South Africa’s national identification system is facing its biggest overhaul in years. The Department of Home Affairs published the draft Identification Regulations, 2026 in Government Gazette No. 54610 on 4 May 2026.
Comments close on 6 June 2026. If you’ve been watching Minister Leon Schreiber’s push to digitise Home Affairs, this is where it gets real.
Home Affairs’ Digital Identity system
The draft regulations give legal status to a new smartphone-based identity credential, accessible through an app called MyMzansi.
Under the proposal, your digital ID would carry the same legal weight as your physical Smart ID card. You will be able to present it via NFC tap or QR code at any institution that accepts it. But your physical Smart ID isn’t going anywhere.
The draft makes it clear that the digital credential is optional and that no one is required to get one. There are, however, technical provisions in the draft worth understanding before this becomes law.
Just 9 weeks after launch, 167 bank branches now provide ID Card replacement services across the country. During that time, an incredible 127 364 citizens have gained newfound access to this critical service. Next, we’re ramping up to 750 branches and adding more services! 🇿🇦 pic.twitter.com/uxie7GV9Au
— Leon Schreiber (@Leon_Schreib) May 19, 2026
Civic engagement platform Dear South Africa noted several questions the current text doesn’t fully resolve.
What the MyMzansi app actually does
The MyMzansi application is the only channel through which you’d access your digital identity credential. Think of it as a government-issued wallet app holding a cryptographically signed version of your identity.
To get the credential, you still need to show up in person at an accredited enrolment point. That could be a Home Affairs office, a bank branch, a port of entry, or a mobile enrolment unit.
The draft says enrolment must eventually be available in every municipality.
Once issued, the credential is tied to your specific device through a process called device binding. That’s a security feature designed to prevent someone else from using your digital ID.
But it raises a practical question the draft doesn’t answer directly: what happens if your phone gets stolen?
The regulations cover suspension and revocation of credentials in various circumstances, including where the cryptographic key has been compromised. But there’s no explicit recovery pathway for the scenario where you report a theft and need your digital ID restored on a new device.
Given South Africa’s mobile theft rates, that’s a notable gap in the draft.
What changes for you
Your credential expires every 5 years
The digital ID is valid for five years from the date of issue or last renewal.
Renewal can be done through the app using facial biometric verification, so you won’t need to queue for that step.
The 10-year in-person rule
There’s one provision that’s easy to miss.
If you go 10 consecutive years without any in-person touchpoint, either at a Home Affairs office or at an accredited institution like a bank, your digital credential lapses entirely.
You’d have to re-enrol from scratch.
That in-person requirement doesn’t have to be a Home Affairs visit. A visit to a bank branch that has a verified relationship with the Department counts. But for people who rarely use formal banking services or live far from accredited points, this is worth flagging.
At the time of publishing, South Africans can access Home Affairs banking services through 160 participating branches. Participating branches and booking options are available through the Department of Home Affairs’ eHomeAffairs portal.
Keeping your details updated
The draft asks you to notify the Department within 30 days if your address, phone number, or email changes.
Non-compliance won’t automatically cancel your credential. But it can affect what the regulations call your Identity Assurance Level, an internal measure of how reliable your identity verification is considered to be.
A lower assurance level could cause issues when a bank or other institution tries to verify your identity.
The draft is clear that the obligation is to maintain accurate records in the register, not to punish people who move house without immediately telling the government.
The data-sharing piece
One of the more complex parts of the draft deals with how your information is shared with “trusted entities.” These are organisations with a statutory obligation to verify your identity, like banks and telecoms.
The Department can provide real-time identity verification services to these entities via secure API connections. Trusted entities are explicitly barred from using your information for profiling, data commercialisation, or what the regulations call “generalised searching.” Every access must be tied to a specific legal function and logged for seven years.
The draft also limits which updates trusted entities can receive. A bank can only be notified of changes to your details if it has an active, verified relationship with you and the update falls within its authorised purpose.
There’s a specific provision stating that no trusted entity may receive automated broadcast updates unrelated to its authorised function or to a person it has a current relationship with.
That’s worth keeping in mind when reading claims about the draft’s data-sharing powers, which are sometimes described more broadly than the text suggests.
What the draft doesn’t resolve
Beyond the stolen-phone gap, the draft leaves a few things to the Director-General’s discretion rather than specifying them in the regulations.
These include:
- The specific technical standards for the cryptographic systems.
- The minimum requirements for which devices qualify to run MyMzansi.
- The exact criteria for Identity Assurance Level upgrades.
These points are all to be determined by instruction rather than written into the regulations themselves. This is not unusual for draft regulations, but it does mean the full picture won’t be visible until those instructions are issued.
How to have your say
Public comments are open until 6 June 2026. You can submit by email to Moses.Malakate@dha.gov.za or by post to the Chief Director:
Legal Services,
Private Bag X114,
Pretoria,
0001.
Physical submissions go to the 10th Floor, Hallmark Building, 230 Johannes Ramokhoase Street, Pretoria. Enquiries can be directed to Adv Moses Malakate on (012) 406 4023 or 4273.
The full draft regulations are published in Government Gazette No. 54610.
