Australia has spent the better part of a decade building a national digital identity framework, and for most of that time, the system’s primary achievement was letting people log into their myGov accounts without a password. That is beginning to change.

The Trusted Digital Identity Framework (TDIF), administered by the Department of Finance, is now entering its most consequential phase: expansion into private sector identity verification. The Digital Transformation Agency’s February 2026 update confirmed that three private sector identity providers have been accredited under TDIF, with another five in the evaluation pipeline. For the first time, Australians may soon be able to verify their identity for banking, telecommunications, and other private sector services using the same digital credential they use for government interactions.

The implications for Australia’s technology and financial services sectors are significant, but the path from here to widespread adoption is far from straightforward.

The Current State of Play

myGovID, the government’s digital identity credential, now has over 12.4 million active users—roughly 60% of Australia’s adult population. Usage accelerated during the pandemic, when accessing government services like Medicare claims, tax lodgements, and Centrelink payments shifted heavily online.

But myGovID has operated in a closed ecosystem. It cannot currently be used to verify identity with a bank, sign up for a phone plan, or prove your age at a venue. Each of those interactions requires separate identity verification involving 100-point checks, document uploads, or video calls.

The average Australian goes through some form of identity verification roughly eight times per year, according to the Australian Banking Association. Each verification costs the service provider between $5 and $35, and costs the consumer time and frustration. Fintechs report that 15-20% of potential customers abandon onboarding because the verification process is too cumbersome.

What Private Sector Accreditation Means

TDIF accreditation allows private companies to either accept government-issued digital credentials or issue their own credentials that meet government standards for security, privacy, and reliability. In practical terms, completing identity verification with your bank could generate a reusable credential accepted by your telco, energy retailer, or a government agency—without repeating the process each time.

The Australian Financial Review reported in January 2026 that the Commonwealth Bank and Westpac are both developing digital identity products within the TDIF framework. If either bank launches such a product, it would immediately reach millions of customers and could accelerate ecosystem adoption in a way that government mandates alone have not achieved.

The Trust Problem

Technical interoperability is the easier problem. The harder challenge is trust—both institutional and public.

Public trust in digital identity remains fragile in Australia. The 2022 Optus data breach, which exposed the personal documents of nearly 10 million Australians, and the subsequent Medibank breach, fundamentally changed how Australians think about centralised identity data. Surveys by the Office of the Australian Information Commissioner consistently show that while Australians want more convenient identity verification, they are deeply concerned about what happens when identity systems are compromised.

The TDIF framework addresses this partly through decentralisation—the system is designed so that no single entity holds a complete record of an individual’s identity transactions. The identity provider confirms that a person meets certain criteria (over 18, Australian resident, holds a valid licence) without transmitting the underlying documents. But the technical architecture matters less than public perception. If a high-profile breach occurs in the early phase of private sector expansion, it could set the entire program back by years.

Institutional trust presents its own challenges. ASIC, APRA, and ACMA all have different requirements around customer identification. Aligning these with TDIF standards has required extensive negotiation, and not all regulators have fully committed to recognising TDIF-accredited credentials as meeting their specific requirements.

What Needs to Happen

Three things will determine whether Australia’s digital identity system achieves broad private sector adoption in the next two to three years.

Regulatory alignment must continue. The current patchwork of identity requirements across different regulators creates compliance risk for businesses that want to accept digital credentials. A consistent recognition framework across ASIC, APRA, and ACMA would remove the single biggest barrier to corporate adoption.

A major consumer-facing launch is needed to shift public awareness. Most Australians don’t know what TDIF is. If a major bank or telco launches a digital identity product that demonstrably saves customers time—say, opening a new account in two minutes instead of twenty—that will do more for adoption than any government awareness campaign. Singapore’s Singpass system, which has achieved strong private sector integration with banks, insurers, and retailers, provides a useful model for what this could look like.

Incident response planning must be robust and visible. The question is not whether there will be a security incident involving digital identity infrastructure. The question is how quickly and transparently it will be handled when it occurs. Getting the response right will be essential to maintaining the public trust that the entire system depends on.

Australia’s digital identity framework has taken longer to build than most comparable systems internationally. Whether that deliberate pace produces a more durable outcome or simply delays the inevitable adoption challenges is about to become clear.