Verification status
The assessment is structured in layered attestation. The counts below show what is in the document; the CLAIM verdicts below show the engine result for the verified layer.
CLAIMs are facts tested by the AustraliaOS verification engine against primary sources. ANALYSIS blocks are labelled AUTHOR REASONED: each is the director's reasoning over CLAIMs and names the step at which a reasonable reader could disagree. This assessment carries no RECOMMENDATION blocks: it ends at its Bounds section and proposes no actions.
CLAIM verdicts
SUPPORTED indicates the CLAIM is confirmed by at least one primary source. PARTIALLY SUPPORTED would indicate the source pool confirms the substance of the CLAIM but a specific element in the evidence assembly diverges or could not be fully verified against the available source text. NOT SUPPORTED would indicate the source contradicts the CLAIM. UNVERIFIED would indicate the source was inaccessible to verification at the time of publication. The 14 SUPPORTED, 0 PARTIALLY SUPPORTED, 0 NOT SUPPORTED, 0 UNVERIFIED census confirms every CLAIM in the assessment against a primary source the reader can open.
Primary sources
Verification draws on three categories of primary source. Each category is named below with the instruments, registers and filings it attests. Every source is publicly accessible and was viewed on 6 July 2026.
- Department of Home Affairs, Foreign Ownership, Control or Influence Risk Assessment Guidance (Sections 1 and 2)
- Department of Home Affairs, PSPF Direction 001-2024: Managing Foreign Ownership, Control or Influence Risks in Technology Assets
- Department of Home Affairs, Hosting Certification Framework (Framework)
- Department of Home Affairs, Hosting Certification Framework Certified Service Providers register
- Australian Signals Directorate, Australian Cyber Security Centre, CI Fortify
- Amazon.com, Inc. Form 10-K for the fiscal year ended 31 December 2021, Exhibit 21.1 (List of Significant Subsidiaries), US Securities and Exchange Commission
- Amazon Web Services, AWS Australia FAQs (legal record for Amazon Web Services Australia Pty Ltd)
- Amazon Web Services, Hosting Certification Framework (AWS Security Blog)
- Australian Business Register, Amazon Web Services Australia Pty Ltd, ABN 63 605 345 891, ACN 605 345 891
- Google Cloud, HCF Australia Compliance
- Clarifying Lawful Overseas Use of Data Act 2018 (US), Pub. L. No. 115-141, div. V, codified in part at 18 USC 2713
How to trust this record
The integrity of this verification record rests on public-source reviewability. Every factual claim in the assessment is tied to a named primary source, listed above, that is publicly accessible. Any reader, official, or independent reviewer can fetch the same source, locate the same passage, and confirm or contest the verdict for themselves. The verification does not ask the reader to trust an internal record; it asks the reader to check the public source directly.
AustraliaOS operates under a publicly disclosed interim audit-chain state pending migration to Australian-hosted infrastructure. The audit log entries written by the verification engine for this assessment are unsigned, via the JSONL fallback path, and are not yet cryptographically chained under a HMAC key. This is the same interim state disclosed for production on the AustraliaOS landing page. It is named explicitly here rather than left implicit, in keeping with the doctrine of disclosed accuracy the assessment itself argues for. The integrity guarantee on which this record stands is reviewability of public sources by the reader, not the internal audit chain; the chain is documentary, the public sources are evidentiary.
What this page is not
This verification record confirms that the factual claims in the assessment match what the named primary sources state at the time of publication. The assessment examines the design of two Commonwealth instruments and one program; it does not assess the conduct of any provider or any government entity, and it alleges no wrongdoing by either. It makes no allegation against Amazon Web Services, Google, or any provider named: that a provider holds Strategic certification, and that a United States company is reachable under United States law, are ordinary and lawful facts.
It makes no claim that any particular Australian Government dataset or system is held with any particular provider, at any tier, or in any location. It does not allege that the CLOUD Act has been invoked, or that any Australian Government data has been compelled, disclosed, or accessed. The subject is legal reachability, a standing property of jurisdiction, not any event. The assessment itself, not this verification page, is the decision-support artefact.
For accountability, signing, and correction process, see the Accountability Statement.
Assessment PDF
The full assessment, authored and signed by the director, is available below. The verification status set out on this page is reflected in the document footer.