On 19 September 2023, the Federal Government released a new exposure draft of the proposed Digital ID legislation (DI Bill). Central to the DI Bill is the notion that the digital economy is not possible unless Australians have digital identities that are safe, secure and convenient, to prove their identity online.
The purpose of the DI Bill is to:
If the DI Bill is passed as currently drafted, once an entity achieves accreditation, it must adhere to a number of privacy and data requirements and restrictions. Failure to comply may result in fines of up to 300 penalty units.
The DI Bill is to be accompanied by the Accreditation Rules, which will set out the global best practices and requirements for a Digital ID service provider to become accredited. The DI Bill will also be accompanied by the Digital ID Rules, setting out the specific requirements in addition to those contained in the DI Bill such as reporting obligations to the ACCC and Information Commissioner. Under the proposed Digital ID Rules, digital ID providers and services would have to report cyber security incidents within 24 hours of becoming aware of them.
Entities looking to be accredited entities or relying entities should be aware of the benefits of signing up for such a program (noting that participation is voluntary) as well as the additional privacy and data security obligations that apply if you choose to do so.
While consultation on the DI Bill closed on 10 October 2023, the Consultation period for the DI Accreditation Rules is open until 31 October 2023. Public Service Minister Katy Gallagher has expressed the government’s intention for the expanded AGDIS to go live midway through 2024.
*Information is accurate up to 27 November 2023
