Skip to main
Help and resources
Register
for My Account
Sign in
to My Account
Search
Australian Government
Federal Register of Legislation
Site navigation
Constitution
Acts
Legislative instruments
Notifiable instruments
Gazettes
Administrative Arrangements
Prerogative instruments
Norfolk Island
Home
Acts
In force
Text
Details
Authorises
Downloads
All versions
Interactions
Digital ID Act 2024
In force
Administered by
Department of Finance
Latest version
Order print copy
Save this title to My Account
Set up an alert
C2024A00025
30 May 2024
Legislation text
View document
Select value
Act
Filter active
Table of contents
Enter text to search the table of contents
Collapse
Chapter 1—Introduction
Part 1—Preliminary
1 Short title
2 Commencement
3 Objects
4 Simplified outline of this Act
5 Act binds the Crown
6 Extension to external Territories
7 Extraterritorial operation
8 Concurrent operation of State and Territory laws
Part 2—Interpretation
9 Definitions
10 Meaning of attribute of an individual
11 Meaning of restricted attribute of an individual
12 Fit and proper person considerations
Collapse
Chapter 2—Accreditation
Collapse
Part 1—Introduction
13 Simplified outline of this Chapter
Collapse
Part 2—Accreditation
Collapse
Division 1—Applying for accreditation
14 Application for accreditation
Division 2—Accreditation
15 Digital ID Regulator must decide whether to accredit an entity
16 Accreditation is subject to conditions
17 Conditions on accreditation
18 Conditions relating to restricted attributes of individuals
19 Requirements before Accreditation Rules impose conditions relating to restricted attributes or biometric information of individuals
20 Variation and revocation of conditions on accreditation
21 Applying for variation or revocation of conditions on accreditation
22 Notice before changes to conditions on accreditation
23 Notice of decision of changes to conditions on accreditation
Division 3—Varying, suspending and revoking accreditation
24 Varying accreditation
25 Suspension of accreditation
26 Revocation of accreditation
Division 4—Minister’s directions regarding accreditation
27 Minister’s directions regarding accreditation
Division 5—Accreditation Rules
28 Accreditation Rules
Division 6—Other matters relating to accreditation
29 Digital IDs must be deactivated on request
30 Accredited services must be accessible and inclusive
31 Prohibition on holding out that an entity is accredited
Collapse
Chapter 3—Privacy
Collapse
Part 1—Introduction
32 Simplified outline of this Chapter
33 Chapter applies to accredited entities only to extent entity is providing accredited services
34 APP equivalent agreements
Collapse
Part 2—Privacy
Collapse
Division 1—Interaction with the Privacy Act 1988
35 Extended meaning of personal information in relation to accredited entities
35A Small business operator that is an accredited entity
36 Privacy obligations for non APP entities
37 Contraventions of privacy obligations in APP equivalent agreements
38 Contraventions of Division 2 and section 136 are interferences with privacy
39 Notification of eligible data breaches—accredited entities that are APP entities
40 Notification of eligible data breaches—accredited entities that are not APP entities
41 Notification of corresponding data breaches—accredited State or Territory entities that are not APP entities
42 Additional function of the Information Commissioner
43 Information Commissioner may share information
Collapse
Division 2—Additional privacy safeguards
44 Collection of certain attributes of individuals is prohibited
45 Individuals must expressly consent to disclosure of certain attributes of individuals to relying parties
46 Disclosure of restricted attributes of individuals
47 Restricting disclosure of unique identifiers
48 Restrictions on collecting, using and disclosing biometric information
49 Authorised collection, use and disclosure of biometric information of individuals—general rules
49A Biometric information, testing and continuous improvement
50 Accredited entities may collect etc. biometric information for purposes of government identity documents
51 Destruction of biometric information of individuals
52 Other rules relating to biometric information
53 Data profiling to track online behaviour is prohibited
54 Certain personal information must not be used or disclosed for prohibited enforcement purposes
55 Personal information must not be used or disclosed for prohibited marketing purposes
56 Accredited identity exchange providers must not retain certain attributes of individuals
Collapse
Chapter 4—Australian Government Digital ID System
Collapse
Part 1—Introduction
57 Simplified outline of this Chapter
Collapse
Part 2—Australian Government Digital ID System
Collapse
Division 1—Australian Government Digital ID System
58 Digital ID Regulator must oversee and maintain the Australian Government Digital ID System
59 Circumstances in which entities may provide or receive services within the Australian Government Digital ID System
Collapse
Division 2—Participating in the Australian Government Digital ID System
60 Phasing in of participation in the Australian Government Digital ID System
61 Applying for approval to participate in the Australian Government Digital ID System
62 Approval to participate in the Australian Government Digital ID System
63 Approval to participate in the Australian Government Digital ID System is subject to conditions
64 Conditions on approval to participate in the Australian Government Digital ID System
65 Conditions relating to restricted attributes of individuals
66 Variation and revocation of conditions
67 Applying for variation or revocation of conditions on approval
68 Notice before changes to conditions on approval
69 Notice of decision of changes of conditions on approval
Collapse
Division 3—Varying, suspending and revoking approval to participate
70 Varying approval to participate in the Australian Government Digital ID System
71 Suspension of approval to participate in the Australian Government Digital ID System
72 Revocation of approval to participate in the Australian Government Digital ID System
Collapse
Division 4—Minister’s directions regarding participation
73 Minister’s directions regarding participation
Collapse
Division 5—Other matters relating to the Australian Government Digital ID System
74 Creating and using a digital ID is voluntary
75 Restriction on collection of restricted attributes of individuals by participating relying parties
76 Notice before exemption is revoked
77 Holding etc. information outside Australia
78 Reportable incidents
79 Interoperability
80 Service levels for accredited entities and participating relying parties
81 Entities may conduct testing in the Australian Government Digital ID System
82 Use and disclosure of personal information to conduct testing
83 Prohibition on holding out that an entity holds an approval
Collapse
Part 3—Liability and redress framework
Collapse
Division 1—Liability of participating entities
84 Accredited entities participating in the Australian Government Digital ID System protected from liability in certain circumstances
Collapse
Division 2—Statutory contract
85 Statutory contract between entities participating in the Australian Government Digital ID System
86 Participating entities to maintain insurance as directed by the Digital ID Regulator
87 Dispute resolution procedures
Collapse
Division 3—Redress framework
88 Redress framework
Collapse
Chapter 5—Digital ID Regulator
Collapse
Part 1—Introduction
89 Simplified outline of this Chapter
Collapse
Part 2—Digital ID Regulator
90 Digital ID Regulator
91 Functions of the Digital ID Regulator
92 Powers of the Digital ID Regulator
Collapse
Chapter 6—System Administrator
Collapse
Part 1—Introduction
93 Simplified outline of this Chapter
Collapse
Part 2—System Administrator
94 System Administrator
95 Functions of the System Administrator
96 Powers of the System Administrator
97 Directions to the System Administrator
Collapse
Chapter 7—Digital ID Data Standards
Collapse
Part 1—Introduction
98 Simplified outline of this Chapter
Collapse
Part 2—Digital ID Data Standards
99 Digital ID Data Standards
100 Requirement to consult before making
Collapse
Part 3—Digital ID Data Standards Chair
Collapse
Division 1—Establishment and functions of the Digital ID Data Standards Chair
101 Digital ID Data Standards Chair
102 Functions of the Digital ID Data Standards Chair
103 Powers of the Digital ID Data Standards Chair
104 Directions to the Digital ID Data Standards Chair
Collapse
Division 2—Appointment of the Digital ID Data Standards Chair
105 Appointment
106 Term of appointment
107 Acting appointments
108 Application of the finance law etc.
Collapse
Division 3—Terms and conditions for the Digital ID Data Standards Chair
109 Remuneration
110 Leave of absence
111 Outside work
112 Resignation of appointment
113 Termination of appointment
114 Other terms and conditions
Collapse
Division 4—Other matters
115 Arrangements relating to staff
Collapse
Chapter 8—Trustmarks and registers
Collapse
Part 1—Introduction
116 Simplified outline of this Chapter
Collapse
Part 2—Digital ID trustmarks
117 Digital ID trustmarks
118 Authorised use of digital ID trustmarks etc.
119 Displaying digital ID trustmark
Collapse
Part 3—Registers
120 Digital ID Accredited Entities Register
121 AGDIS Register
Collapse
Chapter 9—Administration
Collapse
Part 1—Introduction
122 Simplified outline of this Chapter
Collapse
Part 2—Compliance and enforcement
Collapse
Division 1—Enforcement powers
123 Civil penalty provisions
124 Infringement notices
125 Enforceable undertakings
126 Injunctions
Collapse
Division 2—Directions powers
Collapse
Subdivision A—Digital ID Regulator’s directions powers
127 Digital ID Regulator’s power to give directions to entities in relation to accreditation and participation
128 Digital ID Regulator’s power to give directions to protect the integrity or performance of the Australian Government Digital ID System
129 Remedial directions to accredited entities etc.
Subdivision B—System Administrator’s directions powers
130 System Administrator’s power to give directions to protect the integrity or performance of the Australian Government Digital ID System
Division 3—Compliance assessments
131 Compliance assessments
132 Entities must provide assistance to persons undertaking compliance assessments
Division 4—Power to require information or documents
133 Digital ID Regulator’s power to require information or documents
134 System Administrator’s power to require information or documents
Part 3—Record keeping
135 Record keeping by participating entities and former participating entities
136 Destruction or de identification of certain information
Part 4—Review of decisions
137 Reviewable decisions
138 Internal review of decisions
139 Reconsideration by decision maker
140 Review by the Administrative Appeals Tribunal
Part 5—Applications under this Act
141 Requirements for applications
142 Powers in relation to applications
143 Decisions not required to be made in certain circumstances
Part 6—Fees
Collapse
Division 1—Fees charged by the Digital ID Regulator
144 Charging of fees by Digital ID Regulator etc.
145 Review of fees
146 Recovery of fees charged by the Digital ID Regulator
147 Commonwealth not liable to pay fees charged by entities that are part of the Commonwealth
Collapse
Division 2—Fees charged by accredited entities
148 Charging of fees by accredited entities in relation to the Australian Government Digital ID System
Collapse
Chapter 10—Other matters
Collapse
Part 1—Introduction
149 Simplified outline of this Chapter
Collapse
Part 2—Advisory committees
150 Advisory committees
Collapse
Part 3—Confidentiality
151 Prohibition on entrusted persons using or disclosing certain kinds of protected information
152 Authorised uses and disclosures of protected information by entrusted persons
153 Disclosing personal or commercially sensitive information to courts and tribunals etc. by entrusted persons
Collapse
Part 4—Other matters
154 Annual report by the Digital ID Regulator
155 Annual report by Information Commissioner
155A Annual reports by law enforcement agencies etc. on disclosure or use of personal information
155B Annual report by AFP Minister
156 How this Act applies in relation to non legal persons
157 Attributing conduct to the Commonwealth, States and Territories etc.
158 Bodies corporate and due diligence
159 Protection from civil action
160 Geographical jurisdiction of civil penalty provisions
161 Interaction with tax file number offences
162 Review of operation of Act
163 Delegation—Minister
164 Delegation—Digital ID Regulator
165 Delegation—System Administrator
166 Delegation—Digital ID Data Standards Chair
167 Instruments may incorporate etc. material as in force or existing from time to time
168 Rules—general matters
169 Rules—requirement to consult