A practical analysis of an enforcement shift many RTOs have not yet registered: the regulator is moving beyond asking whether training resources exist to verifying whether they are lawfully licensed, contacting developers directly to confirm purchase dates, licence validity and End User Licence Agreement terms on a product-by-product basis. The consequences reach registration level, the enforcement posture is not warning-first for serious breaches, and what it means for RTOs, resource developers and the integrity of the sector.
The Verification Is Already Underway
Something is happening in the background of regulatory activity that many registered training organisations are not yet aware of, and when they find out, some of them will not be ready for it. The Australian Skills Quality Authority has moved beyond asking RTOs whether they hold resources. The regulator is now testing whether those resources are lawfully licensed: examining the terms of End User Licence Agreements, and, in the course of audits and compliance reviews, seeking to confirm purchase dates, licence validity periods, and whether a specific RTO is actually covered by the agreement it has presented.
CAQA has been part of this process. CAQA and its approved third-party resource providers, Total VET Resources and Compliant Learning Resources, have received direct contact in the context of audits and compliance reviews, with specific inquiries about individual RTOs: when a purchase was made, whether a current licence is in force, what the EULA permits and restricts, and how the agreement on record compares to what an RTO has produced. This is not a direction the regulator is contemplating. On the evidence of that contact, it is already operating. It is also consistent with the regulator's broader posture: ASQA's Integrity Unit has well over two hundred serious matters under investigation, the Commonwealth has funded successive surges in enforcement activity, and the regulator has been unambiguous that there is no place for providers who undermine the sector. Tightening scrutiny of whether RTOs are lawfully entitled to use the materials they train and assess with sits squarely inside that program, and it is long overdue.
1. Why Resources Became Audit-Critical: Possession Is Not Entitlement
The Standards for RTOs 2025 are clear on the substance. Outcome Standard 1.8 requires that the facilities, resources and equipment used for each training product are fit for purpose, safe, accessible and sufficient. The obligation is not satisfied by physical possession of a set of materials. It extends to the legal right to use them.
For years, the sector treated resource compliance primarily as a quality question: are the materials fit for purpose, are they current, do they align with the training package? Those remain valid questions, and Outcome Standard 1.8 still asks them. What has changed is the addition of a layer that many RTOs are under-equipped to address. Can you prove you are lawfully authorised to use what you are using?
This reframes licences and EULAs as compliance documents, not merely commercial paperwork. The questions an auditor can ask follow directly: when was the licence purchased, how long does it run, what does it permit, and does it actually cover the scope of use the RTO is relying on it for? When an RTO cannot produce that evidence, or when the documentation it produces does not match what the original supplier holds on record, the gap becomes an audit finding rather than a filing inconvenience.
2. What the Verification Looks Like in Practice
The inquiries CAQA and its approved providers have received have been specific rather than general. When did this RTO purchase a licence? Is that licence still current? What does the EULA allow? Does the agreement on file with the RTO match the supplier's records?
Some of those inquiries have confirmed legitimate, current arrangements. Others have surfaced gaps: licences that had lapsed, licences that were never held in the RTO's name, and situations where a third party sold RTO resources without holding any valid agreement to do so in the first place. The pattern is consistent with what the regulator has signalled at the sector level. The problem is not confined to a handful of providers. Consultants and resellers have, in some cases, operated for years on the assumption that this area would not be examined closely. That assumption no longer holds.
|
What the Regulator Is Confirming With Suppliers |
|
Purchase date. Licence currency. EULA scope. Whether the agreement an RTO presents matches the supplier's own records, product by product. A reputable developer can confirm or deny a valid arrangement within a short timeframe and produce the documentation. An RTO relying on resources for which no transaction exists cannot obtain that confirmation, because the transaction is not there to be found. If your records do not match what your supplier holds, do not wait for the regulator to make the comparison for you. |
3. The Consequences Reach Registration Level
This is not a category of issue that resolves itself with a corrective action plan and a follow-up audit. Using resources without a valid licence is a breach of the Standards for RTOs 2025, and depending on the circumstances, it can support conditions on registration, suspension, or cancellation. These are not theoretical instruments. They are the tools the regulator uses when it determines that an RTO's operations do not meet the requirements for registration.
What makes this more serious than many providers appreciate is the enforcement posture. The public record of recent regulatory action shows that ASQA is not operating a uniform warning-first model where breaches are serious or systemic. The regulator has cancelled registrations outright following compliance investigations and has moved to cancel the qualifications issued during the affected periods, without first offering an extended opportunity to rectify. Where a resource-licensing failure is deliberate or systemic, or where the gap between what was claimed and what existed on record is significant, it is reasonable to expect it to be treated with the same seriousness as any other material breach, rather than as a paperwork formality to be tidied up after the fact.
There is also exposure under Australian copyright law that runs independently of the regulatory process. Copyright in training and assessment resources belongs to their developers. A licence to use a resource does not transfer that copyright, and it does not permit resale, reproduction or distribution unless those rights are explicitly granted in the agreement. An RTO that has been sold resources by someone who held no right to sell them is in a legally complicated position, regardless of whether it acted in good faith. None of this is legal advice, and providers with specific concerns should seek their own, but the general principle is settled enough to plan around: a EULA grants permission to use, not ownership, and permission cannot be passed along a chain by someone who never held it.
The student-harm dimension compounds the exposure. Where RTOs rely on resources that are outdated, improperly modified, or sourced from unauthorised copies that have drifted from the originals, students may be assessed against tools that no longer meet training package requirements. Qualifications built on that foundation are vulnerable. That is a harm flowing directly from a compliance failure at the resource level, and it is precisely the kind of harm the regulator's integrity program exists to prevent.
4. The Detail That Catches Providers Off Guard: An Active EULA Does Not Cover Everything
This point has caught a number of RTOs and consultants by surprise, and it is worth stating plainly. Holding an active EULA with a resource provider does not automatically license every product that appears on a scope of registration. A licence is specific. It covers the training products that were purchased at the time they were purchased, under the terms agreed at that point.
What CAQA has been asked to verify on a product-by-product basis is whether RTOs, or consultants acting on their behalf, have added qualifications and units of competency to their operations that were never part of the original licensing arrangement. The active EULA creates the appearance of compliance. But when the agreement is read against the products actually being delivered, the additional training products can sit outside it. No purchase was made for them. No payment sits on record. They were added to the scope without any corresponding licence.
The verification is now occurring at that level of granularity. For each qualification and unit an RTO delivers, the question is not only whether a licence exists, but whether that specific product was purchased, when payment was made, and whether the licence terms in force at that time covered that product. A broad agreement that was legitimate when it was signed in 2021 does not automatically extend to a cluster of units added to the scope in 2024.
|
The EULA Scope Trap |
|
An active EULA covers what was purchased, when it was purchased, and on the terms then agreed. If training products have been added to a scope of registration without a corresponding licence purchase and a payment on record, those products sit outside the agreement, no matter how much else the agreement legitimately covers. The appearance of a current EULA is not the same as the coverage of every product behind it. |
5. What This Means for RTOs
The practical response is to audit your own resource arrangements with the same specificity the regulator is now applying, before an audit applies it for you.
First, pull the licence and read it against your scope. For every training product you deliver, confirm that it appears in a paid, documented transaction with your supplier, that the licence is held in your RTO's own name rather than borrowed from a consultant or transferred informally, and that it remains within its validity period. Check what the EULA actually permits in terms of the number of learners, the qualifications and units covered, and the permitted uses of the materials.
Second, treat any gap as a finding waiting to happen, and close it proactively. Where a product has been added to scope without a corresponding licence, that is exactly the discrepancy the regulator's product-by-product verification is designed to surface. Resolving it before an audit is materially less costly than explaining it during one.
Third, verify provenance where you have any doubt about how resources were acquired. If materials were purchased from a consultant or reseller, confirm that the seller held the right to sell them and that the resulting arrangement names your RTO specifically. Good-faith acquisition does not cure a defective chain of title, but identifying the problem early preserves your options.
6. What a Valid Licence Actually Looks Like
A legitimate resource-licensing arrangement has identifiable features. It is a documented agreement between the RTO and either the original developer or an authorised reseller. It specifies the scope of use, the units or qualifications covered, the number of users or learners permitted, and the duration of the licence. It is held in the RTO's own name. And it is matched by records the supplier can confirm.
Where a developer licenses resources to an RTO properly, the paperwork exists, the records are maintained, and the terms are clear, so that when the regulator asks about a specific RTO, the developer can confirm or deny a valid arrangement quickly and produce the documentation, including which specific training products are covered and when each purchase was made. An RTO that has added products to scope without corresponding transactions cannot obtain that confirmation, for the simple reason that the transaction does not exist. The gap between what an RTO believes it holds and what a supplier can verify, product by product and payment by payment, is exactly where audit risk concentrates.
|
If You Are Unsure, Act Before the Audit, Not During It |
|
Review the documentation you hold. Confirm that it names your RTO. Check the expiry date. Check what the EULA permits as to learner numbers, qualifications and uses. Where resources were purchased from CAQA, Total VET Resources or Compliant Learning Resources, the licence status can be verified and audit-suitable documentation provided. Where they were purchased elsewhere, and their legitimacy is uncertain, an honest verification is still better obtained now than discovered later. Engaging with the regulator proactively places a provider in a far stronger position than waiting to be contacted. |
7. Why This Scrutiny Is Welcome
The credibility of the VET sector depends on the integrity of every component of training delivery, and resources are not an administrative burden. They are the materials through which learners engage with the content of their qualifications. When the licensing of those materials is treated as optional, or as something to be navigated around through a cheap resale arrangement, it erodes both the quality and the legal standing of the training built on them.
The regulator's decision to pursue this area seriously, including through direct verification with suppliers and close examination of EULAs and purchase records, reflects an understanding that surface-level compliance is not enough. It checks whether the foundations are sound, not merely whether the visible outputs look acceptable. That kind of engagement is what the sector needs. It applies pressure to those who have been cutting corners, and it protects the RTOs and developers who have been doing the work properly. The verification activity described here is a signal that the scrutiny will continue and is likely to intensify. Providers who have not yet taken resource licensing seriously would do well to act before the regulator's attention reaches them.
|
Summary: The Resource Licensing Risk in Ten Points |
|
1. ASQA's scrutiny has shifted from whether resources exist to whether they are lawfully licensed. 2. Outcome Standard 1.8 requires resources to be fit for purpose, safe, accessible and sufficient, and entitlement to use is part of that obligation. 3. The regulator is verifying licences with developers directly, confirming purchase dates, currency and EULA scope. 4. Verification is occurring product by product, not at the level of a single blanket agreement. 5. An active EULA covers only what was purchased, when it was purchased, on the terms then in force. 6. Products added to scope without a corresponding purchase and payment sit outside the agreement. 7. Unlicensed resource use is a breach of the Standards and can support conditions, suspension or cancellation. 8. The enforcement posture is not uniformly warning-first; serious or systemic breaches have drawn cancellation. 9. Copyright exposure runs independently of the regulator: a licence grants use, not ownership, and cannot be on-sold by someone who never held the right. 10. The defensible response is to audit your own arrangements now, product by product and payment by payment, and close any gap before an audit finds it. |
References and Further Reading
National Vocational Education and Training Regulator (Outcome Standards for NVR Registered Training Organisations) Instrument 2025. Federal Register of Legislation.
Australian Skills Quality Authority. Standards for RTOs 2025: Outcome Standards, Compliance Requirements and Credential Policy. https://www.asqa.gov.au/rtos/2025-standards-rtos
Australian Skills Quality Authority. Qualification Integrity Regulatory Action. https://www.asqa.gov.au/students/qualification-integrity-regulatory-action
Australian Skills Quality Authority. Media release: Critically non-compliant RTO has appeal against ASQA cancellation dismissed (2025). https://www.asqa.gov.au
Department of Employment and Workplace Relations. ASQA regulatory action: cancelled VET qualifications, and 2025 to 2026 and 2026 to 2027 enforcement funding. https://www.dewr.gov.au/skills-and-training/asqa-regulatory-action-cancelled-vet-qualifications
Copyright Act 1968 (Cth). Federal Register of Legislation.
