5/7/20255/6/2026State digital identity policy.It is the policy of Utah that:each individual has a unique identity;the state does not establish an individual's identity;the state may, in certain circumstances, recognize and endorse an individual's identity;the state is obligated to respect an individual's privacy interest associated with the individual's identity;the state is the only governmental entity that may endorse an individual's digital identity for the purpose of establishing a state-endorsed digital identity;the state may only endorse an individual's digital identity if the state-endorsed digital identity program is expressly authorized by the Legislature;an individual whose digital identity has been endorsed by the state is entitled to:choose:how the individual discloses the individual's state-endorsed digital identity;to whom the individual discloses the individual's state-endorsed digital identity;which elements of the individual's state-endorsed digital identity to disclose;where the individual's state-endorsed digital identity is stored; andwhether to use a state-endorsed digital identity or physical identity to prove the individual's identity;allow a governmental entity or a person to use information related to the individual's use of the individual's state-endorsed digital identity for a purpose other than the primary purpose for which the governmental entity or person collected the information; andhave a guardian obtain or use a state-endorsed digital identity on the individual's behalf;a governmental entity or person that accepts a state-endorsed digital identity shall:collect, use, and retain an individual's state-endorsed digital identity in a secure manner; andcomply with the requirements of this part through technological means;a governmental entity may not:convey a material benefit upon an individual for using a state-endorsed digital identity instead of a physical identity; orwithhold services or benefits from an individual if the individual uses a physical identity or is otherwise unable to use a state-endorsed digital identity; anda governmental entity or a person may not require an individual to surrender the individual's mobile communication device to verify the individual's identity.The state may not endorse an individual's digital identity unless:the state has verified an individual's identity before endorsement;the state-endorsed digital identity:incorporates state-of-the-art safeguards for protecting the individual's identity;includes methods to establish authenticity;is easy for an individual to adopt and use; andis compatible with a wide variety of technological systems without sacrificing privacy or security;the state provides clear information to an individual regarding how the individual may:maintain and control the individual's state-endorsed digital identity;use the individual's state-endorsed digital identity;limit access to:the individual's state-endorsed digital identity; andany elements of the individual's identity disclosed by the state-endorsed digital identity; andobtain a new state-endorsed digital identity if the individual's state-endorsed digital identity is compromised;the state ensures that when an individual uses a state-endorsed digital identity:any record of the individual's use:is only used for the primary purpose for which the individual disclosed the state-endorsed digital identity; andis not disclosed, shared, or compared by the governmental entity or person receiving the state-endorsed digital identity; andthe use is free from surveillance, visibility, tracking, or monitoring by any other governmental entity or person; andthe state-endorsed digital identity enables an individual to:selectively disclose elements of the individual's identity; andverify that the individual's age satisfies an age requirement without revealing the individual's age or date of birth.The state may only revoke or withdraw the state's endorsement of an individual's state-endorsed digital identity if:the state-endorsed digital identity has been compromised;the state's endorsement was:issued in error; orbased on fraudulent information; orthe individual requests that the state revoke or withdraw the endorsement of the individual's state-endorsed digital identity.