SB 620 — “Relying Parties on Mobile Licenses Act” (Introduced Feb 20, 2025) — Summary
Status: Referred to Committee on Transportation and Infrastructure (introduced Feb 20, 2025)
Purpose
- Establish a regulatory framework governing how “relying parties” may request, receive, authenticate, use, and retain data from mobile driver licenses and mobile state identification cards. The bill seeks to protect holders’ privacy and limit access to only the data necessary to complete a transaction.
Key provisions
- Definitions: Clarifies covered credentials and actors, including “holder” (person presenting a mobile credential), “mobile operator’s or chauffeur’s license,” “mobile official state personal identification card,” “mobile enhanced driver license,” and “relying party” (an entity presented with and choosing to rely on a mobile credential).
- Relying party obligations during a transaction:
- Request only the specific data elements that exist on the mobile credential and that are necessary to complete the transaction.
- Inform the holder how requested data elements will be used and retained if the relying party seeks to retain them.
- Obtain the holder’s consent before releasing or retaining any requested data elements.
- Cryptographically authenticate the mobile credential before accepting it.
- Comply with applicable privacy laws and regulations; data in mobile credentials is subject to those laws.
- Prohibitions on relying parties (unless other state law allows):
- May not require the holder to relinquish possession of the mobile device that stores the credential.
- May not request consent to search the mobile device.
- May not make presentation of a mobile credential mandatory to complete a transaction.
- Clarification: Presenting a mobile credential for identity verification does not imply consent to search or access other applications or data on the device.
- Administrative terms: “Secretary of state” references the state official responsible for related duties; the bill requires cryptographic verification capability by relying parties.
Conditional enactment
- The bill contains an enactment clause making its effectiveness contingent on enactment of several related bills (listed as three other Senate or House bills). It will not take effect unless those companion measures are also enacted.
Who would be affected
- Holders of mobile driver licenses and mobile state ID cards (individuals).
- Relying parties that accept mobile credentials (private businesses, government offices, service providers, etc.) — they would need to implement procedures for limited data requests, consent management, cryptographic authentication, and retention disclosures.
- State agencies (Secretary of State / department of state) that administer mobile credentials and may provide technical specifications or guidance.
Procedural / timeline notes
- Introduced Feb 20, 2025; referred to Transportation and Infrastructure. Further committee action will determine whether it advances.
- Because of its conditional-enactment language, passage of specified companion bills is required before this bill would take effect.
Potential impacts / considerations
- Privacy protections: strengthens holder control over what data is shared and prevents device searches.
- Implementation requirements: relying parties will need technical capacity for cryptographic authentication and consent/retention workflows; small businesses may face costs or need guidance.
- Enforcement and penalties: the excerpt does not specify enforcement mechanisms or penalties for noncompliance — further bill text or implementing rules may address enforcement.
- Interagency coordination: may require coordination between the department/Secretary of State and regulated entities to establish standards and interoperability.
If you want, I can:
- Extract the exact statutory text excerpts and compile a side‑by‑side comparison with current law, or
- Draft a short one‑page briefing for stakeholders (businesses, local governments, consumer advocates) on compliance steps.