The Nafath app introduces a truly innovative approach to authentication by leveraging the power of the mobile camera and advanced AI technology, turning the mobile phone into a self-service kiosk. With the app, users can conveniently access a wide range of services directly from their smartphones, offering a seamless and user-friendly self-service experience.

By utilizing the mobile camera and AI algorithms, users can capture their biometric data, such as facial or fingerprint information, for authentication purposes. The AI technology analyzes the captured data and matches it against stored records, ensuring secure and accurate verification.

The self-service kiosk functionality eliminates the need for physical presence and reduces reliance on traditional methods like in-person visits or dedicated kiosks. Users can conveniently authenticate their identity, access government services, open bank accounts, and more, all from the comfort of their mobile devices.

The Nafath app has successfully completed the implementation phase and is now in the Diffusing Lessons stage. We are actively sharing the knowledge and lessons learned from our innovative solution. This includes information about the app's effectiveness, best practices, and the impact it has had on improving the identity authentication processes. Through collaborations, workshops, and conferences, we aim to inspire and inform others, promoting the adoption of this innovative approach. We are also exploring how the principles and technologies used in the Nafath app can be applied in other contexts and industries, seeking new opportunities for innovation.

During the Nafath app's innovation process, key partners played crucial roles:

The National Cybersecurity Authority classified service sensitivities, enabling the determination of the appropriate authentication levels among the 3 levels available in the app.

The Digital Government Authority's legislation mandates Nafath as the single sign-on for verifying identities accessing online government services. This endorsement establishes Nafath as the go-to platform, ensuring widespread adoption

The innovation significantly impacted various stakeholders. Business owners (both Government, and Private entities) offering digital services gained the ability to provide remote access (especially to highly sensitive services), transforming their operations. Users including (Citizens, and Residents) benefited by eliminating the need for physical visits. This innovation not only empowered business owners with new opportunities but also enhanced user convenience.

The Nafath App has achieved impressive growth and significant national achievements. With over 17.2 million downloads, it is the most popular app in Saudi Arabia according to app stores like the App Store and Google Play Store. Users can access over 470 integrated platforms and apps for both government and private services. The app has processed over 380 million verification requests, enabling seamless authentication anytime, anywhere. It eliminates the need for physical visits, benefiting various user groups. With an average request completion time of 20 seconds, the app offers comfort and efficiency. It also helps reduce expenses for private and public entities, making it a key driver of Saudi Arabia's digital transformation.

One of the key challenges that Nafath faces is the authentication of legal identities, this is due to the weakness of governance in this domain. This challenge significantly hampers the provision of Nafath services to those audiences. Without proper governance of legal identities, digital identity services for legal entities will not be possible.

Central National Databases for Biometrics: Establishing centralized national databases to securely store biometric data is crucial for accurate authentication. These databases verify identities.

AI Capabilities: Essential for accuracy and security are advanced biometric algorithms and liveness checks.

Robust Technical Infrastructure: Necessary to support authentication transactions, including internet connectivity, server infrastructure, and storage.

Legal and Regulatory Framework: A comprehensive framework ensures data protection, privacy, and cybersecurity, safeguarding users' rights and fostering trust.

It is important to note that this project has been mandated to NIC -the operational arm of SDAIA-, thus establishing its exclusivity and precluding replication by other entities in Saudi Arabia. However, the innovation can be replicated in other countries if the conditions for success (mentioned in 6.3) are maintained similarly.

Two main lessons can be shared: a business lesson and a technical lesson.

The business lesson concerns sensitive services classification, advocating for a 3rd party to classify digital services’ sensitivity apart from the service provider and technology enabler. This would reduce classification subjectivity and standardize methodologies.

The technical lesson focuses on application dynamicity, emphasizing that backend changes are easier and quicker for market deployment than frontend changes, which require application store approvals and could delay enhancements.

Nafath is proud to showcase its wide range of services that add significant value to various sectors:

The centralized point for accepting requests: providing a secure and efficient point for individuals to accept requests from both governmental and private apps.

The Portable self-service kiosks service: transforming mobile phones into advanced tools for biometric verification. This feature enables individuals to digitally prove their identities in sensitive services, eliminating the need for physical presence.

The on-site verification service: to ensure the completion of identity verification within specific locations. This feature facilitates registration procedures at event sites, ports, and other facilities.