TSA Will Scan Your Phone ID in 2026—But Here’s the Catch: A ‘Digital Driver’s License’ Isn’t One Thing (and the Standards Fight Decides Who Can Track You)
TSA’s “Digital ID” isn’t a single credential you can count on everywhere—it’s a patchwork of phone-based IDs, airport lanes, readers, and evolving rules. REAL ID enforcement raises the stakes, while CAT-2 facial comparison and opt-out policies shape what “consent” feels like in a checkpoint line.
By TheMurrow Editorial
April 12, 2026
Key Points
- 1Know the definition: TSA “Digital ID” covers state mDLs and other phone credentials—acceptance depends on state, airport lane hardware, and policy.
- 2Plan for the catch: TSA says you must still carry an acceptable compliant physical ID, even if your phone credential scans successfully.
- 3Decide on biometrics: CAT-2 may prompt optional facial comparison; TSA says you can opt out and claims photos/data are deleted after verification.
Your phone is increasingly welcome at the airport checkpoint. That part is real. The part most travelers miss is the fine print: TSA’s “Digital ID” is not one thing, not one app, and not a universally reliable substitute for the plastic in your wallet.
TSA has spent the past few years building a new identity-check workflow around scanners, QR codes, and cameras. It’s being rolled out at scale—“more than 250 airports,” according to TSA’s own Digital ID page—and it’s tied to a broader regulatory shift that changed the ground rules for everyone on May 7, 2025, when REAL ID full enforcement began for domestic air travel identity checks.
The result is a familiar modern paradox: the system is meant to reduce friction, yet it can introduce new uncertainty. You can arrive feeling prepared—phone in hand—only to discover the lane you’re in doesn’t support your credential, the officer asks for a physical backup, or you’re presented with a camera-based facial comparison step you didn’t expect.
At the checkpoint, ‘Digital ID’ doesn’t mean ‘one standard, everywhere.’ It means ‘it depends.’
— — TheMurrow Editorial
What follows is the practical reality of TSA Digital ID in 2026: what TSA actually means by the term, where the technology fits, what the agency promises about privacy, how REAL ID reshapes acceptance, and how to travel confidently without turning your ID check into a mini negotiation.
What TSA Means by “Digital ID” (and Why the Label Misleads)
TSA uses “Digital ID” as an umbrella term for multiple types of credentials presented from a phone. That matters because the public hears “digital ID” and imagines a single, standardized alternative to a driver’s license. TSA’s language is broader—and more complicated.
Two buckets TSA groups under “Digital ID”
On its Digital ID page, TSA describes:
- State-issued mobile driver’s licenses (mDLs)—a digital ID issued by a state and presented from a phone.
- Other “digital IDs” that may be issued by a non-government entity, even if they’re derived from government sources (or other sources). TSA explicitly notes these may be based on “information derived from governmental or non-governmental sources.”
That second category is where confusion thrives. A headline like “TSA will scan your phone ID” implies you can show up with whatever digital credential you have and expect it to work. TSA’s own framing suggests a more conditional world.
- State-issued mobile driver’s licenses (mDLs)—a digital ID issued by a state and presented from a phone.
- Other “digital IDs” that may be issued by a non-government entity, even if they’re derived from government sources (or other sources). TSA explicitly notes these may be based on “information derived from governmental or non-governmental sources.”
That second category is where confusion thrives. A headline like “TSA will scan your phone ID” implies you can show up with whatever digital credential you have and expect it to work. TSA’s own framing suggests a more conditional world.
The four-way dependency travelers actually face
Whether you can use a phone credential at TSA depends on:
1) What credential you have (state mDL vs. another credential TSA groups under Digital ID)
2) Which state issued it (for mDLs, state participation and compliance matter)
3) Which airport—and which lanes—have compatible readers enabled
4) TSA’s current acceptance policies, which can evolve as programs move from pilot to broader use
The upshot is not that Digital ID is a gimmick. It’s that the term hides operational realities. Travelers don’t experience “policy.” They experience a line, a lane, and an officer trying to keep people moving.
1) What credential you have (state mDL vs. another credential TSA groups under Digital ID)
2) Which state issued it (for mDLs, state participation and compliance matter)
3) Which airport—and which lanes—have compatible readers enabled
4) TSA’s current acceptance policies, which can evolve as programs move from pilot to broader use
The upshot is not that Digital ID is a gimmick. It’s that the term hides operational realities. Travelers don’t experience “policy.” They experience a line, a lane, and an officer trying to keep people moving.
TSA’s ‘Digital ID’ is an umbrella, not a guarantee.
— — TheMurrow Editorial
The “Bring Physical ID Anyway” Catch (Straight From TSA)
TSA’s Digital ID page includes a line that should be printed on every airline confirmation email: even if you use Digital ID, passengers must still carry an acceptable compliant physical ID for verification.
That isn’t a minor caveat. It’s the agency acknowledging what frequent travelers already know: acceptance in principle isn’t the same as usability in practice.
That isn’t a minor caveat. It’s the agency acknowledging what frequent travelers already know: acceptance in principle isn’t the same as usability in practice.
“More than 250 airports” isn’t “every checkpoint lane”
TSA says Digital ID is accepted at more than 250 airports and is presented via QR scan or tap at a digital ID reader. Those are meaningful scale numbers, but they don’t guarantee uniform coverage. Airports are mosaics: different terminals, different checkpoint configurations, different equipment refresh cycles.
Even within the same airport, one lane may have a compatible reader while another is reserved for pre-check flows, equipment tests, or staffing patterns that day. Add inevitable operational variables—equipment downtime, software updates, officer familiarity—and the traveler’s reality becomes simple: you can plan to use Digital ID, but you can’t depend on it alone.
Even within the same airport, one lane may have a compatible reader while another is reserved for pre-check flows, equipment tests, or staffing patterns that day. Add inevitable operational variables—equipment downtime, software updates, officer familiarity—and the traveler’s reality becomes simple: you can plan to use Digital ID, but you can’t depend on it alone.
More than 250 airports
TSA says Digital ID is accepted at more than 250 airports—but that doesn’t guarantee every checkpoint lane has compatible readers enabled.
Practical takeaway: treat Digital ID like a convenience feature
For now, Digital ID is best understood the way you’d understand mobile boarding passes years ago: increasingly common, sometimes faster, but not immune to the occasional “we need the printed version.” TSA is telling you, in plain language, to bring the physical ID because the system is still heterogeneous.
If you want a stress-free checkpoint experience, the conservative approach is also the smartest: carry your physical, compliant ID even if you intend to use your phone.
If you want a stress-free checkpoint experience, the conservative approach is also the smartest: carry your physical, compliant ID even if you intend to use your phone.
Key Takeaway
TSA’s own guidance treats Digital ID as an add-on: bring an acceptable compliant physical ID for verification, even if you plan to use your phone.
The Machines Behind the Promise: CAT-2 and Facial Comparison
Digital ID isn’t simply a phone screen held up to an officer. TSA ties the experience to its identity verification technology, particularly CAT-2—Credential Authentication Technology with a camera component (and variants described as “AutoCAT”).
TSA’s March 2023 press release on identity verification technology describes an identity-check flow built around:
- Credential scanning and flight information checks
- A passenger-facing camera for real-time photo capture
- Facial comparison between the captured image and the photo on the traveler’s credential (physical or digital)
TSA’s March 2023 press release on identity verification technology describes an identity-check flow built around:
- Credential scanning and flight information checks
- A passenger-facing camera for real-time photo capture
- Facial comparison between the captured image and the photo on the traveler’s credential (physical or digital)
How the checkpoint experience is changing
The old model centered on a human look: officer compares your face to the photo on your ID, eyeballs the ID’s security features, and matches you to a boarding pass. CAT-2 is built to compress and standardize that moment. You present a credential; the system validates it and pulls in flight info; the camera captures your face; and the software performs a comparison.
TSA presents this as modernization: faster throughput, less manual handling, less opportunity for human error. Those are plausible benefits—especially at peak travel times—yet the design also shifts the default experience toward camera-enabled identity verification.
TSA presents this as modernization: faster throughput, less manual handling, less opportunity for human error. Those are plausible benefits—especially at peak travel times—yet the design also shifts the default experience toward camera-enabled identity verification.
The emerging social friction: default tech vs. optional participation
TSA says participation in the photo capture is optional (more on that below). Still, many travelers will encounter a system that feels like it assumes consent. The checkpoint is not a deliberative environment. People are tired, late, anxious, and conditioned to comply quickly.
That tension—between “optional” in policy and “default” in workflow—shapes public trust. Even a well-intentioned system can create resentment if people feel they have to opt out under pressure.
That tension—between “optional” in policy and “default” in workflow—shapes public trust. Even a well-intentioned system can create resentment if people feel they have to opt out under pressure.
Optional is meaningful only when opting out is easy, quick, and treated as normal.
— — TheMurrow Editorial
Opt-Out, Retention, and What TSA Says It Stores (and Doesn’t)
TSA makes several explicit claims about choice and privacy on its Digital ID page. They are worth reading closely, because they form the agency’s public accountability line.
What TSA says about opting out
TSA states that travelers can decline the optional photo and should notify the officer. DHS documentation on the rollout supports that opt-out language is displayed via signage, screens, or advisements, reinforcing the claim that travelers are informed.
The critical question for travelers is less “Is opt-out allowed?” and more “How will it feel in the line?” TSA says an alternative process exists. Lived experience may vary by airport, lane configuration, and staffing familiarity.
The critical question for travelers is less “Is opt-out allowed?” and more “How will it feel in the line?” TSA says an alternative process exists. Lived experience may vary by airport, lane configuration, and staffing familiarity.
What TSA says about deletion and sharing
On its Digital ID page, TSA says:
- “Your photo and personal data are deleted after your identity is verified.”
- Images are not used for law enforcement or surveillance and are not shared with other entities.
Those are strong statements. They also place a burden on TSA: if the agency wants public buy-in, it needs consistently visible procedures that match the promise. Trust doesn’t come from policy PDFs; it comes from repeating the same experience in Phoenix, Philadelphia, and Portland.
- “Your photo and personal data are deleted after your identity is verified.”
- Images are not used for law enforcement or surveillance and are not shared with other entities.
Those are strong statements. They also place a burden on TSA: if the agency wants public buy-in, it needs consistently visible procedures that match the promise. Trust doesn’t come from policy PDFs; it comes from repeating the same experience in Phoenix, Philadelphia, and Portland.
“We don’t copy or store the digital ID”—with one important carve-out
TSA also says it does not copy or store the digital ID, except in a limited testing environment used to evaluate facial comparison accuracy. TSA says it provides notice in those cases through signage/advisements and public privacy impact materials.
That carve-out is not necessarily sinister; testing is how systems are evaluated. But for privacy-conscious travelers, it’s the kind of exception that matters. The practical takeaway is straightforward: if you are particularly sensitive about biometric capture, treat “limited testing environment” as a reason to remain attentive to signage and to exercise opt-out where appropriate.
That carve-out is not necessarily sinister; testing is how systems are evaluated. But for privacy-conscious travelers, it’s the kind of exception that matters. The practical takeaway is straightforward: if you are particularly sensitive about biometric capture, treat “limited testing environment” as a reason to remain attentive to signage and to exercise opt-out where appropriate.
Editor’s Note
TSA says it doesn’t copy/store Digital ID except in limited testing environments for facial comparison accuracy—watch for checkpoint signage and advisements.
REAL ID Enforcement Changed the Stakes (May 7, 2025)
If Digital ID feels like a convenience story, REAL ID makes it a compliance story. TSA confirmed in an April 2025 press release that REAL ID full enforcement began May 7, 2025 for domestic air travel identity checks.
That date matters because it clarifies what TSA is optimizing for: a federally acceptable identity credential ecosystem. Digital credentials don’t exist outside that ecosystem; they’re increasingly being pulled into it.
That date matters because it clarifies what TSA is optimizing for: a federally acceptable identity credential ecosystem. Digital credentials don’t exist outside that ecosystem; they’re increasingly being pulled into it.
May 7, 2025
TSA confirmed REAL ID full enforcement began May 7, 2025 for domestic air travel identity checks—raising the baseline for what counts as acceptable ID.
How REAL ID affects mobile driver’s licenses (mDLs)
TSA’s mDL/REAL ID page explains that, under REAL ID, federal agencies may accept mDLs for official purposes only if:
1) the issuing state has a waiver under 6 CFR 37.7, or
2) the federal agency has an alternative acceptance policy.
TSA’s Digital ID FAQ further adds that TSA will accept digital IDs compliant with “6 CFR Part 37” minimum standards and the “Waiver for Mobile Driver’s Licenses.”
In other words, acceptance is not just about the phone technology. It’s about legal and administrative compliance pathways.
1) the issuing state has a waiver under 6 CFR 37.7, or
2) the federal agency has an alternative acceptance policy.
TSA’s Digital ID FAQ further adds that TSA will accept digital IDs compliant with “6 CFR Part 37” minimum standards and the “Waiver for Mobile Driver’s Licenses.”
In other words, acceptance is not just about the phone technology. It’s about legal and administrative compliance pathways.
A traveler’s reality: “My state has it” isn’t the only question
Even if your state offers an mDL, the key question becomes: does TSA accept that mDL under the relevant federal standards and waivers, and does the checkpoint you’re in have the right reader configured?
The practical takeaway is unromantic but useful: REAL ID enforcement makes the physical credential more important, not less, because it raises the baseline standard TSA must verify. Digital convenience sits on top of that baseline; it doesn’t replace it.
The practical takeaway is unromantic but useful: REAL ID enforcement makes the physical credential more important, not less, because it raises the baseline standard TSA must verify. Digital convenience sits on top of that baseline; it doesn’t replace it.
The Standards Fight: mDL vs. Wallets vs. State Apps (and Who Holds Power)
Public debate often frames “digital ID” as a binary: modern vs. old-fashioned. The more consequential split is structural: interoperable standards vs. fragmented implementations.
mDL as a standard, not a brand
AAMVA—the association representing state DMVs—positions the mDL as a secure, interoperable credential type. AAMVA also operates a Digital Trust Service and publishes mDL Implementation Guidelines (v1.5, May 2025) that explicitly aim for:
- Interoperability across jurisdictions
- A trust framework for verifying credentials
- Privacy-preserving implementations, including selective disclosure (sharing only the data needed for a particular transaction)
Those goals address a real governance problem: if each state builds its own app and each verifier builds its own reader logic, travelers get a patchwork. Interoperability is what turns a clever demo into reliable infrastructure.
- Interoperability across jurisdictions
- A trust framework for verifying credentials
- Privacy-preserving implementations, including selective disclosure (sharing only the data needed for a particular transaction)
Those goals address a real governance problem: if each state builds its own app and each verifier builds its own reader logic, travelers get a patchwork. Interoperability is what turns a clever demo into reliable infrastructure.
The global technical backbone: ISO/IEC 18013-5
The most commonly cited technical standard in the mDL world is ISO/IEC 18013-5. While TSA messaging focuses on federal standards and waivers, the broader ecosystem leans on technical standards to ensure credentials can be verified consistently and securely.
The power question beneath all this: when your ID becomes a digital object, who controls the interface—the state, the platform provider, the verifier, or some combination? Travelers feel the outcome as convenience or friction, but the underlying contest is about governance and trust.
The power question beneath all this: when your ID becomes a digital object, who controls the interface—the state, the platform provider, the verifier, or some combination? Travelers feel the outcome as convenience or friction, but the underlying contest is about governance and trust.
Interoperability isn’t a technical nicety; it’s what keeps ‘digital ID’ from becoming 50 different problems.
— — TheMurrow Editorial
What It Means for Travelers: Practical Scenarios and Smart Habits
The best way to understand TSA Digital ID is to imagine the traveler’s day, not the agency’s diagram.
Scenario 1: The confident phone-only traveler hits a mismatch
You arrive at an airport that’s on the “accepted at more than 250 airports” list. You assume you’re set. At the checkpoint, the lane you enter doesn’t have an active digital reader—or the officer directs Digital ID users elsewhere. You’re asked for a physical ID because TSA requires you to carry one anyway.
Takeaway: Digital ID can be real and still be lane-dependent. Choose it as an option, not as your only plan.
Takeaway: Digital ID can be real and still be lane-dependent. Choose it as an option, not as your only plan.
Scenario 2: You want to opt out of the camera
You approach a CAT-2 setup. A camera is visible. TSA says photo capture is optional and you can decline by notifying the officer. The experience may be smooth—or it may require a short verbal exchange and an alternate process.
Takeaway: If you plan to opt out, budget a little extra time, and be ready to say, calmly and clearly, that you are declining the optional photo. TSA’s own guidance says that’s permitted.
Takeaway: If you plan to opt out, budget a little extra time, and be ready to say, calmly and clearly, that you are declining the optional photo. TSA’s own guidance says that’s permitted.
Scenario 3: You’re traveling under REAL ID enforcement
REAL ID enforcement has been in effect since May 7, 2025. Your goal is a compliant ID check that doesn’t become the bottleneck in your trip.
Takeaway: Use a compliant physical ID as your baseline. Treat Digital ID as an add-on convenience where it works.
Takeaway: Use a compliant physical ID as your baseline. Treat Digital ID as an add-on convenience where it works.
A short checklist that respects reality
- ✓Carry a compliant physical ID even if you plan to present a phone credential (TSA explicitly advises this).
- ✓Look for signage indicating Digital ID availability and opt-out instructions at the checkpoint.
- ✓Expect variability across airports and lanes, even within the same airport.
- ✓Know your preference on photo capture before you reach the front of the line.
Where the Debate Lands: Efficiency, Privacy, and the Shape of Consent
TSA’s public case for Digital ID and CAT-2 is efficiency and modernization—faster identity verification, less manual handling, and a more standardized process across airports. With air travel volumes and peak congestion, that argument has intuitive appeal.
Privacy-minded critics, meanwhile, focus on a different axis: the normalization of facial comparison in a high-pressure environment. TSA’s assurances—optional photo capture, deletion after verification, no law enforcement use, no sharing—are designed to address that concern directly. The durability of those assurances will be measured in consistency and transparency.
The deepest question isn’t whether technology belongs at the checkpoint. It’s whether travelers can meaningfully choose how they participate without penalty or stigma. A choice offered in a rush, under social pressure, is not the same as a choice.
If TSA wants long-term legitimacy for Digital ID, it has to make the opt-out path as smooth and routine as the default. That’s not a technical challenge. It’s an operational and cultural one.
Privacy-minded critics, meanwhile, focus on a different axis: the normalization of facial comparison in a high-pressure environment. TSA’s assurances—optional photo capture, deletion after verification, no law enforcement use, no sharing—are designed to address that concern directly. The durability of those assurances will be measured in consistency and transparency.
The deepest question isn’t whether technology belongs at the checkpoint. It’s whether travelers can meaningfully choose how they participate without penalty or stigma. A choice offered in a rush, under social pressure, is not the same as a choice.
If TSA wants long-term legitimacy for Digital ID, it has to make the opt-out path as smooth and routine as the default. That’s not a technical challenge. It’s an operational and cultural one.
1) What counts as “Digital ID” to TSA?
TSA uses Digital ID as an umbrella term for credentials presented from a phone, including state-issued mobile driver’s licenses (mDLs) and other digital credentials that may be issued by non-government entities based on information derived from government or other sources. Acceptance depends on the credential type, issuing state (for mDLs), airport equipment, and TSA policy.
2) If my Digital ID is accepted, do I still need to bring my physical ID?
Yes. TSA states that even if you use Digital ID, you must still carry an acceptable compliant physical ID for verification. Digital ID can speed the process where supported, but TSA’s own guidance treats a physical ID as the required backup and baseline.
3) How widely is TSA Digital ID available?
TSA says Digital ID is accepted at more than 250 airports. Availability can still vary by checkpoint and lane because Digital ID requires a functioning digital ID reader and staff familiar with the process. “Accepted at the airport” does not always mean “usable in every lane.”
4) Will TSA take my picture, and can I refuse?
TSA says the system may capture a photo for facial comparison as part of the identity verification process, but photo capture is optional. TSA instructs travelers who want to refuse to notify the officer. DHS documentation indicates opt-out language is presented via signage/screens/advisements.
5) Does TSA store my photo or Digital ID data?
TSA says photos and personal data are deleted after identity is verified, and images are not used for law enforcement or surveillance and are not shared with other entities. TSA also says it does not copy or store the digital ID, except in a limited testing environment to evaluate facial comparison accuracy, where it says notice is provided.
6) How did REAL ID enforcement change Digital ID acceptance?
TSA confirmed REAL ID full enforcement began May 7, 2025. For mDLs, TSA notes that federal agencies may accept them only if the issuing state has a 6 CFR 37.7 waiver or the agency has an alternative acceptance policy. TSA’s Digital ID FAQ references compliance with 6 CFR Part 37 standards and the mobile driver’s license waiver framework.
7) Why do some digital IDs work differently across states and airports?
Digital ID is shaped by a mix of policy and standards: state issuance rules, federal acceptance requirements under REAL ID, and the checkpoint hardware/software deployed at each airport. Organizations like AAMVA publish mDL guidelines (v1.5, May 2025) emphasizing interoperability and privacy features such as selective disclosure, but real-world consistency still depends on coordinated implementation.
6 CFR Part 37
TSA’s Digital ID acceptance for mDLs references compliance with REAL ID minimum standards under 6 CFR Part 37 and related waiver pathways.
ISO/IEC 18013-5
A commonly cited technical backbone for mDL interoperability—separate from TSA’s policy framing, but central to consistent verification.
T
About the Author
TheMurrow Editorial is a writer for TheMurrow covering explainers.
Frequently Asked Questions
What counts as “Digital ID” to TSA?
TSA uses Digital ID as an umbrella term for credentials presented from a phone, including state-issued mobile driver’s licenses (mDLs) and other digital credentials that may be issued by non-government entities based on information derived from government or other sources. Acceptance depends on the credential type, issuing state (for mDLs), airport equipment, and TSA policy.
If my Digital ID is accepted, do I still need to bring my physical ID?
Yes. TSA states that even if you use Digital ID, you must still carry an acceptable compliant physical ID for verification. Digital ID can speed the process where supported, but TSA’s own guidance treats a physical ID as the required backup and baseline.
How widely is TSA Digital ID available?
TSA says Digital ID is accepted at more than 250 airports. Availability can still vary by checkpoint and lane because Digital ID requires a functioning digital ID reader and staff familiar with the process. “Accepted at the airport” does not always mean “usable in every lane.”
Will TSA take my picture, and can I refuse?
TSA says the system may capture a photo for facial comparison as part of the identity verification process, but photo capture is optional. TSA instructs travelers who want to refuse to notify the officer. DHS documentation indicates opt-out language is presented via signage/screens/advisements.
Does TSA store my photo or Digital ID data?
TSA says photos and personal data are deleted after identity is verified, and images are not used for law enforcement or surveillance and are not shared with other entities. TSA also says it does not copy or store the digital ID, except in a limited testing environment to evaluate facial comparison accuracy, where it says notice is provided.
How did REAL ID enforcement change Digital ID acceptance?
TSA confirmed REAL ID full enforcement began May 7, 2025. For mDLs, TSA notes that federal agencies may accept them only if the issuing state has a 6 CFR 37.7 waiver or the agency has an alternative acceptance policy. TSA’s Digital ID FAQ references compliance with 6 CFR Part 37 standards and the mobile driver’s license waiver framework.
