Australia forges ahead with digital identity, releases second Digital Services Standard

A release from the Australian government says it wants to expand the voluntary use of digital ID to bring “whole of economy benefits,” as the country continues to see rapid movement in digital transformation efforts.

The expanded Australian Government Digital ID System (AGDIS) is rolling out in four phases, which may overlap or be preceded by pilots. Its accreditation scheme will be of note to biometrics and digital ID providers, particularly those – like iProov, Yoti and Idemia – which have existing relationships with government bodies in Australia.

Staggers applications to join system for gov’t, private sector

Phase one has already begun, with the rollout of myID to more than 185 government services, accessible to the millions of Australians who use the myID app.

On December 1, 2024, legislation will commence to provide legislative authority for AGDIS to expand, as well as strengthening governance, privacy and consumer protections and the voluntary accreditation scheme for digital ID service providers.

This kicks off the second phase of digital ID implementation, during which accredited state and territory digital ID providers can apply to the digital ID regulator to join AGDIS as a relying service. The idea is to offer more choice in digital identity options for access to government services.

For individual digital ID holders, nothing changes. Government units wishing to join the digital ID system will be required to undertake testing with a system administrator before submitting an application.

Phase three, to commence by December 2026, opens applications to private sector services wishing to join the government digital ID system. Banks, telecom providers and the real estate sector are offered as examples of private businesses that may want their customers to be able to verify identity with digital ID.

Phase four, also to commence by December 2026, allows accredited private sector providers, attribute providers and exchange providers to apply to the digital ID regulator to join AGDIS.

Per the release, accreditation of private sector digital ID providers, attribute providers and exchange providers will continue throughout all phases. Those who gain accreditation will be granted a trustmark for display, and held to applicable regulatory standards for privacy protection, security, usability, accessibility, risk management, fraud control and more.

Australia’s government anticipates 5 to 10 private sector digital identity providers, and possibly more later on, participating in the country’s national ID scheme. Australia Post, IDVerse, Mastercard and Makesure, a domestic background screening provider, are already accredited identity service providers.

New regulators enter the ring to police accreditation, privacy

December 1 will also usher in two new regulatory bodies.

The Australian Competition and Consumer Commission (ACCC) will be the main digital ID regulator overseeing approval and accreditation. It is also the enforcer, policing compliance for non-privacy aspects of the country’s digital ID System.

The Office of the Australian Information Commissioner (OAIC) will oversee privacy specifically. It will ensure accredited providers have implemented privacy safeguards, handle complaints and conduct investigations of data breaches.

Digital Service Standard 2.0 lays out 10 criteria for services

The government has published a second version of its Digital Service Standard, which “establishes the requirements for designing and delivering digital government services.”

It aims to ensure digitized government services are secure, user-friendly, inclusive, accessible, adaptable and measurable. An explainer video says the criteria “ask us to set clear goals, know who we’re building for and challenge our own assumptions about their needs. They encourage interoperability, intuitive and transparent user experiences and to reuse what people are familiar with and works well.”

The new version lists ten criteria services must meet, down from an original 13. “To successfully apply the Digital Service Standard, government agencies must meet all the criteria.” (Although there are exemptions for certain technological and financial barriers.)

In order, the criteria are as follows. Services must 1) have clear intent, 2) know their user, 3) leave no one behind, 4) connect services, 5) build trust in design, 6) not reinvent the wheel, 7) do no harm, 8) innovate with purpose, 9) monitor their service, and 10) keep it relevant.

Those categories are broad, but the document offers specific resources and guidance for each of the criteria, with reference to applicable legislation. As part of number 4 on connecting services, the guidance on design for interoperability includes a note to use digital ID: “Where appropriate, endeavour to integrate the Australia Government Digital ID System, accredited by the Trusted Digital Identity Framework (TDIF), to allow users to access the service with a single set of credentials.”

The Digital Service Standard is one of four pillar standards mandated as part of the Digital Experience Policy.

Article Topics

Australia  |  Australian Competition and Consumer Commission (ACCC)  |  Australian Government Digital Identity System (AGDIS)  |  biometrics  |  digital government  |  digital ID  |  digital identity  |  identity verification  |  Trusted Digital Identity Framework (TDIF)