Digital IDs for South Africa - The Good, The Bad and The Ugly

Added: 2026-05-09

[00:00:00]Let's talk about South Africa's digital IDs. Government Gazette 54610 was published on the 4th of May 2026 with draft amendments proposed to the identification regulations and it has set social media on fire. WhatsApp X, Facebook, all of it. Yes, Home Affairs Minister Leon Shriber has published draft regulations for a digital ID system in South Africa.

[00:00:32]And within hours, the fearongering started up again. People started sharing voice notes and screenshots pulled from other countries. Claims that government will track you. Claims that your Green ID book will be cancelled and a whole load of snare dust of the bull. Much of the information being shared is untrue, but what is true is actually more interesting than the panic. And there are some legitimate questions in these regulations that nobody seems to be asking because everyone is too busy sharing the wrong ones.

[00:01:15]Before we go any further, I want to be upfront about something. I am not a legal expert. I am presenting this stuff as I understand it after going through the gazette, all 33 pages of it. and I'm going to focus on the parts I believe matter the most for ordinary South Africans. If something is unclear or I have misread it or you believe I misunderstand it or misinterpreted it, then I encourage you to read the gazette yourself and submit comments to Parliament yourself. The link will be in the description. I want to thank all the subscribers who make this channel possible. It is always appreciated for anyone who is visiting here for the first time. I'm Riandrew and this is the Randrew show.

[00:02:09]Let me deal with the biggest misconception first because it is the foundation everything else rests on.

[00:02:17]This digital ID is optional. Listen carefully. The digital ID thing is optional. The Gazette says it so directly multiple times. You are not forced to get one. Your green ID book and your Smart ID card remain valid.

[00:02:36]Nothing about your current identity documents changes. The digital ID is an extra, not a replacement. The regulation is explicit. No person is compelled to obtain a digital identity credential in order to continue using a valid physical identity card. This is directly from the gazette. So don't let people tell you otherwise. So that is the law as proposed. If anything significant changes during or after the public comment window, I will tell you here if possible. But for now, the digital ID is optional. The comparison to digital ID systems in other countries is also mostly wrong. This is not the Chinese social credit system. It is not the Indian Ara rollout system where people were denied food grants because the biometric reader didn't recognize their worn fingerprints.

[00:03:34]Those comparisons are not based on reading this gazette. They are based on fear or poor understanding of technology dressed up as political awareness.

[00:03:46]If you see anyone quoting this, then just know that they have no idea how this technology works or they did not spend any time reading this gazette.

[00:03:56]There is also a specific fear circulating that once you have a digital ID, you can be tracked everywhere you go or blocked from buying things or cut off from transactions if you fall out of favor with the government. I have read the gazette carefully and I cannot find the legal basis for that fear. The regulations explicitly prohibit the use of identity information for profiling for open-ended intelligence gathering or data commercialization. Law enforcement access requires a warrant or a court order. The system is not designed as a transaction control mechanism. It is designed as an identity verification tool and the two are not the same thing.

[00:04:45]If someone can show me the specific clause that enables what they are describing, I will cover it. And until then, I'm treating that particular claim as fearongering. If you do not want to use this digital ID, you do not have to.

[00:05:02]If you don't trust or do not understand the technology, then don't use it. This is optional. You don't have to use it.

[00:05:11]That should end the panic.

[00:05:14]Before we get into what the new system does, let us be honest about the system we have right now because it has serious problems. Think about what happens every day in this country. Um, example, you sell something on Facebook Marketplace, the buyer asks for a copy of your ID before payment. You photograph your ID in your green ID book and send it. Or maybe you are the buyer and someone sends you a copy of their ID to prove they are real. That copy of your ID can now be used to open a store account, apply for credit, or register a SIM card in [clears throat] your name. The Green ID book is over 40 years old in design.

[00:06:01]It is paper inside a cover. It can be photocopied and digitally altered well enough to fool most people. Thousands of fraudulent green ID books circulate in South Africa. The Department of Home Affairs and the banking sector have both acknowledged it. The Smart ID is better.

[00:06:22]It has a chip, but verifying that chip requires a reader and most small businesses do not have one. So, they look at the card and trust their eyes, which is not verification. Identity fraud in South Africa costs billions annually.

[00:06:40]People find out their identity was used to take out loans which they never applied for and some spend years trying to clear their credit records after the fact. That is the system we are defending when we panic about a voluntary digital upgrade. We need to hold that in mind.

[00:06:59]So what does the proposed system actually do? You start by downloading an app called Mzanzi. You go in person to an enrollment point, a home affairs office or an accredited private sector location like a bank which is taking part in the program. You do not just walk in and press a button. You provide documentary proof of identity. Your details get cross referenced against the population register. Your fingerprints are captured. Your face is captured. and a livveness detection check confirms you are physically present. The system is specifically designed to reject photographs, videos, and masks. The credential gets linked cryptographically to your specific phone. It cannot be transferred to another device without reenrollment. When you need to prove your identity um at a bank, at a government office, wherever, you open the app and present it via NFC, Bluetooth or QR code. The system verifies against the population register in real time. That is fundamentally different from handing over a photocopy of a document that anyone could have made. The credential is valid for 5 years. It renews via facial biometric through the app. It lapses if you have not done any in-person verification in the preceding 10 years. And if your information changes um address, phone number, etc., the credential updates to reflect that, which means a business with a verified relationship to you gets notified of the change automatically.

[00:08:47]That last part is actually the most consequential piece of the whole system and it is where the real questions start. Take note, this is where it gets important.

[00:09:00]The gazette introduces a category called trusted entities. These are organizations with a legal obligation to verify identity which is banks, mobile operators, SARS, the South African Police Service. Under [snorts] the proposed regulations, these entities can be accredited to enroll people, verify identity in real time, and in some cases receive what the regulation calls near realtime update notifications when your information in the population register changes.

[00:09:34]That is regulation 38A and it is the most consequential provision in the entire gazette. what it means in practice. If your bank is an accredited trusted entity and your address changes, the department of home affairs can notify your bank of that change automatically.

[00:09:56]You do not have to go and update your address separately at the bank. The population register pushes the information to your bank because you have a verified relationship. The regulations are careful about this. The notification is limited to information that has actually changed. The entity can only receive categories of information it is authorized to hold.

[00:10:21]The protection of personal information act overrides the regulations in any conflict. But here is the question that is of concern. Who controls which entities get accredited? As I understand the proposed draft, that person is the director general of home affairs.

[00:10:42]One person, one office. The accredititation criteria exist in the gazette, but the director general retains significant discretion on who qualifies and under what conditions. It basically comes down to do you trust that one person. South Africans have very good reasons to be skeptical about concentrations of administrative power.

[00:11:07]We have watched what happens when oversight is weak and discretion is wide. The gazette does require audit logs to be kept for 7 years. It does prohibit use of information for data commercialization for profiling or open-ended intelligence gathering. It does require a warrant or court order for law enforcement access.

[00:11:32]These are meaningful protections on paper. The question is not whether the protections are written down. The question is whether the institutions responsible for enforcing them can actually be trusted to do so. The gazette is honest about some of its own limitations which is actually more than we usually get. Regulation 49 paragraph 5 states explicitly that the system must be implemented in a manner that does not unreasonably exclude persons who do not own suitable mobile devices, do not have reliable internet access or are otherwise unable to use digital services without assistance.

[00:12:17]This is a real problem in South Africa.

[00:12:20]Smartphone penetration is not universal.

[00:12:24]Data costs remain high. Large parts of the population um elderly people, people in rural areas, people in lower inome households do not have reliable access to the technology this system requires.

[00:12:39]The gazette acknowledges this obligation but provides no detail on how it will actually be met. That is a gap. There is also no commencement date. The regulations come into operation on a date fixed by the minister by notice in the gazette.

[00:12:57]That is kind of a blank check on timing.

[00:13:01]Implementation could move quickly. It could be delayed for years. There is no accountability mechanism attached to that timeline. The enrollment will be free at home affairs offices. But home affairs offices in this country have cues that defeat people. If the practical reality is that enrollment requires taking a day off work, traveling to an office, and waiting, that is a real barrier regardless of what the regulation says about being free of charge. And there is a device security requirement in regulation 42 that the director general can refuse to deliver a credential to a phone that does not meet security standards.

[00:13:44]For people using older or lowcost smartphones, this could effectively exclude them from the system even if they want to participate.

[00:13:55]The draft regulations are open for public comment until the 6th of June 2026. If you have concerns about specific provisions, the trusted entities framework, the director general's discretion, the timeline, the digital divide, then you can submit written comments to the department of home affairs. I will put the submission details on screen. This is not a small thing. Public comment periods in South Africa are often performative.

[00:14:26]Submissions sometimes get ignored but they also create a public record and if the system is later challenged in court the record matters.

[00:14:37]Privacy advocates and civil society can use that record. If you are not comfortable with the digital ID you do not have to engage with it at all. Your green ID book um your smart ID card remain valid. Nothing forces you to enroll. But if you feel the system has merit and the case against identity fraud is real, then participating in the public comment process is how you shape it into something that actually works for ordinary South Africans, not just for banks and telecoms. The digital ID system, if implemented properly, solves a real problem. South Africa's current identity verification infrastructure is decades old, fraudprone and actively being exploited against ordinary citizens right now. Leon Shriber inherited a department in serious trouble. The Q failures, the backlogs, the population register vulnerabilities, those accumulated under ANC ministers before him. To be fair to Shriber, he has shown more urgency than his predecessors and this gazette is a better process than we have seen from home affairs in a long time. That does not mean we give it a free pass. Careful optimism is not the same as trust. The system he is proposing has significant discretionary power to the director general of home affairs and we need to know what oversight sits above that. So here is the question that needs a public answer before the 6th of June. Given that most of the critical decisions in this system, who gets accredited, what security standards apply, when data notifications are sent, all flow through the director general's office, what independent oversight structure will exist to ensure that discretion is not abused and what recourse do South Africans have if their data is misused by an accredited entity? Minister Shriber, that question is for you. If you have any thoughts, do share them in the comments section. Do share this video with someone you think needs to hear about it. Thank you for every like and every subscriber. It really is appreciated. And I will catch you in the next one.

[00:17:10][music]