When the consumer withdraws consent through the DH (Data Holder) dashboard side, the DH is expected to make a reasonable effort to notify the ADR (Accredited Data Recipient) by calling the appropriate ADR revocation endpoint. However the final responsibility for ensuring consents are current rests with the ADR.

If there is an outage on the ADR side, Data Holders can retry calling using specified back-off patterns. The DH should attempt to communicate the consent withdrawal via the CDR Arrangement Revocation endpoint. Retrying a few seconds upon first failure would be considered a reasonable effort.

The DSB leaves it to the discretion of DHs to determine reasonable effort based on their considerations and compliance obligations. As the DH does not have visibility of ADR maintenance windows and outages, the responsibility for determining  whether consent is current does not rest entirely with the DH. 

The responsibility for availability and timeliness of the ADR solution is the responsibility of the ADR. 

On restoration of service after an outage, the ADR should validate all active consents to determine whether they have expired, and if still current, whether they have been withdrawn by calling the DH token or token introspection endpoint. If consent is no longer valid, the request to the DH returns an error response communicating to the ADR’s software product that the refresh token is no longer valid. The ADR updates the consent status and ADR consumer dashboard accordingly.

See:

• CDR Register back-off patterns
• CDS Security Endpoints - Token revocation end point