Factsheet on the electronic Identity at
pan-European level
Factsheet on the electronic Identity
at pan-European level
May 2012
European Commission
Directorate-General for Informatics
About the eID Factsheet
The eID Factsheet was created as a tool for those interested to find out the European dimension of
electronic Identity. Several aspects of eID usage are considered, with special focus on the concept of
eID as an eGovernment enabler. The information included in each country’s factsheet has been
retrieved from the eGovernment Factsheets on ePractice, which are regularly updated semi-annually
by the ePractice Editorial Team with information provided from or verified by official governmental
sources.
The purpose of the Factsheet is to be a one-page brief report highlighting the major achievements,
the legal, policy and strategic landscape affecting eID and the relevant research and implementation
initiatives for 34 European countries. All 27 EU Member States are covered together with seven
additional countries that are closely related to the EU (candidate or associated countries).
Material included in this Factsheet has been gathered from the eGovernment Factsheets and has
been edited to suit the purpose of this document. In order to maintain a manageable and appealing
size, only the main milestones have been filtered. For some countries, information on the eID concept
is vast and a strict filtering had to be performed. For other countries, too little information regarding
their eID status and developments was identified and the respective sections are therefore of limited
size. The interested reader may refer to the eGovernment Factsheet of the respective country or to
the sources given therein for further information in a given area. This Factsheet is the reference
document of the European eID Observatory at ePractice.
The countries covered in this document are the following:
 Austria
 Ireland
 Spain
 Belgium
 Italy
 Sweden
 Bulgaria
 Latvia
 United Kingdom
 Cyprus
 Lithuania
 Croatia
 Czech Republic
 Luxembourg
 FYROM
 Denmark
 Malta
 Iceland
 Estonia
 Netherlands
 Liechtenstein
 Finland
 Poland
 Norway
 France
 Portugal
 Switzerland
 Germany
 Romania
 Turkey
 Greece
 Slovakia
 Hungary
 Slovenia
Author
EUROPEAN DYNAMICS SA for ePractice.eu in the context of SMART 0109/2008/SC13.
Disclaimer
The opinions expressed in this document are purely those of the writer and may not, in any
circumstances, be interpreted as stating an official position of the European Commission. The
European Commission does not guarantee the accuracy of the information included in this document,
nor does it accept any responsibility for any use thereof. Reference herein to any specific products,
specifications, process or service by trade name, trademark, manufacturer or otherwise, does not
necessarily constitute or imply its endorsement, recommendation or favouring by the European
Commission.
© European Communities, 2012
Reproduction is authorised, except for commercial purposes, provided the source is acknowledged.
Austria
Highlight
Establishing eID as a key enabler and advancing the inclusion with innovative public services are
among the priorities of the Austrian strategy.
Law, Policy & Strategy
One of the key principles of the eGovernment Act, which entered into force on 1 March 2004, is the
security and improved legal protection provided by appropriate technical measures, such as the
citizen card.
The ‘Programme of the Austrian Federal Government 2008–2013’ laid down important measures on
improvement in the handling of citizen's cards for citizens. It stipulated that all IT processes and
portals of the administration and local authorities should support registration with the citizen's card.
All newly established electronic processes should be based on identification with the citizen's card.
For citizens, it should be fundamentally possible for the verified digital signature to be contained on
their ID cards.
The sourcePIN Register Regulation specifies the responsibilities of the sourcePIN Register Authority
which are necessary for the implementation of the citizen card concept and the cooperation with its
service providers. Provisions deal with the process to: create identity links; set down the duties of
citizen card registration agents; validate identity and the identity link dataset. A compliant citizen card
environment needs to support an interface that can bind the citizen card to the application. The
sourcePIN Register Authority electronically signs a mandate representation dataset, thus preventing
forgery of such datasets stored in a citizen card. A service to revoke mandates online over the
Internet is provided by the sourcePIN authority.
Implementation & Research
In November 2005, the eCard (electronic health insurance card) rollout throughout Austria was
successfully completed. The eCard replaced the paper-based health-card voucher. Approximately
eight million eCards were sent out. The eCard included the possibility to activate the Citizen Card
function (free of charge) and be used, additionally, for eGovernment services.
As from January 2008, Austrian health insurance and eID cards began to use qualified eSignatures.
The new signature function is an ID for administrative and social security purposes. In addition, it
could be used more easily for signing and encoding of information, e.g. in electronic banking.
In November 2008, the first version of the new online open source citizen card middleware MOCCA
(Modular Open Citizen Card Architecture) was released, allowing the implementation of citizen card
based authentication on websites without requiring the installation of software at the user’s
computer. It allows offline applications, such as signing of electronic documents on the local machine.
In January 2009, the personalised version (http://www.myhelp.gv.atwww.myhelp.gv.at) of the
popular site HELP.gv.at was launched. The user profile tailors the informational content of Help.gv.at
according to the needs and the life situation of the user. Additional services include a reminder
service that alerts the citizen, for example, when a passport is about to expire; access to the eDelivery
system 'meinbrief.at'; and the possibility to lodge user names and passwords for certain web mail
services.
In December 2009, the mobile version of the citizen card developed in the framework of the CIP large
scale pilot STORK was launched, providing secure authentication and identification. Smart card and
reader are not replaced by a mobile phone. Fourteen months later, www.handy-signatur.at was
launched.
The pan-European eID Factsheet – European eID Observatory at ePractice
1
Belgium
Highlight
The national eID card, which is obligatory for every Belgian citizen over the age of 12, serves as proof
of identity, enables secure access to online government applications, used to sign electronic contracts
and to request official documents or forms online.
Law, Policy & Strategy
A law on electronic forms signed with the eID card of December 2006 and two related decrees of July
2007 have been adopted by the Walloon Parliament and by the Walloon Government, respectively.
These decrees give the same legal value to electronic forms as that of paper-based equivalents. The
user fills in an electronic form and signs with the eID. The Walloon Region is the first authority in
Belgium to propose this possibility.
The legal framework for the use of eID cards is set in a series of Royal and Ministerial Decrees,
namely: Royal Decree of 25 March 2003 on the legal framework of eID cards; Ministerial Decree of 26
March 2003 on the format of eID cards; Royal Decree of 1 September 2004 on the generalisation of
eID cards; and Royal Decree of 18 October 2006 on the eID document for Belgian children under 12.
Implementation & Research
A revamped version of the Belgian eID website 'eid.belgium.be' was released on 31 January 2012 by
the Federal Public Service for ICT (Fedict). The layout and interface have received an overhaul, while
its content has been completely revised, accommodating citizens, businesses and government.
Since November 2011, all Belgian public institutions and their partners, whose users must be able to
place legally valid eSignatures on electronic documents through their eIDs, can use the 'Digital
Signature Service' (eID DSS).
In September 2009, the portal 'My.belgium.be' was officially launched, providing registered users with
a direct, easy, secure and round-the-clock online access to their personal files and to various Federal
Government services. Among these services feature tax return submission; police-on-web
applications; online purchase of public transportation ticket; and eHealth applications. Registration
has to be performed by means of the Belgian eID card, using an eID card reader.
The Kids-ID card is an electronic identity card for children under 12 years of age launched on 16
March 2009.
Since 4 June 2009, it has been possible for those travelling the Belgian railways to use their Belgian
electronic identity card (eID) as a valid train ticket. The new eService is the first of its kind in Europe.
The Belgian eID can now be issued abroad. Lille is the first consular post to issue the Belgian eID and
will be followed by all 120 Belgian consulates and embassies abroad, which will replace the existing
non-electronic identity card of 340 000 Belgians living abroad.
A nation-wide campaign for the promotion of the national eID card was launched in April 2009 in
Belgium under the slogan 'Your eID as easy as can be'. This campaign aimed to introduce the current
and future eGovernment applications to the Belgian population while raising awareness on the
various uses of the eID card, as well as on its user-friendliness.
The ePolice office or 'Police-on-Web' service allows Belgian citizens to report a number of crimes to
the police online 24 hours a day. To register an eComplaint, people need to use their eID card or
token. Any violent or dangerous crime requiring an immediate police response should be reported to
the police in the usual manner.
The pan-European eID Factsheet – European eID Observatory at ePractice
2
Bulgaria
Highlight
The ePortal provides access to more than 1 300 services in various ministries, agencies and
municipalities. Although most of the available eGovernment services on the portal provide
information, some of them do require the use of special smart cards containing personal eSignatures,
provided by the State-owned company Informatsionno Obsluzhvane (Information Services Plc).
Bulgarian authorities started issuing biometric IDs in March 2010.
Law, Policy & Strategy
In October 2008, the Bulgarian Government approved a new health strategy, pursuing the
introduction of eHealth cards by 2013. Each eHealth card is equipped with a microchip that stores
data about the patient and the issuer, including the card number, as well as a security certificate.
In March 2001, the national Assembly adopted the Law on Electronic Document and Electronic
Signature, amended in 2011.
Implementation & Research
In July 2011, the Ministry of Transport, Information Technology and Communications (MTITC)
announced that an eID register for users of government services and an identity management system
(IDM) will be created within the framework of the ministry’s new projects.
In May 2007, the Bulgarian Government announced its intention for a new generation of personal ID
cards to be issued from 31 October 2007. The new eDocuments would look similar to the previous
Bulgarian identity card and they would carry biometric information in the shape of either a
thumbprint or retina scan. The eID cards were also set to contain a unique digital certificate to be
issued by the Government. The card’s use could be further extended in the future to make it a general
access document enabling online voting, payment of insurance and taxes, updating of health records
and registration of property and cars.
The new cards aim to improve security while speeding up procedures at customs' controls.
Informatsionno Obsluzhvane (Information Services Plc) is a State-owned company that provides
personal eSignatures contained in special smart cards used by individuals and businesses for accessing
eGovernment services.
In parallel, Bulgaria started issuing its first eHealth cards as part of the pilot project launched by the
Ministry of Health and the National Health Insurance Fund (NHIF) in February 2007. Each eHealth card
is equipped with a microchip that stores data about the patient and the issuer, including the card
number and a security certificate. With this information, the patient’s insurance status and his/her
assignment to a general practitioner can be automatically checked. In addition, electronic
prescriptions for medications covered by the Bulgarian health insurance fund will be recorded on the
chip.
The pan-European eID Factsheet – European eID Observatory at ePractice
3
Cyprus
Highlight
In 2012, the Ministry of Interior began issuing eIDs in order to replace the traditional ID cards and to
enhance security.
Law, Policy & Strategy
The Legal Framework for Electronic Signatures and for relevant matters Law (N. 188(I)/2004)
implements the European Directive 1999/93/EC regarding the EU Framework for Electronic
Signatures. The Law effectively establishes the legal framework governing eSignatures and certain
certification services for the purpose of facilitating the use of eSignatures and their legal recognition.
It does not, however, cover aspects related to the conclusion and validity of contracts or other legal
obligations which are governed by requirements, as regards their form. Furthermore, it does not
affect rules and limitations in relation to the use of documents provided by other applicable
legislation in force. Based on the provisions of this Law, regulations may be issued so as to define
additional requirements for the use of electronic signatures in the public sector, amongst others.
Implementation & Research
In March 2008, the Government initiated the procedures to introduce electronic identification/authentication (eID, smart cards) for public services in order to realise seamless access to public services
across borders. eID standardisation/interoperability is essential in order to put in place key panEuropean services, such as cross-border company registration, electronic public procurement, job
search, eVoting, eHealth, etc.
The pan-European eID Factsheet – European eID Observatory at ePractice
4
Czech Republic
Highlight
eSignature and eStamp authentication services were introduced in July 2006. The aim was to provide
all public bodies with an effective authentication system.
Law, Policy & Strategy
The Act on Electronic Actions and Authorised Document Conversion (No.300/2008 Coll.), also referred
to as the 'Czech eGovernment Act', was adopted on 17 July 2008 and entered into force on 1 July
2009. It accords electronic and hardcopy documents the same legal status, enables the authorised
conversion of hardcopy documents and sets out provisions for the use of certified eSignatures. The
Act states that each eDocument has to have an authenticated eSignature, as well as a time stamp to
show when the document was signed. In dealings with public authorities, the certified eSignature has
the same value in certifying official documents as a hand-written signature.
eSignatures are one of the main tools for the identification of persons and for the authentication of
documents in the Internet environment. As the Public Administration’s central body competent for
eSignatures, the Ministry of the Interior conducts regulatory, supervisory and accreditation activities
with regard to eSignature products and providers in the Czech Republic. The Ministry supervises the
Act, oversees compliance with obligations laid down in the law and provides support when
eSignatures are introduced in amendments to other legal regulations, thus enabling the use of
eSignatures in the PA.
Implementation & Research
The identification of persons, the authentication of documents in the Internet environment and
access to several transactional electronic public services are based on eSignatures. As of late-2011,
there are three certification service providers (First Certification Authority, Czech Post and eIdentity)
accredited by the Government to issue eSignatures (qualified certificates, qualified system certificates
and qualified time stamps) valid for communicating and transacting with the PA. Their qualified
certificates can be used for online transactions. eSignatures based on non-qualified certificates issued
by other businesses can only be used for commercial services.
Following a testing period, Czech authorities launched a first version of the Czech electronic passport
at full scale in September 2006.
On 1 April 2009, authorities started rolling out new electronic passports which featured a chip that
contained two biometric identifiers. Issued in compliance with the requirements laid down in the
European Union regulation regarding passport security and biometrics, the passports include new
security features such as intricate designs and complex watermarks, as well as a chip and an antenna.
The chip stores the electronic facial scan of the holder, in addition to personal details. Facial
recognition maps various features. The addition of fingerprint details on the chip is being planned for
a later stage.
The pan-European eID Factsheet – European eID Observatory at ePractice
5
Denmark
Highlight
In Denmark, no plans have been formulated for introducing card-based electronic identities.
However, since 1 July 2010, the digital signature 'NemID' provides easy and safe access to a wide
range of public and private self-service solutions online. With this digital signature, citizens use the
same user ID and the same password for online banking, government websites and a wide range of
private services online. More than 70 % of the Danish population above the age of 15 use 'NemID'.
Law, Policy & Strategy
The Danish Government launched an ambitious programme to issue free digital signatures as a means
of user authentication for all citizens, with a view to accelerate the take-up of eGovernment services.
Through the scheme, Danish citizens are issued a free software-based digital signature (OCES – Public
Certificate for Electronic Services) providing sufficient security for most public and private sector
transactions. Launched in early 2003, the scheme aimed at distributing 1.3 million digital signatures
after four years and, ultimately, at providing all Danes with digital signatures. The official Danish
eSignature may have up to a four year-term validity.
The Act on Electronic Signature entered into force in October 2000. It implements the EU Directive on
a Community Framework for Electronic Signatures (1999/93/EC). The definitions of “advanced” and
“qualified” eSignature under the Danish law are very close to those of the European Directive.
Advanced and qualified eSignatures cannot be issued to legal entities under the Danish law. The
Danish Government has set up an official digital signature scheme, whereby all citizens are due to
receive the OCES.
The Act on Processing of Personal Data entered into force on 1 July 2000 in order to implement
Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and
on the free movement of such data. It furthermore allows individuals to access their records held by
public and private bodies. The Act is enforced by the Datatilsynet (Data Protection Agency).
Implementation & Research
1 July 2011 marked the first anniversary of the launch of Denmark's digital signature system NemID.
During that year, it was used 310 million times by 79 % of the adult population to access services in
both the public and private sectors, most notably for Internet banking.
The pan-European eID Factsheet – European eID Observatory at ePractice
6
Estonia
Highlight
Estonia started issuing national eID cards in January 2002. In the ten-year period following the launch,
around 1.6 million cards have been issued. At the beginning of 2012, there were 1.2 million valid eID
holders. The card fulfils the requirements of Estonia’s Digital Signatures Act and it is mandatory for all
Estonian citizens and residing foreigners over 15 years of age. It is meant to be the primary document
for identifying citizens and residents. Its functions are used in any form of business, governmental or
private communications. It is furthermore a valid travel document within the EU. It advanced
electronic functions facilitating secure authentication and providing legally binding digital signature
for public and private online services.
Law, Policy & Strategy
The Digital Signature Act (2001) grants similar legal value to digital and handwritten signatures while
setting an obligation for all public institutions to accept digitally signed documents.
In 2006, the DSA was amended. A clear reference to a Secure Signature-Creation Device (SSCD) was
made, as required in the EU Directive 1999/93/EC on a Community framework for electronic
signatures. The aim of the SSCD is to ensure the functionality of advanced eSignatures.
The Act was also amended in December 2007 while its last amendment took place in December 2010.
Implementation & Research
In February 2011, the Estonian Police and Border Guard made available a new type of digital identity,
the mobile-ID, which enables users to provide electronic identification and a digital signature using a
mobile phone. To apply for a mobile-ID, a person must have a valid ID-card, PIN codes and a card
reader, as well as a contract with a mobile service provider which provides a SIM card. Mobile-ID
certificates are valid for three years. The mobile-ID can also be used for electronic voting in elections.
The project 'Mobile applications for identity card issuance and the creation of a technical solution' is
funded by the EU's structural support of the European Regional Development Fund (ERDF).
Citizens can log in the self-service employment portal, launched by the Estonian Unemployment
Insurance Fund, by using their ID-card or mobile-ID and then create their own CV, apply for jobs,
manage their own work requests, review the statements made to the Unemployment Insurance Fund
about the outcomes and decisions, and inform them of any changes to their data or situation. By
using their ID-card or mobile-ID to log in, employers can manage their own company's job offers and
search for suitable candidates among the users of the self-service environment. In addition, it is
possible to apply for severance packages.
Diara is an open source application that allows public administrations to use the Internet in order to
organise polls, referenda, petitions, public inquiries, as well as to record electronic votes using eID
cards. Its initial version went online at the end of August 2010.
The VOLIS pilot project – an Internet-based information system for local governments – was launched
in the municipality of Jõgeva on 11 June 2010. Registered users can access the VOLIS system via their
ID-card or by using SIM card-based identification through their mobile phones (Mobile-ID).
In February 2010, the Government approved the ‘Implementation Plan for 2010-2011’ of the
‘Estonian Information Society Strategy 2013’. The document sets out six priority areas, including the
large-scale uptake of eID.
The pan-European eID Factsheet – European eID Observatory at ePractice
7
Finland
Highlight
The Population Register Centre (PRC) is responsible for issuing eIDs. It creates an eID for Finnish
citizens when providing them with a personal identity code. The electronic client identifier is used for
electronic user identification in secure online transactions. It is a dataset consisting of a series of
numbers and a check character that helps identify citizens and foreign citizens permanently residing
in Finland. The PRC is currently the only certificate authority for qualified certificates in Finland able to
issue Pan-European certificates that provide high levels of information security and contain the
correct identity.
Law, Policy & Strategy
The Act on Strong Electronic Identification and Electronic Signatures entered into force on 1
September 2009, thus replacing the Act on Electronic Signatures issued in 2003. The objective of the
new Act is to create common rules for the provision of strong eID services. It will likewise promote the
provision of identification services and the use of eSignatures. The Act is founded on the principle that
users must be able to trust information security and protection of privacy when they use strong eID
services.
As from 29 June 2009, all new passports issued in Finland include fingerprints stored on the chip to
help improve passport security and contribute to establishing a more reliable link between the travel
document and its holder. The aim of registration is to protect people's identity, to improve personal
security and to prevent identity misuse that violates the right to privacy.
The 'National Knowledge Society Strategy 2007-2015' has set five broad priorities, one of which is the
promotion of eID.
Implementation & Research
In October 2006, chip ID cards for government employees started being adopted throughout the
Central Government. These cards contain a qualified certificate enabling identification for logging
onto information networks, the authentication of network users and the encryption of email and
other documents, while providing a binding and undisputable eSignature, as specified in Finnish
legislation.
First presented by the Population Register and telecom operator Sonera in November 2004, the
Mobile Citizen Certificate is a Government-guaranteed electronic identity designed to enable secure
mobile Government and mobile Commerce transactions. The Citizen Certificate is included in a SIM
card, allowing mobile phone users to easily identify themselves with a single code. In addition to user
identification, the certificate also ensures authentication and confidentiality of the exchanged data, as
well as information integrity and delivery of the message. This mobile service provides Finnish citizens
with a secure alternative to the eID card for carrying out a number of transactions with public and
private bodies.
Initially launched in 1999, the Finnish Electronic ID Card is a smart card featuring the holder's
photograph and containing a microchip that stores the user's eNumber. In addition to normal
identification, the FINEID card can be used for electronic transactions and as an official travel
document for Finnish citizens in the Nordic countries and 27 other European countries. FINEID is a
secure network key for all online services which require identification of a person. It can also be used
for making an official eSignature and for encrypting email messages and attachments. The card’s chip
was indeed upgraded to enable the use of fully functional digital signatures. Furthermore, since June
2004, citizens have been able to choose to have their health insurance data included in their eID card
instead of the health insurance card (KELA card), with a view to carrying one card instead of two.
The pan-European eID Factsheet – European eID Observatory at ePractice
8
France
Highlight
The ‘Development Plan for the Digital Economy by 2012’ provided for the eID card rollover starting in
2009. The card is based on a highly secured eSignature standard and is designed to facilitate the direct
participation of citizens in the public decision-making process (e.g. online consultations and petitions).
Law, Policy & Strategy
In October 2008, the Secretary of State to the French Prime Minister, responsible for the
Development of the Digital Economy, unveiled ‘Digital France 2012’, the country’s action plan for the
development of the Digital Economy by 2012. The enhancement of digital trust is a priority area of the
plan. Among other key measures, it provides for the deployment of an eID beginning in 2009.
The electronic services provided online to citizens and enterprises via the portal ‘www.servicepublic.fr’ are supported by one common eSignature solution. The legal basis for this solution is the
ordinance on electronic interactions between public services users and public authorities and among
public authorities of 8 December 2005.
Implementation & Research
The French Government launched an eID card project called INES (‘Identité Nationale Electronique
Sécurisée’, or ‘Secure Electronic National Identity’), which was endorsed by the Prime Minister on 11
April 2005. In line with the Government’s initial plans, the future French eID card is to be fitted with a
chip containing all identity information of the holder, two biometric identifiers (facial image and
perhaps fingerprints), and an electronic signature allowing secure access to both eGovernment and
eBusiness services and transactions. French citizens would have had to pay a fee for obtaining the
new electronic document, which was planned to be mandatory.
In 2005 a wide-ranging review was proposed, in particular to better address privacy and security
issues. New orientations were announced, among which an Identity-related services module
containing an authentication certificate and an eSignature field. Access to the biometric database
would be strictly regulated and would not be possible out of judiciary proceedings. Lastly, holding an
eID card would not be compulsory.
Another major eIdentification and eAuthentication tool is the latest generation of health cards that
started being issued at the beginning of 2007.
In April 2006, the Ministry for Internal Affairs announced the introduction of the first ePassports in
France, due to be progressively introduced between April and July 2006. Embedded with a contactless chip, the French ePassport contains the digitalised photograph of its owner. The passport is
intended to be more than a simple travel document; it could be used for the fulfilment of
administrative formalities in the future. On 28 June 2009, the electronic passports were replaced by
biometric passports, which also contained the holder’s digitised fingerprints.
The pan-European eID Factsheet – European eID Observatory at ePractice
9
Germany
Highlight
On 5 May 2010, the new German eID card project (Neuer Personalausweis) received the European
Identity Award 2010 in the category 'eGovernment/eHealth'. By the end of 2011, about 10 million
new eIDs had been issued.
Law, Policy & Strategy
On 30 June 2011, the IT Planning Council took the first steps towards the implementation of the new
National eGovernment Strategy and also agreed on the joint development of an eID Strategy to
enable citizens to securely exchange data with the administration and businesses through the
Internet. The major focus is on protecting 'electronic identities' and on the simple and secure use of
the services provided by the state.
In March 2005, the German Federal Government presented a common 'eCard' strategy providing a
common strategic framework for a number of eGovernment smart card initiatives in the areas of
citizen identification, social security information and health insurance services.
On 15 April 2008, the Federal Government adopted the General Administrative Regulation Governing
the Electronic Office ID Card, to replace the traditional paper ID cards by tamper-proof chip cards
which offer the possibility of integrating intra- and inter-agency services, such as time and attendance
recording as well as eSignatures.
The legal basis of the conventional German ID cards is laid down by the Law on the Personal Identity
Card, on Electronic Identity Verification and on changes regarding further provisions.
In June 2007, revision of the Passport Act was approved by the Federal Council, laying down the legal
foundation for the second generation electronic Passports which started being issued on 1 November
2007. In addition to the digital facial image, the new passports also feature two fingerprints in digital
format. According to the Act, those fingerprints are to be stored exclusively on the passport’s
microchip, and they should in no case be stored locally on issuance authorities systems or in any other
central database.
Implementation & Research
Germany's new ID card was launched on 1 November 2010. The new eID card in credit card format
replaced the existing national ID card and offers more functions than the current conventional ID. By
utilising a microchip, the card provides an online authentication functionality, applicable to both
eGovernment and eBusiness transactions. Due to the assignment of authorisation certificates and the
mutual authentication, cardholders can be confident that whoever requests their data is also
authorised to obtain it. The secure eID card will provide further protection against identity theft and
will offer new, user-friendly ways to guarantee valid client-data for service providers and protect
young people through age verification. Furthermore, the new eID card includes the optional
eSignature functionality. Cardholders may choose to upload a qualified eSignature to their ID card,
facilitating the card’s owner to perform legally binding actions in eGovernment and eBusiness
applications. To ensure that national ID cards continue to serve as secure travel documents, the eID
cards have biometric identifiers stored on a chip which satisfies requirements for official identity
checks – and for this purpose only. All eID cards have a digital biometric photo; cardholders may
choose to include two fingerprints on the chip as well. Both identifiers are an efficient way to increase
security at border controls.
Germany was among the first countries to introduce the electronic Passport (ePass), which started
being issued in November 2005. It was developed to comply with the Council Regulation (EC) No
2252/2004 and was equipped with a microchip, containing such holder data as name, date of birth
and nationality. Beyond traditionally relevant data, a digital facial image of the holder was also stored
on the microchip.
The pan-European eID Factsheet – European eID Observatory at ePractice
10
Greece
Highlight
There is currently no central eID infrastructure for eGovernment in Greece. However, some initial
plans for the issuance of eID cards have been presented by the Ministry of National Health and Social
Solidarity and the Ministry of Labour and Social Insurance.
Law, Policy & Strategy
The Draft Law on eGovernment is the first legislative step in the Greek legal system for eID. The draft
law focuses on the management of electronic transactions, while ensuring conditions for the legal and
evidentiary value of electronic documents.
The Digital Authentication Framework sets the standards, the procedures and the technologies
required for the registration, identification and authentication of the eGovernment services users,
including citizens, businesses, public authorities and civil servants. It also aims at creating an
integrated and coherent set of policies, regarding digital certificates and Public Key Infrastructures.
During March 2006, the Hellenic Public Administration Root Certification Authority (HPARCA) was
established (Law No. 3448, Government Gazette 57/A’/15-3-2006), and on 10 November of the same
year it was issued the HPARCA Certification Practices Statement (Government Gazette 1654/B’/10-112006). The HPARCA agency belongs to the Ministry of Interior, Decentralisation and eGovernment and
is the primary certification authority responsible for the definition of policy and coordination of other
public agencies that provide certification services. The establishment of a unique root certification
authority for defining certificate policies and standards shall minimise interoperability issues. The
development of the National Authentification System will enable interoperable, digital transactions of
all types, will save considerable financial resources to the Government and – the most important –
will stimulate the evolution of the Public Administration from a group of independently operating
Agencies to a network of interoperable and collaborative public services that are communicating
constantly with obvious benefits for the citizens and businesses.
Implementation & Research
The first stage of the plan for the issuance of eID cards has been accomplished with the allocation of
the Social Security Registration Number (AMKA) to every citizen. The second stage was realised in
2010 with the accomplishment of the electronic Prescription programme, which foresees that
production, distribution and control of prescriptions and referrals for medical instruments is carried
out through the use of computers and electronic means in such a way that ensures the reliability,
security and transparency of the information handled.
The national portal ‘Ermis’ aims to provide integrated and secure eGovernment services at all levels,
from a central point, thus becoming the benchmark of the National System Authentication. Through
the new authentication system, the user, citizen or enterprise, will submit a request to the portal via
an eSignature. The request will then be identified and initiated by the appropriate agency, thus
ensuring the security, validity and legality of digital transactions are being ensured.
The pan-European eID Factsheet – European eID Observatory at ePractice
11
Hungary
Highlight
Since April 2005, Hungary has a comprehensive central identification solution (Client Gate) for the
identification of citizens for electronic transactions carried out between public authorities and
citizens. However, there has not yet been a comprehensive solution for the identification of citizens in
electronic transactions carried out between public authorities.
Law, Policy & Strategy
A new law adopted in Hungary in February 2008 will see the introduction of the ‘ePost Office’ for legal
documents sent via email. The new bill introduces a novel independent agent to act as a go-between
for judicial authorities and their clients: the ePost Office. E-mails of a legal nature will be delivered to
the ePost Office which will then notify the recipient either via ordinary email or text message to a
mobile phone. In order to consult the documents in question, the recipient must first use an official
eSignature to send an acknowledgement of receipt to the sender.
Among the eGovernment regulations laid down in Government decrees and resolutions passed
between 2004 and 2008 figure the Act on Electronic Signature (2001) and the Government Decree
194/2005 (IX. 22.) on the requirements of eSignatures and certificates used in (actions of) public
administration and certification service providers issuing those certificates.
Implementation & Research
In October 2002, the Hungarian Government launched a range of initiatives aimed at setting up a
smart card infrastructure for eServices provided by central and local administrations in order to
enable user identification.
The Client Gate is the electronic client access and identification system accessible via the Hungarian
eGovernment portal. It is a gateway that allows users to securely identify themselves online and gain
access to any transactional government service available. The updated system is planned to facilitate
the introduction of new public and healthcare services, as well as the adoption of even more user
friendly applications. Client Gate II is to be implemented thanks to approximately € 16 million of full
EU support in 2009. The development also includes the establishment of physical access points
throughout Hungary where people will be provided with information on how to use the Client Gate,
which has been operating since April 2005 and has approx. 700 000 registered users.
In October 2002, a project to identify “Detailed requirement specification for the usage of electronic
signatures and smart cards in order to ensure IT security of public administration” was launched.
Requirements and specifications for the development of the Hungarian eID card (HUNEID) and its
prototype implementation were published in late 2004. In early 2008, the HUNEID specification was
upgraded in accordance with the European Citizen Card specification.
The Hungarian passports issued after 28 June 2009 contain one of holder's fingerprints. This new
biometric identifier is supplied in addition to the facial image which has already been stored in the
chip of the current version of the passport. This is the result of a decision of the Hungarian
Government made in compliance with the EU deadlines. The inclusion of the fingerprint is expected
to render the use of the passports more secure and to minimise misuse risks.
The pan-European eID Factsheet – European eID Observatory at ePractice
12
Ireland
Highlight
The Department of Finance is currently evaluating software to build a Single View of all public service
identity repositories. This will be used for data quality purposes and to support a new online
authentication service.
Law, Policy & Strategy
The Electronic Commerce Act 2000, which was voted on 20 September 2000, implements the EU
Directive on a Community framework for electronic signatures (1999/93/EC). The Act provides (with
some exceptions) for the legal recognition of eSignatures, electronic writing and electronic contracts.
It authorises the use of encryption and sets the rights and obligations of Certification Service
Providers (CSPs).
Implementation & Research
The Public Service Card (PSC) ensures that people can access public services across a number of
channels, with a minimum of duplication while preserving their privacy to the maximum extent
possible. According to a February 2011 Department of Social Protection press release, approximately
three million PSCs will start to be issued in the coming months to people over 16 who can access
public services. Issuing a PSC will involve a registration process which will include the collection of a
photograph and signature. PSCs will replace cards currently in use, such as the Social Services Card
and the Free Travel card, with highly secure cards featuring laser engraving personalisation, a contact
chip, a signature, a photograph and an expiry date. The facilities for the production and issue of the
PSC are now in place and undergoing final testing. The first test cards were produced as scheduled in
December 2010.
The Personal Public Service Number (PPSN) is a common identification number used for taxation and
social welfare purposes which is gradually being extended across the public service in the interest of
improving customer service. It is mandatorily assigned to every Irish child at birth.
PAYE is based on the use of a Personal Identification Number. The Revenue Commissioners PAYE
Anytime Service provides a means for PAYE customers to: view their tax record; claim a wide range of
tax credits; apply for tax refunds including health expenses; update an address; declare additional
income; request a review of tax liability for previous years; re-allocate credits between spouses; track
correspondence submitted to Revenue.
The Revenue Commissioners also provide a Revenue Online Service (ROS) for business customers.
This system provides a means for business customers to: file returns online; make payments by laser
card, debit instruction or online banking (Online Banking applies to Income Tax only); obtain online
details of personal/clients Revenue Accounts; calculate tax liability; conduct business electronically;
and claim repayments. The ROS service is based on qualified eSignatures.
In October 2006, the Passport Office within the Department of Foreign Affairs started issuing the Irish
ePassport. A chip securely stores biographical information which is visually displayed on the data page
of the passport and a digital image of the photograph which facilitates the use of facial recognition
technology at ports-of-entry. The chip incorporates digital signature technology to verify the
authenticity of the data stored on the chip. The Irish ePassport facilitates facial measurements which
can be used with facial recognition technology to verify the identity of a bearer.
The pan-European eID Factsheet – European eID Observatory at ePractice
13
Italy
Highlight
In order to enable citizens to securely access eGovernment services even before the widespread
dissemination of eID cards, the Italian Government has also developed the National Services Card
(CNS). It is a smart card allowing for the secured identification of citizens online.
Law, Policy & Strategy
The Strategic Plan for Innovation presented in 2008 and amended in January 2009 aims to promote
innovation through law and standards: amendments to the eGovernment Code on issues such as the
medical certificates online, electronic prescriptions, online advertising on institutional sites, the eID
card and the National services card, the VoIP -Voice over IP- and the Public Connectivity System -SPC.
The ‘Innovation Directive' encourages the public authorities to allow citizens to electronically interact
within the administration by systematically providing them with a password and a pin code, as long as
the eID card and the national services card are not fully rolled out.
In February 2004, the Council of Ministers adopted a decree on the introduction of the National
Services Card (CNS), a smart card for accessing eGovernment services. The CNS is meant to enable
people that do not – or not yet – own an eID card to securely use ePublic services. In contrast to the
eID card, the CNS will not constitute a 'proof of identity' and will thus not be a legal identity
document.
Italy has been among the first EU countries to give full legal value to eSignatures. The Law no.59 of 15
March 1997 on the simplification of the Public Administration provided in its article 15 that the use of
electronic means would be legally valid for administrative procedures. Rules regarding the use of
eSignatures and documents were further detailed in a series of presidential and government decrees
adopted between 1997 and 2001. The Legislative Decree no.10 of 23 January 2002 brought the Italian
eSignature regulations into line with the Directive 1999/93/EC on a Community framework for
eSignatures.
Implementation & Research
The Italian eID card comprises a microchip, an optical memory and an International Civil Aviation
Organization (ICAO) machine readable zone for the use of the card as a travel document. It contains a
set of personal data, including the holder's fiscal code, blood group and fingerprint scans. The
personal data, biometric key and digital signature are only stored on the card. In accordance with data
protection legislation, this data is not kept on any central database and can only be released and used
if the holder gives permission by inserting a PIN code. The cardholder’s fingerprint template is stored
in both the microchip and the optical memory. The microchip makes online identification possible and
enables transactions between citizens and providers, including ePayments.
Since 2009, Italy is gradually entering phase II of the implementation of the European Union's Council
Regulation (EC) No 2252/2004 of 13 December 2004 on “standards for security features and
biometrics in passports and travel documents issued by Member States”. Phase I – concluded in 2006
– marked the inclusion in the new passports of a first biometric identifier, the holder's facial image in
the ICAO format.
The pan-European eID Factsheet – European eID Observatory at ePractice
14
Latvia
Highlight
The eID card concept for the introduction of a national eID card was approved by the Government in
2010. A new personal identification documents law is currently being drafted which will define the
eID card types. Furthermore, it will bring forth the issuance of the first eID cards in 2012.
Law, Policy & Strategy
The 'eGovernment Development Plan (2011-2013)' is a short-term development planning document
primarily based on the 'National Development Plan 2007-2013' (NDP). It introduces 192 actions which
aim to boost eGovernment, to strengthen state policy and to complement regulatory actions in a
wide range of domains, including eID.
On 10 December 2008, the Secretariat of the Latvian Special Assignments Minister for Electronic
Government Affairs unveiled the eID card solution which will be introduced in Latvia in the upcoming
years. According to the so-called “eID card concept”, the Latvian eID card will be used for proving
one’s identity in an electronic environment, accessing multi-sectoral eServices and securely signing
eDocuments. Moreover, the card, whose features will comply with ICAO recommendations of and the
relevant EU regulations, will also serve as a travel document valid at both national and EU levels.
The Personal Identification Documents Law was adopted in May 2002. It states that identification
documents shall contain a machine readable zone. Moreover, in 2004, the Cabinet of Ministers
adopted a Regulation ‘On the citizen’s identity cards, non-citizens identity cards, citizen’s passports,
non-citizens passports and stateless person’s travel documents’, which among other things provides
for the inclusion of electronic chips in future identity cards.
A new Personal Identification Documents Law was submitted to the Parliament in June 2011. The law
defines the eID card types (citizen, non-citizen, EU-citizen, third-country citizen residence permit and
accredited persons eID). The eID card is to contain biometric data and information in electronic form
which enables electronic verification of the holder's identity and creation of a secure eSignature. As
such, the eID card can serve as an identity and travel document within the EU, a personal
identification tool for eServices, and in order to provide a secure eSignature. The law is set to come
into force in 2012, as is the first eID card issuance.
Implementation & Research
On 10 February 2010, the Cabinet of Ministers of Latvia approved the eID card conception for the
introduction of a national eID card; its implementation will take place from 2011. eID cards will not
only serve the identification of people travelling abroad or visiting public or municipal institutions, but
will also enable authentication in the electronic environment.
The pan-European eID Factsheet – European eID Observatory at ePractice
15
Lithuania
Highlight
On 23 May 2011, the Secure idenTity acrOss boRders linKed (STORK) project, which aims to
implement EU-wide interoperable eIDs, officially announced that Lithuania went live in the CrossBorder Authentication Platform for Electronic Services Pilot.
Law, Policy & Strategy
Passed on 11 July 2000, the law regulates the creation, verification and validity of eSignatures, the
rights and obligations of signature users, the requirements for certification services and certification
service providers, as well as the rights and functions of the institution of eSignature supervision.
It is compliant with the EU Directive on a 'Community framework for electronic signatures'
(1999/93/EC). The concept of a 'secure eSignature' stated in Lithuanian law is identical to the notion
of an 'advanced eSignature' referred to in the Directive. A secure eSignature, created by a secure
eSignature-creation-device based on a valid qualified certificate is granted the same legal effect as
that of a hand-written signature on written documents. It is also admissible as evidence before a
court of law.
An amendment to the law on eSignature was adopted in 2002, which established that an eSignature
shall have the legal power of a hand-written signature in all cases, provided that the signature users
reach an agreement amongst themselves. In this way, the notion of a 'contractual eSignature' was
introduced in Lithuanian law. The law does not include any specific requirements for the use of
eSignatures in the public sector.
Implementation & Research
On 1 January 2009, the Migration Office started accepting applications for the new personal ID cards.
The cards are used to identify a person by allowing eSignatures of documents based on a qualified
certificate. The new ID card has both contact and contact-less chips integrated. The contact chip will
hold a person’s identification certificate and a qualified certificate for eSignature, issued by the
Residents’ Registry Service under the Ministry of Interior. The contact-less chip will carry biometric
data, such as facial image and fingerprints.
In November 2007, the special government-backed multi-stakeholder eSignature Initiation
Programme (E3P) enabled Lithuanians to sign electronically using a mobile phone with a new
eSignature-compliant SIM card. Two codes, known only to the user, protect the ID key contained in
the telephone from illegal use.
Two projects related to eID management were implemented in Lithuania in 2008. The first resulted in
a new type of civil servants’ IDs, issued in September 2008, while the second one was aimed at
creating an eID infrastructure, which provided interoperability at national and European levels. The
result is a new type of personal identity card, issued since January 2009 and equipped with contact
and contactless chips. The contactless chip stores biometric data, namely, a face image and
fingerprints. The new cards are also to be used for online public and commercial services via the
eGovernment portal and other public institutions’ portals.
Since November 2007, it has been possible to sign documents electronically using a mobile phone
with a new eSignature-compliant SIM card. Those who wish to take advantage of the mobile
eSignature need to replace their SIM card and sign an eIdentity agreement. Two codes, known only to
the user, protect the ID key contained in the telephone from illegal use.
The pan-European eID Factsheet – European eID Observatory at ePractice
16
Luxembourg
Law, Policy & Strategy
The progressive introduction of biometric documents in Europe obliges the Member States to have
highly secure certification services in order to protect their official documents. Consequently,
LuxTrust will adhere to the relevant international standards in order to be in a position to protect the
biometric documents issued in Luxembourg. This will at first apply to the new biometric passports.
Implementation & Research
There is currently a central eIdentity infrastructure in Luxembourg that provides an eID card, LuxTrust
S.A., a public/private partnership, created in 2003, to manage the development of a common Public
Key Infrastructure (PKI) in order to secure eCommerce and eGovernment. The consortium that was
awarded the PKI contract was presented in July 2006. An infrastructure created by reputable
businesses and based upon a public-private partnership should incite more local enterprises to enter
the field of eCommerce.
The pan-European eID Factsheet – European eID Observatory at ePractice
17
Malta
Highlight
In March 2004, the Maltese Government launched its ‘Electronic Identity’, a secure key network that
enables citizens to access a number of interactive and transactional eServices that require
identification such as VAT, tax and company-related services, as well as social services, online
passport requests, or online ePayment Gateway. The ‘Electronic Identity’ is based on the
internationally recognised four-tier security model. The eID is free of charge, available to all ID Card
holders and it does not have an expiry date.
Law, Policy & Strategy
The Electronic Commerce Act transposed into Maltese law the EU Directive 1999/93/EC on a
Community framework for electronic signatures. It provides the legal basis for the introduction of
eSignatures in eGovernment applications.
There is currently no overall eGovernment legislation in Malta. The ‘National ICT Strategy for Malta
2008–2010’ has foreseen the enactment of fragmented eGovernment legislation to provide a
concrete equal footing for the electronic filing of documents, accessibility for disabled persons,
security and the regulation for the use of Smart ID cards, among others. The strategic document laid
down the goal of National identity management, where digital certificates and eSignatures within a
consolidated national framework will enable the Government to deliver management products like
Smart eID cards and ePassports, as well as services such as contract signing and electronic filing of
sensitive documents.
Implementation & Research
By March 2007, the eID had already been implemented and launched up to the second level. The
third level, which consists of a soft PKI digital certificate, had been implemented as well.
Citizens can apply for an electronic identity by presenting themselves at an eID Registration Office in
Valletta or Rabat (for Gozo) with a copy of their paper ID card and a valid email address. After
corroborating his/her identity, the Registration Authority will send the applicant a username,
password and a secure PIN activation code that are unique.
The eID offers a simple method of identification and authentication to access the eGovernment
services provided on the ‘mygov.mt’ portal. The eID number and password are used to log in, whereas
the PIN activation code is used to sign for the first time into ‘mygov.mt’, to activate one’s eID account.
The PIN number will be again needed when applying for a digital certificate to be able to access the
highly sensitive eGovernment services (e.g. submission of VAT or income tax return). Downloading
such digital certificate is optional and depends on whether the user intends to make use of the
sensitive services in question. The eID is free of charge, available to all ID Card holders and has no
expiry date.
The eID Card or Smart ID Card will constitute the fourth level of the eID and thus provide each person
in Malta with a very secure way of conducting eGovernment, signing electronic documents and
authenticating oneself in the digital world. In parallel, a national electronic register of persons will be
developed based on the registration process of the eID Card.
Malta's new upgraded ePassport system with Extended Access Control (EAC) capability went live on
the 28 June 2010. This new solution delivers a higher level of security and access control, in
accordance with EU regulation for all Schengen Member States with the addition of a second
biometric – two fingerprints – to the data already stored on the chip. Its delivery is a key milestone in
the Government's ongoing strategic identity management plan. Fully integrated with Malta's existing
National Identity Management System (NIDMS), EAC capability has initially been launched in Malta
and Gozo and then rolled out across all embassy sites.
The pan-European eID Factsheet – European eID Observatory at ePractice
18
Netherlands
Highlight
The eID infrastructure for businesses, eRecognition, became available in 2010. It is intended to be
used for electronic communication between businesses and the government, as well as for Businessto-business (B2B) electronic communication.
Law, Policy & Strategy
The Electronic Signature Act, which came into effect on 21 May 2003, ensures the transposition in
Dutch law of the European Directive 1999/93/EC on a Community framework for electronic
signatures, and provides a firm legal basis for the deployment and use of eSignatures in eCommerce
and eGovernment.
Implementation & Research
Authorities can use a Government-wide authentication service for their electronic services, to
electronically determine whether a particular identity is valid. DigiD is available in two different levels:
basic (user name and password: DigiD) and middle (DigiD + sms-authentication).
DigiD (Digital Identification) provides citizens with a centralised online authentication solution for
accessing eGovernment services based on a user ID and password. It furthermore enables citizens and
businesses to identify themselves with similar identification means to all the government agencies
that provide electronic services. DigiD is only available to people who are registered in a municipality
and possess a Citizen Service Number (CSN). It is currently only available in Dutch.
DigiD for businesses was replaced by eRecognition on 1 January 2011. It enables private citizens and
businesses to identify themselves to government agencies that provide electronic services. This
shared facility, provided by and for the Government, is able to recognise users of eGovernment
services.
'DigiD Authorise' is a national, collective facility allowing businesses and citizens to use authorisations
for eGovernment service provision. This facility makes it possible to authorise a third person to
acquire online services provided by the government. Using the authorisation function prevents
citizens from giving their DigiD identification code to others, or allowing other parties to gain access
to pre-completed details. It was reported in April 2011 that over 225 000 citizens (double the figure
anticipated by authorities) used 'DigiD Authorise' to give permission to a third party in settling their
2011 tax return.
The pan-European eID Factsheet – European eID Observatory at ePractice
19
Poland
Highlight
Over the past years, the few eServices requiring the use of an eSignature in Poland have not been
widely used due to the high cost of an eSignature (in excess of € 60) for Polish citizens. The gradual
introduction of new eServices requiring an eSignature (e.g. tax declaration online with the new
eDeclarations system) and the replacement of the national ID cards with the new ID cards preequipped with eSignatures are expected to change this situation.
Law, Policy & Strategy
The development of a 'Multifunctional Personal Document' (MPD), which could be used as an
intelligent, PKI-ready smart card to replace the traditional plastic ID card, has been studied over the
past years. The Ministry of Interior and Administration is responsible for the MPD project. Necessary
legislative changes constitute a part of the identification documents development strategy. Adopted
on 18 September 2001, the Act on Electronic Signatures was amended in 2004 and 2005 respectively.
This Act is compliant with the EU Directive 1999/93/EC on a Community framework for electronic
signatures.
The Act on Electronic Signatures set the deadline of 1 May 2008 for the legal validity of eSignatures,
i.e. the provision of public eServices with eSignatures. As from that date, the Polish public authorities
have been obliged to accept documents and/or requests in electronic format accompanied by an
eSignature.
The Draft Regulation on the Technical Requirements for Electronic Identity Card Layer and
Communication Protocol for Electronic Identity Cards (2011) sets out the technical requirements for
the electronic layer of the identity card and the electronic communication protocol with identity
cards. The eID card layer meets the technical requirements specified in this Regulation by the
following standards: safety requirements for electronic layer; requirements for confidentiality of
communications with a layer of eID card; and authentication ID storing data and software in a layer of
eID card.
Implementation & Research
Each Polish citizen is obligatorily provided with two distinctive identifiers: PESEL number (General
Electronic System for Citizens Evidence) and NIP (Tax Identification Number). The PESEL Register
(General Census Electronic System) is the main reference database for individuals. It allows citizens
and entrepreneurs to access electronic services. The Tax Identification Number (NIP) is used for
entities paying taxes in Poland. The eID would be based on existing identification numbers and
reference databases (PESEL for individuals and REGON for business). The Ministry of Interior and
Administration is responsible for the MPD project. Necessary legislative changes form part of an
identification documents development strategy
The second stage of the project PESEL2 will see the implementation of the ‘PL.ID’ project –
introduction of the Polish biometric ID card, scheduled for 2008–2013. The e ID is going to be based
on existing identification numbers and reference databases (PESEL for individuals and REGON for
business).
The Polish Government has started putting in place the infrastructure to enable citizens to submit
documents electronically. May 2008 was the deadline, as set out in the Act on Electronic Signatures
(2001), for the Polish Government to provide services for citizens with eSignatures. This prompted the
Ministry of Interior and Administration to announce in January 2008 that an incoming
correspondence box would be available for free on the Electronic Platform of Public Administration
Services website (ePUAP). Since 9 June 2011, it has been possible for ePUAP users to employ a new
eID function, the Trusted Profile.
The pan-European eID Factsheet – European eID Observatory at ePractice
20
Portugal
Highlight
The Citizen’s Card is the Portuguese eID. It is a smart card that provides visual identity authentication
with increased security and electronic identity authentication using biometrics and eSignatures. It
enables holders to take advantage of a multichannel delivery system in their interactions with public
and private services. In 2011, authentication via the eID card became available in more eGovernment
services: ADSE Directa (the gateway to the services of the General Directorate for the Social
Protection of public administration staff), the Social Services of the Public Administration portal and
the Housing portal services for youth.
Law, Policy & Strategy
Portugal’s eGovernment drive is part of its Technological Plan. Based on this plan, the action agenda
defines a set of measures, including the creation of the Citizen’s Card.
The Decree-Law no.7/2007 created the Citizen's Card and regulates its issuance, replacement, use and
cancellation. It also lays down the provisions for digital certificates, an electronic document which
uses a digital signature. The provisions of Decree-Law no.290-D/99, Decree-Law no.165/2004, DecreeLaw no.62/2003 and Decree-Law no.116-A/2006 shall apply to an eSignature based on a qualified
certificate, while these certificates are subject to the applicable rules and regulations pertaining to
the State Electronic Certification System (SECS).
Implementation & Research
The Citizen’s Card is a technological document that allows the holder to provide identification when
dealing with computerised services and to authenticate electronic documents. The card combines all
the keys that are indispensable for a fast and effective relationship between the citizen and a variety
of public services in one single document. The citizen card has been available since October 2008. In
mid-2010, the 'Direct Social Security' service became the latest functionality accessible via the Citizen
Card.
The new Portuguese Electronic Passport (PEP) represents the beginning of a new generation of eID
documents and adheres to the most rigorous security patterns. It preserves the features of the
current passport in the identification of its holder, but integrates innovative devices ranging from
facial recognition to the incorporation of a contactless chip. All the information contained in the chip
can only be read by specialised equipment.
The SCEE is an infrastructure of public keys which supports eSignatures and other electronic security
services activated by public keys (algorithms). The SCEE architecture constitutes a hierarchy of trust
that guarantees the electronic security of the State and the strong digital authentication of electronic
transactions among several Public Administration services and organisations, and between the State
and citizens and businesses. The SCEE operates independently from other public key infrastructures of
a private or foreign nature. However, it allows interoperability with the infrastructures that fulfil the
necessary rigorous authentication requirements through adequate technical mechanisms and
compatibility in terms of certification policies, primarily within the scope of the EU Member States.
Portugal officially unveiled its national eID card on 14 February 2007. The card was based on the
Identification Authentication Signature (IAS) criteria.
The pan-European eID Factsheet – European eID Observatory at ePractice
21
Romania
Law, Policy & Strategy
Law no.455/2001 grants to eSignature the same legal status of its written counterpart. This effectively
places electronic and printed data on an equal footing and allows electronic data to be admitted as
evidence in court in the event of a dispute. The Ministry of Communications and Information Society
(MCSI) is the authority in charge of the regulation of eSignatures. By Order no. 54 of the Minister of
Communications and Information Society, the procedure for approving, delaying and recalling the
decision of accreditation of the certification services providers is also defined (OJ no.209/
11.03.2005).
Implementation & Research
The project ‘Integrated National System Introduction and Update of Information Relating to Personal
Records’ was approved on 1 March 2011 after the Minister for Communications and of Interior signed
a contract for financing it with structural funds. The project's implementation period is 19 months.
The creation of such a system presupposes the issuance and management of identity documents in
accordance with Romanian legislation with EU recommendations. The project, by implementing IT,
targets a number of breakthroughs: issue various certificates such as the identity card, civil status
certificate, passport, car registration and deregistration online; communicate to various public
institutions and authorities of the identity data of certain persons; Identify the changes occurring in
the records of persons on the basis of data updates; provide Local Registry data for evidence of
people, at the request of central and local institutions and authorities.
The pan-European eID Factsheet – European eID Observatory at ePractice
22
Slovakia
Highlight
From 1 December 2012, Slovakia will issue ID cards incorporating an electronic chip. ID cards without
the electronic chip will be issued until the end of November 2012, and those cards issued with an
unlimited validity period will continue to be valid following this date. The new eID card will facilitate
safer access to services, the use of qualified eSignatures and also the possibility of using the card to
store other kinds of data.
Law, Policy & Strategy
Introduction of secure eID cards is necessary for transactions within eGovernment, in order to provide
more effective services for citizens and the private sector, as set forth in the 'Competitiveness
Strategy for the Slovak Republic until 2010’.
The eID card rollout beginning in late-2012 is a result of an amendment to the law on identity cards
passed by the Slovakian Parliament in November 2011. This amendment is also linked to the eID card
project.
Implementation & Research
The JIFO initiative has created new personal unique identifiers for citizens using cryptographic
algorithms and will be used within all sectors of applications (SIFO).
An eID card project has been implemented since September 2009 aiming to introduce a single eID
card as a means of identification and authentication of individuals within the domains of
eGovernment, eHealth and possibly other areas from public and private services. It is expected to
create the conditions for personalisation of eID cards and provide the necessary hardware and
software infrastructure that supports the process of collecting data from citizens and the production
of documents. Central distribution of eID cards to citizens will be facilitated. Electronic services of eID
solutions will be made available to all citizens, including those without internet access.
Implementation of the national project will continue until 2012.
The pan-European eID Factsheet – European eID Observatory at ePractice
23
Slovenia
Highlight
The Slovenian national eID project officially started in February 2003 with the establishment of a
dedicated project group. However, the project was suspended in November 2004. In April 2008, the
Identity Card Act was amended, thus providing new legal grounds for the introduction of the eID card.
The current Slovenian ID card is an authentication instrument showing identity, citizenship and
entitlement to cross borders. According to the proposals put forward by the Slovenian Government,
the future eID card will incorporate a number of functions by combining several sensitive datasets on
just one card.
Law, Policy & Strategy
The initial version of the Electronic Commerce and Electronic Signature Act (ZEPEP) provided the legal
basis for using eSignatures and developing eServices in Slovenia. The Act amending the Electronic
Commerce and Electronic Signature Act more precisely defines the responsibilities of providers of
Information Society services and sets the conditions for the realisation of the eID card project. The
Slovenian legislation literally translated the definitions of 'advanced' and 'qualified' eSignature of the
Directive 1999/93/EC on a Community framework for electronic signatures. As defined in the Act, the
devices for secure electronic signing should comply with special conditions regarding security and
reliability.
Implementation & Research
The eID cards will include a microchip, in addition to the holders’ name and address, Personal Tax
Number, unique personal identification number (PIN), healthcare insurance number, the serial and
register numbers of the personal ID, and possibly two digital eCertificates: one providing access to
eGovernment services, the other for confirming healthcare insurance rights according to pertinent
healthcare and health insurance regulations. Both the PIN and the personal tax number will be stored
in encrypted form so as to prevent unauthorised access without a citizen's consent. This eID card
equipped with a microchip will be issued by a government certification authority to citizens older than
14 years.
A Public Key Infrastructure (PKI) has been deployed in Slovenia and five certification authorities have
been registered: the Ministry of Public Administration (SIGOV-CA for Government communications
and SIGEN-CA for the general public), HALCOM-CA, AC NLB, POŠTA CA and the Ministry of Defence
(SIMoD-CA). As trusted third parties, these certificate service providers can deliver PKI-based digital
certificates for the generation of secure eSignatures in eGovernment applications. Certification
authorities may use different approaches in mapping a single certificate with its holder’s identification
data (e.g. tax number or personal registration number).
Slovenia began to introduce biometric passports in August 2006. In addition to graphic security
features, the biometric passport has a chip embedded in the data page containing the holder's
personal data and photograph. The bottom of the data page contains the holder's personal data
intended for machine verification of authenticity of the passport.
The pan-European eID Factsheet – European eID Observatory at ePractice
24
Spain
Highlight
500 000 new eID cards (DNIe) are currently delivered every month and over 25 million Spanish
citizens hold an eID card which is available in most parts of Spain. Most government bodies and
businesses provide eServices enabling the use of the DNIe. The national eID card makes it possible to
digitally sign electronic documents and contracts, identify and authenticate citizens in a secure digital
environment and to provide them with easy, straightforward, fast and convenient access to eServices.
The card is valid for 10 years.
According to an eGovernment status report from September 2011, the forecast is to reach the entire
population by 2015. Furthermore, the report underlines Spain's leading position in the development
of eSignature.
Law, Policy & Strategy
The 'Avanza 2' Plan (2009-2012) is structured around five action lines, including public eServices. To
improve the quality of public services delivered, special emphasis is being laid upon the development
of the functionalities of the national eID card.
In December 2003, the Parliament approved a new law on electronic signature. It established a legal
framework for the future development of a national eID card.
Law 59/2003 of 19 December 2003 on electronic signature replaced a Royal Decree of 1999 on digital
signatures. Aimed at promoting a widespread use of digital signatures for eGovernment and
eCommerce, it transposed the EU Directive 1999/93/EC on a Community framework for eSignatures
into Spanish law.
Implementation & Research
On 22 November 2010, the Spanish National Institute of Communication Technologies (INTECO) and a
consulting company published practical guidelines for the safe use of the national eID card (eDNI) on
the Internet. The document seeks to give the keys to the functioning and use of the card while
analysing the protection means it offers against attacks through the Web. Finally, the guide explains
how electronic signature and electronic certification through the eDNI guarantee one's identity as
they imply compliance with a number of security and privacy criteria.
On 22 September 2009, the Spanish State Secretary for the Public Service and the Portuguese State
Secretary for Administrative Modernisation signed a collaboration agreement on the validation of the
digital certificates of both their countries. The purpose of the agreement is to make it possible for any
citizen of either country to use his/her national eCertificates for communicating and dealing with the
Public Administration of the other country. The integration of both national systems will enable the
validation of the eCertificates.
On 13 March 2009, the Council of Ministers approved a € 14 million investment in a series of actions
set to generalise the use of the national eID card and to stimulate the spread of reliable digital
services and applications. Another agreement on the promotion of the DNIe signed in June 2007 was
extended to approximately € 43 million.
The pan-European eID Factsheet – European eID Observatory at ePractice
25
Sweden
Highlight
In 2005, the Swedish Government introduced the ‘official’ eID card containing biometric data. The
new ‘national identity card’ is not compulsory and does not replace previous paper ID cards. It can be
used as a proof of identity and citizenship and as a valid travel document within the Schengen area.
Sweden's eIdentification Board has set itself a goal of providing a mature eID solution by mid-2013, it
was announced in June 2011. The Board developed a test bed (Eid 2.0) that was launched in August
2011 to provide a means to publicly test and develop the technological infrastructure for eID and
signing services in Sweden.
Law, Policy & Strategy
The E-Government Delegation released a report entitled 'Strategy on the work of the Public Agencies
in the field of eGovernment’ on 19 October 2009. Among the suggestions was the creation of a single
and unified eID solution to access government services; this solution could be used in the framework
of private sector services in due course. The Tax Board, through a newly established committee,
would coordinate the management of eIdentification, and issue regulations on eID cards and the
electronic data exchange between the public authorities. Better technical/legal rules and regulations
are expected to promote the use of eIdentification and eServices.
The Act on Qualified Electronic Signature implements the EU Directive on a Community framework for
electronic signatures (1999/93/EC). A Swedish eSignature includes both authentication and integrity
requirements. eSignature is defined as “data in electronic form attached to or logically associated
with other electronic data and used to verify that the content originates from the alleged issuer and
has not been altered.” The legal basis for the use of eSignatures in eGovernment services cannot be
derived from generic provisions applicable to all eGovernment initiatives, but must be sought for each
application area. Legislation adopted to enhance eSignatures is usually supplemented by regulations
from the different authorities specifying which eSignature should be used. The Act deals with
eSignatures in general and makes no specific reference to eIDs.
Implementation & Research
eIDs exist both as smart cards and as files stored on a hard disk. eIDs are issued in two ways: by
ordering and downloading them from the user’s Internet bank while being logged on, or by ordering
the eID on the Internet. A rough estimate of the use of eIDs in Sweden is that over one million users
make approx. 2.5 million transactions (including both authentication and signatures) a month using
eIDs for both eGovernment and other services on the market.
Legal entities can also use an eID. In this case, two types of certificates come in question, namely the
server and stamping certificates, for authentication and signing respectively. The certificates contain
the name of the organisation and the organisational number and may also contain a URL. The contact
person ordering organisational certificates must have an authorisation for this purpose from a person
authorised to sign on behalf of his/her organisation.
In October 2005, Sweden became the second European country to start issuing biometric passports
compliant with the standards recommended by the International Civil Aviation Organization (ICAO).
The ePassport has an RFID (Radio Frequency Identification) microchip embedded in its polycarbonate
data page containing a digital photo and personal information of the holder.
The pan-European eID Factsheet – European eID Observatory at ePractice
26
United Kingdom
Highlight
The Government introduced the Identity Documents Bill to Parliament on 26 May 2010. The Bill
makes provision for the cancellation of the UK National Identity Card, the Identification Card for EEA
(European economic area) nationals and the destruction of the National Identity Register. The UK
National Identity Card and the Identification Card for EEA nationals ceased to be valid legal
documents on 21 January 2011. The identity card for foreign nationals (biometric residence permit)
will not be scrapped.
Law, Policy & Strategy
The Electronic Signatures Regulations 2002 was completed by the Electronic Signatures Regulations
2002, which implements in UK Law the European Directive on a Community framework for electronic
signatures (1999/93/EC).
Implementation & Research
In October 2007, an ambitious pilot project to test the compatibility of several different eID systems
was scheduled to be undertaken in the UK. The pilot, worth over € 20 million, was part of the EU’s eID
STORK project and aimed to establish EU-wide interoperability for eIDs by 2010.
The Government Gateway is the main central UK identification platform and is a central registration
and authentication engine enabling secure authenticated eGovernment transactions to take place
over the Internet. Users need to register with the Gateway in order to use online Government
services and subsequently transact securely with Government departments. Built on open standards,
the site also enables the joined-up delivery of Government services by allowing various systems in
different departments to communicate with it and with each other. Depending on the type of
Government transactions, user identification is based either on a digital certificate issued by an
accredited certification authority, or on a user ID (supplied by the Government Gateway) and a
password (chosen by the user) for Government services that do not require the level of security
provided by digital certificates.
The services offered address both citizens and the business community. Services to citizens include
submission of forms to Government departments as well the ability to carry out some services by
filling in online forms on Government or private company websites. For other services, online forms
will not be available and users will only be able to send forms by using software packages (e.g. payroll
software).
The pan-European eID Factsheet – European eID Observatory at ePractice
27
Croatia
Highlight
Even though there is no specific eID infrastructure currently in place, the plan is to define it through
the 'Strategy for the Development of eGovernment in the Republic of Croatia (2009-2012)'. This
eGovernment strategy prioritises the development of an eID card. A task force has been established
to put forward the measures for eID implementation, as defined in the strategic document.
Law, Policy & Strategy
With adoption of a Law on Electronic Signatures in 2002 (amended in 2008), a Law on Personal Data
Protection in 2003 and a Law on Electronic Document in 2005, compliant with corresponding EU
directives, a legal framework for the Information Society has been established. A Freedom of
Information (FOI) Law was also passed in October 2003, and an eCommerce Law (harmonised with
Directive 2000/31/EC) was approved by the Government in September 2003 and amended in 2008.
Croatia was one of the first countries to include digital signatures into its legislation.
The Electronic Signature Act (NN 10/02, NN 80/08) has been supplemented by a series of ordinances
and regulations such as the Regulation on the scope of operations, content and responsible authority
for operations of eSignature certification for State Administration bodies (NN 146/04).
Implementation & Research
The eREGOS provides electronic transmission of an official form, known as R-Sm form, (the insured
person’s specification based on calculated and paid compulsory contributions for the pension fund
insurance) with authorisation for accessing the service and authentication of forms by applying smart
cards with a digital certificate. The service is accessible to registered users only.
The eVAT (ePDV) is the first electronic service of the Tax administration within eTax which provides all
tax payers (business subjects) in Croatia with a simple and secure distribution of data on the periodic
calculation of VAT for a specific cost accounting period. In order to use the ePDV services, it is
necessary to own a certified eSignature issued by the Financial Agency (FINA).
The pan-European eID Factsheet – European eID Observatory at ePractice
28
FYROM
Highlight
The first electronic passports and ID cards were due to be issued to citizens in 2006. The main policy
targets for Information Technology development and eGovernment are to be found in the references
of the Government Programme (2006-2010) to IT and eSociety. It stresses the implementation of an
integrated medical information system and introduction of the eHealth card, among other targets.
Law, Policy & Strategy
The ‘Draft Public Administration Reform Strategy, 2010-2015’ proposes groups of actions phased from
2011 to 2015. One of these was the further development of horizontal solutions provided by the
Ministry of Information Society and Administration for all public administration authorities, including
eIdentification, by the end of 2011.
In June 2002, the Law on Data in Electronic Form and Electronic Signature and related bylaws on
electronic operations that involve the use of ICT, as well as the use of electronic data and signatures
in judicial, administrative and commercial transactional procedures, became operational. Both the
application and implementation belonged to the Ministry of Finance.
The pan-European eID Factsheet – European eID Observatory at ePractice
29
Iceland
Highlight
The Government’s objective was that every citizen in Iceland was to be offered an electronic ID on a
smartcard by 2008.
Law, Policy & Strategy
There is extensive use of authentication infrastructure in the form of digital certificates and
signatures. Various government departments issue digital certificates. For example, the 1996
amendment to the Customs Act imposed electronic submissions using digital certificates for all import
and export companies since 2001. On a similar note, the Directorate of Fisheries issues skippers with
digital certificates for signing and encrypting catch reports.
Article 4 of the Act on electronic signature, No. 28/2001 stipulates that fully qualified eSignatures
shall be equivalent to handwritten signatures. Furthermore, it is stipulated that other eSignatures can
be legally binding. Supporting legislation comes through the Electronic Commerce Act, 2002 and the
Public Administration Act, as amended in 2003.
The Icelandic Government conceived in May 2008 the third consecutive Information Society strategy,
known as ‘Iceland the eNation’, covering the period 2008-2012. One of the key points is simpler Public
Administration via a key enabler such as an eID.
Implementation & Research
The eIDs is to be used for government services where authentication and digital signature is required.
It is also expected that eIDs will be used to access the home banks which are used by more than 70 %
of all Icelandic citizens. This project is being carried out in cooperation with the Icelandic banks. The
goal is to build up an open and standardised environment for eIDs, compliant to European standards,
while at the same time ensure that the content fulfils the requirements of both partners. The plan
was to launch the electronic identities on the debit cards during autumn 2008. The bank’s plan was to
renew all the debit cards in the country in 2009, leading to quick issuance.
'Iceland Root' is at the top of the organisation pyramid of electronic identification, the system for
distributing electronic certificates. This system is necessary for the production of such identification.
An important part in the distribution of such certificates is that their users can rely on and easily
confirm the authenticity of such certificates and eSignatures and that a reliable source stands ready to
certify such authenticity. 'Iceland Root' will be operated by a special agency under the auspices of the
Ministry of Finance and will constitute the source of trust in the system of distributed electronic
certificates.
In March 2006, the Ministry of Justice and Ecclesiastical Affairs of Iceland selected a US-based supplier
to gather the multi-biometric data required to issue its new electronic passports. Iceland was one of
the first countries to integrate both finger and face biometrics into their ePassports. The ePassports
are to contain ICAO/ISO-compliant biometric data (face, fingerprint, and signature) from all citizens
applying for electronic passports at civil registration offices throughout the country. Collecting both
face and fingerprint information makes Iceland one of the first countries in Europe to gather live
biometric data, rather than relying on paper-based images.
The pan-European eID Factsheet – European eID Observatory at ePractice
30
Liechtenstein
Highlight
The national electronic ID-card is to be used in any form of business, governmental or private
communications (identification document), as well as a travel document. Issued by the National
Immigration and Passport Office, the card is not just a physical identification document, but also
provides advanced electronic functions facilitating secure authentication, legally binding digital
signature for public and private online services.
Law, Policy & Strategy
The current legislation on eSignatures (Signaturgesetz; SigG, registry number 784.11) has been in
force since September 2003. The law implements the European Directive 1999/93/EC on a
Community framework for Electronic Signatures. It has been supplemented by the regulation on
Electronic Signatures of June 2004 (SigV, registry number 784.111).
Implementation & Research
The Prime Minister of Liechtenstein, Mr Klaus Tschütscher announced, on 24 June 2010 that the
Austrian Federal Government had created the basis upon which the 'lisign' electronic identification
and electronic signature solution of Liechtenstein can be legally recognised in Austria. This allows the
'lisign' owners to use Austrian eGovernment services in addition to the ones provided by
Liechtenstein.
Following the introduction of the eID card in 2009, customers sign in the network and use their digital
signatures, whenever signing is needed to fulfil legal requirements. The usage of identification and
authorisation basic services allow the holder of an eID the benefit of a media disruption free usage of
eGovernment services, not only in the electronic signing of applications, but also ensuring security
and confidence.
In April 2006, a comprehensive final report on the introduction of a Public Key Infrastructure (PKI) was
prepared under the supervision of the Office of Human and Administrative Resources and submitted
to the Government. Part of the new infrastructure is the electronic certificates by means of eID cards
that have been provided to citizens since June 2009. To this end, the National Electronic ID-card with
a qualified electronic certificate is the primary document for identifying citizens and residents.
On 8 November 2010, government authorities from Austria and Liechtenstein signed a cooperation
agreement for the development and operation of an infrastructure for passports and residence
permits containing biometric data. The aim of this cooperation is to achieve synergies in the
development of the necessary systems through the increased use of biometrics for the reliable
identification of persons.
Since June 2006, Austria has issued passports with a chip known as ePassports (ePässe). Moreover,
since March 2009, the chip has contained two fingerprint images of the cardholder. The prevention of
document forgery and the protection of the fingerprint data can be therefore guaranteed through
digital certificates, which are issued and administered by the BM.I Trustcenter. The Trustcenter is thus
an essential infrastructure and security component for the deployment of biometric data in
identification and travel documents.
The pan-European eID Factsheet – European eID Observatory at ePractice
31
Norway
Highlight
The Agency for Public Management and eGovernment (Difi) has the overall responsibility for
providing a means of secure identification in allowing citizens to use public services on the Internet.
An eID is used to authenticate Norwegians’ identity online in the same manner a passport, driving
licence or bank card does. Three eID solutions are available to citizens, depending on their
requirements: MinID, Buypass and Commfides.
In June 2011 MinID saw a record 2.6 million users, making it Norway's most popular eID solution ever.
By August, MinID had already been used over 15 million times for Government services during 2011,
surpassing the entire total of 2010.
Law, Policy & Strategy
One of the key priorities of the ‘Difi’s Strategy for 2009-2012’ is the development of secure eID
solutions.
Act No. 81 of 15 June 2001 relating to eSignature (Electronic Signature Act) contains detailed
provisions for electronic identification of persons and gives qualified eSignatures equal status to
traditional signatures for administrative purposes. The Act, lastly updated on 17 June 2005,
implements the relevant Directive 1999/93/EC.
Implementation & Research
An 11-digit personal identification number (personnummer/fødselsnummer) can be acquired by any
individual in Norway by registering with the National Register via Norway's Tax Administration.
Following the publication of common Public Key Infrastructure (PKI) specifications (January 2005),
several commercial actors began providing eSignature solutions as well.
In April 2008, the Government announced its plans to establish a public infrastructure to handle and
verify different eIDs in use. This common eID-interoperability hub handles and verifies the common
public eID issued by public authorities and other government-approved eID solutions.
The State intends to offer all interested citizens a common public eID with a medium high security
level for access to public web services. The first version of such a common eID is currently available at
the MinSide and Altinn public web portals.
Individuals can use the MinID solution in order to deliver tax reports, change their family doctor,
deliver report cards for welfare grants, apply for college, student loans and grants, obtain access to
pension information and to a number of other public services. As of April 2010, more than 2 million
people living in Norway have created user accounts with MinID.
Since the introduction of the third version of MinID in November 2009, the system makes use of the
ID-Gateway (ID-porten), the common platform for eID in the Norwegian public sector.
The pan-European eID Factsheet – European eID Observatory at ePractice
32
Switzerland
Highlight
SuisseID facilitates participation in all electronic services that require a secure identification of
users/customers, as well as in the electronic signing of documents. The so-called digital signatures
cannot be counterfeited and, by law, are equivalent to traditional signatures.
Law, Policy & Strategy
The Federal Law on Certification Services within the scope of the Electronic Signature (ZertES, SR
943.03) lays down the requirements that must be fulfilled by an eSignature in order to achieve the
same status as a handwritten signature, and regulates the question of responsibility on the part of the
certification service providers, approving bodies and the owners of signature keys. The Swiss
Accreditation Authority (SAS) monitors the approving bodies for certification service providers.
The Ordinance on electronic transmission in administration processes (2008) regulates the conditions
for electronic data input at the Confederation's administrative authorities and for the electronic
opening of dispositions issued by such authorities.
Implementation & Research
In November 2010, the Swiss State Secretariat for Economic Affairs (SECO) issued its initial progress
report on SuisseID – the first electronic proof of identity at national level. The report reveals that
businesses and institutions have surpassed an important volume of orders since May 2010 when the
project originated.
In September 2010, the SECO had already received 110 000 requests for a SuisseID mainly from
organisations specialised in electronic commerce, eGovernment and eHealth.
According to the National Council’s voting in 2008, Switzerland’s national identity card would be
similar to biometric passports scheduled for rollout in 2010 (electronically encoded photo and
fingerprints on a chip).
The SuisseID, available as a smart card or USB token, is the first standardised concept to provide an
electronic proof of identity in Switzerland, supporting both a legally binding eSignature as well as a
method for secure authentication. Transactions can be carried out by private individuals and
businesses employees, or by businesses themselves which allow for transactions to be simply
conducted at any time over the Internet.
Since May 2010, SuisseID is being used for over 50 online services. It was developed under the aegis
of the State Secretariat for Economic Affairs (SECO) in cooperation with certification providers.
The pan-European eID Factsheet – European eID Observatory at ePractice
33
Turkey
Highlight
A Prime Ministry Circular on an electronic citizenship card pilot project was issued on 4 July 2007.
Electronic citizenship cards which include biometric elements will be used for identification purposes.
In this manner, biometric data will be integrated on a single electronic card. A three-stage pilot
implementation project has already been initiated in the social security and health domains. The third
and last phase which included the dissemination of 300 000 ID cards to citizens began in August 2009.
Pilot implementation was completed in 2010 and ID cards will be distributed throughout the country
beginning in 2012.
Law, Policy & Strategy
The Law no. 5070 on electronic signatures was enacted in 2004 to define the principles for the legal
and technical aspects and application of eSignatures. The law covers the legal status and operations
concerning eSignatures and the activities of Electronic Certificate Service Providers (ECSPs). This
establishes that qualified eSignatures produced according to the identified procedures have the same
legal impact with that of handwritten signatures.
Secondary legislation, such as the Ordinance on the Procedures and Principles Pertaining to the
Implementation of Electronic Signature Law, has also been introduced, as mandated by the law. Three
electronic certificate service providers have been authorised as of November 2005. Of those, the
Public Certificate Centre is the responsible body for the provision of electronic certificate services to
all public institutions. The Centre was established by a Prime Minister’s circular and it is mandated
that all public institutions which require electronic certificate services will obtain such a service from
this body. The number of electronic certificate providers increased to four with the authorisation of a
new certificate provider in September 2006.
Implementation & Research
The ‘MERNIS’ Central Population Management System, operational since January 2003, assigns a
unique ID-number for about 120 million Turkish citizens (alive and deceased) which can be used in
numerous eServices. KPS (ID Information Sharing System) is another function of MERNIS, which
enables public agencies which have appropriate security authorisations to access ID information.
The citizenship card, which is actually a smart card, will exclusively contain static information
necessary to perform ID verification, but no dynamic data such as health information, address etc.
The card will enable ID verification with different credentials such as visual security elements, pin
code and biometric data (fingerprint). The biometric data will be held exclusively on the card and will
not be stored in a central database. The card is going to replace the national identity cards in current
use. In addition, the characteristics of the card enable its usage in any service requiring secure ID
verification, such as online eGovernment services, financial transactions, etc.
In accordance with the Circular, a three-stage pilot implementation project has already been initiated
in the area of social security and health. The second phase of the pilot implementation was
completed and third and last phase which includes the dissemination of 300 000 ID cards to citizens
has been started by August 2009. Pilot implementation will be completed by 2010 and ID cards will be
distributed throughout the country beginning in 2012.
The pan-European eID Factsheet – European eID Observatory at ePractice
34