Legal Identity

Across all eleven countries in Southeast Asia, legal identity systems are primarily built around civil registration systems, national identity cards, and population registration databases, which serve as proof of identity, legal residence, and access to public and private services such as healthcare, education, banking, employment, social protection programs, and voting. National identity cards are the primary legal identity document in all eleven countries in the sub-region and are mandatory for citizens. In seven countries (Thailand, Malaysia, Indonesia, Singapore, Brunei, Timor-Leste, the Philippines) identity cards are also issued to permanent residents or foreign nationals with legal residence status.^[1]

The Southeast Asia sub-region is predominantly characterized by civil registration–based identity systems, where birth registration forms the foundation for obtaining national identity documents and population registration numbers. Across Indonesia, Thailand, Viet Nam, Laos, Cambodia, and the Philippines, birth registration leads to the assignment of a personal identification number or entry into a population database. This is then used to obtain national ID cards later in life. Myanmar also assigns a National Registration Record Card from age 10 and Citizenship Scrutiny Card from age 18. Both identity documents require a birth certificate as a prerequisite document, although the system is ethnicity-based rather than universal.^[2]

Across the sub-region, birth registration generally establishes legal identity, particularly in Indonesia, Malaysia, Singapore, Thailand, Timor-Leste, Viet Nam, Laos, Cambodia, and the Philippines. It leads to the assignment of a personal identification number or entry into a population database used later to obtain national identity documents. However, birth registration does not automatically confer citizenship, which is typically determined under nationality laws and proven through additional documents such as citizenship certificates, nationality documents, or specific categories of national identity cards. This distinction between proof of identity and proof of citizenship is particularly evident in countries such as Indonesia, Malaysia, the Philippines, Singapore, and Viet Nam, where national ID systems include residents or permanent residents who are not citizens. In countries such as Cambodia, Thailand, Timor-Leste, and Malaysia (for MyKad holders), national identity cards serve as proof of citizenship in addition to proof of identity.

Across the sub-region, countries have different approaches to providing legal identity documents to non-citizens and stateless persons. Singapore, Thailand, Malaysia, and Brunei, issue dedicated identity cards to at least some non-citizens and stateless persons. However, access for stateless persons varies significantly. Thailand’s pink ID card is explicitly available to stateless persons registered in the civil registration system, though many unregistered stateless persons remain excluded. Malaysia issues the MyKAS card to persons born to unknown or stateless parents. However, despite its existence, MyKAS holders continue to face widespread discrimination and significant barriers to accessing services. The card has also been criticized for entrenching rather than resolving statelessness. Singapore’s FIN is available to foreign nationals on long-term immigration passes and, in limited circumstances, to stateless persons holding equivalent passes. Yet, stateless persons without an immigration status cannot access it. Brunei’s purple card covers some stateless permanent residents but does not extend to stateless persons who have not obtained permanent residency. Viet Nam also issues an Identity Certificate to persons of Vietnamese origin with undetermined nationality, though like the documents above, this does not confer citizenship and its practical utility remains limited. On the other hand, Indonesia and Timor-Leste provide residence permits or special certificates that confirm a person’s right to remain in the country. However, these are neither equivalent to identity cards nor are they integrated into population registration systems. Stateless persons without any recognised legal status face barriers to obtaining even these more limited documents and are therefore frequently excluded from legal identity systems and public services altogether.

Overall, Southeast Asia’s legal identity systems are characterized by civil registration based identity frameworks and mandatory national ID systems. They also maintain a legal distinction between identity and citizenship. As a result, individuals may possess some identity documentation but still remain stateless. In such cases, they are unable to access full citizenship rights.

Table 1 – Primary Legal Identity Document and Application Requirements Across Southeast Asia

Country	Primary Legal Identity Document	Documents Needed	Does Legal Identity Serve as Proof of Citizenship?
Brunei	Smart Identity Card (yellow for citizens; purple for permanent residents including some stateless persons; green for certain foreign nationals)	Birth certificate (required for both yellow and purple cards); for naturalized citizens, citizenship certificate; valid immigration/work passes for non-citizens	Only the yellow card certifies citizenship; purple and green cards evidence legal identity but not citizenship
Cambodia	National Identity Card (NID), issued to Cambodian nationals aged 15 and above; valid for 10 years	Birth certificate; civil registration records; NID is the official document confirming Cambodian nationality	The NID is the official document confirming Cambodian nationality under the 2023 Law on CRVSID; birth registration alone does not prove citizenship
Indonesia	e-KTP (electronic National Identity Card), compulsory for all residents aged 17+; birth certificate (Akta Kelahiran); family card (Kartu Keluarga)	Birth certificate; family card; biometrics; for foreign nationals, proof of permanent stay permit (KITAP)	Neither e-KTP nor birth registration automatically constitutes citizenship; citizenship is governed by nationality law
Laos	National ID Card (chip-enabled E-ID from 2015), tied to a Unique Identification Number (UIN) generated at birth registration	Birth registration generating UIN; civil registration documents; biometrics for E-ID	There is insufficient information to conclude whether the National ID Card constitutes proof of citizenship; sources suggest civil registration services can only be accessed by citizens in possession of the National ID card. It is unclear whether non-citizens can access the National ID card at all
Malaysia	NRIC: MyKad (citizens 12+); MyKid (children under 12); MyPR (permanent residents); MyKAS (temporary residents including persons born to unknown/stateless parents)	Birth certificate; parental documentation; immigration/residence documents; proof of citizenship for MyKad	MyKad is proof of legal identity and citizenship; MyPR and MyKAS document non-citizen statuses; birth certificate does not prove citizenship in itself
Myanmar	Citizens Scrutiny Card (CSC): pink (full citizens), blue (associate citizens), green (naturalized citizens); NVC for persons undergoing citizenship verification; TRC revoked February 2015, replaced by TAC; NVC (turquoise card) issued since 2016 for citizenship verification	Birth certificate; household list; parental documents; proof of ethnicity and ancestry; national language proficiency (for naturalized citizens)	The CSC evidences specific categories of citizenship; NVCs do not constitute proof of citizenship or formal identity; not all legal identity documents prove citizenship
Philippines	PSA Birth Certificate (foundational); PhilID/PhilSys Number (PSN) under the Philippine Identification System (PhilSys); ePhilID (printed digital version)	Birth certificate (or late registration documentation with affidavits); for PhilSys, birth certificate plus acceptable ID; for resident aliens, foreign passport and ACR/i-Card; late registration birth certificate has same legal effect as timely registration	PhilID/PSN is sufficient proof of identity but, by law, is not definitive proof of citizenship; citizenship is governed separately under Article IV of the 1987 Constitution
Singapore	NRIC for citizens and permanent residents (mandatory at age 15); FIN for foreign nationals on long-term passes	Birth certificate; proof of citizenship or permanent residence for NRIC; passport and long-term pass for FIN; Citizenship Certificate issued by ICA for proof of nationality	NRIC is proof of legal identity and citizenship or permanent residency, but not conclusive proof of citizenship, as permanent residents (who are non-citizens) can also obtain it; citizenship is established by a Singapore Citizenship Certificate
Thailand	Thai National ID Card (white with blue background) for citizens aged seven and above (for those under seven, identity is established via birth certificate, household registration book, or Thai passport); pink ID card for non-citizens including stateless persons	Birth certificate; household registration book (Blue Book, Thor Ror 14); civil registration records; certified civil records for pink card applicants	Thai National ID Card is proof of Thai citizenship; pink ID cards identify non-citizen or stateless legal status and do not confer citizenship
Timor-Leste	National identity card (Bilhete de Identidade), issued by the National Directorate of Registries and Notarial Services under the Ministry of Justice	Birth registration record (entered into civil registry); civil registration records supporting nationality; for foreign nationals, residence permit documentation	The national identity card serves as official proof of citizenship in addition to proving legal identity under Decree-Law No. 2/2004 on Civil Identification
Viet Nam	Citizen Identity Card (Căn cước công dân) for citizens aged 14 and above (ID cards can also be issued for children under 14 on request, as of 1 July 2024); Identity Certificate (Chứng Nhận Căn Cước) for persons of Vietnamese origin with undetermined nationality	Birth registration; entry in National Population Database; Personal Identification Number; supporting documents on nationality/origin	Citizen Identity Card evidences Vietnamese citizenship; Identity Certificate does not confer citizenship but enables access to education, healthcare, and basic services; birth certificate alone is not sufficient proof of citizenship

Digital ID Overview

Of the eleven countries in Southeast Asia, eight (Indonesia, the Philippines, Viet Nam, Singapore, Malaysia, Thailand, Myanmar, and Brunei) have operational or near-operational digital identity systems. Three countries (Cambodia, Laos, and Timor-Leste) are still in the process of developing or implementing them, as part of broader digital government and digital public infrastructure initiatives. These digital ID systems are generally linked to existing civil registration and national identity systems rather than being replacements for them. Across the sub-region, digital IDs typically function either as foundational digital identity systems linked to population registries or as functional digital identity authentication platforms used to access government and private sector services.

Countries such as Indonesia, the Philippines, and Viet Nam have operational foundational digital identity systems, while Cambodia, Timor-Leste, Myanmar, and Brunei are developing or implementing systems with foundational characteristics linked to national population databases and unique identifiers. These systems are designed to uniquely identify individuals and serve as a base layer for accessing multiple public services.

In contrast, countries such as Singapore, Malaysia, Thailand, and Laos primarily operate functional digital identity systems, which act as authentication platforms that allow individuals to access digital government services and online transactions but are dependent on existing legal identity documents such as national ID cards or resident identification numbers. It should be noted that Laos’s digital ID infrastructure is nascent and quasi-digital in character, relying primarily on the chip-enabled National ID Card and the Gov-X mobile application.^[3]

Across the sub-region, digital IDs are increasingly integrated into digital public infrastructure. They are used to access services such as healthcare systems, social protection programs, tax services, banking and financial services, SIM card registration, education services, government portals, and business registration systems. In five countries (Brunei, Indonesia, Myanmar, the Philippines, and Viet Nam) digital IDs are increasingly treated as de facto mandatory, as key government and financial services are progressively tied to digital identity authentication even without a formal legal mandate.^[4]

Across Southeast Asia, digital ID systems are accessible to citizens. In five countries (Indonesia, Singapore, Viet Nam, Brunei, and Malaysia) they are also available to foreign residents with legal residency status. However, access to digital ID is consistently dependent on possession of foundational legal identity documents such as national ID cards or residence permits. As a result, stateless persons are often excluded from digital ID systems because they lack the required documentation needed to enroll in digital identity platforms. This exclusion can prevent stateless individuals from accessing services linked to digital ID platforms, including government services, healthcare, education, banking, employment, and social protection programs.

Digital ID frameworks in Southeast Asia have largely been formulated and implemented through government-led initiatives, in several cases with technical support from international organizations including UNDP (Laos Gov-X app 2023; Timor-Leste Dalan ba Digital 2025), World Bank (Indonesia population administration), and EU funding (€3 million for Timor-Leste).^[5] Public involvement in the design of digital ID systems has been limited across most countries in the sub-region. Malaysia conducted public consultations from July to August 2020 through the MCMC before launching its National Digital ID Framework.^[6] There is limited publicly available evidence of structured consultation with civil society in Cambodia, Myanmar, Thailand, or Brunei’s digital ID programmes, though some broader e-government or digital economy consultations have been held. Overall, public involvement has been limited, and there is little evidence that governments systematically consulted experts on issues like discrimination, statelessness, or social exclusion during the design and implementation of digital identity systems.

Table 2 – Digital Identity Systems in Southeast Asia

Country	Digital ID system found in the country?	Key Features
Brunei	BruneiID	National digital identity launched in January 2026; replacing the legacy e-Darussalam account; used to access selected government digital services such as PSC Recruitment, TransportBN, BruHealth, eUndi, and TD123; functions as both an identity/authentication tool and service gateway; accessible to holders of Brunei identity cards, including some permanent residents and foreign nationals
Cambodia	IPIS, CamDigiKey, verify.gov.kh	IPIS is a developing system linked to the 2023 CRVSID law and assigns a lifelong Khmer Identification Code; CamDigiKey enables digital authentication and digital signatures for government services; verify.gov.kh verifies official documents through QR-based validation; rollout remains incomplete and entitlement for stateless persons is not yet clearly specified in public documents.
Indonesia	IKD (Identitas Kependudukan Digital)	Digital version of population identity linked to the national population database and e-KTP system; supports identity authentication and service access; tied to foundational civil registration and national ID infrastructure; from January 2026 it became the only method for verifying authenticity of ID documents in practice.
Laos	Gov-X app / E-ID ecosystem	Quasi-digital system built around the chip-enabled National ID Card and a government mobile app; primarily functional rather than fully standalone foundational digital ID; linked to the Unique Identification Number generated through birth registration; the digital ecosystem remains relatively early-stage.
Malaysia	MyDigital ID	A digital identity platform used for authentication across government services; linked in practice to MyKad and therefore closely tied to citizenship status; formally voluntary but increasingly required for selected services; operates within a broader digital government and cybersecurity framework rather than a standalone digital ID law.
Myanmar	UID Smart Card	Centralized biometric smart card system with a 10-digit unique identifier; stores personal and biometric data including fingerprints and facial recognition; intended as a foundational ID but increasingly used functionally for border crossings, SIM registration, banking, pensions, and benefits; eligibility for stateless persons and NVC/TRC holders remains unclear.
Philippines	PhilSys, PhilID, ePhilID, PSN	A national digital identity system that provides each registered person with a PhilSys Number and PhilID, with ePhilID as the digital/printed version; designed for use across government and private transactions; proof of identity but not definitive proof of citizenship; available to citizens and resident aliens.
Singapore	Singpass / National Digital Identity (NDI)	Functional digital identity and authentication platform widely used for government and private sector services; linked to NRIC for citizens and permanent residents and FIN for eligible foreign nationals; acts as the main gateway for e-government access rather than as proof of citizenship itself.
Thailand	ThaID and DGA Digital ID	ThaID is a mobile digital ID for Thai citizens with facial verification and broad public/private service use; DGA Digital ID is a functional authentication layer for accessing hundreds of government services through a single account; both are currently available only to Thai citizens and exclude pink-card holders.
Timor-Leste	UID (planned/in development), supported through Dalan ba Digital	Strategic Plan 2021–2025 envisions a foundational national digital ID with a 10-digit UIN plus biographic and biometric data; intended to be inclusive, including for stateless persons, refugees, and those without existing ID documents; still in planning/early development and not yet the sole gateway for any services.
Viet Nam	VNeID	A foundational digital identity system linked to the national population database and citizen identity regime; legally recognized for use alongside the physical identity card; supports digital authentication and access to public and private services; extends some e-ID access to foreign residents through tiered accounts.

Law

Domestic Law and Policy

Across Southeast Asia, ten of the eleven countries have legal and policy frameworks governing digital identity systems, although the scope and structure of these frameworks differ across countries. Two countries (the Philippines and Viet Nam) have specific legislation regulating digital identity systems, while others rely on broader laws governing civil registration, electronic transactions, digital government, cybersecurity, or population administration to provide the legal basis for digital identity systems. Laos has no dedicated digital ID legislation, only general ICT laws as part of its legal framework.

Digital identity is generally defined in legal frameworks across the sub-region as electronic information, digital credentials, or electronic authentication systems used to identify individuals in digital environments and enable secure access to online services and digital transactions. In eight countries (Brunei, Cambodia, Indonesia, Myanmar, the Philippines, Thailand, Timor-Leste, and Viet Nam) digital identity systems are linked to civil registration and population databases, which means that digital identity systems are built on existing legal identity systems rather than functioning as independent identity systems.

Across all eleven countries in the sub-region, legal frameworks do not explicitly define digital identity as proof of citizenship. Instead, digital identity systems are usually linked to national ID systems or residency systems, meaning that digital identity often functions as a marker of legal identity or residency rather than citizenship.

Most countries also provide complaint mechanisms for digital ID–related issues through general administrative complaint systems, data protection authorities, or agency helpdesks. Notably, none of the eleven countries has a dedicated complaint mechanism specifically for digital ID systems.

Data Protection

Seven of the eleven countries in Southeast Asia have data protection or privacy laws regulating the collection, processing, storage, and sharing of personal data used in digital identity systems. Countries such as Malaysia, Singapore, Indonesia, Thailand, the Philippines, Viet Nam, and Brunei have enacted data protection or personal data protection laws that include safeguards for personal information and, in some cases, biometric data. These laws typically require consent for data collection, impose security obligations such as encryption and secure storage, and provide mechanisms for complaints and enforcement.

However, four countries (Cambodia, Laos, Myanmar, and Timor-Leste) lack comprehensive data protection frameworks specifically governing digital identity systems, raising concerns about privacy, surveillance, and misuse of personal data. In Myanmar in particular, the biometric UID Smart Card and biometric SIM card registration systems have raised concerns regarding surveillance and lack of oversight mechanisms.^[7]

Across the sub-region, common concerns relating to digital ID systems include privacy risks, government surveillance, data breaches, centralized population databases, and exclusion from public services for individuals without digital identity credentials.

Privacy concerns are pervasive across the sub-region. In Malaysia, the government has experienced major data security failures, including a December 2022 breach that compromised the personal information of nearly 13 million citizens.^[8] In the Philippines, the 2016 COMELEC data breach exposed personal information of 55 million registered voters including biometric fingerprint data, demonstrating the catastrophic consequences of inadequate government data protection.^[9] In Viet Nam, Amnesty International and Human Rights Watch document spyware attacks and expansive monitoring powers under the 2019 Cybersecurity Law, raising risks that digital ID systems could be used to suppress dissent or target marginalised groups.^[10] In Singapore, there has been sustained criticism of ubiquitous technology-fuelled surveillance, including documented surveillance experiments in low-wage migrant worker dormitories.^[11]

Surveillance concerns have also been noted in Myanmar and Thailand. In Myanmar, the UID Smart Card and biometric SIM card registration are used to track individuals’ movements and communications, operating without a legal framework and without independent oversight; since the 2021 coup, the National Unity Government has used digital technologies for mass surveillance, targeting dissent and opposition movements.^[12] In Thailand, the PDP Act’s public-interest exemption means Thai government agencies may access personal data collected through digital ID; Amnesty International documented that 15 women and LGBTQI activists were targeted with Pegasus spyware between 2020 and 2021; and biometric government systems in Thailand’s Deep South have raised concerns about surveillance and ethnic profiling.^[13] In Brunei, national security reasons are listed grounds permitting government use of user data without consent, placing migrants and stateless persons, who can be categorised as potential security risks, at elevated peril.^[14]

The most documented instance of government use of digital ID/biometric data against marginalized populations in the sub-region involves Myanmar: in June 2021, Human Rights Watch reported that UNHCR shared the personal and biometric data of Rohingya refugees with the Bangladesh government. The data was later made accessible to Myanmar authorities, without obtaining the refugees’ informed consent. Human Rights Watch warned that this data could be used by Myanmar authorities to facilitate forced or unsafe repatriation, surveillance, or discrimination against a population that remains stateless and persecuted.^[15] More broadly, UN agencies, international NGOs, and Rohingya civil society groups have documented that the NVC has functioned as a tool of population control and data extraction rather than a pathway to citizenship or security.^[16]

In Malaysia, the creation of a separate government-run Refugee Registration Document (DPP) system that collects extensive biometric data for monitoring purposes. This system operates outside the PDPA framework. Human rights organizations and UN bodies have documented broader patterns of arbitrary detention, abusive conditions, and deportations affecting undocumented persons including refugees, asylum seekers, stateless persons, and migrant workers.^[17] In Indonesia, civil society organizations highlight privacy risks, function creep, and data breaches in the ID system, and surveillance concerns arise from documented procurement of intrusive spyware and migration-related biometric data sharing.^[18]

International Commitments

Across Southeast Asia, there is no international treaty specifically regulating digital identity systems. However, most countries in the sub-region are parties to international human rights treaties that create obligations related to legal identity, birth registration, access to public services, privacy, and non-discrimination. Many countries in the sub-region are parties to treaties such as the ICCPR, ICESCR, CRC, CEDAW, CERD, and CRPD, which require governments to ensure access to legal identity, birth registration, and essential services without discrimination. The Philippines is the only country in the sub-region that has ratified both Statelessness Conventions.

At the regional level, ASEAN frameworks play an important role in shaping data governance and digital identity development. The ASEAN Framework on Personal Data Protection (2016) and the Framework on Digital Data Governance (2018) are endorsed by all states in the sub-region as ASEAN members.^[19] Both frameworks set out non-binding principles encouraging member states to adopt national data protection laws and support mutual recognition. However, they do not impose binding commitments, provide specific mandates for digital ID systems or include provisions for the protection of stateless persons. The ASEAN Digital Economy Framework Agreement (DEFA), in which 10 countries (barring Timor-Leste) are engaged, also covers digital identity alongside data protection and cybersecurity.^[20]

Beyond ASEAN, several Southeast Asian states participate in broader regional data-governance arrangements. The Philippines and Singapore participate in the APEC Cross-Border Privacy Rules (CBPR) System and in the newer Global CBPR Forum, which are certification mechanisms rather than treaties and aim to demonstrate compliance with agreed privacy and data-protection standards for cross-border data transfers, indirectly shaping how digital-ID-related data can be handled across borders.^[21] Other APEC members in the sub-region (Brunei, Indonesia, Malaysia, Thailand and Viet Nam) apply the non-binding APEC Privacy Framework as a reference for domestic and regional data-governance rules, although they are not all part of the CBPR certification system.^[22]

All countries in the sub-region have endorsed the Ministerial Declaration on a Decade of Action for Inclusive and Resilient Civil Registration and Vital Statistics in Asia and the Pacific (2025). Under this declaration, states pledged at the Third Ministerial Conference to ensure that every birth is registered by 2030. They also committed to closing registration gaps among marginalized populations and to developing measures that prevent the exclusion of digitally marginalized or vulnerable groups from statistical data, services, and entitlements.

All countries in the sub-region are party to the CRC, and CRC General Comment No. 25 (2021) on Children’s Rights in Relation to the Digital Environment is consistently cited as the most directly applicable international standard. It states that ”digital systems should be created such that they enable all children to safely access essential digital public services and educational services without discrimination.”^[23] Exclusion of stateless children from digital ID systems and services is therefore directly relevant to CRC obligations across the sub-region.

Designed to Include?

The Impact of Digital ID and Legal Identity on Citizenship and Nationality Rights

Across Southeast Asia, digital ID systems have not significantly reduced statelessness in any of the eleven countries, because access to digital identity systems is usually dependent on possession of foundational legal identity documents such as birth certificates, national identity cards, or residence permits. Since many stateless persons lack these documents, they are often unable to enroll in digital identity systems.

In all eleven countries in the sub-region, the grant of digital ID is not formally linked to citizenship. However, eligibility for digital ID depends on legal identity or residency status – documents which stateless persons often lack. As a result, digital ID systems tend to reinforce existing patterns of exclusion rather than directly causing statelessness. Where stateless individuals cannot obtain digital ID, they are excluded from services such as: government e-services, healthcare systems, education enrollment, social protection programs, banking and financial services, employment systems, SIM card registration, tax and licensing systems.

Across the sub-region, there are limited alternative mechanisms for stateless persons to access these services without digital identity credentials. A limited number of countries have implemented outreach programs. Thailand directed provincial authorities in May 2025 to implement accelerated pathways to nationality for over 480,000 stateless individuals.^[24] The Philippines conducted mobile birth registration missions in BARMM (over 1,300 children received birth certificates in 2023).^[25] Singapore provides digital inclusion programmes for seniors and persons with disabilities.^[26] However, these programs generally address digital adoption rather than barriers faced by stateless persons in accessing digital identity systems.

Legal and policy frameworks across Southeast Asia in 10 of the 11 countries have not yet incorporated comprehensive safeguards to ensure inclusion of stateless persons within digital identity systems. The exception is Timor-Leste’s UID Strategic Plan, which explicitly aspires to include stateless persons.^[27] Ensuring inclusive digital identity systems in the region would require universal birth registration, accessible civil registration systems, alternative service access mechanisms for individuals without digital IDs, and stronger legal protections against discrimination and exclusion. In this regard, the commitment made by a majority of the countries in the sub-region under the 2025 Ministerial Declaration on a Decade of Action for Inclusive and Resilient Civil Registration and Vital Statistics in Asia and the Pacific, which pledges to close registration gaps among marginalised populations and prevent the exclusion of vulnerable groups from digital services, provides a relevant regional benchmark against which progress on inclusive digital identity can be measured.

Summary Table

The table summarises the types of legal IDs available, whether their digital IDs are foundational or functional, whether they have data protection laws, the voluntary nature of their digital IDs, access to digital IDs for stateless persons or refugees, and the international core human rights treaties ratified in the Southeast Asia sub-region.

Country	Legal ID (Type)	Digital ID (Foundational / Functional)	Domestic Laws & Policy Covering Digital ID	Data Protection Law	Digital ID Mandatory?	Access for Stateless / Refugees	Intl. Treaties Ratified (Data / Human Rights)
Brunei	Smart Identity Card (yellow/purple/green)	BruneiID — Foundational + Functional	National Registration Act 2002; Digital Economy Masterplan 2025; MTIC 2025	Yes — PDPO 2025 (private sector only)	De facto for selected services (Jan 2026)	Stateless with PR: Yes (purple card). Stateless without PR: No	CEDAW, CRC, CRPD.
Cambodia	National Identity Card (NID), birth certificate	IPIS + CamDigiKey — Foundational (in development)	2023 Law on CRVSID; NSPI 2017–2026; Sub-Decree No. 47/2025; Cambodia Digital Government Policy 2022–2035	No comprehensive law; draft Law on Personal Data Protection released July 2025	Unclear (system still in development)	Not clearly specified for stateless persons or non-citizens in current publicly available documents	ICCPR, ICESCR, CEDAW, CRC, CERD, CAT.
Indonesia	e-KTP; birth certificate; family card	IKD (Identitas Kependudukan Digital) — Foundational + Functional	Law No. 23/2006 on Population Administration (amended 2013); Law No. 11/2008 on Electronic Information and Transactions (amended 2024); implementing regulations on IKD and population administration.	Yes — Personal Data Protection Law No. 27/2022	IKD mandatory for ID verification from Jan 2026; e-KTP compulsory for all residents	Limited; stateless persons face administrative barriers to civil registration and e-KTP	ICCPR, ICESCR, CERD, CEDAW, CAT, CRC, CRPD.
Laos	National ID Card (chip-enabled E-ID), UIN from birth registration	Gov-X app / E-ID — Functional (quasi-digital)	National IT Policy 2005; Law on e-Transactions 2012; ICT Law 2016; Law on Digital Signature 2018; no special digital ID laws	No — only Law on Electronic Data Protection 2017	National ID card mandatory; Gov-X voluntary	No — stateless persons excluded from National ID card and Gov-X	ICCPR, ICESCR, CEDAW, CRC, CRPD.
Malaysia	NRIC (MyKad/MyPR/MyKAS)	MyDigital ID — Functional	National Registration Act 1959; Electronic Government Activities Act 2007; Digital Signature Act 1997; Cybersecurity Act 2024; no standalone statute	Yes — PDPA 2010 (amended 2024, private sector only); Data Sharing Act 2025 (public sector)	Voluntary formally; mandatory for specific services (like, MyNIISe)	No — requires MyKad; stateless persons with MyKAS cannot enrol	CEDAW, CRC, CRPD
Myanmar	Citizens Scrutiny Card (pink/blue/green); NVC; TRC/TAC historically	UID Smart Card — Foundational (intended) + Functional (in practice)	e-Governance Master Plan 2016–2020; Myanmar e-Governance Plan 2030; Electronic Transactions Law 2004 (amended 2021); no comprehensive legal framework	No — fragmented sectoral provisions only; no independent supervisory body	Mandatory for border crossings, SIM cards, banking, government benefits	Unclear — no verifiable source confirms TRC/NVC holders (mainly Rohingya) eligible for UID	CRC, CRPD
Philippines	PSA Birth Certificate; PhilID/PSN (PhilSys); ePhilID	PhilSys — Foundational	RA No. 11055 (2018); Revised IRR of RA 11055 (2021); Executive Order No. 162 (2022)	Yes — Data Privacy Act 2012 (RA 10173), applies to both public and private sectors	Not formally mandatory for any single service; de facto indispensable for digital government and financial services	Limited — registration limited to citizens and resident aliens; undocumented stateless persons excluded; EO 162 and Rule on Facilitated Naturalization provide some pathways for recognised persons	ICCPR, ICESCR, CEDAW, CAT, CRC, CRPD, CERD; both 1954 and 1961 Statelessness Conventions; Refugee Convention (only country in SEA)
Singapore	NRIC (citizens/PRs); FIN (foreign nationals on long-term passes)	Singpass / NDI — Functional	National Registration Act 1965; Public Sector Governance Act 2018; PDPA 2012; Electronic Transactions Act.	Yes — PDPA 2012 (private sector only); public agencies largely exempt	De facto mandatory for many government e-services (used by ~97% of population)	Stateless with PR: potentially yes, but limited evidence of effective access. Stateless on Special Pass: No	CEDAW, CRC, CRPD.
Thailand	Thai National ID Card (blue/citizens); pink ID card (non-citizens/stateless)	ThaID (Foundational + Functional); DGA Digital ID (Functional)	Electronic Transactions Act B.E. 2544 (amended 2019); Digitalization of Public Administration Act 2019; Digital Government Development Plan 2023–2027; Digital ID Framework Phase 2 (2025–2027)	Yes — Personal Data Protection Act B.E. 2562 (2019), applies to public and private sectors with exemptions	Voluntary; but de facto important for access to hundreds of services	No — both ThaID and DGA Digital ID are available to Thai citizens only; pink card holders excluded	ICCPR, CEDAW, CAT, CRC, CRPD, CERD.
Timor-Leste	National identity card (Bilhete de Identidade); birth registration	UID (planned/in development via Dalan ba Digital 2025) — Foundational (planned)	UID System Strategic Plan 2021–2025; Timor Digital 2032; Decree-Law No. 12/2024 on e-Commerce and Electronic Signatures; Decree-Law No. 2/2004 on Civil Identification	No — no comprehensive data protection law in force as of early 2026; Article 38 of Constitution provides constitutional data rights	No services currently accessible only through UID; system still in development	Aspirational — UID Strategic Plan explicitly includes stateless persons, refugees, and those without ID, but system not yet implemented	ICCPR, ICESCR, CRC, CEDAW, CERD, CAT, CRPD; Refugee Convention.
Viet Nam	Citizen Identity Card (Căn cước công dân); Identity Certificate for persons of Vietnamese origin with undetermined nationality	VNeID — Foundational	Law No. 26/2023/QH15 on Identification; Decree No. 69/2024/ND-CP on Electronic Identification and Authentication; Decree No. 72/2013 on internet identity verification	Yes — Decree No. 13/2023/ND-CP on Personal Data Protection (both public and private sectors)	Formally voluntary; increasingly required in practice for public and private services	Limited — stateless persons of Vietnamese origin can obtain Identity Certificates and potentially e-ID; pathway for non-Vietnamese stateless persons legally undefined	ICCPR, ICESCR, CEDAW, CRC, CERD, CRPD.

References

1.^

‘What Is The Thai Pink ID Card: How To Apply And Benefits’ (Thai Law Online) <https://thailawonline.com/thai-pink-id-for-foreigners-in-thailand/> accessed 17 January 2026; Danish National ID Centre, ‘Malaysia: Malaysian ID Cards and Citizenship’ (2023) <https://fln.dk/media/yungmum5/mala92.pdf>; Editor KAI, ‘Ketentuan Hukum Soal KTP Elektronik Bagi WNA Di Indonesia’ (Kongres Advokat Indonesia, 1 March 2019) <https://www.kai.or.id/berita/14613/ketentuan-hukum-soal-ktp-elektronik-bagi-wna.html> accessed 13 January 2026; World Bank, National Digital Identity and Government Data Sharing in Singapore (Washington, DC 2022) <https://doi.org/10.1596/38201> accessed 9 October 2025; HM Passport Office UK, ‘Brunei: Knowledge Base Profile’ (GOV.UK) <https://www.gov.uk/government/publications/brunei-knowledge-base-profile/brunei-knowledge-base-profile> accessed 19 January 2026; Law No. 11/2017 on Migration & Asylum; ‘Republic Act No. 11055’ <https://lawphil.net/statutes/repacts/ra2018/ra_11055_2018.html> accessed 16 March 2026.

2.^

‘Legal Assistance’ (UNHCR Myanmar) <https://help.unhcr.org/myanmar/legal-assistance/> accessed 13 November 2025; Department of Foreign Affairs and Trade, ‘DFAT Country Information Report Myanmar’ (2025) <https://www.dfat.gov.au/sites/default/files/country-information-report-myanmar.pdf>.

3.^

World Bank, ‘Positioning the Lao PDR for a Digital Future’ (2022) <https://thedocs.worldbank.org/en/doc/c01714a0bc2ca257bdfe8f3f75a64adc-0070062022/original/Positioning-The-Lao-PDR-for-a-Digital-Future-11-10-22.pdf> accessed 30 August 2024.

4.^

‘Brunei Rolls out National Digital ID, Registration Opens 3 January’ The Bruneian (2 January 2026) <https://thebruneian.news/2026/01/02/brunei-rolls-out-national-digital-id-registration-opens-3-january/> accessed 6 January 2026; Fintech News Indonesia, ‘Indonesia to Mandate Facial Recognition for SIM Card Registration’ (Fintech News Indonesia, 18 December 2025) <https://fintechnews.id/109136/fintech/indonesia-sim-card-facial-recognition/> accessed 3 April 2026; ‘Myanmar Now Requires Biometric “Smart Card” to Exit Country by Border – Radio Free Asia’ <https://www.rfa.org/english/news/myanmar/smart-card-border-pass-05202024164811.html> accessed 3 April 2026; ‘Gov’t Agencies Directed to Prepare for PhilSys Implementation | Philippine News Agency’ <https://www.pna.gov.ph/articles/1167325> accessed 3 April 2026; ‘Vietnam: eID Requirement for Foreign Nationals Holding Residence Cards Launched | Fragomen, Del Rey, Bernsen & Loewy LLP’ <https://www.fragomen.com/insights/vietnam-eid-requirement-for-foreign-nationals-holding-residence-cards-launched.html> accessed 3 April 2026.

5.^

‘Annual Results Report 2023’ (UNDP) <https://laopdr.un.org/sites/default/files/2024-03/RCO_laoPDR_annual_report_2023_web_0.pdf>; ‘UNDP and European Union Launch “Dalan Ba Digital” - A New Path for Digital Citizenship in Timor-Leste’ (UNDP) <https://www.undp.org/timor-leste/press-releases/undp-and-european-union-launch-dalan-ba-digital-new-path-digital-citizenship-timor-leste> accessed 3 April 2026; ‘Improved Population and Civil Registration and Digital Identification for Better and More Inclusive Service Delivery in Indonesia’ <https://www.worldbank.org/en/news/press-release/2023/05/15/improved-population-and-civil-registration-and-digital-identification-for-better-and-more-inclusive-service-delivery-in-> accessed 3 April 2026.

6.^

‘Bernama : 26 July 2020 : MCMC Seeks Public Feedback on National Digital Identity’ <https://www.komunikasi.gov.my/en/public/news/17449-bernama-26-july-2020-mcmc-seeks-public-feedback-on-national-digital-identity> accessed 10 March 2026.

7.^

DLA Piper, ‘Data Protection Laws in Myanmar - Data Protection Laws of the World’ (18 December 2024) <https://www.dlapiperdataprotection.com/?t=law&c=MM#insight> accessed 18 December 2025.

8.^

aiman, ‘MyDigital ID: What Does It Mean For Malaysians & Digitalisation Efforts in Malaysia?’ (Grayscale, 4 March 2024) <https://grayscale.my/mydigital-id-what-does-it-mean-for-malaysians-digitalisation-efforts-in-malaysia/> accessed 10 March 2026.

9.^

Privacy Commission Recommends Criminal Prosecution of Bautista over “Comeleak”’ (National Privacy Commission, 5 January 2017) <https://privacy.gov.ph/privacy-commission-finds-bautista-criminally-liable-for-comeleak-data-breach/> accessed 30 March 2026.

10.^

‘Click and Bait: Vietnamese Human Rights Defenders Targeted with Spyware Attacks’ (Amnesty International, 24 February 2021) <https://www.amnesty.org/en/latest/research/2021/02/click-and-bait-vietnamese-human-rights-defenders-targeted-with-spyware-attacks/> accessed 20 December 2025; ‘Viet Nam: New Cybersecurity Law a Devastating Blow for Freedom of Expression’ (Amnesty International, 12 June 2018) <https://www.amnesty.org/en/latest/news/2018/06/viet-nam-cybersecurity-law-devastating-blow-freedom-of-expression/> accessed 20 December 2025; ‘Vietnam: Repeal Harmful Internet Laws | Human Rights Watch’ (10 December 2024) <https://www.hrw.org/news/2024/12/11/vietnam-repeal-harmful-internet-laws> accessed 20 December 2025.

11.^

‘Singapore’s “Smart City” Initiative: One Step Further in the Surveillance, Regulation and Disciplining of Those at the Margins’ (Center for Human Rights and Global Justice, 18 March 2022) <https://chrgj.org/2022-03-18-singapore-smart-city-initiative/> accessed 3 April 2026; ‘Singapore’s Surveillance Experiments on Low-Wage Migrant Worker Dormitories: Implications for Singapore and Other Nations’ (Social Science Research Council (SSRC)) <https://www.ssrc.org/grantees/singapores-surveillance-experiments-on-low-wage-migrant-worker-dormitories-implications-for-singapore-and-other-nations/> accessed 3 April 2026; Peter Guest, ‘Singapore’s Tech-Utopia Dream Is Turning into a Surveillance State Nightmare’ (Rest of World, 16 November 2021) <https://restofworld.org/2021/singapores-tech-utopia-dream-is-turning-into-a-surveillance-state-nightmare/> accessed 13 October 2025.

12.^

Human Rights Myanmar, ‘Privacy Violations and Discrimination in Myanmar’ (8 June 2025) <https://humanrightsmyanmar.org/privacy-violations-and-discrimination-in-myanmar/> accessed 21 November 2025; ‘The Myanmar Junta’s Partners in Digital Surveillance and Censorship | Justice For Myanmar’ <https://www.justiceformyanmar.org/stories/the-myanmar-juntas-partners-in-digital-surveillance-and-censorship> accessed 18 December 2025.

13.^

‘State-Backed Digital Violence Used to Silence Women in Thailand’ (Amnesty International, 16 May 2024) <https://www.amnesty.org/en/latest/news/2024/05/thailand-state-backed-digital-violence-silence-women-lgbti-activists/> accessed 26 January 2026; ‘Thailand: Authorities Must End Malicious Smear Campaigns and Cyberattacks on Civil Society’ (Amnesty International, 7 April 2025) <https://www.amnesty.org/en/latest/news/2025/04/thailand-authorities-must-end-malicious-smear-campaigns-and-cyberattacks-on-civil-society/> accessed 26 January 2026.

14.^

Kevin Socquet-Clerc and others, ‘Protecting Migrants through Good Security Sector Governance in Southeast Asia’ <https://www.dcaf.ch/sites/default/files/publications/documents/Protecting_Migrants_through_Good_SSG_in_Southeast_Asia.pdf>.

15.^

‘UN Shared Rohingya Data Without Informed Consent | Human Rights Watch’ (15 June 2021) <https://www.hrw.org/news/2021/06/15/un-shared-rohingya-data-without-informed-consent> accessed 18 December 2025.

16.^

Advisory Commission on Rakhine State, ‘Towards a Peaceful, Fair and Prosperous Future for the People of Rakhine - Final Report of the Advisory Commission on Rakhine State’ (2017) <https://www.kofiannanfoundation.org/wp-content/uploads/2024/04/Advisory-Commission-on-Rakhine-State-Report.pdf>; ‘Independent International Fact-Finding Mission on Myanmar’ (OHCHR, 2 June 2019) <https://www.ohchr.org/en/hr-bodies/hrc/myanmar-ffm/index> accessed 18 December 2025; ‘Myanmar: “Caged without a Roof”: Apartheid in Myanmar’s Rakhine State’ (Amnesty International, 21 November 2017) <https://www.amnesty.org/en/documents/asa16/7484/2017/en/> accessed 13 November 2025.

17.^

Dr. Shamsul Anuar Nasarah, ‘Refugee Registration System Being Tested With Jan 1 Launch Targeted, Dewan Rakyat Told |’ (2 December 2025) <https://www.shamsulnasarah.com/refugee-registration-system-being-tested-with-jan-1-launch-targeted-dewan-rakyat-told/> accessed 10 March 2026.

18.^

ELSAM and Access Now, ‘The Right to Privacy in Indonesia - Stakeholder Report Universal Periodic Review, 41st Session’ <https://www.accessnow.org/wp-content/uploads/2022/04/ELSAM-and-Access-Now-UPR-Joint-Submission-on-the-Right-to-Privacy-in-Indonesia.pdf>.

19.^

ASEAN TELMIN, ‘Framework on Personal Data Protection’ (2016) <https://cil.nus.edu.sg/wp-content/uploads/2020/08/2016-Frmwk-PDP.pdf>; ASEAN TELMIN, ‘Framework on Digital Data Governance’ (2018) <https://cil.nus.edu.sg/wp-content/uploads/2020/09/2018-Framework-Digital-Data-Governance.pdf>.

20.^

Mimia Sefrina, ‘Understanding the ASEAN Digital Economy Framework Agreement: A Means to Support ASEAN Integration’; Naomi Wilson, ‘The Digital Economy Framework Agreement: ASEAN’s Anchor in a Turbulent Digital Economy - Information Technology Industry Council’ <https://www.itic.org/news-events/techwonk-blog/the-digital-economy-framework-agreement-aseans-anchor-in-a-turbulent-digital-economy> accessed 29 April 2026.

21.^

‘APEC Cross-Border Privacy Enforcement Arrangement (CPEA)’ (APEC) <https://www.apec.org/groups/committee-on-trade-and-investment/digital-economy-steering-group/cross-border-privacy-enforcement-arrangement> accessed 14 January 2026.

22.^

Jamael Jacob, ‘APEC’s Cross Border Data Transfer Rules: An Unfulfilled Potential, An Uncertain Future’.

23.^

‘General Comment No. 25 (2021) on Children’s Rights in Relation to the Digital Environment’ <https://www.unicef.org/bulgaria/en/media/10596/file>.

24.^

‘Thailand Moves Forward on Historic Statelessness Resolution’ (UNHCR Thailand) <https://www.unhcr.org/th/en/news/press-releases/thailand-moves-forward-historic-statelessness-resolution> accessed 3 April 2026.

25.^

UN High Commissioner for Refugees, ‘Unregistered Children and Their Families in Maguindanao Receive Their Birth Certificates’ (https://www.unhcr.org/ph/29113-unregistered-children-and-their-families-in-maguindanao-receive-their-birth-certificates.html, 28 March 2023) <https://www.ecoi.net/en/document/2089945.html> accessed 1 April 2026.

26.^

INFOCOMM Development Authority of Singapore, ‘Factsheet: Overview of Digital Inclusion’ (30 July 2024) <https://www.imda.gov.sg/-/media/imda/files/inner/about-us/newsroom/media-releases/2016/0421_senior-smart-phone-workshop/factsheet-for-the-overview-of-digital-inclusion-programmes.pdf> accessed 13 October 2025.

27.^

Government of Timor-Leste, ‘Unique Identity System Strategic Plan | 2021 to 2025’ (2021) <https://idu.gov.tl/wp-content/uploads/2021/08/Unique-ID-Strategy-Consolidated-Final_240521_-English1878.pdf>.

See Statelessness Overview