Digital identity has become economic infrastructure across the globe. For South Africa, which could begin rolling out its own digital IDs for citizens later this year, whether they drive inclusion or exclusion will depend on design, governance and cyber resilience.
The core difference between smart IDs, which are currently replacing the green ID book, and digital IDs lies in their format and application. A digital ID is a virtual credential, often stored on a mobile phone – essentially a wallet-style app for paperless and remote authentication – while a smart ID is a physical, chip-enabled plastic card.
TechCentral approached experts in the field, and they agreed that whether digital IDs become an engine of inclusion or a barrier to progress will hinge on how they are designed and governed. Public trust in the system is paramount.
Lohan Spies, founder and CEO of DIDx, a South African company that specialises in self-sovereign identity (giving individuals control over the information they use to prove who they are to websites, services and applications), said public trust is the foundational requirement for any digital identity system, particularly in countries characterised by high levels of fraud, inequality and historical institutional mistrust.
“Trust does not emerge from technological sophistication alone; rather, it is shaped by whether the system is perceived to serve citizens first, reduce real-world friction and protect individual rights,” he said.
“For digital identity systems to gain legitimacy, they must be inclusive by design, ensuring that no one is excluded due to poverty, geography, disability or limited access to digital infrastructure,” Spies said.
Governance frameworks
“Equally important is the perception of purpose. Digital identity must be experienced as a tool that solves concrete problems for individuals, not as an extension of surveillance or administrative control.”
Spies said immediate and visible benefits – such as seamless digital interaction with government, reduced time spent in queues, lower compliance costs, faster access to grants and services, and the elimination of repetitive paperwork – are critical for early adoption and sustained trust.
Part of this trust lies in individuals retaining meaningful control over their digital identities, including explicit consent over what data is shared, with whom and for what purpose. Without clear governance frameworks, digital ID systems risk operating without enforceable rules or accountability.
Read: Digital IDs will launch before year-end, government says
Thomas Linder, senior researcher at Research ICT Africa, said building public trust must include a focus on real accessibility, including processes that are designed to be as comprehensible, easy to use and complete as possible.
If the system is built by a private contractor, it must be explicit that the contractor has no access to the data and no right to use or share it for any other purpose.
Spies said that globally, digital ID systems vary widely in architecture, governance and societal impact. While these differences offer lessons for other countries, implementation is shaped by local legal, institutional and social conditions. No single model can be transplanted wholesale into another national context.
Consortium systems, such as BankID in Sweden, demonstrate strong adoption and usability, but also highlight risks of private-sector dominance over access to essential services. In contrast, decentralised approaches – such as Bhutan’s national digital identity initiative – prioritise individual control and data minimisation, but face different challenges around scalability and ecosystem participation.
Linder pointed to several examples of poorly designed and implemented ID systems, including Uganda’s Ndaga Muntu, where thousands were excluded due to non-inclusive design and roll-out, as well as cases where digital IDs were made obligatory to access social services.
Mauritania and Tanzania’s digital ID deployments have been “quite successful”, he said, but challenges remain around rural, informal and marginalised communities – a challenge South Africa will also need to address.
The country widely considered to be the world’s most advanced digital society is Estonia. More than 99% of its citizens have a mandatory national ID card and digital IDs that are used for public services, including voting, filing taxes, healthcare and banking.
Tõnu Grünberg, Estonia’s deputy under-secretary for digital infrastructure and cybersecurity at the justice & digital affairs ministry, told TechCentral that his country’s experience shows public trust is not primarily a technological achievement. Instead, it is the result of deliberate governance choices that make technology verifiably non-abusive.
Architectural choice
“From the very beginning, the core assumption was that efficiency alone is not enough: citizens will only trust digital identity if it is embedded in a strong legal framework, transparent by design and constrained by clear rules,” he said.
One of the most important early decisions was to avoid building a single, centralised “super-database” of citizens’ information. Instead, data remained with institutions that already had a legal mandate to hold it, while services accessed data through a secure interoperability layer when – and only when – necessary.
Read: Home affairs promises full automation by next year
“This architectural choice significantly reduced fears of surveillance and abuse, while also strengthening security. Every data request had to be attributable, logged and auditable, reinforcing the idea that misuse leaves traces and can be sanctioned,” Grünberg explained.
“A key trust element is that citizens can see who has accessed their data, especially in sensitive domains, reinforcing the principle that transparency is a citizen right, not a technical afterthought.”
On technical design, Grünberg said decentralisation by default limits systemic risk, while strong cryptographic identity and qualified digital signatures ensure high assurance for sensitive transactions. Secure interoperability standards and consistent monitoring also made it possible to scale safely across the public and private sectors.
“The underlying philosophy was simple: if a solution is secure and privacy-compliant in a strict legal environment, it becomes a global quality benchmark,” he said.
For digital ID to work at scale, a clear legal foundation for digital interaction is critical. Grünberg said the most challenging law was the Digital Signatures Act, as it required a major shift in legal culture by accepting cryptographic signatures as fully legally binding. Balancing interoperability with data protection was another sensitive area, requiring strong safeguards to maintain public trust.
Grünberg stressed that digital IDs cannot work at scale without a supporting legal ecosystem, including:
- Identity and authentication laws that define assurance levels and liability;
- Digital signature legislation ensuring legal certainty in transactions;
- Data protection rules establishing transparency, citizen rights and independent oversight; and
- Administrative procedure laws clarifying how digital decisions are made and how they can be challenged.
“Politically, the most difficult laws to pass were those that touched on data sharing between institutions and sensitive domains such as health or law enforcement. These debates were unavoidable, but they were also essential for building durable legitimacy,” he said.
Asked how Estonia prevented digital IDs from excluding citizens without smartphones, internet access or digital literacy, Grünberg said seamless use across government and the private sector was achieved by creating a shared trust framework.
Common standards
Common standards allowed banks, telecommunications operators and public authorities to rely on the same digital identity with predictable assurance levels. Early private-sector integration was crucial: once people used the same ID for banking, signing contracts and interacting with the state, digital identity became part of everyday life rather than a niche government tool.
He advised countries like South Africa that are starting their own digital ID journeys to replicate the “trust architecture, not just the technology”.
Read: Why stablecoins are booming in Africa
“What should be copied is decentralised data management, auditability as a citizen right, legal equivalence of digital actions, early but tightly regulated private-sector integration and inclusion by design.
“What should be avoided is launching identity systems before governance, oversight and liability are clear; building centralised data silos; and mandating use without delivering value.”
As South Africa considers how to implement digital IDs, experts warn that unless the system saves time, lowers costs, protects dignity and removes barriers to participation, it risks being seen as another institution-first system rather than one designed for citizens. – © 2026 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.
