Digital Identity and Trust Services

Australia: Trusted Digital Identity Bill Exposure Draft

Latest developments

On 19 September 2023, the Federal Government released a new exposure draft of the proposed Digital ID legislation (DI Bill). Central to the DI Bill is the notion that the digital economy is not possible unless Australians have digital identities that are safe, secure and convenient, to prove their identity online.

Summary

The purpose of the DI Bill is to:

  • Expand the Australian Government Digital Identity System (AGDIS) by enabling greater participation of state and territory governments and private sector entities;
  • Enshrine various privacy and consumer protections in law, so that Australians can have confidence in the AGDIS and know that their personal information is safe and secure; and
  • Establish an independent regulator with responsibility for governing the AGDIS and the TDIF accreditation scheme under the legislation. The Australian Competition and Consumer Commission will be the initial regulator.

If the DI Bill is passed as currently drafted, once an entity achieves accreditation, it must adhere to a number of privacy and data requirements and restrictions. Failure to comply may result in fines of up to 300 penalty units.

The DI Bill is to be accompanied by the Accreditation Rules, which will set out the global best practices and requirements for a Digital ID service provider to become accredited. The DI Bill will also be accompanied by the Digital ID Rules, setting out the specific requirements in addition to those contained in the DI Bill such as reporting obligations to the ACCC and Information Commissioner. Under the proposed Digital ID Rules, digital ID providers and services would have to report cyber security incidents within 24 hours of becoming aware of them.

How could it be relevant for you?

Entities looking to be accredited entities or relying entities should be aware of the benefits of signing up for such a program (noting that participation is voluntary) as well as the additional privacy and data security obligations that apply if you choose to do so.

Next steps

While consultation on the DI Bill closed on 10 October 2023, the Consultation period for the DI Accreditation Rules is open until 31 October 2023. Public Service Minister Katy Gallagher has expressed the government’s intention for the expanded AGDIS to go live midway through 2024.

*Information is accurate up to 27 November 2023

Digital Identity and Trust Services - Explore further sections

Explore other chapters in the guide

Data as a key digital asset

Crypto assets

AI as a digital asset

Privacy & Data Protection

Cybersecurity

Digital Identity and Trust Services

Consumer