What’s the State of Play With the eID in the DACH Region?

Electronic identification (eID) is on the horizon. Discover how different the current status is across German-speaking countries.

Apr 21, 2022 - 4 min.
Picture of: Adrian Straub
Adrian Straub

With every online registration, users leave their digital identity behind them. Given the large number of accounts, we all have today – with online retailers, banks, and social networks – it’s very easy to lose track of them all. Wouldn’t it be handy to have just one digital identity – AKA the electronic identity or eID – for all of them? Some European countries have had just that for some time now. But what about Germany, Austria and Switzerland? 

Driven by the COVID-19 pandemic, many people are now completing more and more tasks and transactions online – from purchases to tax declarations and other official business. For all of these processes, the ability to verify the identity of users is essential. So it’s high time that countries gave their citizens the option of having a standardised eID to streamline these online transactions. 

In Sweden, for instance, citizens have been able to use an eID, known as the ‘BankID’, since 2003. It’s called this because it’s issued by different banks and is based on the identification systems operated by those banks. The Swedish state acts as the supervisory authority. Swedes have long been able to use their Bank ID, for example, to conclude contracts or submit their tax returns. 

Yet citizens in Germany, Austria and Switzerland still don’t enjoy the same level of convenience. The rollout of the eID is at very different stages across the various German-speaking countries – even the chosen solutions are different. 

Germany: 2022 marks the launch of the smart eID

In Germany, the electronic identity card was actually introduced in 2010. However, it had to be activated first. And although the eID function has been automatically activated since 2017, it hasn’t been issued to many citizens yet. This is one reason why its use has been rather limited to date. 

With the official eID, Germany is now taking a smarter approach: The Act on the introduction of electronic identification with a mobile device (Smart-eID Act) came into force in September 2021. It established the legal basis that allows the online ID card to be stored on a smartphone and used without the physical identification document.

This makes the online identification process much faster now. Up to now, users always had to read out the chip in the ID card with a card reader or an app and enter a PIN. The smart eID does away with all this. Instead, the data is transmitted once from the chip in the ID card to the smartphone – where it will be available in a matter of seconds in the future. 

To guarantee maximum data security, the Federal Office for Information Security (BSI) has developed a requirements catalogue. For instance, the mobile devices used must be equipped with a special security chip. One of the partners of the BSI as part of the pilot project is smartphone manufacturer Samsung. The chip is built into its models in the Galaxy S20 series – which means owners of these devices have been able to use the smart ID since late last year. Based on current plans, most commercially available smartphones will also support the function during the first half of 2022. 

Austria: ID Austria in the pilot phase 

Meanwhile, in Austria, the pilot phase of the switchover from the previously used mobile phone signature to the new ‘ID Austria’ has been running since the autumn of 2021. In future, this further development of the mobile phone signature will allow Austrians to identify themselves online, use digital services and complete online transactions. Users wishing to verify their identity digitally must use a dedicated app called ‘Digitales Amt’ (Digital Office). 

During the pilot phase, the mobile phone signature can still be used and the planned electronic identification facility will also have the same functions for this duration. Users who want to familiarise themselves with this new facility can upgrade their existing mobile phone signature to a basic version of the ‘ID Austria’. Those who do not yet have the mobile phone signature can register with the pilot authorities. The ID Austria is due to replace the mobile phone signature entirely by mid-2022 and will be available throughout Austria. Users who prefer to continue using their mobile phone signature until then can also switch to ID Austria conveniently using the ‘Digitales Amt’ app. 

The ID Austria is due to reach its full potential from the summer of 2022 onwards. By then, it will have an identity function and should also be able to store a driver’s license, the vehicle registration certificate and other forms of ID in digital form. In the coming year, it will even be possible to use the ID Austria throughout the EU. 

Switzerland: the journey to the E-ID

The journey to E-ID in Switzerland hasn’t been smooth. In a referendum on the Federal Act on Electronic Identification Services that was held in March of last year, the Swiss electorate voted by a large majority to reject the proposed concept. The main reasons for this were the planned cooperation between the state and private companies for the electronic proof of identity and criticism of the planned central architecture. Following this defeat, the Federal Council revised the outline concept and decided at the end of 2021 to introduce new basic parameters for a data-efficient and decentralised solution. The new proposal is based on the concept of self-sovereign identity (SSI), which gives users maximum control over their own data. As a trustworthy authority, the state will issue the electronic ID card. The identity features it records – such as name or date of birth – can be stored in a type of digital wallet. If users identify themselves in this way to use an online service, information about this is not shared with the issuer. The criticism aimed at the centralised architecture was also addressed with an SSI solution ensuring that the users are not dependent on one central service provider. The users themselves are in charge of their data. 

Furthermore, the system’s technical structure alone – which is based around ‘privacy by design’ – already meets very high privacy requirements. Minimisation of data flows is also targeted. 

The infrastructure for the E-ID will be operated by the state and will soon be available to other state and private authorities. The aim is to develop an E-ID ecosystem in this way that can be used for additional purposes in the future – such as recording criminal records, university degrees or doctors’ prescriptions. 

Currently, the Swiss Federal Council wants to make rapid progress and plans to propose a new E-ID act by mid-2022.

 

Using (C)IAM to Comply Safely With Legislative Changes in 2022