Real ID requirements temporarily waived for states' mobile IDs

A new proposed rule by the TSA would offer potential waivers for digital driver's licenses from requirements set to go into effect in 2025.

A new proposed rule by the TSA would offer potential waivers for digital driver's licenses from requirements set to go into effect in 2025. Who_I_am / Getty Images

 

Connecting state and local government leaders

The coming rulemaking would waive REAL ID Act requirements so that federal agencies can still accept mobile driver's licenses when the law’s implementation starts in 2025.

The Transportation Security Administration will publish a new proposed rule on Wednesday that would temporarily waive requirements that mobile driver’s licenses be compliant with the REAL ID Act in order for federal agencies to accept them when enforcement starts in 2025. 

The rule is meant to prevent a situation where federal agencies wouldn’t be able to accept digital driver’s licenses unless they complied with REAL ID Act requirements—something that currently isn’t possible in the absence of federal regulations on the intersection of that 2005 law and the increased use of mobile identification.

The proposed rule would allow agencies to accept mobile driver's licenses—or mDL’s—for official purposes, like boarding airplanes or accessing federal facilities, if states get a TSA waiver certifying the states’ mDLs meet certain requirements.

The new proposed rule is part of a broader, “incremental” set of rules that will ultimately include “comprehensive requirements for mDLs,” TSA says.

The REAL ID Act was passed in 2005 to set up minimum requirements for state-issued driver’s licenses and identification cards, but enforcement has been delayed several times and is currently scheduled to start in 2025. Congress amended the law in 2020 to note that mDLs are also subject to REAL ID Act requirements.

In the proposed rule, TSA states that issuing mDL regulations before 2025 would be “premature… due to the need for emerging industry standards and government guidelines to be finalized.” 

The International Organization for Standardization and the International Electrotechnical Commission are currently jointly working on two specifications for mDL’s and digital identity, the rule says. 

The National Institute of Standards and Technology is also currently updating its guidance on digital identity and has signaled it will include updates on mDLs.

Still, demand for such digital forms of identification is growing, the proposed rule says. 

So far, at least eight states have begun issuing mDLs, according to a July report from the White House’s Office of Information and Regulatory Affairs that previewed the newly proposed rule.

TSA itself is accepting mDLs from some states at select pre-check checkpoints at over 20 airports as part of testing it started in 2022.

The hope is that the proposed rule would not only prevent individuals from arriving at airports and being told that their digital driver’s license can’t be used, for example, but also that the interim waiver requirements give states guideposts so that they don’t invest in mDLs that don’t meet forthcoming REAL ID requirements. 

Jeremy Grant—managing director of technology business strategy at Venable and coordinator of the Better Identity Coalition—told Nextgov/FCW via email that although it’s “inspiring” to see TSA doing a “thorough and thoughtful job on the applications of mDLs that are relevant to TSA use cases, namely, using a digital version of your driver’s license to go through a TSA checkpoint,” the proposed regulations are also “frustrating” because of the focus on in-person use cases for mDLs.

“Meanwhile in the online world, we have the equivalent of a raging wildfire of cybercrime and identity theft—with millions of victims and tens of billions of dollars in losses every year—that is being fueled by the lack of any way for Americans to easily prove who they are online,” he continued. “It’s the online applications of mDLs that are critical to stopping this crime—and that, if architected correctly, can not only enhance security but also do it in a way that enhances privacy and equity—but none of those use cases are addressed here.”

Ultimately, “this is not a TSA problem to solve—it's a national one,” Grant said. “The U.S. government needs a comprehensive digital identity strategy.”

Meanwhile, some privacy advocates have urged DHS to move cautiously.

The Electronic Privacy Information Center, or EPIC, wrote in a comment to a 2021 request for information on mDLs that DHS “should take a cautious approach to establishing an mDL standard to ensure that these new systems improve, rather than diminish, individual privacy and autonomy.” 

It’s important for DHS to ensure that mDL systems have the “best cryptographic and data security standards to prevent tracking of identity or verification data by third parties,” the comment notes, arguing that standards for mDL systems should “require the minimum necessary amount of information for verification”—a feature that could be an improvement over physical ID’s through the ability to provide the minimum amount of information necessary for a given interaction.

TSA is accepting comments on its new proposed rule through Oct. 14.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.