Technology law

The Digital ID Bill 2023 (Cth) – key points

by

reviewed by

Malcolm Burrows

Reading Time:

4–6 minutes

On 30 November 2023, the Digital ID Bill 2023 (Cth) and the Digital ID (Transitional and Consequential Provisions) Bill 2023 (Digital ID Bills) were introduced in the Australian Senate.  Digital IDs are designed to provide individuals with a convenient way to verify their identity when completing certain online transactions and dealing with government and certain businesses.  This acts as an alternative to repeatedly providing details or copies of personal and sensitive identification documents with third parties that may be vulnerable to cyber-attacks.

What are the stated objectives of the Digital ID Bill?

While the Australian Government has an existing digital identification system, the Australian Digital ID System (which has been the subject of significant criticism due to its lack of user friendliness and poor information architecture), the Digital ID Bills are designed to:

  • legislate and strengthen a voluntary Accreditation Scheme for digital ID service providers that wish to demonstrate compliance with best practice privacy, security, proofing and authentication standards;
  • legislate and enable expansion of the Australian Government Digital ID System (AGDIS) for use by the Commonwealth, State and Territory governments and eventually private sector organisations;
  • embed strong privacy and consumer safeguards, in addition to the Privacy Act 1988 (Cth) to ensure users are protected; and
  • strengthen governance arrangements for the Accreditation Scheme and the AGDIS, including by establishing the Australian Competition and Consumer Commission (ACCC) as the Digital ID Regulator, and expanding the role of the Information Commissioner to regulate privacy protections for digital IDs. Both these regulators will have a broad range of powers under the Bill, including to issue civil penalties.[1]

Ultimately, the Digital ID Bills purported aim is to assist online transactions with government and businesses by providing individuals with secure, voluntary and convenient ways to verify their identity.

What is a Digital ID service provider?

As stated in the Explanatory Memorandum, once the Bill is enacted, accreditation will be available for three (3) kinds of digital ID services:

  • attribute service provider;
  • identity exchange provider; and
  • identity service provider.

These services are found in the federated digital ID system, which involves an identity exchange that facilitates data flows between service providers and the organisations that use their services, which are referred to as “relying parties”.

Relevant definitions contained in clause 9 of the Digital ID Bill

  • Accredited Service means the services provided, or proposed to be provided, by the entity in the entity’s capacity as a particular kind of accredited entity”.[2]
  • Digital ID means “a distinct electronic representation of the individual that enables the individual to be sufficiently distinguished when interacting online with services”.[3]
  • Digital ID System means “a federation of entities that facilitates or manages the verification of an individual’s identity and/or, after verifying the identity, the authentication of that digital ID or information about the individual”.[4]
  • Digital ID Regulator means the Australian Competition and Consumer Commission”.[5]
  • Participate means “an entity participates in the Australian Government Digital ID System at a particular time if, at that time: the entity holds an approval under section 62 to participate in the system and either the entity is directly connected to an accredited entity that is participating in the Australian Government Digital ID System or the entity is an accredited entity that is directly connected to a participating relying party”.[6]
  • Personal Information means “information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and includes an attribute of an individual”.[7]
  • Relying Party means “an entity that relies, or seeks to rely, on an attribute of an individual that is provided by an accredited entity to provide a service to the individual or enable the individual to access a service”.[8]

What are the expected benefits of the legislation?

It has been stated by the Australian Digital ID System that the accreditation scheme and the AGDIS is predicted to be significantly beneficial to consumers, businesses, the government, and broader economy.

  • For consumers, the introduction of this legislation will ensure that Digital ID providers will be governed by legislation to ensure the privacy and security of Australian users information.
  • For businesses, the introduction of this legislation will result in a simpler way for customers to verify their identity when transacting. In addition, businesses will have access to a market of accredited Digital ID providers that will ease the minds of customers.
  • For the government, the introduction of this legislation will streamline processes across agencies and improve security. This will ultimately make it easier for individuals to access government services and decrease the risk of identity fraud.

How will Digital ID service providers be regulated?

According to the Australian Digital ID System, the ACCC will be appointed as the initial regulator of the Digital ID and will be responsible for:

  • accrediting Digital ID services against the Digital ID Bill and Accreditation Rules;
  • approving which services can participate in the AGDIS; and
  • using its investigative and compliance powers in the legislation to ensure Digital ID providers and services comply with the legislation to keep people’s information safe.

Privacy-related aspects of the Digital ID accreditation scheme will be regulated by the Information Commissioner to ensure the protection of individuals choosing to use an accredited Digital ID provider.

Links and further references

Legislation

Digital ID Bill 2023 (Cth).

Explanatory Memorandum to the Digital ID Bill 2023 (Cth)

Australian Government – Digital ID Act 2024

Further information about digital ID confirmation

If your business needs advice on implementing digital ID confirmation, contact us for a confidential and obligation-free discussion:

[1] Explanatory Memorandum, Digital ID Bill 2023 (Cth).

[2] Digital ID Bill 2023 (Cth) s 9.

[3] Digital ID Bill 2023 (Cth) s 9.

[4] Digital ID Bill 2023 (Cth) s 9.

[5] Digital ID Bill 2023 (Cth) s 90.

[6] Digital ID Bill 2023 (Cth) s 9.

[7] Digital ID Bill 2023 (Cth) s 9.

[8] Digital ID Bill 2023 (Cth) s 9.


Related insights about digital ID confirmation

  • Federal Court orders winding up of crypto mining investment scheme

    Federal Court orders winding up of crypto mining investment scheme

    The Federal Court of Australia delivered judgment in Australian Securities and Investments Commission v NGS Crypto Pty Ltd (No 5) [2025] FCA 1611, on 18 December 2025 ordering the winding up of two (2) cryptocurrency related entities after finding that they operated an unlicensed financial services business and an unregistered managed investment scheme in contravention…

    Read more …

  • Online Safety – is your online business a DIS or a RES?

    Online Safety – is your online business a DIS or a RES?

    Whether your online business has to comply with the obligations contained in the Online Safety Act 2021 (Cth) (OSA), and related standards and industry codes will largely depend on how your business is classified because of the functionality it provides to end users in Australia.

    Read more …

  • Bill to allow victims of AI deepfakes to sue for emotional damages

    Bill to allow victims of AI deepfakes to sue for emotional damages

    On 24 November 2025, Senator David Pocock introduced a private Senator’s bill, the Online Safety and Other Legislation Amendment (My Face, My Rights) Bill 2025 (Cth) (Bill) to amend the Online Safety Act 2021 (Cth) (Online Safety Act) and the Privacy Act 1988 (Cth) (Privacy Act). 

    Read more …

  • Malcolm Burrows on ABC’s “Legal Eagles” segment – Deepfakes

    Malcolm Burrows on ABC’s “Legal Eagles” segment – Deepfakes

    On 3 December 2025, Malcolm Burrows appeared live on Katherine Feeney’s ABC Radio program, “Legal Eagles” as the Technology and Intellectual Property Lawyer to discuss the proposed amendments to the Online Safety Act 2021 (Cth) through the introduction of the Online Safety and other legislation Amendment (My Face Rights) Bill (Cth) 2025 (My Face Rights…

    Read more …

  • Australian Government announces a digital duty of care

    Australian Government announces a digital duty of care

    The Australian Government has announced that it will soon be introducing legislation to create a digital duty of care under the Online Safety Act 2021 (Cth) (Act) in response to findings from an independent Statutory Review of the Online Safety Act 2021 (Review).  The Honourable Anika Wells MP announced that “big tech” companies will soon…

    Read more …

  • OAIC publishes new guidance for under-16s social media ban

    OAIC publishes new guidance for under-16s social media ban

    On 10 October 2025, the Office of the Australian Information Commissioner (OAIC), led by Privacy Commissioner, Ms Carly Kind, released a twenty-nine (29) page Privacy Guidance on Part 4A (Social Media Minimum Age) of the Online Safety Act 2021 (New Guidance).  This New Guidance details the privacy obligations for Age-Restricted Social Media Platforms (Restricted Platforms)…

    Read more …

  • Australians soon facing age checks when viewing adult websites

    Australians soon facing age checks when viewing adult websites

    On 9 September 2025, the eSafety Commissioner, Mrs Julie Inman Grant (Commissioner), registered six (6) new codes (New Codes) under the Online Safety Act 2021(Cth) (Online Safety Act) aimed at protecting children from the “clear and present” dangers of harmful AI chatbots and other online adult content.  On 9 March 2026, these New Codes will…

    Read more …

  • How are Google and Microsoft implementing age verification?

    How are Google and Microsoft implementing age verification?

    From 27 December 2025, all ‘internet search engine services’ operating in Australia will be legally required to comply with Schedule 3 – Internet Search Engine Services Online Safety Code (Class 1C and Class 2 Material) (Code) registered under the Online Safety Act 2021 (Cth) (eSafety Act).  The Code, registered by the eSafety Commissioner on 27…

    Read more …

  • What is the US Take It Down Act?

    What is the US Take It Down Act?

    The Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act (Take It Down Act ) is a United States (US) federal law enacted on 19 May 2025. The Take It Down Act amends 47 U.S. Code § 223 (Code) of the Communications Act 1934 (US) (Communications Act) by establishing new…

    Read more …

Send this to a friend