In these terms, unless the context otherwise requires, words and phrases shall have the meanings assigned to them in the Electronic Transactions Act of 2007 and its amendments, the Digital Identity Regulation of 2025, and the Cyber Security Act of 2025, in addition to the following definitions:
| Term | Definition |
|---|---|
| The Application | The Sudanese Digital Identity application for smartphones. |
| The Platform | The national digital platform for managing identity and associated services. |
| The Account | The unique digital account granted to the user after completing the registration and verification process. |
| Digital Signature | A secure electronic signature issued using a signature tool linked to a certified digital identity. |
| Services | All governmental and commercial services provided through the platform that require the use of digital identity for access or authentication. |
These terms govern your use of the Sudanese Digital Identity, including the application, the platform, and the services.
By registering for or using any of the services, you acknowledge that you have read, understood, and agree to be bound by these terms, as well as all relevant applicable Sudanese laws and regulations.
If you are acting on behalf of a legal entity (company, institution), you warrant that you have the legal authority to bind that entity to these terms.
Digital identity is issued through certifiers licensed by the National Electronic Authentication Authority.
Identities are classified into three levels of trust based on the strength of verification:
| Level | Description |
|---|---|
| Basic Level | Online verification of basic data. |
| Intermediate Level | Electronic or in-person verification with official documents. |
| High Level | In-person verification with biometric verification (fingerprint, facial recognition). |
The trust level determines the scope of services you can access and the documents you can sign electronically.
The user undertakes the following:
1. Ensuring Data Accuracy: Providing correct and complete information and documents upon registration and during use. Any forgery exposes the perpetrator to accountability under Article 28 of the Electronic Transactions Act.
2. Protecting Authentication Tools: Maintaining the confidentiality and integrity of all authentication methods (password, PIN code, the application itself, smart card) and not disclosing them to any party. The user is solely responsible for all activities that occur under their account.
3. Immediate Reporting: Notifying the service provider (the certifier) and the Authority immediately in the event of device loss, theft of login data, or suspicion of any unauthorized use of the account.
4. Lawful Use: Using the identity and services only for legitimate purposes, and not using them in any way that violates the law or infringes upon the rights of others.
5. Updating Data: The user is responsible for updating their personal data when it changes (such as address, phone number) through the specified channels.
A digital signature issued using a certified digital identity that meets the requirements of the Electronic Transactions Act shall have full legal validity and be considered equivalent to a handwritten signature on paper documents (Article 8 of the Electronic Transactions Act).
Electronic transactions completed using the digital identity are valid and binding on the parties and have the power of evidence before judicial and administrative authorities.
The processing of user data is subject to the Privacy Policy approved by the Authority, which constitutes an integral part of these terms.
The system collects only the data necessary for the specified purpose (data minimization principle), and primary data is stored within Sudan.
Personal data is not shared with external parties except in the following cases:
a. With the explicit consent of the user during the completion of a specific transaction.
b. To service providers necessary for the operation of the system (under strict confidentiality agreements).
c. Based on a judicial or legal order issued by a competent authority.
The service provider (the certifier) has the right to suspend or cancel the digital identity immediately in cases including:
a. Discovery of incorrect registration information.
b. Suspicion of a security breach or fraudulent use.
c. Non-compliance with these terms.
d. A request from the competent authority.
The user has the right to request the cancellation of their digital identity through official channels.
The Authority has the right to terminate or suspend the service generally or for a portion of users for reasons related to national cyber security or maintenance, with appropriate notice where possible.
The Authority and licensed entities exert reasonable effort to secure and ensure the reliability of the service, but they do not guarantee that the service will be free from malfunctions, errors, or interruptions.
The Authority or the certifiers shall not be liable for any indirect, consequential, or incidental damages arising from the use or inability to use the service.
The primary responsibility for the security of login data and transactions rests with the user.
The Authority reserves the right to amend these terms and conditions at any time. Users will be notified of material amendments via the application, platform, or registered email. Your continued use of the service after the effective date of the amendments constitutes your acceptance of them.
These terms shall be governed by and construed in accordance with the laws of the Republic of Sudan.
The General Court in Khartoum shall be the competent court to hear any disputes arising from these terms or the use of the service, unless a special law provides otherwise.
Parties must attempt an amicable settlement of the dispute before resorting to the judiciary.
All rights and intellectual property related to the application, platform, and all their components, including software, source code, “electronic records,” “signature creation tools,” encryption materials, and application programming interfaces (APIs), shall belong to the competent authority and/or its licensed entities in accordance with the Sudanese Copyright and Related Rights Law.
The user is granted a limited, non-exclusive, non-transferable, and revocable right to use the system solely for the authorized purposes.
The user is prohibited, directly or indirectly, from engaging in any of the following activities:
* Performing reverse engineering, decompilation, or attempting to extract the source code or system logic.
* Revealing encryption keys or disclosing encrypted information stored outside the authorized circumstances.
* Manufacturing, possessing, or obtaining any system or software for creating an electronic signature without the approval of the concerned authority.
* Forging or imitating an electronic document, electronic signature, or electronic signature certification certificate, or knowingly using any forged version thereof.
The user is prohibited from misusing stored information or engaging in any acts that constitute cybercrime, including but not limited to:
* Using any system or software to obstruct the completion of transactions conducted by electronic means through alteration, deletion, corruption, destruction of data, or disruption of systems.
* Accessing confidential information without authorization or disclosing such information.
* Exploiting vulnerabilities, conducting automated attacks, or manipulating identity verification mechanisms.
The competent authority shall implement all necessary measures and procedures to protect and secure information using all available means and technologies.
The use of modified or untrusted devices, or any attempt to bypass these security controls, is prohibited. The system may restrict access on this basis.
Electronic signature data, electronic media, and information are confidential and may not be disclosed to third parties or used for purposes other than those for which they were provided.
Intercepting, monitoring, modifying, or attempting to bypass verification mechanisms related to “data messages” is prohibited.
Any security vulnerability must be reported immediately through official channels. Exploiting or publicly disclosing vulnerabilities is prohibited.
No security assessment, scanning, or testing may be conducted without prior authorization.
The competent authority reserves the right to monitor system usage and take immediate action without prior notice to ensure system integrity and security, including account suspension, device blocking, or access restriction.
Any violation of the provisions of this Article shall result in suspension of the service and may expose the violator to legal liability pursuant to Article 28 of the Electronic Transactions Act of 2007 and the Cybercrime Law, including:
* Criminal penalties of up to twelve (12) years’ imprisonment, fines, or both, in cases involving electronic sabotage or forgery.
* Imprisonment for up to ten (10) years for revealing encryption keys or encrypted information or misusing them.
* Civil actions to claim compensation for all damages incurred.
Failure to enforce any provision of this Agreement shall not constitute a waiver of rights. All legal remedies and enforcement mechanisms, whether civil or criminal, shall remain available and cumulative.
For grievances or inquiries regarding the use of the digital identity:
National Electronic Authentication Authority
| Address | Blue Nile St-TPRA Tower-Khartoum-sudan |
| Phone | +249187173301 |
| info@nadc.gov.sd | |
| Website | https://www.nadc.gov.sd/en/ |