63A-20-301. State-endorsed digital identity requirements.
561 words·~3 min read·
/ut/title-63a/chapter-20/63a-20-301A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Effective 5/6/2026
63A-20-301. State-endorsed digital identity requirements.
(1)A state-endorsed digital identity shall:
(a)incorporate state-of-the-art safeguards for protecting an individual's identity, including compromise detection, recovery mechanisms, and cross-context correlation protections;
(b)include methods to establish authenticity and integrity;
(c)be compatible with a wide variety of technological systems while maintaining strong privacy and security;
(d)support online and offline presentation;
(e)enable a holder to:
(i)selectively disclose an individual's identity attributes; or
(ii)demonstrate that the individual meets a specified minimum age without disclosing the individual's age or birth date;
(f)allow a holder to choose a digital wallet that conforms with the requirements established by the department; and
(g)be easy for a holder to adopt and use.
(2)The department shall:
(a)validate verification of an individual's identity provided by an identity proofing entity;
(b)comply with the requirements of this chapter through technological means where possible;
(c)ensure any technical infrastructure used to control the issuance or revocation of a state-endorsed digital identity is maintained within a state-controlled data center located within the state;
(d)ensure that a state-controlled data center located within the state shall use best practices in collection, processing, storage, and disclosure of all individual identity and identity attributes;
(e)select open technological standards for the creation, issuance, use, and acceptance of a state-endorsed digital identity that are:
(i)publicly available; and
(ii)free from:
(A)licensing fees; and
(B)patent restrictions;
(f)verify and endorse a specific set of identity attributes including an individual's:
(i)name;
(ii)birth date;
(iii)image; and
(iv)Utah residence address; and
(g)create a process for:
(i)a holder to:
(A)obtain, maintain, and control an individual's state-endorsed digital identity;
(B)use an individual's state-endorsed digital identity;
(C)limit access to an individual's state-endorsed digital identity and identity attributes;
(D)obtain a new state-endorsed digital identity if the individual's state-endorsed digital identity is compromised; and
(E)migrate a state-endorsed digital identity to another digital wallet compliant with this chapter;
(ii)a holder to request that an individual's identity attributes be amended or corrected; and
(iii)appointment of a digital guardian to obtain or use a state-endorsed digital identity on an individual's behalf.
(3)A state-endorsed digital identity may not include a mechanism that allows the department to monitor, surveil, or track the presentation of a state-endorsed digital identity to another entity.
(4)Information provided by an individual to the state to obtain a state-endorsed digital identity may only be:
(a)used for the purpose of issuing and managing a state-endorsed digital identity;
(b)used as authorized by the individual;
(c)retained as long as necessary to issue and manage a state-endorsed digital identity;
(d)maintained within a state-controlled data center located within the state; or
(e)disclosed to:
(i)the subject of the record or the subject's digital guardian; or
(ii)a person with a warrant or court order.
(5)The department may only revoke an individual's state-endorsed digital identity if:
(a)the state-endorsed digital identity has been compromised;
(b)the department's endorsement was:
(i)issued in error; or
(ii)based on fraudulent information; or
(c)the holder requests that the department revoke the individual's state-endorsed digital identity.
(6)The department shall report a data breach regarding individual identity or identity attributes in accordance with Section 63A-19-405 .
Enacted by Chapter 436 , 2026 General Session