(1)
(a) The department shall establish and maintain identity proofing requirements for the issuance of a state-endorsed digital identity that:
- (i) follow a generally accepted identity proofing standard;
- (ii) are commensurate with the risks of impersonation, fraud, and misuse associated with the credential; and
- (iii) are consistent with the privacy, civil liberties, and security requirements of this chapter.
(b) The identity proofing process shall be designed to establish, at a minimum, that:
- (i) the applicant is a real individual;
- (ii) the applicant is the individual the applicant claims to be;
- (iii) the applicant's birth date is the date the applicant claims it to be; and
- (iv) the applicant meets the eligibility requirements of Section 63A-20-302.
(c) The department shall ensure that the identity proofing process results in a credential that provides a level of confidence in the individual's identity that is:
- (i) sufficiently robust to support reliance by governmental entities and private-sector relying parties where required by law or policy for online age assurance; and
- (ii) appropriate for use in both online and offline presentations.
(d) Identity proofing processes shall be designed so that the state's endorsement:
- (i) reflects verification at a point in time; and
(ii) does not require:
- (A) continuous monitoring; or
- (B) tracking.
(2)
- (a) An applicant shall provide true and accurate information as required under this part.
- (b) Knowingly providing materially false information for the purpose of obtaining a state-endorsed digital identity constitutes fraud and may result in denial, revocation, and other remedies provided by law.
(3)
- (a) Obtaining or holding a state-endorsed digital identity does not affect an individual's physical identity documents.
- (b) An individual is not required to surrender, cancel, or replace any physical identity document as a condition of applying for or holding a state-endorsed digital identity.
(4)
- (a) The department shall define by rule, in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, the identity proofing standards and processes required for issuance of a state-endorsed digital identity.
(b) The rules shall, at a minimum:
- (i) specify the objectives the identity proofing process is intended to achieve;
(ii) describe the acceptable methods of identity proofing, including:
- (A) in-person, remote, or hybrid methods, and the conditions under which each may be used; and
- (B) minimum evidence requirements and validation methods;
- (iii) align with generally accepted identity proofing practices; and
- (iv) establish requirements and a process to become an identity proofing entity.
Enacted by Chapter 436, 2026 General Session