4 May 2026 · Daily Briefing

Draft MyMzansi digital ID regulations open for comment — 6 June 2026 deadline

Home Affairs proposes a national digital identity credential framework with new obligations for banks, telecoms, and all entities performing statutory identity verification.

Other briefings
View all →
Primary briefing · Gazette
high impact 54610  · R. 7428  · 2026-05-04
Draft digital identity credential regulations under the Identification Act — comment by 6 June 2026
Comment closes
06 Jun 2026
The Minister of Home Affairs has published draft amendments to the Identification Regulations, 1998 (GN R. 7428 in GG 54610), introducing a framework for digital identity credentials issued via the 'MyMzansi' mobile application. A digital identity credential will constitute an identity card for purposes of section 14 of the Identification Act, making it legally equivalent to a physical ID. The draft creates an accreditation regime for 'trusted entities' that verify identity against the National Population Register, requiring them to conclude data-sharing agreements with the Department, report security breaches to the Director-General within 24 hours, and maintain audit logs of verification transactions for at least 7 years. The regulations prescribe biometric enrolment standards, identity assurance levels, and cryptographic security requirements. Credentials are valid for 5 years and lapse if no in-person verification occurs within 10 years. Criminal offences are created for misuse. POPIA-aligned data-handling obligations apply throughout. Written public comments must be submitted on or before 6 June 2026.
Who is affected
Banks and financial institutions performing KYC/AML verificationInsurers and other FIC Act accountable institutionsMobile network operators and telecoms providersSocial grants administrators (e.g. SASSA)Government departments and agencies verifying identityTechnology companies developing identity or biometric solutionsProfessional licensing and regulatory bodiesAny entity with statutory identity-verification obligations
What this means for practitioners
Submit written comments to the Department of Home Affairs on or before 6 June 2026 (to Adv A M Malakate at Moses.Malakate@dha.gov.za or by hand/post)
Assess whether your organisation would qualify or need to register as a 'trusted entity' under the accreditation framework
Review the proposed data-sharing agreement, 24-hour breach notification, and 7-year audit log retention requirements against current compliance programmes
Evaluate the impact of legal equivalence between digital credentials and physical identity cards on existing KYC/AML and FICA processes
Brief clients in financial services, telecoms, and government sectors on the draft and the comment deadline