Australia has taken a major step toward a secure, nationwide digital identity system with the passing of the Digital ID Act 2024 (Cth). The new law creates a formal framework for how individuals and organisations can verify identity online safely and consistently without relying on scanned passports or driver’s licences being emailed or uploaded.
For businesses, this is more than just a government IT project. The Digital ID Act will reshape how organisations onboard clients, verify employees, and interact with government systems. It also raises important issues around privacy, compliance and customer access.
What is the Digital ID Act?
The Digital ID Act 2024 establishes the Australian Government Digital ID System (AGDIS) and an accreditation framework for private and public entities that provide digital identity services.
In essence, the Act allows individuals to prove who they are online through accredited digital identity providers using verified credentials (such as a passport or Medicare data) that can be reused across different services.
For example, once a person’s identity is verified by an accredited provider, they could use that same credential to open a bank account, apply for a licence, or interact with a government department, without re-entering personal details each time.
Importantly, participation is voluntary. Businesses cannot require customers to use a digital ID as the only way to access services. Alternative access methods must remain reasonably available. Conversely, a large volume of data being certified will prove very attractive to hackers to test the security of accredited providers.
Why has the Government introduced this?
The move toward a regulated digital ID system responds to two growing concerns:
- Data breaches and identity theft – Australia has experienced several major breaches in recent years, exposing sensitive personal information. Centralised verification through accredited providers aims to reduce the need for customers to repeatedly share documents.
- Digital efficiency – The government wants to create a trusted, consistent way to prove identity online across sectors, much like the existing “myGovID” but expanded for business and private-sector use.
The Government expects the system to be open to private-sector participation in 2025 and beyond, allowing banks, utilities, health providers and other service industries to use or provide accredited digital ID services.
How will the Digital ID Act be implemented?
The Act received Royal Assent on 30 May 2024, and its implementation is being staged over several phases. Initially, the framework focuses on expanding the existing government digital ID system, ensuring that federal and state agencies operate under the same legal and security standards.
From mid-2025, the Australian Competition and Consumer Commission (ACCC) will take on the role of regulator, accrediting digital ID service providers and enforcing compliance with the Act. Supporting instruments including the Digital ID Rules, Accreditation Rules and Data Standards will be progressively released over the next 12 months to set out the detailed technical, privacy and interoperability requirements.
Private-sector participation will follow once these rules are finalised, allowing businesses to either become accredited digital ID providers or to rely on the system for identity verification. This phased approach is designed to ensure that technical systems, data security measures and consumer safeguards are fully operational before broader rollout.
What does it mean for businesses?
- Identity verification and compliance
If your business is required to verify customer identity such as in finance, property, or professional services the Digital ID framework could streamline compliance processes. Using an accredited digital ID service may reduce the need to collect and store copies of personal documents, helping limit data-breach exposure.
- Privacy and data protection
Even if you do not become an accredited provider, you may still rely on digital ID services. That means handling digital ID data in line with the Act’s strict privacy and data-destruction obligations. Businesses will need to review their privacy policies, data retention and cybersecurity protocols to ensure compliance.
- Contractual and risk considerations
If you rely on a digital ID provider, you’ll need to consider liability in the event of an error or breach. Accreditation offers some regulatory assurance, but businesses should still review contracts and service agreements carefully, including indemnities, notification requirements and data-handling clauses.
- Customer access
The Act expressly prohibits forcing customers to use digital ID as the sole access option. Businesses must maintain alternative, “reasonably available” ways to access services particularly for customers who lack digital access or prefer not to use digital identity systems.
- Future-proofing business systems
Digital ID is part of a broader move toward secure, interoperable digital government services. Businesses that prepare early updating systems, policies and contracts will be better placed to integrate digital ID capabilities when they become more widely available.
Key Takeaways
| Topic | What to Do Now |
| Compliance readiness | Map where and how your business currently verifies identity. Identify areas where digital ID could simplify compliance (e.g., AML/KYC checks). |
| Privacy and security | Review your data-handling policies. Ensure any digital ID data is stored, shared or deleted according to the Act’s standards. |
| Contracts and suppliers | If you use third-party verification providers, review agreements for compliance, liability and data-management terms. |
| Customer experience | Plan for dual pathways digital and non-digital to remain compliant with the Act’s “voluntary use” requirement. |
| Monitor developments | Watch for the Digital ID Rules and Data Standards being developed by the government, which will specify detailed obligations for accredited and relying parties. |
How we can help
Our firm advises businesses on privacy compliance, data governance, and regulatory risk. We can help you:
- assess your readiness for digital ID integration;
- update privacy policies and contracts;
- manage data-retention and incident-response obligations; and
- prepare for private-sector participation in the Digital ID framework.
The Digital ID Act 2024 represents a significant step toward a safer and more efficient digital economy but with it comes new regulatory and operational responsibilities. Taking early steps now will position your business to use the new system confidently and compliantly when it becomes available.
About the Author: This article has been authored by Steven Brown. Steven Brown’s legal career covers working with multinational corporations and Australian listed companies to family-owned businesses. This range of experience has equipped Steven with the unique ability to offer tailored legal services that make a significant difference to businesses of all sizes.
