TL;DR: Mobile driver’s licenses are moving from pilots into everyday identity verification, with 21 U.S. states plus Puerto Rico issuing standards-based mDLs and California reporting 3.5 million applications, according to Incode. The security issue is no longer whether mDLs work, but how IAM, onboarding, and compliance flows adapt to fragmented wallet coverage and selective disclosure.
NHIMG editorial — based on content published by Incode: Mobile Driver’s Licenses Are On The Rise. Here’s What to Expect
By the numbers:
- As of July 2026, 21 states plus Puerto Rico issue a standards-based mDL, according to the American Association of Motor Vehicle Administrators.
- TSA accepts mDLs at more than 250 airport checkpoints.
Questions worth separating out
Q: How should security teams support mobile driver’s licenses in identity verification flows?
A: They should treat mDL support as a standards and policy integration task, not a wallet-specific exception.
Q: Why do mobile driver’s licenses change identity governance requirements?
A: They change governance because the credential itself can prove authenticity while also reducing the amount of data that needs to move through the business.
Q: What do organisations get wrong about mDL adoption?
A: The most common mistake is assuming one wallet or one implementation path will cover all users.
Practitioner guidance
- Inventory wallet and jurisdiction support Map which states and wallet providers are supported in each verification flow, then identify where coverage gaps will affect onboarding, age assurance, or account opening.
- Define attribute-level verification policy Specify which mDL fields are allowed for each use case, which ones are required, and which must never be retained after verification.
- Validate downstream system handling Test how identity, fraud, and compliance systems consume a standards-based result rather than a photographed document image.
What's in the full article
Incode's full article covers the operational detail this post intentionally leaves for the source:
- Wallet-by-wallet support details for Apple Wallet, Google Wallet, Samsung Wallet, and the CA DMV Wallet
- The standards path for in-person versus remote mDL verification, including how the credential travels across channels
- Field-level handling of license class, restrictions, endorsements, and revocation states
- How Incode says mDL verification flows into its broader identity orchestration and decisioning process
👉 Read Incode's analysis of mobile driver’s license adoption and verification →
Mobile driver’s licenses: what they mean for IAM teams?
Explore further
mDL adoption is turning identity verification into a standards-orchestration problem. The issue is no longer whether a state-issued digital ID can be verified, but whether the enterprise can accept it consistently across wallets, channels, and jurisdictions. That makes the control plane, not the credential format, the real governance surface. Practitioners should treat mDL support as an integration and policy design decision, not a point capability.
A few things that frame the scale:
- 91.6% of secrets remain valid five days after the targeted organisation is notified, showing a critical gap in remediation procedures, according to the Ultimate Guide to NHIs.
- 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools.
A question worth separating out:
Q: How do mDLs fit into existing onboarding and compliance processes?
A: They fit as a verification input inside the existing workflow, not as a separate process outside it. Organisations should route the result into the same onboarding, fraud, and compliance logic they already use, while reducing the amount of personal data captured and stored.
👉 Read our full editorial: Mobile driver’s licenses are changing identity verification flows