Sri Lanka’s digital ID rollout progress has been highlighted as integral and of the highest priority by stakeholders. The project, implemented under the Ministry of Digital Economy, is funded by a grant of approximately Rs. 10.4 billion from the Government of India.

The Sunday Morning spoke to several industry stakeholders on the benefits of a prompt rollout, along with insight on the recent developments, especially in relation to the deal with India being challenged, as well as on transparency, data privacy, and biometric sovereignty.

According to the Government, the national digital ID system is to be implemented by April 2026 and is aimed to revolutionise access to public services while ensuring strong data privacy and citizen protection. The project will integrate the original Electronic National Identity Card (e-NIC) system.

When questioned on the progress of the digital ID rollout process, especially amidst the  petitions filed by former Minister Wimal Weerawansa and several others seeking a ruling to invalidate the Memorandum of Understanding (MOU) signed between Sri Lanka and India for the implementation of a project to issue digital identity cards for Sri Lankan citizens, Ministry of Digital Economy Acting Secretary Waruna Sri Dhanapala told The Sunday Morning that the process had continued with no halts.

Moreover, according to statements made by the Government, it has been decided to implement an integrated e-NIC/Modular Open-Source Identity Platform (MOSIP) solution in order to reduce long-term costs to taxpayers and enhance system capabilities. 

Furthermore, the investments already made under the e-NIC project will not to go to waste, and many e-NIC software modules, as well as all biometric devices and infrastructure deployed across provincial councils, district secretariats, and divisional secretariats, will be reused in the rollout of the new digital ID system.

Digital ID as a priority

Speaking to The Sunday Morning, industry expert and former Chairman of the Federation of Information Technology Industry Sri Lanka (FITIS) Indika De Zoysa said that from a technology perspective, the authorities were preparing for the implementation with a clear plan and the concerns raised had not delayed the process.

De Zoysa highlighted that implementation of the digital ID was a top priority for the industry, especially with the emergence of digital services and the need for Know-Your-Customer (KYC) processes, for which the digital ID would serve as the baseline. From the industry’s perspective, he noted that there weren’t necessarily similar apprehensions, given that this was a technology procurement for implementation.

Computer Society of Sri Lanka (CSSL) President and University of Colombo School of Computing (UCSC) Senior Lecturer Dr. Ajantha Atukorala stated that the digital ID was an essential element that had been lacking for years.

“While the modality has been questioned, the requirement remains immediate and vital. It should not be delayed further and must be implemented without further ado, since it is otherwise a disadvantage to the country. Therefore, all stakeholders must come together, discuss the issues to arrive at the best possible solution, and deploy it without delay, while ensuring the independence and security of data,” he said. 

Debunking myths and misconceptions

Meanwhile, speaking to The Sunday Morning, digital transformation expert Asela Waidyalankara stated that from the IT industry’s perspective, the ministry had been transparent, holding several meetings and providing a detailed breakdown of the plan, including the bottlenecks. However, he highlighted the need to conduct similar awareness sessions for civil society as a whole, especially given the public’s apprehensions regarding data security.

“From a technology standpoint, it doesn’t really matter who the infrastructure provider is; what matters is the security attached to the infrastructure. We are already using many foreign systems and infrastructure. Moreover, there is also misinterpretation among the general public regarding the company that is providing the service. 

“‘Aadhaar’ is a system used by India and its foundational IT. They have developed an open-source version of ‘Aadhaar’ called MOSIP and this version has actually been implemented across the globe.”

Commenting on implementation, Waidyalankara also highlighted that since the grant was provided by India, it was natural for the implementation of the grant to be carried out by the same country. He also stated that India had undertaken similar implementations in several other countries.

Moreover, regarding concerns about using locally built systems, he noted that a complex system of this nature, with over one million lines of code (a metric for measuring software complexity), would require a long time to be built internally. Hence, he suggested that there was no point in reinventing the wheel, given the requirements and limitations related to specialised resources, talent, maintenance, and cost.

“The general public is also under the impression that when a thumbprint or other biometric feature is provided, an image of that feature is kept, but that does not happen. The biometric features taken are always converted into a mathematical figure. Decryption is highly improbable unless the same decryption algorithm is created or the existing one is hacked,” he explained. 

Accordingly, biometric authentication systems never store actual fingerprint images. Waidyalankara elaborated on the process, which includes feature extraction, where the system scans the fingerprint and maps key data points once enrolled. 

This is followed by template generation, where the data is converted into a mathematical model (a biometric template) that represents the fingerprint but cannot be reversed into an actual image. There is secure storage, as the encrypted template is stored in a database or a secure element on the device, not the fingerprint itself. 

Then there is verification; when authenticating, the system scans the fingerprint again, converts it into a fresh template, and checks if it matches the stored one. Access is granted if there is a match.

Waidyalankara believes there should be a mass-scale awareness campaign to dispel myths and misconceptions and to explain the benefits of implementing the system. He highlighted how the Sri Lanka Unique Digital Identity (SLUDI) would optimise processes and improve convenience in tasks that otherwise required repetitive steps, such as submitting the same documents in multiple places.

Effective stakeholder consultation required

Speaking to The Sunday Morning, Digital Trust Alliance President Lakmal Embuldeniya stated that the digital ID required fast progress and was a necessity that needed to be implemented immediately. 

Additionally, he stressed that proper stakeholder engagement and consultation regarding the SLUDI were necessary, particularly to address how the SLUDI would be integrated with other systems, especially financial institutions/banks. Thus, connecting the SLUDI with other entities, such as the taxation system, also requires traction.

One of the main goals of the SLUDI is to eliminate repetitive KYC processes in banks, which often require filling out similar documents across various institutions. The implementation of the SLUDI aims to remove these duplicated processes. 

However, Embuldeniya noted that some entities were already building systems for this purpose with banks. In such cases, he said it would be necessary to assess how the SLUDI would be used, which again required proper stakeholder consultation.

Addressing concerns raised by several parties about the Indian grant, Embuldeniya explained that three main areas were key to this discussion. 

Firstly, he identified the scope of the engagement, noting that the available information suggested only a focus on the initial implementation of the system and hardware. 

Secondly, he highlighted the timeline and the programme for onboarding citizens. For example, he questioned who would bear the cost if reregistration were required. 

Lastly, he raised concerns about the maintenance of the solution provided by the Indian Government, including who would be responsible for the software’s maintenance, the projected maintenance costs for the next three to five years, and the timeline for the system’s handover from the Indian Government.

Hence, according to Embuldeniya, these conversations need to take place in a timely manner as they will all impact the procurement process.

Technical readiness and benefits

Commenting on the financial aspect, CSSL member and banker Dr. Amal Illesinghe pointed out that the Central Bank of Sri Lanka had expressed strong interest in integrating the digital ID into KYC processes for banks, fintechs, and mobile money providers.

Explaining the benefits of this, he stated that once implemented, the digital ID could streamline account opening, reduce fraud, and expand financial inclusion, particularly for rural populations. He also noted that it would be helpful to implement a shared KYC process.

Furthermore, legal consultant and technology, media, and telecommunications law research fellow Ashwini Natesan noted that the Ministry of Digital Economy had released a document on the SLUDI last month.

She explained that this mentioned details of the project and certain specifications and was an important move towards transparency. 

Natesan added that there had also been an awareness programme conducted early this year, noting that these efforts were important to help create trust in the minds of the general public. She also encouraged more such initiatives.

“I have noted that some industry officials have appreciated the focus on privacy and security. On the other hand, some have asked for technical details like the nature of the encryption that will be used,” she said. 

She explained that the e-NIC was a physical card with embedded technology, while the SLUDI was a complete ecosystem that would be crucial for digital transformation if implemented efficiently.

“The authorities have stated that the e-NIC investments will be used/repurposed for the SLUDI project. It has been termed as an integrated ‘e-NIC/MOSIP’ solution. I am of the view that a unique digital ID can be of much value, provided the technical and legal safeguards are in place. Regarding public trust, details of the project and rollout must be clearly communicated. This is important to establish public trust,” she stressed.