California’s Digital Identity Framework Is Ready — Now Make It Policy

At the California Government Innovation Summit* on Aug. 27, state leaders emphasized the importance of interoperability, efficiency and cutting red tape to deliver better services. It was a timely reminder that, while technology is often the focus of government modernization, policy is what turns potential into practice.

Which is why I’ve been thinking lately about the unrealized potential of the California Department of Technology’s (CDT) Digital Identity Framework. CDT released the first version of this framework several years ago and updated it in 2023–24. It was designed to do exactly what state leaders say they want: improve security, streamline access to services and create efficiency across departments. And yet, despite the framework’s promise, the state has been slow to make it official policy. I’m not sure why.

Digital ID Framework

The Digital ID Framework sets out guiding principles: world-class security, privacy by design, equity and transparency. The concept is straightforward. Instead of each department building its own identity proofing into every IT system, the framework establishes a California Identity Gateway — a shared backbone where departments connect through pre-approved identity providers. CDT sets the rules, certifies the providers and manages the contracts. Departments would retain flexibility in how they deliver services, but identity would be handled through a common, trusted infrastructure.

The benefits of this model are obvious:

• Cost savings: Departments avoid building duplicate identity systems — saving tens of millions of dollars in development and maintenance.
• Security: CDT oversees standards and vendor performance, reducing exposure and strengthening compliance and trust.
• Customer experience: The public benefits from a single, consistent, secure way to log in to services, whether applying for benefits, renewing a license or accessing other services.
• Vendor clarity: Companies compete on a level playing field against clear, statewide requirements instead of navigating among 160-plus state departments and their different RFP requirements.
• Economies of scale: Pricing drops as usage grows. CDT can fund its various cybersecurity and oversight teams by assessing a minimal surcharge to administer these contracts.

This structure is a quadruple win — for departments, CDT, the vendor community and, most importantly, the public.

Lessons From Cloud First

This is not a radical idea. In fact, California has already shown how well this model can work. Nearly a decade ago, CDT and the Department of General Services (DGS) launched the Cloud First policy, which required departments to consider cloud services before on-premise systems. That policy was later refined into a broader Cloud Smart strategy, but the core approach was simple: set standards, certify a handful of qualified providers and negotiate statewide contracts. Departments gained faster access to modern solutions. Vendors knew what it took to qualify. And the state benefited from economies of scale and improved security.

Cloud First wasn’t perfect, but it provided clarity, consistency and momentum. It worked because CDT and DGS took input from agencies and vendors, phased the rollout and applied lessons as they went. It made adoption easier, not harder, and helped accelerate California’s shift to more modern, resilient systems.

Leverage Cloud-First Playbook for Digital Identity

The Digital ID Framework deserves the same treatment. CDT should take the step of making it official statewide policy, with requirements for departments to use the identity gateway and for vendors to qualify under a clear set of criteria. To this end, CDT should:

1. Formalize the framework as enforceable statewide policy.
2. Certify digital ID providers on a first come, first serve basis using clear, shared requirements informed by departmental and vendor input.
3. Create statewide contract vehicles and price them on usage — lowering cost as adoption grows.
4. Require new RFPs and IT platforms to use the identity gateway rather than building bespoke identity systems.
5. Support oversight through a nominal surcharge on the digital ID provider contracts to fund CDT’s cybersecurity and identity services.

Looking Ahead

I understand a new state policy may be forthcoming, and that’s encouraging. My hope is that CDT applies the same lessons it learned from Cloud First: stakeholder input, clear standards, phased rollout and active oversight. If so, California will have an innovative model that lowers costs, strengthens security and, most importantly, improves services for the public.

We don’t need to reinvent the wheel. We just need to put the one we already built on the road. So let’s make digital identity the next statewide success story.

*Note: The California Government Innovation Summit is hosted by Government Technology, the sister publication of Industry Insider — California. Both are part of e.Republic.