If you've been hearing "MyDigital ID" pop up more often lately, this is why: Malaysia is now running a larger Phase 2 "sandbox" (basically, a controlled test environment) to plug MyDigital ID into real banking systems. According to a written parliamentary reply by the Ministry of Finance (MOF), 18 banking institutions have confirmed they're taking part in this second phase.

What's interesting is that MOF didn't name which banks are involved in the reply, but it did share progress numbers and a timeline, which gives us a decent picture of how far along things are.

Quick refresher: what MyDigital ID is trying to solve

In plain terms, MyDigital ID is meant to be a national digital identity that can be used to prove you are you online, without constantly re-uploading documents or repeating identity checks across different services.

Banks are one of the biggest "make-or-break" sectors for this kind of system because they do identity verification all the time:

So, if MyDigital ID can do secure identity verification reliably in banking, it's a strong sign it can work elsewhere too.

What Phase 2 is actually testing

MOF describes the Phase 2 sandbox as a programme focused on MyDigital ID's e-verification capability. That's the mechanism meant to verify a user's identity for things like opening a new account and performing secure, real-time banking transactions.

This matters because "verification" in banking isn't just a login screen. Banks need confidence that the identity proofing process is strong enough to stand up to:

Why MOF and Bank Negara are being cautious about rollout

If you're thinking, "Why not just roll it out now?", MOF's answer is basically: banking integration has to clear strict security, data protection, and audit requirements first, and doing it in phases reduces risk.

The integration work is being implemented by the government through MyDigital ID Sdn Bhd and Bank Negara Malaysia (BNM), with an emphasis on security-by-design, privacy-preserving measures, and auditable governance.

That "security-by-design" part is important. It usually means you're not bolting security on at the end; you're building the integration so that things like authentication flow, data handling, logging, and access controls are part of the foundation from day one.

Where the banks are at right now

MOF provided a progress snapshot for Phase 2:

That implies the rest are in earlier testing, readiness work, or final evaluation stages before full integration.

What we learned from Phase 1

Phase 2 didn't start from zero. Phase 1 involved 15 banking institutions and concluded in June 2025.

In that Phase 1 group:

This detail is useful because it shows the sandbox isn't just theoretical. Banks have already been testing identity verification workflows (including electronic know-your-customer checks) and learning what breaks, what's slow, what's risky, and what needs stronger controls.

The timeline: when Phase 2 is expected to end

MOF said Phase 2 is expected to conclude in March 2026. After that, the government will assess the outcomes before deciding the timeline and scope for wider implementation across the financial sector.

One key nuance: even after Phase 2 ends, broader rollout still depends on each institution's readiness and decisions. In other words, there may not be one single "everyone flips the switch on the same day" moment.

What could change for customers (and what probably won't, at first)

If banks move from sandbox into real services, MOF's direction suggests MyDigital ID would start as an option for customer verification, likely first for selected services like account opening and identity authentication for digital transactions.

What customers might feel immediately

For normal users, the benefits (if executed well) could be practical, not flashy:

What probably stays the same during transition 

During any phased rollout, banks typically keep existing verification methods running in parallel for a while. That reduces disruption and gives people alternatives if:

So it's unlikely you'll wake up one morning and your current banking app suddenly refuses your normal login or current verification steps. The transition tends to be additive first (new option), then gradually expanded.

The bigger picture: why this matters beyond convenience

Digital identity systems tend to be judged on two things:

Banking is where both are tested hardest. If the integration meets the "security certification, personal data compliance and audit standards" that MOF highlighted, it strengthens the case for a wider rollout across the financial ecosystem.

And if it doesn't meet those standards, the sandbox approach is exactly where you want to find that out, not after it's live across millions of accounts.

What to watch between now and March 2026

Between now and the Phase 2 expected end date (March 2026), the useful signals to look for are: