The Gaps in South Africa’s Digital ID Plan

South Africa is poised to join a growing cohort of nations deploying digital identity solutions, aiming to streamline access to public and private services. The draft regulations released by the Department of Home Affairs provide a flexible cryptographic framework, echoing trends seen in Europe’s eIDAS 2 and the United States’ state‑level digital driver’s licenses. By allowing citizens to opt‑in and carry digital credentials on mobile devices, the policy could accelerate financial inclusion, reduce fraud, and modernize government interactions—provided the technical underpinnings are robust.

Industry insiders, however, warn that the draft leaves several security pillars under‑defined. Biometric verification currently relies on a single 2D selfie, a method vulnerable to sophisticated AI‑generated deep‑fakes. Experts from iiDENTIFii and Entersekt recommend incorporating proof‑of‑liveness sensors, multi‑factor authentication, and NFC‑based card taps to harden enrollment. Moreover, the regulations focus on the issuer (Home Affairs) and holder (citizen) but barely address verifiers—banks, retailers, and other service providers that must trust and read credentials. Without clear standards for approved wallets and verifier interfaces, the ecosystem risks fragmenting into siloed solutions.

To bridge these gaps, South Africa should anchor its digital ID architecture in internationally recognized specifications such as OpenID Connect for verifiable credentials and the ISO mobile driver’s licence (mDL) standard. Explicitly defining approved wallet providers, device limits, loss‑recovery protocols, and real‑time fraud‑signal sharing will align the system with best practices seen in Estonia and the U.S. Doing so not only bolsters security but also ensures the digital ID can serve as a universal credential for everything from banking to building access, unlocking the economic benefits of a trusted, interoperable identity layer.