal, and Water Data SA, all published under CC BY 4.0 (Queensland returns the licence in-band with every API response). Attribution displayed at the attribution endpoint.
Brisbane City Council (operator telemetry)QLDOpen licenceRainfall and stream height telemetry from Brisbane City Council's own flood sensors (data.brisbane.qld.gov.au), published under CC BY 4.0. 46 stream gauges including the Brisbane River Port Office gauge. The flood-warning gauges are operated by councils and water corporations rather than the state water portals, so this is the operator channel. Attribution displayed at the attribution endpoint.
Water Data Tasmania / NT Water Data PortalTAS, NTPending replyGauge observations consumed under CC BY per state open-data policy; portal-specific terms pending direct verification. Attribution displayed in the interim.
BoM Water Data Online + flood classificationsNationalOpen licenceWater Data Online is CC BY 3.0 AU. Flood classification levels are reproduced from published BoM reference tables and Service Level Specification documents with attribution (Commonwealth copyright); these are public web artefacts, not the non-commercial FTP warning products, which we do not consume.
Status legend
  • Approved. Written or verbal approval received.
  • Engaged. Formal governance-level engagement.
  • Progressing. Internal agency enquiries underway.
  • Open licence. Data published under a licence that explicitly permits our use.
  • Pending reply. Written request sent, awaiting reply.


Data Sources and Licensing

Full per-source attribution, including the licence under which each feed is provided and whether the source is an official statutory agency or a community-decoded feed, is available at our attribution endpoint:

emergencyapi.com/api/v1/attribution

Every source carries an official: boolean flag. Statutory government feeds return true. A small number of community-decoded sources (SA pager dispatches via urgmsg.net, which decode public GRN radio transmissions under the Australian Radiocommunications Act) return false. Customers who need statutory-only data can filter on that flag.



Security Posture

  • External security audit: A grade (90/100). SSL/TLS 100, Security Headers 85, Supply Chain 95, Best Practices 100.
  • Authentication: API keys (SHA-256 hashed at rest). IP-based rate limiting on auth routes.
  • Transport: HTTPS enforced via Vercel. HSTS, CSP, and X-Frame-Options headers applied.
  • Infrastructure: Self-healing container pipeline on dedicated hardware. Supabase Pro database with daily automated backups and 7-day retention.


Privacy

We comply with the Australian Privacy Act 1988. Our full Privacy Policy is at /privacy, including how we collect, store, and protect account information and API usage data.



Legal Posture and Liability

Our Terms of Service at /terms include warnings-republisher-specific clauses aligned with the AIDR framework, including:

  • Explicit disclaimer that EmergencyAPI is not a substitute for official emergency warnings.
  • Commitment to best-effort propagation of upstream revisions, updates, and de-escalations (ToS §5).
  • Explicit disclosure that community-decoded pager feeds are not statutory sources (ToS §13).
  • Limitation of liability under Australian law (ToS §6).


Review and Update Cadence

This page is reviewed quarterly. The next scheduled review is 19 July 2026. Re-audit is also triggered by:

  • Any new AIDR Companion version.
  • CAP-AU standard revision (the current 12-month review cycle is in progress).
  • Material changes to our feed sources or ingest posture.
  • Any regulatory inquiry or incident.


Contact for Compliance Inquiries

For procurement, compliance verification, or partnership conversations:

SEY Solutions

ABN: 13 531 353 123

Email: jack@seysolutions.com.au

Web: emergencyapi.com

Supply Nation Registered