Parliament heard the first reading of the Digital Identity Bill and, in a separate vote, passed the Cyber Security Bill to the committee stage, charting a new legal course for the nation’s digital transformation and cyber defence.
The Digital Identity Bill was moved by Alifushi MP Abdul Latheef Abdul Rahman on behalf of the government. It lays out procedures for the design, establishment and operation of a national digital identity system to be used in online transactions with government agencies, legal entities and other service providers.
The bill’s core objectives are to ensure the security and reliability of identity information used to authenticate users, and to protect personal data from misuse. The new system will cover overseas citizens, applicants for residence permits, and online service providers operating in or linked to the Maldives.
To steer the implementation, the legislation provides for the creation of the Digital Identity Technical Advisory Committee within 90 days. The committee’s responsibilities include advising on the formulation of rules for the Digital Service and ensuring the system operates in line with those rules. The bill also sets out the obligations of identity‑information providers, the entities that will handle the system, and outlines circumstances under which the use of identity data—and the processing of personal information—must be prohibited.
In a separate but complementary development, the Cyber Security Bill was approved for committee review by a vote of 66 in favour. The bill creates a legal framework to secure the nation’s cyber environment. It mandates the establishment of the National Cyber Security Agency, which will oversee protection of Maldives’ cyber space and advise the National Security Council on cyber‑security policies.
Among its provisions, the bill sets national cybersecurity standards for both state and private agencies, requires certain cybersecurity service providers to obtain a special licence, and imposes fines ranging from USD 3,242 to USD 32,425 for operating without authorisation. It also aims to identify domestic and cross‑border cyber threats and to develop a robust system for preventing and responding to incidents.