The Digital ID Card Act gets commencement Order–What about the Data Protection Act?

A Ministerial order under the hand of the Prime Minister has finally set a date for the commencement of the Digital Identity Card Act (DICA). This order was gazetted on Friday 26 March 2026, answers a question that has long publicly been asked. DICA will come into legal operation on Tuesday 31 March 2026.

The Prime Minister also has responsibility for the commencement of the Data Protection Act (DPA) and there is yet to be a commencement order for DPA. What seems to be little known is the fact that DICA and DPA are intrinsically linked. And that a failure to commence DPA affects DICA’s legality.

Two fracture points can be found in DICA because of the non commencement of the DPA. First the fact that the Commissioner who has the responsibility over DICA is a creation of the DPA. If the DPA is not yet commenced what power does a statutory appointee have to operate, if the law creating that position is not yet in force?

The second is that DICA requires implementation of safeguards in accordance with the DPA, with that legislation not in force safeguards can effectively be forgotten as unenforceable.

On a business front, an enforceable data protection law is an important aspect of determining if there is digital rule of law or if business operators can just do what they like with data collected.

So it must be asked when will the Data Protection Act be commenced?