The idea is intriguing: Whether you want to renew your passport, apply for social benefits, or participate in a vote – you will do it all online and not waste any time going to a government office. Even better: All these processes will be fast, paperless, cost-efficient.
Both the EU and Switzerland are working on the adoption of an electronic identity (e-ID) for citizens. It will be a key element on which further digital services can be built.
Yet, the EU as well as Switzerland are facing a number of challenges. In Switzerland, for example, the people rejected the e-ID Act in 2021 with 64.4% voting «no», and only 35.6% «yes». Wonder why?
We will take you behind the scenes and give you an overview of the benefits and the threats of a digital ID, the use cases, the current development, and unresolved issues. Plus, we will compare the situation in the EU and Switzerland: the strategy they follow, the technical frameworks they use, their ongoing initiatives, regulations, and milestones on their way to a government-issued e-ID.
What is electronic identification in the context of public governments?
How an e-ID is defined differs from one group to another.
Financial services and trust providers need to know their customers based on the so-called KYC rule. This is important for digital signing and onboarding often done by video. To them, an e-ID thus is a means to make this process cheaper and more efficient. For people in the street, it can be anything from «highly useful» to «brings the most value for banks».
In a government context, electronic identification is all about digitalization of governmental services. It allows for easier access to websites and portals, public benefits, easier financial transactions, digital inclusion, etc. The benefits range from less paperwork, time and cost savings to better service quality.
The current e-ID initiatives are not only related to e-ID but also to trust, i.e., trust in all important documents in digital form. The value of electronic identification can be defined as the sum of trust, potential usage, and individual benefits.
Current vs. future state
In Switzerland
In March 2021, the Swiss people rejected the Federal Act on Electronic Identification Services (e-ID Act). In June 2022, the draft of the new law went out for consultation, followed by a public sandbox test infrastructure since March 2023.
Encouraging: The revised Federal Act on Data Protection (revFADP or nFADP) that entered into force on 1 September 2023 may pave the way for the adoption of a government-issued e-ID.
On November 22, 2023, the Federal Council adopted the dispatch on the upcoming e-ID Act. The dispatch specifies a number of important points:
- Anyone who has a Swiss identity card, a Swiss passport or a foreign national identity card issued in Switzerland shall be able to apply for an e-ID.
- Use of the e-ID is voluntary and free of charge. It can be used both on the internet and in face-to-face situations.
- The Confederation is to be responsible for issuing the e-ID and will provide the infrastructure and app required to operate it.
- The state infrastructure created for the e-ID shall be made available to cantonal and communal authorities and private individuals (ecosystem).
- As a deterrent to ensure data minimization, if someone requests more e-ID data than is necessary, public notice will be given of this.
- The legislation is formulated to be technology-neutral, and the Swiss e-ID system is intended to comply with international standards.
The Federal Council plans to offer the e-ID from 2026. Until then, the Swiss government will decide on the technology behind the E-ID infrastructure and allow for sandbox testing on the technology stack. The goal is to provide a playground for stakeholders to test and start to integrate the E-ID infrastructure on the chosen technology and learn from it for the E-ID release.
In the EU
In the past, the lack of a common legal basis has prevented member states from recognizing and accepting electronic identification schemes issued in other member states.
This is why in 2021 the European Commission put forward the eIDAS 2.0 proposal. It provides an updated legal basis for cross-border electronic identification, authentication, and website certification within the EU. As of today, 60% of Europeans benefit from the current system. However, take-up is low and business cases are limited.
With the European Digital Identity Regulation, national EU e-IDs will now be harmonized. This makes it possible to establish a framework for EUDI wallets to be issued by member states.
Going forward, the EU relies on its digital targets for 2030, which include the four categories:
- Skills
(e.g., 20 M ICT specialists, 80% of population have digital skills) - Secure and sustainable digital infrastructures
(e.g., gigabit connectivity for all, 10’000 climate-neutral highly secure edge nodes) - Digital transformation of businesses
(e.g., 75% of EU companies use cloud/AI/big data, over 90% of SMEs reach basic digital intensity) - Digitalization of public services
(e.g., 100% of key public services online, 100% of citizens have access to e-ID)
Use cases of e-ID in a government context
E-ID systems have become increasingly important in government contexts. They enhance security, streamline processes, and provide convenient access to government services. Here are some common use cases for e-ID in a government context:
E-government services
Citizens can use their e-IDs to access government websites and portals, allowing them to perform tasks like renewing driver's licenses, paying taxes, registering businesses, and accessing public records.
E-voting
E-voting allows eligible voters to participate in popular ballots and elections via the internet using an electronic device. This eliminates the need to go to a polling station, or a mailbox if voting by mail. It thus makes the electoral process more accessible and reduces the risk of fraud.
Taxation and financial transactions
Electronic IDs can simplify the process of filing taxes, applying for government grants or loans, and conducting financial transactions with government agencies.
Public benefits and welfare
E-IDs help streamline the application and distribution of public benefits, such as unemployment benefits, social assistance, and pensions.
Digital signatures and authentication
E-IDs can serve as a means of digital signature, ensuring the authenticity of documents and transactions. This is valuable in government paperwork, legal proceedings, and contracts.
Digital inclusion
E-IDs can help bridge the digital divide by providing marginalized populations with access to government services and financial inclusion.
Border control and immigration
E-ID systems can be used for border control, visa applications, and verifying the identity of travelers at customs checkpoints.
«The e-ID is an important step towards digitalization. Automating identification will reduce physical visits to authorities and bring more convenience to civilians.» Michel Sahli |
|
Benefits and threats
There’s no doubt that a government-issued e-ID comes with many benefits, such as security and trust. Yet, critics raise a number of concerns, mainly related to privacy. Let’s find out whether the advantages of a government-issued e-ID outweigh the risks, starting with the benefits:
Benefits of e-ID
Depending on the specific implementation and design of the system, the benefits may vary. The most common ones:
- Improved service quality
A unique digital identity allows governments to offer tailored and efficient services to their citizens. By using e-ID systems, governments streamline administrative processes and speed up processing times. This results in improved service delivery, as citizens can apply for permits, licenses, or government benefits online, cutting down on paperwork and time spent in lines. - Efficiency and cost savings
Implementing an e-ID system can lead to significant efficiency gains for governments. By digitizing identity verification processes, they reduce the number of administrative tasks, minimize manual paperwork, and automate verification procedures, which results in cost savings in the long run. - Enhanced security
Government-issued e-IDs help mitigate identity fraud risks compared to traditional paper-based identification methods. E-ID systems often incorporate advanced security features, such as encryption and biometric authentication, making it more difficult for unauthorized individuals to access and misuse personal data. - Privacy control
Depending on the design of the system, governments give individuals more or even complete control over their personal data, e.g., with self-sovereign identity (SSI). Based on a user-centric approach, SSI places the individual at the center of the identity management process. This means that they can choose what personal information to share and with whom, reducing the risk of overexposure. - Financial and social inclusion
E-ID systems promote financial and social inclusion by providing citizens with convenient access to essential services such as healthcare, education, and government benefit programs. Digital identities enable individuals to prove their identity remotely, reducing barriers to inclusion. - Accessibility
E-IDs can improve accessibility for individuals with disabilities who may find it challenging to access physical government offices or documents. For example, the Swiss federal government launched an action plan in 2015 to ensure accessibility to its complete digital offering. - Citizen participation
Secure and validated means of identification such as e-IDs also have the potential to support citizen participation in government processes, e.g., electronic voting.
The following table compares the benefits and threats of government-issued e-IDs:
Benefits |
Threats |
Improved service quality Using e-ID systems streamlines administrative processes and speeds up processing times. Citizens can apply for permits, licenses, or government benefits online, cutting down on paperwork and time spent in lines. |
Lack of interoperability If e-ID systems are not interoperable across different government agencies and services, this results in inconvenience for users and limits the usefulness of the IDs. |
Efficiency and cost savings By digitizing identity verification processes, the government reduces the number of administrative tasks and minimizes paperwork, which leads to cost savings. |
Developing and implementing e-ID systems is expensive. |
Enhanced security Government-issued e-IDs mitigate identity fraud risks, as e-ID systems often incorporate advanced security features, such as encryption and biometric authentication. |
Security risks E-IDs are attractive targets for hackers and cybercriminals. Breaches of government databases containing digital ID information can lead to identity theft, fraud, and other cybercrimes. |
Privacy control Depending on the system, governments give individuals more control over their personal data. For example, with SSI users choose what personal information to share and with whom.
|
Privacy concerns and centralization of power The government may collect and store vast amounts of personal data. The power is concentrated in their hands. If the data is not properly protected, it is vulnerable to misuse or unauthorized access. |
Financial and social inclusion Citizens are provided with convenient access to essential services such as healthcare and benefit programs. E-IDs enable citizens to prove their identity remotely. |
Cost and access issues If costs for e-ID systems are passed on, this may prevent low-income individuals from accessing online services. |
Accessibility E-IDs improve accessibility for individuals with disabilities who may find it challenging to access physical government offices or documents. |
Exclusion and inequality Not everyone may have access to the technology or resources required to use an e-ID, potentially leading to the exclusion of certain segments of the population. |
Citizen participation Secure and validated means of identification such as e-IDs support citizen participation in government processes like e-voting. |
Fear of surveillance Citizens may lack trust in the government and fear state surveillance, as well as too much control by the government. |
Threats of e-ID
Here are some of the threats associated with government-issued e-IDs:
- Lack of interoperability
If e-ID systems are not interoperable across different government agencies and services, it can lead to inconvenience for users and limit the usefulness of the IDs. - Cost and access issues
Developing and implementing e-ID systems can be expensive, and the costs may be passed on to citizens. This may prevent low-income individuals from accessing online services. - Security risks
E-IDs are attractive targets for hackers and cybercriminals. Breaches of government databases containing digital ID information can lead to identity theft, fraud, and other cybercrimes. - Privacy concerns and centralization of power
One of the primary concerns is the potential for the government to collect and store vast amounts of personal data. In addition, the power is concentrated in the hands of a central authority. If the data is not properly protected, it could be vulnerable to misuse of this power or to unauthorized access. - Exclusion and inequality
Not everyone may have access to the technology or resources required to obtain and use an e-ID, potentially leading to the exclusion of certain segments of the population. - Fear of surveillance
Citizens may lack trust in the government and fear state surveillance, as well as too much control by the government.
To address these threats, it is crucial for governments to implement robust security measures, maintain strong privacy protections, and ensure transparency and accountability in the management of electronic identity systems.
Striking a balance between convenience and security is key to ensure that electronic identity systems operated by governments benefit society as a whole while safeguarding individual rights and privacy.
Switzerland vs. the EU
Switzerland as well as the EU are working on the adoption of an e-ID. While Switzerland has been in a test phase since March 2023 and expects not to introduce the e-ID before early 2026, some European countries already use a national e-ID, e.g., Estonia, Austria, and Germany.
The situations in Switzerland and the EU mainly differ due to the fact that Switzerland is not part of the EU. This is reflected in particular in the two areas of regulatory framework and interoperability.
Regulatory framework: The EU’s regulatory framework is called «The European Digital Identity Regulation». Part of it is eIDAS, which serves as a basis for developing the EUDI wallets and the trust infrastructure. It also enables the mutual recognition of national e-IDs through a notification process. The European Digital Identity Regulation now provides a harmonized EU e-ID based on the concept of a European Digital Identity (EUDI) Wallet. It is designed to enable secure and seamless electronic transactions across EU member states.
Not an EU member state, Switzerland developed its own regulatory framework for an e-ID, which was rejected by Swiss voters in 2021. This has led to ongoing discussions on how Switzerland will achieve its electronic identity system. The act is currently being reviewed, and the Federal Council Dispatch is expected by the end of 2023.
Interoperability: The EU’s eIDAS regulation aims to ensure interoperability of electronic identification systems and trust services across all member states. This will make it easier for EU citizens and businesses to use their national e-IDs for online transactions within the EU.
While Switzerland may align its electronic identification and trust services with EU standards to facilitate interactions with EU countries, it operates independently. Cross-border interoperability with the EU may require specific agreements or technical solutions.
Electronic identification in Switzerland
a. Overarching strategyWith a government-issued electronic identity, the Swiss government wants to drive digitalization. The government is convinced that the e-ID will only be accepted by citizens – and thus be successful – if it can be used for both e-gov and business transactions.
A few characteristics of the Swiss e-ID solution:
- Citizens shall be able to prove their identity online with a digital ID.
- The frequency of usage of the e-ID should be the same as for the physical ID.
- Online transactions of Swiss citizens shall be as secure as possible and free of media disruptions.
- The government will act as issuer of the e-ID.
- The government will operate the necessary trust infrastructure.
There is one major incentive for providers of online services in both the private and the public sector: As interoperability is enabled by harmonized legal and technical requirements, providers won’t have to develop an expensive proprietary solution. In addition, the planned use of technical standard protocols will help keep costs low, namely for the federal government, cantons, and municipalities.
b. Actions already taken and current status
Incorporating the feedback provided on the new law during the consultation period, the public sandbox test infrastructure went live in March 2023. It allows the Swiss government and involved parties to gain experience on a technological (functionality, scalability, security, etc.), organizational (onboarding, support, etc.), and technical (use cases, interoperability across organizations, etc.) level. It also serves to attract new participants to the ecosystem of digital credentials.
c. Technical framework
The trust infrastructure operated by the Swiss government provides a safe space for the digitalization of analog processes. Within the Swiss e-ID ecosystem, potential issuers are subject to government regulation. This ensures that users can trust the issuers, thus «trust infrastructure».
For example, a Swiss user who would like to present a document issued by a canton to their bank or employer can safely do so using the trust infrastructure. However, the Swiss government does not control who can be a verifier. It is the user’s responsibility whether and what data they share when requested by a verifier.
d. Initiatives
The Swiss government has initiated several pilots and proofs of concept (PoC) for the use of an e-ID:
Digital driver’s license: Together with the Association of Road Traffic Offices (asa), the Federal Roads Office (FEDRO) plans to launch an electronic driver’s license.
E-ID for federal employees: In collaboration with the Federal Office of Personnel, the Federal Chancellery is reviewing the feasibility of a new e-ID card for federal employees (proof of concept ePerso). The PoC is based on the technologies and use cases of the future e-ID.
Sandbox test infrastructure: To gain technical (operation, security, etc.) and organizational (onboarding, support, etc.) experience with e-ID, the federal government launched the public sandbox test infrastructure. Whether they provide real or dummy test data is up to the participants. The federal government is not able to process such data. Currently, the test infrastructure involves 40 business case applications, 4 onboarded business cases, and 5 onboarded decentralized identifiers (DID). It is planned to launch a second version of the sandbox before 2026 following the decision on the technology stack for the e-ID.
Regulations – Swiss e-ID law
Under the Swiss e-ID law, the federal government will act as issuer of the e-ID and operate the necessary infrastructure. It will also provide a smartphone app for secure management of the e-ID. Individuals will have full control over their data. Data privacy will be ensured by the system itself (privacy by design), as well as by minimizing data flows and employing a decentralized data storage. To allow individuals to use their e-ID also outside of Switzerland in the future, the Swiss e-ID system will adhere to international standards.
According to the federal government, the new e-ID law has multiple advantages:
- Simple, yet secure identification on the internet
- Up-to-date and future-proof Swiss solution
- Verified, recognized, and controlled by the government from A-Z
- Stronger data protection than usual
- A key to further digitalization
f. Milestones and next steps
While a government-issued e-ID will facilitate the lives of individuals and service providers alike and thus boost the economy, the legal enactment is time-consuming, as the following milestones shows:
- March 2021: The Swiss people reject the e-ID law in a referendum.
- September 2021: The federal government publishes the first results of the review process in a discussion paper.
- June 2022: The draft of the new e-ID law goes out for consultation.
- March 2023: The public sandbox test infrastructure goes live.
- September 2023: The revised Federal Act on Data Protection enters into force and may lay the grounds for the adoption of the e-ID.
- December 2023: The Federal Council Dispatch on the new e-ID Act is published.
Next steps:
- 2024/2025: Decision on the technology of the e-ID infrastructure and sandbox 2.0
- Early 2026: Earliest possible adoption of the Swiss e-ID
Overview of Switzerland’s and the EU’s e-ID approach
|
Switzerland |
EU |
Overarching strategy |
|
|
Actions taken |
|
|
Tech framework |
|
|
Initiatives |
|
|
Regulations |
|
|
Milestones and next steps |
|
|
Electronic identification in the EU
a. Overarching strategy
The EU sees the e-ID as a key enabler of its digital transformation strategy. Therefore, it promotes the use of the e-ID not only for government services but also for accessing services of third-party providers, such as online banking and e-commerce. In fact, businesses in the private sector are requested to accept the e-ID, including the signature for payments.
One of the main objectives of eIDAS is to enable cross-border recognition of the e-ID within the EU. This means that citizens and businesses should be able to use their national e-ID to access online services in other member states.
Another key objective is to provide citizens and other residents as defined by national law with a harmonized European digital identity means based on the concept of a European Digital Identity (EUDI) wallet.
b. Actions already taken and current status
With the regulation developed and the provisional political agreement on the core elements of a new framework for an e-ID reached in June 2023, the legal basis for an EU-wide digital ID has been established. IDUnion, Germany’s open system for trusted identities, has been working on the launch of a product network and implementation of more than 40 pilot applications from different areas since April 2021.
In addition to the above, large-scale pilots have been initiated to further explore multiple e-ID use cases (see Initiatives).
c. Technical frameworks
In June 2021, the European Commission adopted a recommendation calling on member states to develop a toolbox including a technical Architecture and Reference Framework (ARF, see «The (potential) technical gaps between the Swiss E-ID and the EU ARF»), a set of common standards and technical specifications, and a set of common guidelines and best practices.
The goal is to introduce the EUDI wallet. With this EUDI wallet, the European Digital Identity Regulation will enable European citizens and business to share identity data in a secure and convenient way. Interoperability frameworks will ensure that e-ID systems in different member states can communicate and work together seamlessly, allowing to create a European e-ID ecosystem.
d. Initiatives
The European Commission launched four pilot projects in the spring of 2023 to test the EUDI wallet. The pilots involve more than 250 private and public organizations across almost every Member State, as well as Norway, Iceland, and Ukraine. Every pilot covers a number of use cases.
- DC4EU – Digital Credentials for Europe Consortium
This project is co-ordinated by Spain with the involvement of 23 member states and Ukraine. More than 35 public administrations and over 40 private entities will test the use of the EUDI wallet in the educational sector and the social security domain. - NOBID – Nordic-Baltic eID Wallet Consortium
This project is coordinated by Norway with the involvement of eight member states and EEA countries. The more than 5 public administrations and over 15 private entities will focus on a single use case: the use of the EUDI wallet for the authorization of payments for products and services by the wallet user.
It will address the issuance of wallets, the provision of payment means by financial institutions, and the acceptance of payment in a retail context. - EWC – EU Digital Identity Wallet Consortium
Coordinated by Sweden with the involvement of 18 member states and Ukraine, this project includes over 15 public administrations and over 40 private entities. They will test three use cases: the storage and display of digital travel credentials, the organization of digital wallets, and the organization of payments. - POTENTIAL – Pilots for European Digital Identity Wallet Consortium
Coordinated by Germany and France with the involvement of 17 member states and Ukraine, this project includes over 50 public administrations and over 80 private entities. The project will apply the EUDI wallet to six use cases:
- Access to government services
- Opening a bank account
- Registration for a SIM card
- Mobile driving license
- eSignatures
- ePrescriptions
e. Regulations – eIDAS and European Digital Identity Regulation
The eIDAS Regulation implemented in 2014 established a legal framework for electronic identification and trust services within the EU. It enables the mutual recognition of national e-IDs through a notification process.
With the European Digital Identity Regulation, national EU e-IDs will now be harmonized. Thus, it enables the establishment of a framework for EUDI wallets to be issued by member states.
All EUDI wallets will allow users – i.e., EU citizens and other residents as defined by national law – to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. They shall also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. This will all be possible in a convenient way and under the complete control of the user.
f. Milestones and next steps
Milestones
- 2014: Implementation of eIDAS
- 2021: European Commission puts forward the eIDAS proposal 2.0, which builds on and addresses eIDAS’ shortcomings.
- 2023: Large-scale pilots are launched to test the technical specifications and software prototype of the EUDI wallet.
- June 2023: Council and parliament reach a provisional political agreement on the core elements of a new framework for a European e-ID with a view to ensuring secure, trusted, and seamless access to cross-border public and private services in the EU.
Next steps
Technical work will continue to complete the legal text in accordance with the political agreement. When finalized, the text will be submitted to the member states for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the parliament and the council before it can enter into force.
The (potential) technical gaps between the Swiss E-ID and the EU ARF
The following table shows to what extent the Swiss E-ID and the EU Architecture Reference Framework (ARF) meet the technical requirements:
Requirements |
Swiss e-ID Law |
EU ARF 1.3 |
Revocation |
Yes |
Yes |
Security measures for wallet |
Holder responsible |
Holder responsible, PID (personal information data) credential not exportable |
Backup of all credentials |
Yes |
Only type-2 credentials |
Revocation without revealing data or holder |
Yes |
Not defined |
Verification |
Yes |
Yes, but chosen standards (SD-JWT und mDL) can't guarantee the correlation protection. If verifier A and B share data, they could correlate it to one person. For example, holder shows first name to A and family name to B, hence, they can correlate the two attributes – this is not privacy by design. |
Issuer should not know where holder verifies his data |
Yes |
No definition for decoupling of PID and EAA in ARF 1.3. Issuer can put his public key to central service and monitor it. Issuer would know which verifier verifies which type of credential. |
Selective disclosure |
Yes |
Yes |
No transferability of credentials to other holder (natural person) |
Yes |
Yes |
Transferability of credentials to other holder (legal entity) |
Not defined (government can decide) |
Not defined |
Usage of wallet without the E-ID |
Usage of wallet without the e-ID: The Swiss e-ID law does not explicitly define this, but implicitly it is meant that a wallet can be used as a wallet for any credential without e-ID. E-ID is just one kind of a verifiable credential, with the particularity to have a <sort of key-binding>. There is neither a usage restriction nor a state concept as ARF foresees for the wallet. |
Yes, but in operational state, not trusted state |
Trust registry is mandatory for verifier |
No |
Yes, but not clearly defined for which types of credentials. Maybe this is the reason why «verifier» is named «relying party». |
As we see, there are some incompatibilities between the requirements of the draft of the Swiss e-ID and the proposal for the EU-ID, especially the «privacy by design» aspects and backup, which need to be defined in a different way. However, there will be changes on both sides in the future. It is therefore advisable to monitor the next versions of both.
Electronic identification and data privacy
Switzerland
The upcoming e-ID Act stipulates how people can be uniquely identified on the Internet with the e-ID, enabling them to order goods or services easily and securely online (e.g., open a bank account or request an official document.)
The e-ID is optional. Interested individuals must apply to an e-ID provider recognized by the Confederation. The technical implementation is also the responsibility of providers, such as companies, cantons, or municipalities. They are all subject to government control, unlike verifiers.
When individuals use their e-ID, sensitive data might be required. Important: If users do not want their data, such as their social security number, to be shared, they need to explicitly mention this to the verifier. While verifiers are not monitored by the government, they can obtain a trust certificate under the revised Federal Act on Data Protection. Proving that the verifier complies with nFADP requirements, such a certificate may serve as an entry ticket into the e-ID ecosystem or as a quality indicator for users.
Critics may ask what the value for citizens is if privacy isn’t fully ensured by the e-ID and the e-ID Act.
EU
For the European Union, where privacy is governed by the General Data Protection Regulation (GDPR), a compliance certificate similar to that of Switzerland does not exist. However, in the EU all verifiers need to comply with GDPR processes to be able to join an ecosystem.
Unlike the Swiss e-ID Act, the EU eIDAS also sets the legal framework for electronic signatures. It defines who can use electronic signatures and in what context. The two laws therefore cannot be compared one-to-one.
The future of electronic identification
What’s coming up next?
The EU wants to achieve three main goals by 2030:
- 100% online provision of key public services available for European citizens and businesses
- 100% of European citizens have access to medical records (e-records)
- 80% of citizens will use a digital ID solution
By 2030, the EU framework should have led to wide deployment of a trusted, user-controlled identity, allowing each citizen to control their own online interactions and presence. Individuals should be able to make full use of online services easily and throughout the EU while preserving their privacy.
To be fully empowered, people should have full access to affordable, secure, and high-quality connectivity. Plus, they should be able to learn basic digital skills and to access public services online thanks to a universal digital identity.
The digital transformation should also enable modern and efficient justice systems, enforcement of consumer rights, and an increased effectiveness of public action. What is illegal offline is also illegal online. And law enforcement must be best equipped to deal with more and more sophisticated digital crimes.
In Switzerland, the Federal Council Dispatch on the upcoming e-ID Act is expected by the end of 2023. Until then the federal government is addressing a number of open issues. The act shall in particular ensure the protection of privacy and fundamental rights of citizens. They should not have to constantly identify themselves with the e-ID in everyday digital interactions, especially not when dealing with private companies. Such overidentification is to be prevented with appropriate measures and sanctions.
Unresolved issues
Does this mean the future is all bright? Almost. There are a few unresolved issues, mainly related to society and technology:
Society
- Acceptance and accessibility
To make sure that as many people as possible accept the e-ID, it needs to meet the varying requirements of different age groups. While young people tend to focus on the benefits, the older generation is particularly concerned about privacy and new technologies. Plus, the e-ID must be accessible for everyone, i.e., including individuals with a disability. - Overidentification
A digital wallet that contains documents ranging from a piece of ID to a driver’s license and medical record and provides them in an easy way might change user behavior. Users may identify themselves much more often than necessary – because it is so convenient. This would play into the hands of private-sector business, while Data Protection Officers advocate for data minimization. - Enactment / Swiss referendum and adoption
Adoption of the e-ID needed to be postponed, as the Swiss people rejected the e-ID law in a referendum in March 2021. They were mainly concerned about privacy if private companies managed sensitive personal data of citizens.
Technology
- Non-linkability
Based on the principle of data minimization, unlinkability should be ensured at the cryptographic or protocol level. However, the current standards do not guarantee correlation protection. If verifiers A and B share data, they could correlate it to one person. For example, an individual shows their first name to A and family name to B, hence, they can correlate the two attributes. - Zero Knowledge Proofs predicates
ZKP predicates, not to be confused with simple selective disclosure capabilities, would allow holders to establish verifiable proofs of age of majority or country of residence without revealing their real age or full addresses to verifiers. Such cryptographic algorithms exist but still have many drawbacks. It also creates a strong binding to the underlying cryptographic functions used and can limit global adoptability or evolution. - Data privacy enforcement
Technical measures are still lacking to guarantee the enforcement of data privacy laws by design. At many of the SSI ecosystem levels, strong governance and technical measures for data privacy enforcement are essential.
When will the digital revolution become a reality?
No doubt: Digital is the way to go. A government-issued e-ID will make life easier for citizens – whether they interact with government offices or private companies. No surprise, then, that the EU and Switzerland are working at full speed on an e-ID.
Currently, Switzerland is focusing on the revised e-ID Act after citizens rejected the initial proposal in 2021, and the EU on the interoperability of the e-ID solution among member states. They both will need to solve a few more issues along the way, such as acceptance and overidentification.
While within the EU an e-ID is already available in Germany, Austria, and Estonia, other countries have early-stage solutions or are starting from scratch. In Switzerland, the e-ID will be adopted after 2026, as legal enactment takes time in a direct democracy.