Risk & liability allocation
Who is liable when data flowing through PDTF turns out to be wrong, late, or missing. The constitutional and licence position is set; the operational liability model for Verified Claims is being tested in the Sandbox and will need to be formalised before national rollout.
The "Current OPDA liability position" section below cites existing source material. The open questions further down remain unresolved and are the substantive items needing work.
Current OPDA liability position
Across the constitutional documents, the trust-framework codebase, and the published member rules, OPDA already has a defined liability posture. It is narrow — it covers the Association and its directors as a corporate body, and the software it publishes — but it does not (yet) extend to the substantive question of who carries the risk when a Verified Claim turns out to be wrong. The four anchors are:
1. Member liability is capped at £1 (Articles of Association)
OPDA is a private company limited by guarantee. Per Article 2 of the Articles of Association 2026:
"The liability of each member is limited to £1, being the amount that each member undertakes to contribute to the assets of the association in the event of its being wound up while they are a member or within one year after they cease to be a member."
This is a standard winding-up guarantee, not a substantive liability cap on member conduct. It limits members' exposure to the Association's debts on dissolution — it does not shield members from liability for their own data, products, or services delivered to consumers. Member firms remain bound by their own regulatory regimes (FCA, RICS, SRA/CLC, ICO) and PII policies.
2. Director indemnity and D&O insurance are permitted (Articles 39-40)
Article 39 authorises the Association to indemnify a relevant director out of its assets against any liability incurred in connection with negligence, default, breach of duty or breach of trust, or any other liability incurred in the capacity of an officer — except where prohibited by the Companies Acts. Article 40 separately authorises the directors to purchase and maintain D&O insurance at the Association's expense.
Source: Articles of Association 2026.pdf (Articles 39-40).
3. The trust framework ships under MIT — "AS IS, NO WARRANTY"
The Property Data Trust Framework is published under the MIT Licence. The licence includes the standard MIT disclaimer:
"THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED… IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE…"
Source: source/03-standards/trust-framework/LICENSE. So at the artefact level — schemas, validators, the registry code — OPDA disclaims warranty and liability in the conventional open-source way. This is appropriate for a standards body publishing reference implementations, but it leaves the operational question (who is liable when a real Verified Claim is wrong in production) explicitly unanswered by the licence.
4. Members carry the risk-management duty (Code of Conduct, Principle 4)
The Code of Conduct 2026 commits all members to Principle 4 — Privacy and Security by design:
"our members follow 'privacy and security by design' principles and take all reasonable steps to comply with the appropriate standards for their industry e.g., ISO27001."
This pushes the risk-management duty out to member firms (each in their own regulated context) rather than centralising it on OPDA. It is consistent with the MIT disclaimer and Article 2 cap: OPDA defines the standard, members operate the risk.
5. Public privacy / GDPR pages do not yet state liability terms
OPDA publishes two public privacy artefacts: data-and-gdpr-policy.html and privacy-policy.html. These describe controller/processor responsibilities and the legitimate-interest basis for OPDA's own processing, but neither contains an explicit liability or warranty clause for data flowing through PDTF on behalf of member firms. Closing this gap (or pointing explicitly to the MIT disclaimer and member-level regulatory accountability) is one of the items the open-questions section below addresses.
Sandbox — current proving ground
Beyond the constitutional position above, the Sandbox is the live testbed for the operational liability model. From OPDA's own description:
"Regulatory gaps are identified, consumer consent and liability models are tested, and the security and governance standards required for a national rollout are developed in the open."
Source: source/07-website/rendered/smart-property-data-trust-framework.html
What the existing position covers — and what it doesn't
Taken together, the five anchors above answer the corporate liability question (OPDA the entity, its directors, and its published code) but leave the data-flow liability question almost entirely open. The Articles cap member liability for winding-up and authorise director indemnity; the MIT licence disclaims warranty on the framework itself; the Code of Conduct delegates operational risk management to members. None of these instruments tells a consumer — or a relying party such as a lender or conveyancer — who carries the loss when a real Verified Claim flowing through PDTF turns out to be wrong, stale, or missing. That is the gap the questions below try to close.
Open liability questions
- Who is liable if a Verified Claim is wrong — the issuer, the relying party, or OPDA as the standards body?
- What about stale data (correct when issued, wrong now)?
- What's the liability for orchestrators (Coadjute, PEXA) who pass claims between participants?
- How does this interact with the professional indemnity insurance regimes of conveyancers, surveyors, valuers?
- What's the consumer redress route when a transaction fails because of PDTF data?
- Should the public GDPR / privacy pages be updated to state explicit warranty/liability terms, or to point at the framework MIT disclaimer plus the member's own regulated regime?
Precedents to borrow from
- Open Banking — clear separation of authorised TPPs, ASPSPs, and FCA-regulated liability
- HMLR title guarantee — the state-backed indemnity model for registered titles
- Law Society practice notes — already define conveyancer due-diligence standards
Who needs to be in the room
OPDA can't decide this alone. Likely participants: FCA, ICO, SRA, CLC, RICS, UK Finance, BSA, MHCLG, plus the PII insurers of the regulated professions.
Comments