Australia's Digital ID Act 2024 commenced on November 30, 2024, creating the legislative foundation for a national digital identity system. For the first year of its operation, the system has been limited primarily to government services — enabling citizens to verify their identity digitally when accessing Commonwealth services. But the next phase is approaching: from December 2026, private sector entities will be able to participate in the Australian Government Digital ID System, fundamentally expanding the scope and impact of the framework.

The private sector expansion means that banks, insurers, telecommunications companies, and other regulated entities will be able to use the AGDIS to verify customer identity. Instead of each organisation conducting its own identity verification — collecting documents, performing checks, maintaining records — they will be able to rely on identity assertions made through the accredited digital identity system. A customer who has verified their identity through an accredited identity service provider can present that verified identity to any participating relying party.

The regulatory architecture is designed around accreditation and oversight. Identity service providers — entities that verify a person's identity and issue digital identity credentials — must be accredited under the framework, meeting security, privacy, and operational standards specified in the Accreditation Rules. The Australian Competition and Consumer Commission serves as the Digital ID Regulator, overseeing the Accreditation Scheme, while the Office of the Australian Information Commissioner handles the privacy regulatory functions.

Key amendments to the Digital ID Rules and Accreditation Rules took effect in November 2025, strengthening the framework ahead of private sector expansion. These changes established a redress framework for incidents within the system, strengthened reportable incident obligations, and updated protective security requirements for accredited entities. Notably, the amendments delayed the application of suspension and resumption obligations on identity service providers until November 2026, providing additional time for providers to develop compliant systems and processes.

For businesses preparing for private sector participation, the practical preparations involve several dimensions. Technical integration with the AGDIS requires implementing the protocols and data formats specified in the framework's technical standards. Business process adaptation requires updating onboarding and verification workflows to accommodate digital identity assertions alongside traditional document-based verification. And governance requires ensuring that the organisation's data handling practices meet the privacy and security standards required of participating entities.

The consumer proposition is straightforward: verify once, use everywhere. A customer who has established a verified digital identity can use it across government and private sector services without repeating the verification process each time. This reduces friction for the customer and cost for the business, while maintaining a level of identity assurance that is at least equivalent to traditional document-based verification.

Use of the Digital ID system is entirely voluntary for citizens. Participating businesses must accept digital identity assertions where they require identity verification, but they cannot refuse service to individuals who choose not to use the digital identity system. This voluntary-for-users, mandatory-acceptance-for-businesses model mirrors the approach being taken by the EU's eIDAS 2.0 framework.

For organisations preparing for Australia's expanding digital identity ecosystem, deepidv provides identity verification infrastructure that supports both traditional document-based verification and emerging digital identity credential models, ensuring seamless operation as the AGDIS expands.