Andrew ReynoldsAustralia Post announced on 7 April 2026 that it will permanently shut down its Digital iD app on 30 April 2026. All stored user data — including identity photos, biometric records, and credentials uploaded since the service launched in 2017 — will be deleted on that date. The shutdown affects hundreds of thousands of Australians who used the app to verify their identity for online services.
The reason is direct: government-issued digital credentials, primarily myID (formerly myGovID) and state-based mobile driver's licences in NSW, Victoria and Queensland, have captured the market. Australia Post's own statement put it plainly: "With many identity service options now available for consumers, including digital driver licenses and myID for online government services, Australia Post has decided to close its Digital iD product."
What happens to your data on 30 April
Australia Post has confirmed that all personal data stored in the Digital iD system will be deleted when the service closes. This includes:
- Identity document scans — passport photos, driver's licence copies
- Biometric verification data — facial recognition records used for liveness checks
- Account information — email addresses, phone numbers, verification history
The company has stated the closure is compliant with the Australian Privacy Act 1988. Users will receive notifications before the shutdown date, but no explicit export function has been announced for users wanting to retrieve their own records.
Digital identity consultant Stephen Wilson told Biometric Update that the situation represents a "market failure" — noting that private digital identity providers have faced similar outcomes in comparable international markets.
Why this matters for your IT security
The app's closure raises a question that goes beyond inconvenience: what actually happens to biometric data held by a third-party service when it winds down?
Australia's Privacy Act requires that organisations take reasonable steps to destroy or de-identify personal information when it is no longer needed for the purpose for which it was collected. Australia Post's deletion of records on 30 April technically satisfies this requirement. But it also means that users who uploaded sensitive identity documents — including passport scans — to a now-defunct private service are relying entirely on that organisation's internal processes.
For IT professionals and businesses that built workflows around Digital iD verification — for tenant checks, age verification, or contractor onboarding — the practical impact is significant. Any process that depended on Digital iD must now be migrated to an alternative before 30 April.
What to use instead
The government-backed alternatives offer stronger long-term stability given their regulatory underpinning:
myID (formerly myGovID): The Australian Taxation Office-backed credential, usable for most federal government services and increasingly accepted by private sector partners. Available via the myID app.
State mobile driver's licences: NSW, Victoria and Queensland all have active mDL programs. These are acceptable for a growing range of identity verification scenarios and are governed by state legislation.
Accredited private providers: The Digital Identity Act 2023 established a new framework for accredited identity service providers. Any business building identity verification workflows should check the current list of accredited providers through the Digital Identity Regulator.
What businesses should do before 30 April
If your business relies on Australia Post Digital iD as part of your verification or onboarding process, the deadline is firm: 30 April 2026. Here is what an IT specialist would recommend:
1. Audit your current processes Identify every workflow where Digital iD is used — internally or externally. Customer onboarding, contractor verification, and age verification processes are the most common integration points.
2. Migrate to an alternative system Select an accredited alternative before the deadline. Factor in integration lead times — migrating identity verification APIs typically requires testing and may require user communication.
3. Review your data retention policies If you stored verification outcomes or screenshots based on Digital iD checks, review whether those records need updating in light of the service's closure. Your obligations under the Privacy Act continue regardless of what Australia Post does.
4. Communicate with affected users If your customers used Digital iD as their verification method with you, inform them of the change and provide a clear path to re-verify using an alternative method.
The broader lesson: digital dependency risk
The Digital iD closure is a reminder that private digital infrastructure can be discontinued. Services that seemed stable — accredited under Australia's Trusted Digital Identity Framework — are not immune to market forces. Any business with critical dependencies on third-party digital services should have contingency plans.
This is a core principle of IT resilience: single points of failure in your verification or authentication chain create business risk. An experienced IT specialist can audit your digital dependencies, identify gaps, and recommend architectures that are more robust against service discontinuations.
If you need help auditing your current digital identity setup or migrating to a new verification system, an IT expert on Expert Zoom can guide you through the technical and compliance requirements before the April 30 deadline.
