A State-Endorsed Digital Identity (SEDI) is a rights-first framework for digital identity established in Utah law under Utah Code § 63A-16-1202. Rather than creating a single state-owned digital ID or mandating a specific technology, SEDI defines the legal, technical, and governance requirements that any digital credential must meet to earn state endorsement.
At its core, SEDI is founded on a fundamental constitutional principle: identity belongs to the individual, not the government. The role of the state is not to create or control identity, but to verify, endorse, and protect it as a matter of public trust and confidence. In practice, this means the state can attest to facts, such as licensure, age, or residency, while the individual retains control over how those facts are stored, presented, and shared.
SEDI treats digital identity as critical public infrastructure, comparable to roads or communications networks. Because identity underpins democracy, markets, and civil liberties, SEDI embeds privacy, autonomy, and due process directly into law—before systems are deployed at scale.
Unlike many digital ID initiatives, SEDI does not initially prioritize convenience or efficiency. It establishes a clear hierarchy of values, with individual rights and privacy taking precedence. Operational goals such as interoperability, usability, and fraud reduction must support those values, not override them.
Core principles
SEDI-endorsed credentials must uphold a set of statutory principles that distinguish them from ordinary digital credentials or centralized identity systems.
Privacy by Design: SEDI requires that privacy protections be enforced through technology, not just policy. Credentials must support selective disclosure, allowing holders to prove only what is necessary for a given interaction. A resident can prove they are “over 21” without revealing their full birthdate or address. Verification occurs using cryptographic proofs, minimizing data exposure by default.
Unlinkability: SEDI systems must prevent credential use from being correlated across verifiers or transactions. When a credential is presented at one location, that interaction cannot be linked to its use elsewhere. This ensures that digital identity does not become a tool for behavioral profiling or movement tracking.
Minimal Disclosure: Verifiers may request only information that is legally required and proportionate to the transaction. Wallets must make these requests transparent to the holder and warn users when requests exceed a reasonable scope. Oversharing is treated as a system failure, not a user responsibility.
Individual Control: SEDI empowers individuals, not the state, to control their digital identifiers and credentials. Credentials are stored in user-controlled digital wallets, not centralized government databases. Holders decide when, how, and whether to share information, and they retain agency throughout the credential lifecycle.
What SEDI explicitly prohibits
Equally important to what SEDI enables is what it forbids.
No Issuer “Phone-Home” Tracking: When a SEDI credential is presented, the issuer does not learn where, when, or to whom it was shown. The DMV does not receive logs of a resident’s movements or transactions. Verification occurs locally through cryptographic validation, preserving the same freedom of movement that people expect from physical IDs.
No Forced Device Handover: Holders can never be required to surrender their phone to a verifier. Credential presentation utilizes mechanisms such as QR codes, NFC, or remote sessions, which keep the device in the holder’s possession at all times. Identity checks are not searches.
No Remote Kill-Switch Without Due Process: The state cannot silently or arbitrarily disable a digital credential. Revocation must follow established legal procedures with appropriate safeguards, mirroring the protections that exist for physical credentials.
A Guaranteed Right to Physical Credentials: Digital identity under SEDI is always voluntary. Physical IDs, whether paper or plastic, remain valid and must continue to be accepted. No resident can be required to use a verifiable digital credential to participate in civic or economic life.
Why SEDI matters
Utah’s SEDI framework represents a first-in-the-nation legal model for privacy-preserving, user-controlled digital identity. It responds directly to the growing public concern that poorly designed digital identity systems can enable surveillance, profiling, and centralized control.
By embedding civil liberties into statute, SEDI ensures that innovation in digital identity strengthens trust rather than eroding it. It shows that governments can modernize identity infrastructure without asking residents to trade privacy for convenience.
SEDI also provides a reference framework beyond driver’s licenses. Professional licenses, permits, and other state-issued credentials can adopt relevant SEDI controls without implementing the whole framework, creating consistency across the ecosystem while allowing appropriate flexibility.
Most importantly, SEDI demonstrates that digital identity can reflect democratic values. It offers a model where technology and law work together to protect autonomy, preserve choice, and project a vision of digital identity built for people, not platforms or surveillance.
Want to keep learning?
Subscribe to our blog.
