Skip to main content
    Astris Law S IconAstris Law
    ← Back to Articles|Regulatory & Compliance →
    Insights26 August 20266 min read

    Does Your Product Need Digital ID Accreditation?

    Summary

    The Digital ID Act 2024 (Cth) created an accreditation scheme that some businesses genuinely need, some merely want and some would regret. Which of those you are turns on questions most founders have not asked yet.

    Last reviewed ·Reviewed by Jamie Nuich, Legal Practitioner Director

    Key Takeaways

    • The Digital ID Act 2024 (Cth) established the accreditation scheme and the Australian Government Digital ID System, AGDIS.
    • Accredited roles include identity service providers, attribute service providers and identity exchanges, and which role fits your product is a legal characterisation question.
    • Participation in AGDIS is phased, so positioning decisions are being made before the market settles.
    • Accreditation also functions as a trust signal for private providers, which makes it a commercial decision as much as a regulatory one.
    • For some businesses accreditation is a moat and for others it is an expensive badge, and the difference turns on your model, not your ambition.
    Identity verification on a device, illustrating accreditation under Australia's Digital ID scheme

    Every few years a new accreditation appears and a predictable scramble follows. Some businesses genuinely need it, some merely want the badge and some pursue it, win it and then discover what holding it obliges them to do. The accreditation scheme established by the Digital ID Act 2024 (Cth) is producing all three groups right now. The difference between them is not effort or ambition. It is whether anyone asked the right question before the application started, and the right question is not how do we get accredited. It is whether your product is the kind of thing this scheme was built for at all.

    In Brief

    • The Digital ID Act 2024 (Cth) established the accreditation scheme and the Australian Government Digital ID System, AGDIS.
    • Accredited roles include identity service providers, attribute service providers and identity exchanges.
    • Which role your product fits is a legal characterisation question, not a branding choice.
    • Participation in AGDIS is phased, and accreditation also functions as a trust signal for private providers.
    • Whether accreditation is worth pursuing turns on your model and your customers, and it deserves analysis before the application budget is spent.

    What the Scheme Actually Established

    The Digital ID Act 2024 (Cth) did two related things. It established an accreditation scheme for providers in the digital identity ecosystem, and it established the Australian Government Digital ID System, AGDIS, the system through which accredited services connect with government. The accredited roles include identity service providers, attribute service providers and identity exchanges, and each role is a different regulatory identity with its own footprint.

    That structure carries an implication most product teams miss. The scheme does not accredit products. It accredits providers in roles, and the role your product actually performs is a characterisation exercise under the legislation. Two products with near identical interfaces can fall into different roles because of what happens behind the screen. The characterisation drives everything downstream: the shape of the application, the obligations you take on and the position you occupy in the ecosystem. It is the first decision, and it is the one most often made by default rather than on advice.

    The Three Kinds of Applicant

    Watch this market for a while and the applicants sort into three groups.

    The first group are businesses whose entire model is identity. For them the question is not whether to engage with the scheme but how: which role, on what timeline and with what positioning as participation in AGDIS phases in. The phasing matters here, because positioning decisions are being made now, while the market is still forming, and the businesses that treat the sequence as strategy will be standing in different places from the ones that treated it as paperwork.

    The second group are businesses that touch identity without being identity businesses. Fintechs, platforms and marketplaces whose products rely on verification flows they did not build. For many of them the honest answer is that they do not need accreditation at all. They need accredited counterparties and the right contracts with them, which is a cheaper and faster problem, but only if someone frames it that way before the application budget is committed.

    The third group are businesses chasing the badge. And here is the nuance: the badge is real. Accreditation also functions as a trust signal for private providers, entirely apart from AGDIS participation, and for some models that signal is worth a great deal in enterprise sales and government positioning. But the signal comes bundled with obligations that persist for as long as the accreditation does. For some businesses that bundle is a moat competitors cannot cheaply cross. For others it is a standing cost that never pays for itself. The two look identical at the press release stage.

    The Question Under the Question

    So the real analysis has three layers, and they have to be done in order. What role, if any, does your product actually perform under the scheme? Does the value of accreditation, as access, as trust signal or as both, exceed what holding it will oblige you to carry? And if the answer is yes, when in the phased rollout should you move, given where your customers and competitors will be standing?

    None of those questions is answered by reading the legislation cover to cover, because each turns on facts about your product, your customers and your roadmap that no guidance document knows. That is why generic advice in this area is so unreliable. The scheme is one framework, but every sensible accreditation decision we have seen was specific to the business making it.

    What Getting It Wrong Looks Like

    The failure modes are quiet. A business applies in the wrong role and builds an application around a regulatory identity that does not match its product, discovering the mismatch deep into the process. A platform spends heavily on an accreditation it never needed, while its competitor solved the same customer objection with contracts. A provider wins accreditation and only then prices the ongoing obligations, finding that the badge costs more to hold than it earns. Each of these is expensive, each is common and each was avoidable at the strategy stage, which is the cheapest stage there is.

    Frequently Asked Questions

    What roles can be accredited under the Digital ID Act 2024 (Cth)?

    Accredited roles include identity service providers, attribute service providers and identity exchanges. Which role fits a given product is a characterisation question under the legislation, and it drives the shape of the application and the obligations that follow.

    Do I need accreditation if I only use identity verification in my product?

    Often not. Many businesses that rely on identity flows need accredited counterparties and well drafted contracts rather than accreditation of their own. Which side of that line you sit on depends on what your product actually does, not on what it is called.

    Is accreditation useful outside AGDIS?

    It can be. Accreditation also functions as a trust signal for private providers, separate from AGDIS participation. Whether that signal justifies the obligations that come with it is a commercial judgement specific to your model.

    When should we make the accreditation decision?

    Before the application is drafted. Participation in AGDIS is phased, positioning decisions are being made while the market forms and the strategy work costs a fraction of a misdirected application.

    Deciding whether accreditation belongs in your roadmap? Start with our digital ID page, then Contact Astris Law for a fixed fee consultation or call (07) 3519 5616.

    Sources and References

    • LegislationDigital ID Act 2024 (Cth)
    Share

    This article is for general information purposes only and does not constitute legal advice and should not be relied on as such. While we take reasonable care to ensure the accuracy of the information provided, we make no representations or warranties as to its completeness, currency or reliability. We accept no liability for any loss or damage arising directly or indirectly from the use of, or reliance on, this website's content. You should always seek professional advice tailored to your specific circumstances before acting on any information in this article. Liability limited by a scheme approved under Professional Standards Legislation.

    Related Practice Area

    Regulatory & Compliance

    Related Articles