Digital IDs take root in US as states and federal agencies chart uncertain paths

In January, then-President Joe Biden issued the sweeping Executive Order (EO), Strengthening and Promoting Innovation in the Nation’s Cybersecurity, which included a direct mandate for federal agencies to prioritize privacy-preserving digital identity systems. Mobile driver’s licenses (mDLs) and electronic identity documents were explicitly mentioned as key components in his last-minute modernization push.

For the first time, the White House officially recognized digital identity as not just a convenience issue, but a fundamental pillar of government service delivery and cybersecurity resilience. The Trump administration’s apparent decision to maintain EO 14144 indicates an acknowledgment of the importance of strengthening cybersecurity measures, even if the broader approach to digital identity and privacy may differ.​

The Trump administration, however, has neither promoted nor expanded upon the digital identity initiatives outlined in Biden’s EO. There also has been no significant public communication or policy development from the administration regarding the implementation or advancement of privacy-preserving digital identity systems. This lack of emphasis suggests that while the order remains in place, it may not be a current priority for the administration.​

Still, the landscape of digital IDs for government services has continued to evolve, just unevenly. Both federal and state governments have advanced initiatives to bring digital identity systems online, with privacy, security, and user control principles at the core. Yet, even as the infrastructure is being built, significant challenges remain around adoption, interoperability, political will, and public trust.

At the federal level, Biden’s executive order tasked the National Institute of Standards and Technology (NIST) with issuing formal guidance on how federal agencies should evaluate and accept digital credentials. This move came after years of pilot programs and limited Transportation Security Administration (TSA) testing of digital IDs, but without any central federal strategy.

NIST’s draft guidelines, which were published in mid-April, prioritize the concept of user-held credentials that do not constantly “phone home” to government servers when presented. Instead, the guidelines urge systems where verification can occur locally or cryptographically, thereby minimizing the surveillance risks that civil liberties groups have long warned about.

Biden’s EO encouraged federal benefits agencies like the Social Security Administration (SSA), Department of Veterans Affairs, and the Centers for Medicare and Medicaid Services to evaluate how digital IDs could streamline identity proofing for benefits eligibility. Agencies have been cautiously experimenting.

SSA quietly launched a pilot in March that allows applicants for replacement Social Security cards to verify their identity using state-issued mobile driver’s licenses in Arizona and Maryland, two states that have aggressively pushed forward on an mDL infrastructure. Although this remains a limited deployment, it signals the growing federal interest in relying on mobile-based identity verification for core citizen services.

Meanwhile, TSA expanded its acceptance of mDLs at airport security checkpoints. Following early trials at Phoenix Sky Harbor and Baltimore-Washington International, TSA announced that travelers using Apple Wallet or Google Wallet-based digital IDs can now pass through security checkpoints at 22 airports nationwide. This marks a major milestone because it validates the technical interoperability between state-issued mDLs and federal government security systems, a core hurdle for broader national adoption.

Some states have taken steps to digitize driver’s licenses. Since late 2024, California residents have been able to add their driver’s licenses and state identification cards to their iPhones and Apple Watches through Apple Wallet integration. This system uses Face ID or Touch ID biometrics to authenticate the user before displaying identity credentials.

Illinois similarly moved forward, enacting legislation that allows digital driver’s licenses to be carried on smartphones as legal proof of identity starting January 1. However, the law still requires motorists to carry a physical license when operating a motor vehicle, reflecting an ongoing transitional phase where digital credentials supplement but do not yet fully replace physical documents.

New Mexico is another state advancing mobile ID legislation. Its Motor Vehicle Division introduced a bill to formally authorize electronic driver’s licenses and ID cards that are designed to integrate with digital wallets while respecting data minimization standards.

Several other states, including Arizona, Maryland, Colorado, and Georgia, had been piloting mDLs prior to Biden’s executive order, which provided the impetus to move from pilot stages to broad deployments. States are increasingly working with technology vendors certified under the ISO/IEC 18013-5 standard which outlines global technical specifications for secure mDL issuance and verification.

Despite this progress, however, substantial challenges threaten to slow the pace of national digital ID adoption. One issue is uneven acceptance across sectors. While TSA and some government agencies now accept digital IDs, many retailers, bars, and banks do not. A notable example comes from California, where residents report frustration that even though the DMV promotes the availability of digital IDs, many businesses still require a physical card for age verification or identity proofing. This patchwork acceptance undermines user confidence and slows behavioral adoption.

Another problem lies in corporate policies. Some businesses fear liability issues if they accept a digital ID that turns out to be fraudulent or if their employees mishandle personal data presented digitally. Industry groups are calling for updated legislation that would clearly spell out the legal validity of digital IDs across use cases and offer liability protection to businesses that accept them in good faith.

Interoperability across state lines remains an unresolved issue as well. Although the ISO standard allows for common technical specifications, there is no federal mandate forcing states to adhere to a single platform. Consequently, mDLs from one state may not necessarily be recognized by another, complicating interstate travel or relocation. Efforts are underway through organizations like the American Association of Motor Vehicle Administrators (AAMVA) to harmonize technical and governance frameworks, but this process is still in its early stages.

Privacy advocates also continue to raise red flags about the risk of digital IDs becoming de facto tracking devices if poorly implemented. Although Biden’s executive order took pains to define “privacy-preserving” principles, enforcement mechanisms are weak, and different states vary widely in their commitments to data protection.

Some digital ID apps require live network connections to verify credentials, which can reveal when, where, and how often an individual presents their ID. Privacy-focused designs, by contrast, favor offline verification or one-time-use cryptographic proofs that minimize data trails.

Complicating matters further is the political climate. While the Biden administration framed digital ID development as a modernization and cybersecurity priority, the Trump administration has shown less consistent interest in digital identity initiatives.

Trump-era technology policies tend to emphasize centralized control and expanded surveillance powers, which could steer federal digital identity efforts away from the privacy-centric approach Biden’s EO envisioned. Whether federal agencies continue the slow, decentralized rollout of user-controlled mDLs or pivot toward more centralized government-issued digital credentials remains an open question.

What is clear is that digital identity is no longer an abstract concept in U.S. government policy. Real deployments are taking place that affect how citizens interact with public services. The fact that residents in several states can now clear airport security with only their phone demonstrates how deeply digital identity has already begun to root itself into everyday life, even if the transformation is incomplete.

The success or failure of digital ID efforts will hinge largely on three factors: usability, trust, and interoperability. Usability demands that digital IDs be as easy or easier to use than physical IDs. Trust requires strong privacy protections and legal assurances that digital identities will not be misused. And interoperability will determine whether Americans can use their digital IDs across state lines and agency boundaries without facing confusing or contradictory systems.

Article Topics

cybersecurity  |  data privacy  |  digital ID  |  digital identity  |  identity proofing  |  mDL (mobile driver's license)  |  U.S. Government  |  United States