The idea is intriguing: Whether you want to renew your passport, apply for social benefits, or participate in a vote – you will do it all online and not waste any time going to a government office. Even better: All these processes will be fast, paperless, cost-efficient.
Both the EU and Switzerland are working on the adoption of an electronic identity (e-ID) for citizens. It will be a key element on which further digital services can be built.
Yet, the EU as well as Switzerland are facing a number of challenges. In Switzerland, for example, the people rejected the e-ID Act in 2021 with 64.4% voting «no», and only 35.6% «yes». Wonder why?
We will take you behind the scenes and give you an overview of the benefits and the threats of a digital ID, the use cases, the current development, and unresolved issues. Plus, we will compare the situation in the EU and Switzerland: the strategy they follow, the technical frameworks they use, their ongoing initiatives, regulations, and milestones on their way to a government-issued e-ID.
How an e-ID is defined differs from one group to another.
Financial services and trust providers need to know their customers based on the so-called KYC rule. This is important for digital signing and onboarding often done by video. To them, an e-ID thus is a means to make this process cheaper and more efficient. For people in the street, it can be anything from «highly useful» to «brings the most value for banks».
In a government context, electronic identification is all about digitalization of governmental services. It allows for easier access to websites and portals, public benefits, easier financial transactions, digital inclusion, etc. The benefits range from less paperwork, time and cost savings to better service quality.
The current e-ID initiatives are not only related to e-ID but also to trust, i.e., trust in all important documents in digital form. The value of electronic identification can be defined as the sum of trust, potential usage, and individual benefits.
In Switzerland
In March 2021, the Swiss people rejected the Federal Act on Electronic Identification Services (e-ID Act). In June 2022, the draft of the new law went out for consultation, followed by a public sandbox test infrastructure since March 2023.
Encouraging: The revised Federal Act on Data Protection (revFADP or nFADP) that entered into force on 1 September 2023 may pave the way for the adoption of a government-issued e-ID.
On November 22, 2023, the Federal Council adopted the dispatch on the upcoming e-ID Act. The dispatch specifies a number of important points:
The Federal Council plans to offer the e-ID from 2026. Until then, the Swiss government will decide on the technology behind the E-ID infrastructure and allow for sandbox testing on the technology stack. The goal is to provide a playground for stakeholders to test and start to integrate the E-ID infrastructure on the chosen technology and learn from it for the E-ID release.
In the EU
In the past, the lack of a common legal basis has prevented member states from recognizing and accepting electronic identification schemes issued in other member states.
This is why in 2021 the European Commission put forward the eIDAS 2.0 proposal. It provides an updated legal basis for cross-border electronic identification, authentication, and website certification within the EU. As of today, 60% of Europeans benefit from the current system. However, take-up is low and business cases are limited.
With the European Digital Identity Regulation, national EU e-IDs will now be harmonized. This makes it possible to establish a framework for EUDI wallets to be issued by member states.
Going forward, the EU relies on its digital targets for 2030, which include the four categories:
E-ID systems have become increasingly important in government contexts. They enhance security, streamline processes, and provide convenient access to government services. Here are some common use cases for e-ID in a government context:
E-government services
Citizens can use their e-IDs to access government websites and portals, allowing them to perform tasks like renewing driver's licenses, paying taxes, registering businesses, and accessing public records.
E-voting
E-voting allows eligible voters to participate in popular ballots and elections via the internet using an electronic device. This eliminates the need to go to a polling station, or a mailbox if voting by mail. It thus makes the electoral process more accessible and reduces the risk of fraud.
Taxation and financial transactions
Electronic IDs can simplify the process of filing taxes, applying for government grants or loans, and conducting financial transactions with government agencies.
Public benefits and welfare
E-IDs help streamline the application and distribution of public benefits, such as unemployment benefits, social assistance, and pensions.
Digital signatures and authentication
E-IDs can serve as a means of digital signature, ensuring the authenticity of documents and transactions. This is valuable in government paperwork, legal proceedings, and contracts.
Digital inclusion
E-IDs can help bridge the digital divide by providing marginalized populations with access to government services and financial inclusion.
Border control and immigration
E-ID systems can be used for border control, visa applications, and verifying the identity of travelers at customs checkpoints.
«The e-ID is an important step towards digitalization. Automating identification will reduce physical visits to authorities and bring more convenience to civilians.» Michel Sahli |
|
There’s no doubt that a government-issued e-ID comes with many benefits, such as security and trust. Yet, critics raise a number of concerns, mainly related to privacy. Let’s find out whether the advantages of a government-issued e-ID outweigh the risks, starting with the benefits:
Benefits of e-ID
Depending on the specific implementation and design of the system, the benefits may vary. The most common ones:
The following table compares the benefits and threats of government-issued e-IDs:
Benefits |
Threats |
Improved service quality Using e-ID systems streamlines administrative processes and speeds up processing times. Citizens can apply for permits, licenses, or government benefits online, cutting down on paperwork and time spent in lines. |
Lack of interoperability If e-ID systems are not interoperable across different government agencies and services, this results in inconvenience for users and limits the usefulness of the IDs. |
Efficiency and cost savings By digitizing identity verification processes, the government reduces the number of administrative tasks and minimizes paperwork, which leads to cost savings. |
Developing and implementing e-ID systems is expensive. |
Enhanced security Government-issued e-IDs mitigate identity fraud risks, as e-ID systems often incorporate advanced security features, such as encryption and biometric authentication. |
Security risks E-IDs are attractive targets for hackers and cybercriminals. Breaches of government databases containing digital ID information can lead to identity theft, fraud, and other cybercrimes. |
Privacy control Depending on the system, governments give individuals more control over their personal data. For example, with SSI users choose what personal information to share and with whom.
|
Privacy concerns and centralization of power The government may collect and store vast amounts of personal data. The power is concentrated in their hands. If the data is not properly protected, it is vulnerable to misuse or unauthorized access. |
Financial and social inclusion Citizens are provided with convenient access to essential services such as healthcare and benefit programs. E-IDs enable citizens to prove their identity remotely. |
Cost and access issues If costs for e-ID systems are passed on, this may prevent low-income individuals from accessing online services. |
Accessibility E-IDs improve accessibility for individuals with disabilities who may find it challenging to access physical government offices or documents. |
Exclusion and inequality Not everyone may have access to the technology or resources required to use an e-ID, potentially leading to the exclusion of certain segments of the population. |
Citizen participation Secure and validated means of identification such as e-IDs support citizen participation in government processes like e-voting. |
Fear of surveillance Citizens may lack trust in the government and fear state surveillance, as well as too much control by the government. |
Threats of e-ID
Here are some of the threats associated with government-issued e-IDs:
To address these threats, it is crucial for governments to implement robust security measures, maintain strong privacy protections, and ensure transparency and accountability in the management of electronic identity systems.
Striking a balance between convenience and security is key to ensure that electronic identity systems operated by governments benefit society as a whole while safeguarding individual rights and privacy.
Switzerland as well as the EU are working on the adoption of an e-ID. While Switzerland has been in a test phase since March 2023 and expects not to introduce the e-ID before early 2026, some European countries already use a national e-ID, e.g., Estonia, Austria, and Germany.
The situations in Switzerland and the EU mainly differ due to the fact that Switzerland is not part of the EU. This is reflected in particular in the two areas of regulatory framework and interoperability.
Regulatory framework: The EU’s regulatory framework is called «The European Digital Identity Regulation». Part of it is eIDAS, which serves as a basis for developing the EUDI wallets and the trust infrastructure. It also enables the mutual recognition of national e-IDs through a notification process. The European Digital Identity Regulation now provides a harmonized EU e-ID based on the concept of a European Digital Identity (EUDI) Wallet. It is designed to enable secure and seamless electronic transactions across EU member states.
Not an EU member state, Switzerland developed its own regulatory framework for an e-ID, which was rejected by Swiss voters in 2021. This has led to ongoing discussions on how Switzerland will achieve its electronic identity system. The act is currently being reviewed, and the Federal Council Dispatch is expected by the end of 2023.
Interoperability: The EU’s eIDAS regulation aims to ensure interoperability of electronic identification systems and trust services across all member states. This will make it easier for EU citizens and businesses to use their national e-IDs for online transactions within the EU.
While Switzerland may align its electronic identification and trust services with EU standards to facilitate interactions with EU countries, it operates independently. Cross-border interoperability with the EU may require specific agreements or technical solutions.
There is one major incentive for providers of online services in both the private and the public sector: As interoperability is enabled by harmonized legal and technical requirements, providers won’t have to develop an expensive proprietary solution. In addition, the planned use of technical standard protocols will help keep costs low, namely for the federal government, cantons, and municipalities.
b. Actions already taken and current status
Incorporating the feedback provided on the new law during the consultation period, the public sandbox test infrastructure went live in March 2023. It allows the Swiss government and involved parties to gain experience on a technological (functionality, scalability, security, etc.), organizational (onboarding, support, etc.), and technical (use cases, interoperability across organizations, etc.) level. It also serves to attract new participants to the ecosystem of digital credentials.
c. Technical framework
The trust infrastructure operated by the Swiss government provides a safe space for the digitalization of analog processes. Within the Swiss e-ID ecosystem, potential issuers are subject to government regulation. This ensures that users can trust the issuers, thus «trust infrastructure».
For example, a Swiss user who would like to present a document issued by a canton to their bank or employer can safely do so using the trust infrastructure. However, the Swiss government does not control who can be a verifier. It is the user’s responsibility whether and what data they share when requested by a verifier.
d. Initiatives
The Swiss government has initiated several pilots and proofs of concept (PoC) for the use of an e-ID:
Digital driver’s license: Together with the Association of Road Traffic Offices (asa), the Federal Roads Office (FEDRO) plans to launch an electronic driver’s license.
E-ID for federal employees: In collaboration with the Federal Office of Personnel, the Federal Chancellery is reviewing the feasibility of a new e-ID card for federal employees (proof of concept ePerso). The PoC is based on the technologies and use cases of the future e-ID.
Sandbox test infrastructure: To gain technical (operation, security, etc.) and organizational (onboarding, support, etc.) experience with e-ID, the federal government launched the public sandbox test infrastructure. Whether they provide real or dummy test data is up to the participants. The federal government is not able to process such data. Currently, the test infrastructure involves 40 business case applications, 4 onboarded business cases, and 5 onboarded decentralized identifiers (DID). It is planned to launch a second version of the sandbox before 2026 following the decision on the technology stack for the e-ID.
Regulations – Swiss e-ID law
Under the Swiss e-ID law, the federal government will act as issuer of the e-ID and operate the necessary infrastructure. It will also provide a smartphone app for secure management of the e-ID. Individuals will have full control over their data. Data privacy will be ensured by the system itself (privacy by design), as well as by minimizing data flows and employing a decentralized data storage. To allow individuals to use their e-ID also outside of Switzerland in the future, the Swiss e-ID system will adhere to international standards.
According to the federal government, the new e-ID law has multiple advantages:
f. Milestones and next steps
While a government-issued e-ID will facilitate the lives of individuals and service providers alike and thus boost the economy, the legal enactment is time-consuming, as the following milestones shows:
Next steps:
|
Switzerland |
EU |
Overarching strategy |
|
|
Actions taken |
|
|
Tech framework |
|
|
Initiatives |
|
|
Regulations |
|
|
Milestones and next steps |
|
|
a. Overarching strategy
The EU sees the e-ID as a key enabler of its digital transformation strategy. Therefore, it promotes the use of the e-ID not only for government services but also for accessing services of third-party providers, such as online banking and e-commerce. In fact, businesses in the private sector are requested to accept the e-ID, including the signature for payments.
One of the main objectives of eIDAS is to enable cross-border recognition of the e-ID within the EU. This means that citizens and businesses should be able to use their national e-ID to access online services in other member states.
Another key objective is to provide citizens and other residents as defined by national law with a harmonized European digital identity means based on the concept of a European Digital Identity (EUDI) wallet.
b. Actions already taken and current status
With the regulation developed and the provisional political agreement on the core elements of a new framework for an e-ID reached in June 2023, the legal basis for an EU-wide digital ID has been established. IDUnion, Germany’s open system for trusted identities, has been working on the launch of a product network and implementation of more than 40 pilot applications from different areas since April 2021.
In addition to the above, large-scale pilots have been initiated to further explore multiple e-ID use cases (see Initiatives).
c. Technical frameworks
In June 2021, the European Commission adopted a recommendation calling on member states to develop a toolbox including a technical Architecture and Reference Framework (ARF, see «The (potential) technical gaps between the Swiss E-ID and the EU ARF»), a set of common standards and technical specifications, and a set of common guidelines and best practices.
The goal is to introduce the EUDI wallet. With this EUDI wallet, the European Digital Identity Regulation will enable European citizens and business to share identity data in a secure and convenient way. Interoperability frameworks will ensure that e-ID systems in different member states can communicate and work together seamlessly, allowing to create a European e-ID ecosystem.
d. Initiatives
The European Commission launched four pilot projects in the spring of 2023 to test the EUDI wallet. The pilots involve more than 250 private and public organizations across almost every Member State, as well as Norway, Iceland, and Ukraine. Every pilot covers a number of use cases.
e. Regulations – eIDAS and European Digital Identity Regulation
The eIDAS Regulation implemented in 2014 established a legal framework for electronic identification and trust services within the EU. It enables the mutual recognition of national e-IDs through a notification process.
With the European Digital Identity Regulation, national EU e-IDs will now be harmonized. Thus, it enables the establishment of a framework for EUDI wallets to be issued by member states.
All EUDI wallets will allow users – i.e., EU citizens and other residents as defined by national law – to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services. They shall also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. This will all be possible in a convenient way and under the complete control of the user.
f. Milestones and next steps
Next steps
Technical work will continue to complete the legal text in accordance with the political agreement. When finalized, the text will be submitted to the member states for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the parliament and the council before it can enter into force.
The (potential) technical gaps between the Swiss E-ID and the EU ARF
The following table shows to what extent the Swiss E-ID and the EU Architecture Reference Framework (ARF) meet the technical requirements:
Requirements |
Swiss e-ID Law |
EU ARF 1.3 |
Revocation |
Yes |
Yes |
Security measures for wallet |
Holder responsible |
Holder responsible, PID (personal information data) credential not exportable |
Backup of all credentials |
Yes |
Only type-2 credentials |
Revocation without revealing data or holder |
Yes |
Not defined |
Verification |
Yes |
Yes, but chosen standards (SD-JWT und mDL) can't guarantee the correlation protection. If verifier A and B share data, they could correlate it to one person. For example, holder shows first name to A and family name to B, hence, they can correlate the two attributes – this is not privacy by design. |
Issuer should not know where holder verifies his data |
Yes |
No definition for decoupling of PID and EAA in ARF 1.3. Issuer can put his public key to central service and monitor it. Issuer would know which verifier verifies which type of credential. |
Selective disclosure |
Yes |
Yes |
No transferability of credentials to other holder (natural person) |
Yes |
Yes |
Transferability of credentials to other holder (legal entity) |
Not defined (government can decide) |
Not defined |
Usage of wallet without the E-ID |
Usage of wallet without the e-ID: The Swiss e-ID law does not explicitly define this, but implicitly it is meant that a wallet can be used as a wallet for any credential without e-ID. E-ID is just one kind of a verifiable credential, with the particularity to have a <sort of key-binding>. There is neither a usage restriction nor a state concept as ARF foresees for the wallet. |
Yes, but in operational state, not trusted state |
Trust registry is mandatory for verifier |
No |
Yes, but not clearly defined for which types of credentials. Maybe this is the reason why «verifier» is named «relying party». |
As we see, there are some incompatibilities between the requirements of the draft of the Swiss e-ID and the proposal for the EU-ID, especially the «privacy by design» aspects and backup, which need to be defined in a different way. However, there will be changes on both sides in the future. It is therefore advisable to monitor the next versions of both.
Switzerland
The upcoming e-ID Act stipulates how people can be uniquely identified on the Internet with the e-ID, enabling them to order goods or services easily and securely online (e.g., open a bank account or request an official document.)
The e-ID is optional. Interested individuals must apply to an e-ID provider recognized by the Confederation. The technical implementation is also the responsibility of providers, such as companies, cantons, or municipalities. They are all subject to government control, unlike verifiers.
When individuals use their e-ID, sensitive data might be required. Important: If users do not want their data, such as their social security number, to be shared, they need to explicitly mention this to the verifier. While verifiers are not monitored by the government, they can obtain a trust certificate under the revised Federal Act on Data Protection. Proving that the verifier complies with nFADP requirements, such a certificate may serve as an entry ticket into the e-ID ecosystem or as a quality indicator for users.
Critics may ask what the value for citizens is if privacy isn’t fully ensured by the e-ID and the e-ID Act.
EU
For the European Union, where privacy is governed by the General Data Protection Regulation (GDPR), a compliance certificate similar to that of Switzerland does not exist. However, in the EU all verifiers need to comply with GDPR processes to be able to join an ecosystem.
Unlike the Swiss e-ID Act, the EU eIDAS also sets the legal framework for electronic signatures. It defines who can use electronic signatures and in what context. The two laws therefore cannot be compared one-to-one.
What’s coming up next?
The EU wants to achieve three main goals by 2030:
By 2030, the EU framework should have led to wide deployment of a trusted, user-controlled identity, allowing each citizen to control their own online interactions and presence. Individuals should be able to make full use of online services easily and throughout the EU while preserving their privacy.
To be fully empowered, people should have full access to affordable, secure, and high-quality connectivity. Plus, they should be able to learn basic digital skills and to access public services online thanks to a universal digital identity.
The digital transformation should also enable modern and efficient justice systems, enforcement of consumer rights, and an increased effectiveness of public action. What is illegal offline is also illegal online. And law enforcement must be best equipped to deal with more and more sophisticated digital crimes.
In Switzerland, the Federal Council Dispatch on the upcoming e-ID Act is expected by the end of 2023. Until then the federal government is addressing a number of open issues. The act shall in particular ensure the protection of privacy and fundamental rights of citizens. They should not have to constantly identify themselves with the e-ID in everyday digital interactions, especially not when dealing with private companies. Such overidentification is to be prevented with appropriate measures and sanctions.
Unresolved issues
Does this mean the future is all bright? Almost. There are a few unresolved issues, mainly related to society and technology:
Society
Technology
No doubt: Digital is the way to go. A government-issued e-ID will make life easier for citizens – whether they interact with government offices or private companies. No surprise, then, that the EU and Switzerland are working at full speed on an e-ID.
Currently, Switzerland is focusing on the revised e-ID Act after citizens rejected the initial proposal in 2021, and the EU on the interoperability of the e-ID solution among member states. They both will need to solve a few more issues along the way, such as acceptance and overidentification.
While within the EU an e-ID is already available in Germany, Austria, and Estonia, other countries have early-stage solutions or are starting from scratch. In Switzerland, the e-ID will be adopted after 2026, as legal enactment takes time in a direct democracy.