Skip to main content

On this page

The Digital ID Act 2024 and the Digital ID (Transitional and Consequential Provisions) Act 2024 will commence by 1 December 2024.

Legislation will enable the Commonwealth to partner with states, territories and the private sector to create a better Digital ID experience for all Australians.

Legislation will:

  • strengthen the existing voluntary Digital ID Accreditation Scheme 
  • provide legislative authority for the Australian Government's Digital ID System to expand 
  • strengthen privacy and consumer protections
  • strengthen governance for Digital ID.

From commencement, the Australian Competition and Consumer Commission (ACCC) will be the Digital ID Regulator alongside the Office of the Australian Information Commissioner (OAIC), who will regulate the privacy aspects of Australia's Digital ID System. 

After no more than two years from commencement, accredited private businesses will be able to apply to join the Australian Government Digital ID System.
 

Download this information as a factsheet: Digital ID Act 2024 factsheet [PDF 670 KB]

On this page

Why we need Digital ID legislation

As Australians increasingly transact online, our IDs are vulnerable in new ways. Recent cyber incidents have highlighted the need for a secure, voluntary, convenient and inclusive way to verify our ID online, and to re-use our Digital ID to access other services we have confidence and trust in.

The legislation strengthens a voluntary accreditation scheme for providers of Digital ID services, building on the existing Trusted Digital Identity Framework. Legislation is required to provide strong privacy safeguards for people creating and using Digital IDs from accredited providers. These build upon the protections in the Privacy Act 1988 (Cth) with penalties for accredited providers if they fail to protect privacy and security as their accreditation requires.

Australians who use these accredited service providers to create and re-use a Digital ID can have confidence knowing that their personal information is private, safe and secure. Legislation is required to enable phased expansion of the Australian Government Digital ID System (AGDIS).

Through this system Australians can currently use the Australian Government’s accredited Digital ID provider, myGovID, to access more than 150 Commonwealth, state and territory government services. While many Australians are benefiting from these government services, the phased expansion will enable more Australians to create and use their Digital ID to verify who they are and provide access to additional state and territory and private sector services. Legislation will provide Australians with greater choice in which accredited state and territory Digital ID providers they use to access Commonwealth services, and vice versa.

Over time, Australians can choose to verify their ID with an accredited private sector provider to access some Commonwealth, state, territory or private sector services.

Who this legislation is for

This legislation provides assurance to consumers that their privacy and security is protected when they use the services of an accredited provider.

It is also relevant for businesses and state and territory governments who wish to:

  • be accredited for the digital ID services they provide, or
  • rely on a digital ID to verify the ID of their customers. 

Regulation of Digital ID providers

Legislation will also establish independent regulation of Digital ID. The Australian Competition and Consumer Commissioner (ACCC) will be appointed as the initial Digital ID regulator, given its strong compliance record as Australia’s competition and consumer regulator.

The ACCC will be responsible for:

  • accrediting Digital ID services against the Digital ID Act 2024 and Accreditation Rules
  • approving which services can participate in the AGDIS
  • using its investigative and compliance powers in the legislation to ensure Digital ID providers and services comply with the legislation to keep people’s information safe. 


The Information Commissioner will also regulate privacy-related aspects of the Digital ID Accreditation Scheme to protect individuals who choose to use an accredited Digital ID provider.

By using its investigative and compliance powers in the legislation, the Information Commissioner will ensure Digital ID providers and services comply with the legislation to keep people's information safe.

Benefits of the legislation

The Accreditation Scheme and the Australian Government Digital ID System will deliver a range of benefits to consumers and business users, service providers, government, and the broader economy.

For Australians, this means a safe, secure, convenient and reusable way to verify who they are online, and having access to more services and businesses from the comfort of their home at a time that suits them.

This legislation will ensure that providers of Digital IDs will be governed by legislation and designed with privacy in mind so Australians can trust their information is safe and secure.

For business, the legislation means a simpler way to verify their customers. They get access to 
a market of accredited Digital ID providers, giving them and their customers peace of mind.

For entities offering Digital ID services, the legislation will provide a nationally consistent set of standards they can be accredited against and give them greater access to government agencies and businesses requiring ID services.

For government, the legislation will improve security and streamline processes across agencies. This will make it easier for Australians to access more government services and decrease the risk of identity fraud.

For the broader economy, a whole-of-economy Digital ID is a significant economic and security opportunity.

Consultation

The Acts were informed by public consultation on an Exposure Draft of the Digital ID Bill in September and October 2023. The Department of Finance received 113 submissions about the Digital ID Bill, of which 88 agreed to be published.

Following introduction to Parliament, the Bills were referred to the Senate Economics Legislation Committee for inquiry and report by 28 February 2024. You can read the Department of Finance submission [PDF 688KB], the Department of Finance opening statement, or access all other public submissions on aph.gov.au.

On this page

Digital ID Act 2024 overview

The objects of the Digital ID Act 2024 are to promote privacy and security of personal information, convenience in accessing services, and facilitate economic benefits and reduce burdens through the use of digital IDs.

To achieve this the Act strengthens a voluntary accreditation scheme, and provides legislative authority to expand the Australian Government Digital ID System.

Strengthening a voluntary Accreditation Scheme

The Act legislates a voluntary accreditation scheme for Digital ID service providers. The scheme will operate economy-wide, and build on the learnings from Trusted Digital Identity Framework (TDIF). A key change from TDIF is the strengthening of enforcement mechanisms: civil penalties will apply to accredited service providers.

  • There will initially be three types of digital ID services that can be accredited: identity service providers; attribute service providers; identity exchange providers. To accommodate new and emerging technologies, other types of service providers can be prescribed in the Accreditation Rules.
  • Accreditation requirements are set out in the Act and Accreditation Rules. The Accreditation Rules are a legislative instrument providing technical detail about identity verification levels, privacy, security, accessibility and usability. 
  • While the scheme is voluntary, if an entity becomes accredited they must adhere to additional privacy safeguards that go beyond those in the Privacy Act 1988 (Cth). Key among these safeguards are prohibitions on the use of single identifiers, a prohibition on disclosing information for marketing, and restrictions on the collection, use and disclosure of biometrics and other personal information. The Information Commissioner will have powers to make sure those safeguards are provided, and any breaches are penalised. 

Australian Government Digital ID System

The Act enables the phased expansion of the Australian Government Digital ID System (AGDIS) beyond the Commonwealth. This will facilitate the reciprocal or shared use of digital IDs between public and private sector organisations.

  • The AGDIS is currently based around a Commonwealth identity service provider (myGovID), attribute provider (Relationship Authorisation Manager, or RAM) and identity exchange (operated by Services Australia).
  • Some Commonwealth and state and territory agencies also participate in the AGDIS as relying parties that use myGovID and/or RAM in delivering online services to individuals and businesses.
  • The phased expansion of the AGDIS will enable the reciprocal use of Digital ID and attribute providers in Commonwealth and state and territory services. Initially it is expected that states and territories will be able to apply to participate in the AGDIS as users or providers of accredited Digital ID services. Then within two years, all state, territory and private sector entities will be able to apply to the Digital ID Regulator to participate within the AGDIS as providers, or users of accredited Digital ID services, or both. 
  • Providers of Digital ID services operating within the AGDIS must be accredited and will be subject to additional regulatory requirements, some of which will also apply to participating relying parties.
  • The legislation sets out additional requirements for entities wishing to participate in the AGDIS. For example, subject to limited exceptions it must be voluntary for individuals to use digital IDs within the AGDIS (particularly when accessing government services). Additionally, there are specific requirements for cyber and fraud incident reporting, liability and charging in the system. These are set out in the Act and Digital ID Rules, which are another legislative instrument that set out important details of the legislation that may need to be updated over time.  

Trustmarks

The Act provides transparency measures to build public trust. The Act and Digital ID Rules allow trustmarks to be used by accredited service providers. The Act requires the Regulator to maintain public registers of accredited service providers, and of service providers and relying parties participating in the AGDIS.

Australian Digital ID Regulator

The Act strengthens the governance of the Accreditation Scheme and the AGDIS. The Act establishes an independent Australian Digital ID Regulator (initially to be the ACCC) responsible for accreditation, approving participation in the AGDIS and enforcing compliance with the non privacy aspects of the legislation.

  • The Act sets out the functions of the Digital ID Regulator.
  • Services Australia, as System Administrator, will regulate the more operational aspects of the AGDIS relating to the security, integrity and performance of the system.
  • The Act also provides for the appointment of a Data Standards Chair, to develop technical standards to support the operation of the AGDIS and the Digital ID Accreditation Scheme. 

Civil penalties and certain enforcement powers

The Act provides for civil penalties and certain enforcement powers for the Regulator to help promote compliance. The Act will give the Regulator a calibrated set of powers ranging from the power to request information, giving remedial directions, issuing enforceable undertakings, before suspending or revoking an entity’s accreditation or participation in the AGDIS.

  • The Act says that breaches of the Act's privacy safeguards may be treated as an interference with privacy under the Privacy Act 1988 (Cth). This means the Information Commissioner can apply the powers and penalty provisions available to the Commissioner under the Privacy Act 1988 (Cth) to digital IDs.

Powers of the Minister

The Act provides for certain powers of the Minister including: rule-making; issuing directions to the Regulator, for reasons of national security, in relation to accreditation and participation in the AGDIS; appointing the Data Standards Chair; and a discretionary power to establish advisory committees.

An accompanying Digital ID (Transitional and Consequential Amendments) Act, with supporting rules, will set out the mechanism for transitioning those entities that are currently accredited and/or participating in the AGDIS into the new legislated arrangements.

More information