How will MyDigital ID progress in Malaysia?

Malaysia’s MyDigital ID is becoming part of the country’s public infrastructure. The national authentication platform gives users a single credential for access to several services, mainly in government and, in some cases, on private platforms. The aim to make digital transactions easier, tighten security, and reduce credential duplication in multiple agencies.

Assessing and Optimising MyDigital ID [PDF]a recent discussion paper from Khazanah Research Institute, compares Malaysia’s authentication system with similar digital identity models in Estonia, Singapore and India, and concludes that legal definitions, institutional control, inclusion, and public trust decide whether any digital identity system can work at the required scale.

MyDigital ID is part of Malaysia’s wider digitisation programme, providing a Single Sign-On authentication service (SSO) via established security standards to check identity details against government databases. As more services connect, it is beginning to reduce the friction that comes with separate logins and repeated verification, the report states. At present, registration draws on official identity records, with biometric verification and secure credentialing. The platform already supports streamlined access to some services and authentication and digital signing for the same.

The paper regards the project as at an early stage, able to help users prove who they are and carry out some actions online. Other countries show what might comes next when systems mature: Estonia’s digital identity, Singapore’s Singpass, India’s Aadhaar show different ways that a national identity system can become part of service delivery at a national scale.

The Khazanah paper assesses MyDigital ID against five measures:

• The integrity of registration and credentialing,
• Functionality and interoperability,
• Governance and safeguards,
• Inclusivity and accessibility,
• Long-term sustainability.

Weaker points cited are structurally-based. Interoperability across different sectors remains limited, with legal and per-institution frameworks still forming. Public information does not yet set out, in full, how oversight will work, what transparency measures will apply, or how users can seek redress when errors or misuse occur. Such an absence does not necessarily prove safeguards are missing, but user trust depends partly on whether users are aware of them before they’re willing to rely on them.

The paper argues the risks in digital identity systems are institutional. When several agencies share responsibility, the question of who decides and who corrects errors becomes more problematic. If mandates overlap or are vague, systems will naturally weaken as they expand. A platform that works reasonably well at smaller scales could experience friction when it begins to connect to many other services in government and private organisations.

Public trust follows the same path: Citizens need assurances on how their data is handled, uses it’s put to, and what recourse exists if data is mismanaged. In countries where digital identity systems have gained broader acceptance, legal clarity and visible accountability often count for a great deal. The paper suggests that Malaysia will need a particularly sharp focus on this area.

Inclusion concerns centre are manifest in Malaysia’s decision to offer both online and assisted enrolments, the latter to help people less comfortable with digital systems. Access will depend on practical conditions such as having a capable device, stable internet connections, and the possession of any documents required to prove a citizen’s identity beyond reasonable doubt. At present, eligibility for MyDigital ID is currently restricted to MyKad holders.

The paper advocates for a stronger legal framework giving the concept of digital identity better recognition by institutions and a better definition of user rights and accountability. It also points to a need for better coordination between institutions and better communication with the populace. Interoperability is a cornerstone of success if the platform is to work across multiple sectors.

MyDigital ID has sound technical and operational bases, but as of itself it should be regarded as a public institution. On it will depend on law, so governance and trust matter as much as software’s efficacy. Whether MyDigital ID becomes durable national infrastructure will depend on how those questions are answered, and whether lessons can be learnt from similar projects elsewhere in the world.

(Image source: “Solutions for Society Biometrics – Creative Commons” by NEC Corporation of America is licensed under CC BY 2.0. To view a copy of this license, visit https://creativecommons.org/licenses/by/2.0)

Want to experience the full spectrum of enterprise technology innovation? Join TechEx in Amsterdam, California, and London. Covering AI, Big Data, Cyber Security, IoT, Digital Transformation, Intelligent Automation, Edge Computing, and Data Centres, TechEx brings together global leaders to share real-world use cases and in-depth insights. Click here for more information.