South Africa’s national digital identity system has just taken a major step forward, with Home Affairs Minister Leon Schreiber officially committing to a 31 March 2027 deadline for completing the hosting infrastructure that will power this ambitious digital transformation project. The full platform is now expected to go live during the 2027/2028 financial year, marking the moment when South African citizens will finally be able to access verifiable digital credentials through a secure mobile wallet — a moment that President Cyril Ramaphosa has made central to his government’s broader digital agenda.
The timeline, detailed in the Department of Home Affairs’ Annual Performance Plan for 2026/2027 tabled in parliament on 30 March, represents the most comprehensive public roadmap we’ve yet seen for South Africa’s digital identity system. This isn’t just another government announcement gathering dust on a shelf — it’s a detailed technical blueprint that sets concrete milestones and spells out exactly how the infrastructure will be built and where it will live.
Here’s where things get interesting: the core infrastructure won’t be housed in some standalone government facility. Instead, Home Affairs has partnered with the South African Revenue Service (SARS) to host the entire digital identity ecosystem, a decision rooted in SARS’s existing technological capabilities and infrastructure capacity. The system will include public key infrastructure, a certificate authority, the identity platform itself, and supporting security controls — all operating from within SARS’s secure hosting environment.
South Africa’s digital identity infrastructure takes shape with ambitious 2027 timeline
The procurement process is already underway, with a work order expected to launch in the first quarter of the new financial year that started on 1 April. By the end of March 2027, Home Affairs expects to have completed and signed off on the hosting infrastructure, setting the stage for actual digital credential issuance to begin in 2027/2028. This phased approach means additional credentials will be progressively added to citizens’ digital wallets throughout 2028/2029.
The decision to anchor this massive project inside SARS builds on a historic digital transformation pact signed in April 2025 between Home Affairs, SARS, the Border Management Authority, and the Government Printing Works. At the time, Minister Schreiber described the agreement as groundbreaking, highlighting how it would leverage SARS’s technological expertise to fundamentally overhaul how South Africans interact with public services across multiple government departments.
The original concept for a unified national digital identity came from then-SARS Commissioner Edward Kieswetter, who in late 2024 highlighted a critical problem: South Africa’s current patchwork of separate identity systems — one for national IDs, another for tax purposes, yet another for company registration, healthcare identifiers, and so on — had created opportunities for what he called “identity arbitrage.” This fragmented approach had made it easier for fraudsters to exploit grant schemes and commit identity-related crimes. President Ramaphosa picked up this thread in his 2025 state of the nation address, placing digital IDs front and centre in his vision for the country’s future, and Home Affairs committed to delivering the first components within just 12 months.
The technical architecture Home Affairs has outlined is sophisticated and comprehensive. The system will use facial recognition as the primary biometric authentication method, with fingerprints serving as a secondary modality. Citizens’ digital wallets will be secured through multiple layers — biometric authentication, PIN-based access, and cryptographic validation. To ensure no South African gets left behind, the system will support hybrid mechanisms including smart ID cards and QR-based credentials for contexts where internet connectivity is limited or unavailable.
The SARS hosting environment itself has been specified to deliver “high availability and disaster recovery capabilities” and must comply with all applicable government cybersecurity and data protection standards. It’s a tall order, but one that recognises the criticality of keeping this national system running smoothly around the clock.
Home Affairs has identified three critical external dependencies that must hold for the hosting infrastructure target to be achieved on time. First, procurement processes need to run smoothly and on schedule. Second, the Reserve Bank, South Africa’s major banks, and telecommunications providers must collaborate effectively on system integration. Third, there must be sufficient ICT infrastructure capacity to host the PKI solution — a requirement that seems straightforward but requires careful planning and investment. While no biometric provider has been publicly named yet, Home Affairs expects to have signed commercial agreements with such providers alongside a readiness assessment for the hosting environment by the deadline.
On the legislative front, Home Affairs is preparing a separate National Identification and Registration Bill to provide the legal framework for this new system. The NIR Bill will be submitted to cabinet during this financial year for approval to publish in the Government Gazette for public comment, with a further submission planned for 2027/2028 to introduce it into the parliamentary lawmaking process.
The digital identity programme doesn’t operate in a vacuum — it’s part of a broader modernisation of Home Affairs’ digital portfolio. The Electronic Travel Authorisation (ETA) system went live on 29 October 2025 and is already processing travel applications. Alongside this, Home Affairs is rolling out smart ID and passport services through bank branches to bring government services closer to citizens, while SARS pushes ahead with its own Modernisation 3.0 programme. These initiatives collectively represent a coordinated push to drag South African government services into the 21st century.
However, the department hasn’t shied away from acknowledging its shortcomings. The performance plan is refreshingly honest about the fact that Home Affairs’ cybersecurity maturity “remains low,” and it flags the absence of a fully implemented disaster recovery strategy as a significant vulnerability. To address these gaps, a Security Operations Centre will be established over the medium term, with new senior positions created for a chief director of information security, a director of the security operations centre, a cyber threat analyst, and an incident response specialist. Building security capability in-house shows Home Affairs is taking its responsibilities seriously — protecting citizens’ biometric and identity data will require expertise that can’t simply be outsourced.
What emerges from this performance plan is a government department that has learned some hard lessons about digital transformation. Rather than attempting to build everything in isolation, Home Affairs is tapping into SARS’s existing infrastructure and capabilities. The phased rollout approach gives the department breathing room to fix problems and iterate before moving to full national deployment. The emphasis on disaster recovery, cybersecurity maturity, and skilled personnel suggests Home Affairs understands that South Africa’s digital identity system will only succeed if it’s secure, reliable, and protected from the threats that plague digital infrastructure globally. If the department can stick to these timelines and see this through, South Africa will have a digital identity framework that could serve as a model for other African nations grappling with similar challenges.