Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out

European Factsheet on electronic Identity.doc

VIEWS: 10 PAGES: 36

									European Factsheet on
  electronic Identity




        August 2011




                      European eID Observatory at ePractice.eu
               About the eID Factsheet
The eID Factsheet was created as a tool for those interested to find out the European dimension of
electronic Identity. Several aspects of eID usage are considered, with special focus on the concept of
eID as an eGovernment enabler. The information included in each country’s factsheet has been
retrieved from the eGovernment Factsheets on ePractice, which are regularly updated semi-annually
by the ePractice Editorial Team with information provided or verified with from official governmental
sources.
The purpose of the factsheet is to be a one-page brief report highlighting the major achievements, the
legal, policy, and strategic landscape affecting eID and the relevant research and implementation
initiatives for 34 European countries. All 27 EU Member States are covered together with 7 additional
countries that are closely related to the EU (candidate or associated countries).
Material included in this sheet has been gathered from the eGovernment factsheets and has been
edited to fit the purpose of this document. In order to maintain a manageable and appealing size,
only the main milestones have been filtered. For some countries, information on the eID concept is
vast and a strict filtering had to be performed. For other countries, too little information regarding
their eID status and developments was identified and the respective sections are therefore of limited
size. The interested reader may refer to the eGovernment factsheet of the respective country or to
the sources given therein for further information in a given area. This Factsheet is the reference
document of the European eID Observatory at ePractice.
The countries covered in this document are the following:
   Austria                           Ireland                           Spain
   Belgium                           Italy                             Sweden
   Bulgaria                          Latvia                            United Kingdom
   Cyprus                            Lithuania                         Croatia
   Czech Republic                    Luxembourg                        FYROM
   Denmark                           Malta                             Iceland
   Estonia                           Netherlands                       Liechtenstein
   Finland                           Poland                            Norway
   France                            Portugal                          Switzerland
   Germany                           Romania                           Turkey
   Greece                            Slovakia
   Hungary                           Slovenia

Author: EUROPEAN DYNAMICS, ePractice Consultancy Team



The opinions expressed in this document are purely those of the writer and may not, in any
circumstances, be interpreted as stating an official position of the European Commission. The
European Commission does not guarantee the accuracy of the information included in this document,
nor does it accept any responsibility for any use thereof. Reference herein to any specific products,
specifications, process or service by trade name, trademark, manufacturer or otherwise, does not
necessarily constitute or imply its endorsement, recommendation or favouring by the European
Commission.
                                                                                    Austria
Highlight
Establishing eID as a key enabler and advancing the inclusion with innovative public services are
among the priorities of the Austrian strategy.

Policy & Strategy
Security and trust are critical factors in eGovernment and eCommerce; Austria uses the same
standards and tools for both areas (Citizen Card function, electronic signature and electronic
payment) as this comes out from the eGovernment Act that entered into force on 1 March 2004.
The Programme of the Austrian Federal Government 2008–2013 laid down important measures on
improvement in the handling of citizen's cards for citizens. It stipulated that all IT processes and
portals of the administration and local authorities should support registration with the citizen's card.
All newly established electronic processes should be based on identification with the citizen's card.
For citizens, it should be fundamentally possible for the verified digital signature to be contained on
their ID cards.
The sourcePIN Register Regulation specifies the responsibilities of the sourcePIN Register Authority
which are necessary for the implementation of the citizen card concept and the cooperation with its
service providers. Provisions deal with the process to create identity links; set down the duties of
citizen card registration agents; validate identity and the identity link dataset. A compliant citizen card
environment needs to support an interface that can bind the citizen card to the application. The
sourcePIN Register Authority electronically signs a mandate representation dataset and thus prevents
forgery of such datasets stored in a citizen card. A service to revoke mandates online over the
Internet is provided by the sourcePIN authority.

Implementation & Research
In November 2005, the eCard (electronic health insurance card) rollout throughout Austria was
successfully completed. The eCard replaced the paper-based health-card voucher. Approximately
eight million eCards were sent out. The eCard included the possibility to activate the Citizen Card
function (free of charge) and be used, additionally, for eGovernment services.
As from January 2008, Austrian health insurance and eID cards began to use qualified electronic
signatures. The new signature function is an ID for administrative and social security purposes. In
addition, it could be used more easily for signing and encoding of information, e.g. in electronic
banking. In November 2008, the first version of the new online open source citizen card middleware
MOCCA (Modular Open Citizen Card Architecture) was released, allowing the implementation of
citizen card based authentication at web sites without requiring the installation of software at the
user’s computer. It allows offline applications such as signing of electronic documents on the local
machine.
In January 2009, the personalised version, http://www.myhelp.gv.atwww.myhelp.gv.at, of the
popular site Help.gv.at was launched. The user profile serves at tailoring the information content of
HELP.gv.at according to the needs and the life situation of the user. Additional services include a
reminder service that alerts the citizen, for example, when a passport is about to expire; access to the
eDelivery system 'meinbrief.at'; and the possibility to lodge user names and passwords for certain
web mail services. In December 2009, the mobile version of the citizen card developed in the
framework of the CIP large scale pilot STORK is launched, providing secure authentication and
identification. Smart card and reader are not replaced by a mobile phone. Fourteen months later,
www.handy-signatur.at was launched.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                       1
                                                                                  Belgium
Highlight
The Belgian eID card is obligatory for every Belgian citizen over the age of 12 and optional for the
children under 12.

Law, Policy & Strategy
A law on electronic forms signed with the eID card of December 2006 and two related decrees of July
2007 have been adopted by the Walloon Parliament and by the Walloon Government respectively.
These decrees give the same legal value to electronic forms as that of paper forms. The user will fill in
an electronic form and sign it with his/her eID. The Walloon Region is the first authority in Belgium to
propose this possibility.
The legal framework for the use of electronic identity cards is set in a series of Royal and Ministerial
Decrees, namely: Royal Decree of 25 March 2003 on the legal framework of electronic ID cards;
Ministerial Decree of 26 March 2003 on the format of electronic ID cards; Royal Decree of 1
September 2004 on the generalisation of electronic ID cards; and Royal Decree of 18 October 2006 on
the eID document for Belgian children under 12.

Implementation & Research
In September 2009, the portal 'My.belgium.be' was officially launched, providing registered users with
a direct, easy, secure and round-the-clock online access to their personal files and to various Federal
Government services. Among these services feature tax return submission; police-on-web
applications; online purchase of public transportation ticket; and eHealth applications. Registration
has to be performed by means of the Belgian eID card, using an eID card reader.
The Kids-ID card is an electronic identity card for children under 12 years of age launched on 16
March 2009. On 4 July 2009, the Federal Public Service Interior already counted about 115 100 Kids-ID
cards in circulation. During the months of April and May 2009, around 1 870 parents activated the
chip of the Kids-ID, by adding – through the 'Hello Parents' (Allo Parents) website – seven phone
numbers that will allow the person who finds a missing child to contact his family. At the back of the
Kids-ID card there is the general phone number of the Child Focus, a 24/7 service, which can be
alternatively used by a person giving assistance to a child, in case none of the seven phone numbers is
available.
Since 4 June 2009, it has been possible for those travelling the Belgian railways to use their Belgian
electronic identity card (eID) as a valid train ticket. The new eService is the first of its kind in Europe.
Belgian eID can now be issued abroad. Lille is the first consular post to issue the Belgian eID and will
be followed by all 120 Belgian consulates and embassies abroad, which will replace the existing non-
electronic identity card of 340 000 Belgians living abroad.
A nation-wide campaign for the promotion of the national eID card was launched in April 2009 in
Belgium under the slogan 'Your eID as easy as can be'. This campaign aimed to introduce the current
and future eGovernment applications to the Belgian population while raising awareness on the
various uses of the eID card, as well as on its user-friendliness.
The ePolice office or 'Police-on-Web' service allows Belgian citizens to report a number of crimes to
the police online 24 hours a day. To register an eComplaint, people need to use their eID card or
token. Any violent or dangerous crime requiring an immediate police response should be reported to
the police in the usual manner.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                        2
                                                                                   Bulgaria
Highlight
The ePortal provides access to more than 1300 services in various ministries, agencies and
municipalities. Although most of the available eGovernment services on the portal provide
information, some of them do require the use of special smart cards containing personal electronic
signatures, provided by the State-owned company Informatsionno Obsluzhvane (Information Services
Plc).

Law, Policy & Strategy
In October 2008, the Bulgarian Government approved a new health strategy, pursuing the
introduction of eHealth cards by 2013. Each eHealth card is equipped with a microchip that stores
data about the patient and the issuer, including the card number, as well as a security certificate.
In March 2001, the national Assembly adopted the Law on Electronic Document and Electronic
Signature, amended in 2011.

Implementation & Research
In May 2007, the Bulgarian Government announced its intention for a new generation of personal ID
cards to be issued from 31 October 2007. The new eDocuments would look similar to the previous
Bulgarian identity card and they would carry biometric information in the shape of either a
thumbprint or retina scan. The eID cards were also set to contain a unique digital certificate to be
issued by the Government. The card’s use could be further extended in the future to make it a general
access document enabling online voting, payment of insurance and taxes, updating of health records
and registration of property and cars.
The new cards aim to improve security while speeding up procedures at customs' controls.
Informatsionno Obsluzhvane (Information Services Plc) is a State-owned company providing personal
electronic signatures contained in special smart cards used by individuals and businesses for accessing
eGovernment services.
In parallel, Bulgaria started issuing its first electronic health cards as part of the pilot project launched
by the Ministry of Health and the National Health Insurance Fund (NHIF) in February 2007. Each
eHealth card is equipped with a microchip that stores data about the patient and the issuer, including
the card number and a security certificate. With this information, the patient’s insurance status and
his/her assignment to a General Practitioner can be automatically checked. In addition, electronic
prescriptions for medications covered by the Bulgarian health insurance fund will be recorded on the
chip.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                         3
                                                                                    Cyprus
Highlight
In March 2008, the Cypriot Government initiated the procedures to introduce electronic identifica-
tion/authentication (eID, smart cards) for public services in order to realise seamless access to public
services across borders. eID standardisation/interoperability is essential in order to put in place key
pan-European services, such as cross-border company registration, electronic public procurement, job
search, eVoting, eHealth etc.

Law, Policy & Strategy
The Legal Framework for Electronic Signatures and for relevant matters Law (N. 188(I)/2004)
implements the European Directive 1999/93/EC regarding the EU Framework for Electronic
Signatures. The Law effectively establishes the legal framework governing electronic signatures and
certain certification services for the purpose of facilitating the use of electronic signatures and their
legal recognition. It does not, however, cover aspects related to the conclusion and validity of
contracts or other legal obligations which are governed by requirements, as regards their form.
Furthermore, it does not affect rules and limitations in relation to the use of documents provided by
other applicable legislation in force. Based on the provisions of this Law, regulations may be issued so
as to define additional requirements, amongst other, for the use of electronic signatures in the public
sector.




                The pan-European eID Factsheet – European eID Observatory at ePractice                      4
                                                         Czech Republic
Highlight
eSignature and eStamp authentication services were introduced in July 2006. The aim was to provide
all public bodies with an effective authentication system.

Law, Policy & Strategy
The Act on Electronic Actions and Authorised Document Conversion (No.300/2008 Coll.), also referred
to as the 'Czech eGovernment Act', was adopted on 17 July 2008 and entered into force on 1 July
2009. It accords electronic and hardcopy documents the same legal status, enables the authorised
conversion of hardcopy documents and sets out provisions for the use of certified eSignatures. The
Act states that each eDocument has to have an authenticated eSignature, as well as a time stamp to
show when the document was signed. In dealings with public authorities, the certified eSignature has
the same value in certifying official documents as a hand-written signature.
Electronic signatures are one of the main tools for the identification of persons and for the
authentication of documents in the Internet environment. As the Public Administration’s central body
competent for electronic signatures, the Ministry of the Interior conducts regulatory, supervisory and
accreditation activities with regard to electronic signature products and providers in the Czech
Republic. The Ministry supervises the Act, oversees compliance with obligations laid down in the law
and provides support when electronic signatures are introduced in amendments to other legal
regulations, thus enabling the use of electronic signatures in the PA.

Implementation & Research
The identification of persons, the authentication of documents in the Internet environment and
access to several transactional electronic public services are based on electronic signatures. Currently,
there are three certification service providers (First Certification Authority, Czech Post and eIdentity)
accredited by the Government to issue eSignatures (qualified certificates, qualified system certificates
and qualified time stamps) valid for communicating and transacting with the Public Administration.
Their qualified certificates can be used for online transactions. eSignatures based on non-qualified
certificates issued by other businesses can only be used for commercial services.
Following a testing period, Czech authorities launched a first version of the Czech electronic passport
at full scale in September 2006. On 1 April 2009, authorities started rolling out new electronic
passports which featured a chip that contained two biometric identifiers. Issued in compliance with
the requirements laid down in the European Union regulation regarding passport security and
biometrics, the passports include new security features such as intricate designs and complex
watermarks, as well as a chip and an antenna. The chip stores the electronic facial scan of the holder,
in addition to personal details. Facial recognition maps various features. The addition of fingerprint
details on the chip is being planned for a later stage.




                The pan-European eID Factsheet – European eID Observatory at ePractice                      5
                                                                            Denmark
Highlight
In Denmark, no plans have been formulated for introducing card-based electronic identities.
However, there is a new digital signature launched in 2010.

Law, Policy & Strategy
The Danish Government launched an ambitious programme to issue free digital signatures as a means
of user authentication for all citizens, with a view to accelerate the take-up of eGovernment services.
Through the scheme, Danish citizens are issued a free software-based digital signature (OCES – Public
Certificate for Electronic Services) providing sufficient security for most public and private sector
transactions. Launched in early 2003, the scheme aimed at distributing 1.3 million digital signatures
after four years and, ultimately, at providing all Danes with digital signatures. The official Danish
eSignature may have up to a four year-term validity.
The Act on Electronic Signature entered into force in October 2000. It implements the EU Directive on
a Community Framework for Electronic Signatures (1999/93/EC). The definitions of “advanced” and
“qualified” electronic signature under the Danish law are very close to those of the European
Directive. Advanced and qualified electronic signatures cannot be issued to legal entities under the
Danish law. The Danish Government has set up an official digital signature scheme, whereby all
citizens are due to receive the OCES.
The Act on Processing of Personal Data entered into force on 1 July 2000 in order to implement
Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and
on the free movement of such data. It furthermore allows individuals to access their records held by
public and private bodies. The Act is enforced by the Datatilsynet (Data Protection Agency).

Implementation & Research
Until recently, no qualified eSignatures (i.e. advanced electronic signatures created by a secure
signature-creation device and based on a qualified certificate) were offered in Denmark, as it appears
that for long time no such need had arisen. Furthermore, the fact that people do not have to identify
themselves in person to get an OCES signature (contrarily to qualified eSignatures) has not led to any
known abuse of eGovernment applications or other applications using OCES signatures. In July 2010,
the new digital signature was launched.




                The pan-European eID Factsheet – European eID Observatory at ePractice                    6
                                                                                  Estonia
Highlight
Estonia started issuing national eID cards in January 2002. The card fulfils the requirements of
Estonia’s Digital Signatures Act and it is mandatory for all Estonian citizens and residing foreigners
over 15 years of age. It is meant to be the primary document for identifying citizens and residents. Its
functions are used in any form of business, governmental or private communications. It is
furthermore a valid travel document within the EU. It advanced electronic functions facilitating secure
authentication and providing legally binding digital signature for public and private online services.

Law, Policy & Strategy
The Digital Signature Act (2001) grants similar legal value to digital and handwritten signatures while
setting an obligation for all public institutions to accept digitally signed documents.
In 2006, the DSA was amended. A clear reference to a Secure Signature-Creation Device (SSCD) was
made, as required in the EU Directive 1999/93/EC on a Community framework for electronic
signatures. The aim of the SSCD is to ensure the functionality of advanced electronic signatures.
The Act was also amended in December 2007 while its last amendment took place in December 2010.

Implementation & Research
In February 2011, the Estonian Police and Border Guard (Politsei- ja Piirivalveamet) made available a
new type of digital identity, the mobile-ID, which enables users to provide electronic identification
and a digital signature using a mobile phone. To apply for a mobile-ID, a person must have a valid ID-
card, PIN codes and a card reader and must have a contract with a mobile service provider which
provides him with a SIM card. The mobile-ID can be obtained through an electronic application on the
website of the Police and Border Guard. Mobile-ID certificates are valid for three years. The mobile-ID
can also be used for electronic voting in elections. The project 'Mobile applications for identity card
issuance and the creation of a technical solution' is funded by the EU's structural support of the
European Regional Development Fund (ERDF)
Citizens can log in the self-service employment portal, launched by the Estonian Unemployment
Insurance Fund, by using their ID-card or mobile-ID and then create their own CV, apply for jobs,
manage their own work requests, review the statements made to the Unemployment Insurance Fund
about the outcomes and decisions, and inform them of any changes to their data or situation. By
using their ID-card or mobile-ID to log in, employers can manage their own company's job offers and
search for suitable candidates among the users of the self-service environment. In addition, it is
possible to apply for severance packages.
Diara is an open source application that allows public administrations to use the Internet in order to
organise polls, referenda, petitions, public inquiries as well as to record electronic votes using eID
cards; its first version went online at the end of August 2010. The application was developed with the
support of the city of Tallinn and of the Estonian College of Technology and was made available at the
OSOR Forge.
The VOLIS pilot project – an Internet-based information system for local governments – was launched
in the municipality of Jõgeva on 11 June 2010. Registered users can access the VOLIS system via their
ID-card or by using SIM card-based identification through their mobile phones (Mobile-ID).




                The pan-European eID Factsheet – European eID Observatory at ePractice                     7
                                                                                   Finland
Highlight
The Population Register Centre, the Certification Authority mandated by the Finnish Government
created an electronic identity for Finnish citizens when providing them with a personal identity code
that allows identifying Finnish citizens and foreign citizens permanently residing in Finland. The
Citizen Certificate is an electronic identity. At the moment, this certificate may be attached to the chip
ID card (FINEID), the chip embedded Visa Electron card issued by the OP Bank Group and the SIM card
of a mobile telephone. The Population Register Centre also issues Organisation Cards to companies
and legal persons.

Law, Policy & Strategy
The Act on Strong Electronic Identification and Electronic Signatures entered into force on 1
September 2009 replacing the Act on Electronic Signatures issued in 2003. The objective of the new
Act is to create common rules for the provision of strong electronic identification services. It will
likewise promote the provision of identification services and the use of electronic signatures. The Act
is founded on the principle that users must be able to trust information security and protection of
privacy when they use strong electronic identification services.
As from 29 June 2009, all new passports issued in Finland include fingerprints stored on the chip to
help improve passport security and contribute to establishing a more reliable link between the travel
document and its holder. The aim of registration is to protect people's identity, improve personal
security and prevent identity misuse that violates the right to privacy.

Implementation & Research
Launched in 1999, the Finnish Electronic ID Card is a smart card featuring the holder's photograph and
containing a microchip that stores the user's eNumber. In addition to normal identification, the
FINEID card can be used for electronic transactions and as an official travel document for Finnish
citizens in the Nordic countries and 27 other European countries. FINEID is a secure network key for
all online services which require identification of a person. It can also be used for making an official
electronic signature and for encrypting email messages and attachments. The card’s chip was indeed
upgraded to enable the use of fully functional digital signatures. Furthermore, since June 2004,
citizens have been able to choose to have their health insurance data included in their eID card
instead of the health insurance card (KELA card), with a view to carry one card instead of two.
First presented by the Population Register and telecom operator Sonera in November 2004, the
Mobile Citizen Certificate is a Government-guaranteed electronic identity designed to enable secure
mGovernment and mCommerce transactions. The Citizen Certificate is included in a SIM card,
allowing mobile phone users to easily identify themselves with a single code. In addition to user
identification, the certificate also ensures authentication and confidentiality of the exchanged data, as
well as information integrity and delivery of the message. This mobile service provides Finnish citizens
with a secure alternative to the eID card for carrying out a number of transactions with public and
private bodies.
In October 2006, chip ID cards for government employees started being adopted throughout the
Central Government. These cards contain a qualified certificate enabling identification for logging
onto information networks, the authentication of network users, and the encryption of email and
other documents, while providing a binding and undisputable electronic signature, as specified in
Finnish legislation.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                      8
                                                                                    France
Highlight
Digital France 2012, the Development Plan for the Digital Economy by 2012, provided for the
deployment of the eID card as of 2009. The card is based on a highly secured eSignature standard. It is
meant to facilitate the direct participation of citizens in the public decision-making process (e.g.
online consultations and petitions).

Law, Policy & Strategy
In October 2008, the Secretary of State to the French Prime Minister, responsible for the
Development of the Digital Economy, unveils ‘Digital France 2012’, the country’s action plan for the
development of the Digital Economy by 2012. The enhancement of digital trust stands as a priority
aspect of the Development Plan. Among other key measures, the plan provides for the deployment,
as of 2009, of an electronic identity card (eID) on the basis of a highly secured eSignature standard.
The electronic services provided online to citizens and enterprises via the portal www.service-public.fr
are supported by one common electronic signature solution. The legal basis for this solution is the
ordinance on electronic interactions between public services users and public authorities and among
public authorities of 8 December 2005.

Implementation & Research
The French Government launched an electronic ID card project called INES (‘Identité Nationale
Electronique Sécurisée’, or ‘Secure Electronic National Identity’), which was endorsed by the Prime
Minister on 11 April 2005. In line with the Government’s initial plans, the future French eID card
would have been fitted with a chip containing all identity information of the holder, two biometric
identifiers (facial image and probably fingerprints), and an electronic signature allowing secure access
to both eGovernment and eBusiness services and transactions. French citizens would have had to pay
a fee for obtaining the new electronic document, which was planned to be mandatory.
In 2005 a wide-ranging review was proposed, in particular to better address privacy and security
issues. New orientations were announced, among which an Identity-related services module
containing an authentication certificate and an eSignature field. Access to the biometric database
would be strictly regulated and would not be possible out of judiciary proceedings. Lastly, holding an
eID card would not be compulsory.
Another major eIdentification and eAuthentication tool is the latest generation of health cards that
started being issued at the beginning of 2007.
In April 2006, the Ministry for Internal Affairs announced the calendar for the introduction of the first
electronic passports in France, due to be progressively introduced between April and July 2006.
Embedded with a contact-less chip, the French ePassport contains the digitalised photograph of its
owner. The passport is intended to be more than a simple travel document; it could be used for the
fulfilment of administrative formalities in the future. On 28 June 2009, the electronic passports were
replaced by the biometric passports containing in addition the holder’s digitised fingerprints.




                The pan-European eID Factsheet – European eID Observatory at ePractice                      9
                                                                              Germany
Highlight
On 5 May 2010, the new German electronic identity card project (Neuer Personalausweis) received
the European Identity Award 2010 in the category 'eGovernment/eHealth'. The prize was handed
over to the representative of the German Ministry of the Interior in the frame of the European
Identity Conference 2010 which was held in Munich from 4 to 7 May 2010.

Law, Policy & Strategy
In March 2005, the German Federal Government presented a common 'eCard' strategy providing a
common strategic framework for a number of eGovernment smart card initiatives in the areas of
citizen identification, social security information and health insurance services. The common strategy
coordinates the different federal eCard initiatives, as well as the access to important databases and
services in the areas of social security and tax procedures.
On 15 April 2008, the Federal Government adopted the General Administrative Regulation Governing
the Electronic Office ID Card, to replace the traditional paper ID cards by tamper-proof chip cards
offering the possibility of integrating intra- and inter-agency services, such as time and attendance
recording as well as electronic signatures, which so far have not been offered on a single uniform
card.
The legal basis of the conventional German Identity Cards is laid down by the Law on the Personal
Identity Card, on Electronic Identity Verification and on changes regarding further provisions.
In June 2007, revision of the Passport Act was approved by the Federal Council, laying down the legal
foundation for the electronic Passports of the second generation, which started being issued, as
initially scheduled, on 1 November 2007. In addition to the digital facial image, the new passports also
feature two fingerprints in digital format. According to the Passport Act, those fingerprints are to be
stored exclusively on the passport’s microchip, and they should in no case be stored locally on
issuance authorities systems or in any other central database.

Implementation & Research
Germany's new identity card was launched on 1 November 2010. It is credit-card sized and made of
polycarbonate; being more advanced than the previous model the new identity card offers many new
features and capabilities for the online world. It makes it possible for individual card holders to access
online services from any place and at any time with the use of a secret PIN, in case these services are
offered online. Optionally, the new ID card can be used for signing electronically digital documents
such as contracts or proxies.
The eID cards also include optional electronic signature functionality. Used in place of the traditional
ones, electronic signatures are aimed at facilitating the card’s owner to perform legally binding
actions on the Internet, such as online signing of contracts. In the light of the release of the new eID
card, a group of selected IT companies will provide the cardholders with an IT-Security toolkit. It will
contain a secure chip card reader, information about the use of the new eID and the electronic health
cards, as well as assembled components made by the companies, such as access to web-based
applications or antivirus software.
Germany was among the first countries to introduce the electronic Passport (ePass), which started
being issued in November 2005. It was developed to comply with the Council Regulation (EC) No
2252/2004 and was equipped with a microchip, holding owner’s data, such as name, date of birth and
nationality. Beyond traditionally relevant data, a digital facial image of the owner was also stored on
the microchip.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                      10
                                                                                   Greece
Highlight
There is currently no central eIdentification infrastructure for eGovernment in Greece. However,
some initial plans for the issuance of eID cards have been presented by the Ministry of National
Health and Social Solidarity and the Ministry of Labour and Social Insurance.

Law, Policy & Strategy
The Draft Law on eGovernment is the first pure legislative step in the Greek legal system in this field.
The draft law focuses among others on the management of electronic transactions, while ensuring
conditions for the legal and evidentiary value of electronic documents.
The Digital Authentication Framework sets the standards, the procedures and the technologies
required for the registration, identification and authentication of the eGovernment services users,
including citizens, businesses, public authorities and civil servants. It also aims at creating an
integrated and coherent set of policies, regarding Digital Certificates and Public Key Infrastructures.
During March 2006, the Hellenic Public Administration Root Certification Authority (HPARCA) was
established (Law No. 3448, Government Gazette 57/A’/15-3-2006), and on 10 November of the same
year it was issued the HPARCA Certification Practices Statement (Government Gazette 1654/B’/10-11-
2006). The HPARCA agency belongs to the Ministry of Interior, Decentralisation and eGovernment and
is the primary certification authority, responsible for the definition of policy and coordination of other
public agencies that provide certification services. The establishment of a unique root certification
authority for defining certificate policies and standards shall minimise interoperability issues. The
development of the National Authentification System will enable interoperable, digital transactions of
all types, will save considerable financial resources to the Government and – the most important –
will stimulate the evolution of the Public Administration from a group of independently operating
Agencies to a network of interoperable and collaborative Public Services that are communicating
constantly with obvious benefits for the citizens and businesses.

Implementation & Research
The first stage of the plan for the issuance of eID cards has been accomplished with the allocation of
the Social Security Registration Number (AMKA) to every citizen. Following, the second stage was
realised in 2010 with the accomplishment of the electronic Prescription programme, which foresees
that production, distribution and control of prescriptions and referrals for medical instruments is
carried out through the use of computers and electronic means, in such a way that ensures the
reliability, security and transparency of the information handled.
The National Portal ‘Ermis’ aims to provide integrated and secure eGovernment services at all levels,
from a central point, thus becoming the benchmark of the National System Authentication. Through
the new authentication system, the user, citizen or enterprise, will submit with an electronic
signature, a request to the portal. The request will then be identified and initiated by the appropriate
agency. By this way the security, validity and legality of digital transactions are being ensured.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                      11
                                                                              Hungary
Highlight
Since April 2005, Hungary has a comprehensive central identification solution (Client Gate) for the
identification of citizens for electronic transactions carried out between public authorities and
citizens. However, there has not yet been a comprehensive solution for the identification of citizens in
electronic transactions carried out between public authorities.

Law, Policy & Strategy
A new law adopted in Hungary in February 2008 will see the introduction of the ‘ePost Office’ for legal
documents sent via electronic mail. The new bill introduces a novel independent agent to act as a go-
between for judicial authorities and their clients – the ePost Office. E-mails of a legal nature will be
delivered to the ePost Office which will then notify the recipient either via ordinary e-mail, or text
message to a mobile phone. In order to consult the documents in question, the recipient must first
use an official eSignature to send an acknowledgement of receipt to the sender.
Among the eGovernment regulations laid down in Government decrees and resolutions passed
between 2004 and 2008 figure the Act on Electronic Signature (2001) and the Government Decree
194/2005 (IX. 22.) on the requirements of electronic signatures and certificates used in (actions of)
public administration and Certification Service Providers issuing those certificates.

Implementation & Research
In October 2002, in order to enable user identification, the Hungarian Government launched a range
of initiatives aimed at setting up a smart card infrastructure for eServices provided by central and
local administrations.
The Client Gate is the electronic client access and identification system accessible via the Hungarian
eGovernment portal. It is a gateway allowing users to securely identify themselves online and gain
access to any transactional government service available. The updated system is planned to facilitate
the introduction of new public and healthcare services, as well as the adoption of even more user
friendly applications. Client Gate II is to be implemented thanks to approximately € 16 million of full
EU support in 2009. The development also includes the establishment of physical access points
throughout Hungary where people will be provided with information on how to use the Client Gate.
The Client Gate has been operating since April 2005 and has approx. 700 thousand registered users.
In October 2002, a project to identify “Detailed requirement specification for the usage of electronic
signatures and smart cards in order to ensure IT security of public administration” was launched.
Requirements and specifications for the development of the Hungarian electronic ID card (HUNEID)
and its prototype implementation were published in late 2004. In early 2008, the HUNEID
specification was upgraded in accordance with the European Citizen Card specification.
The Hungarian passports issued after 28 June 2009 will contain one of their owner's fingerprints. This
new biometric identifier comes in addition to the facial image which has already been stored in the
chip of the current version of the passport. This is the result of a decision of the Hungarian
Government made in compliance with the EU deadlines. The inclusion of the fingerprint is expected
to render the use of the passports more secure and to minimise misuse risks.




                The pan-European eID Factsheet – European eID Observatory at ePractice                     12
                                                                                   Ireland
Highlight
The Department of Finance is currently evaluating software to build a Single View of all public service
identity repositories. This will be used for data quality purposes and to support a new online
authentication service.

Law, Policy & Strategy
The Electronic Commerce Act 2000, which was voted on 20 September 2000, implements the EU
Directive on a Community framework for electronic signatures (1999/93/EC). The Act provides (with
some exceptions) for the legal recognition of electronic signatures, electronic writing and electronic
contracts. It authorises the use of encryption and sets the rights and obligations of Certification
Service Providers (CSPs).

Implementation & Research
The Public Service Card (PSC) ensures that people can access public services across a number of
channels, with a minimum of duplication while preserving their privacy to the maximum extent
possible. According to a February 2011 Department of Social Protection press release, approximately
three million PSCs will start to be issued in the coming months to people over 16 who can access
public services. Issuing a PSC will involve a registration process which will include the collection of a
photograph and signature. PSCs will replace cards currently in use, such as the Social Services Card
and the Free Travel card, with highly secure cards featuring laser engraving personalisation, a contact
chip, a signature, a photograph and an expiry date. The facilities for the production and issue of the
PSC are now in place and undergoing final testing. The first test cards were produced as scheduled in
December 2010.
The Personal Public Service Number (PPSN) is a common identification number used for taxation and
social welfare purposes which is gradually being extended across the public service in the interest of
improving customer service. It is mandatorily assigned to every Irish child at birth.
PAYE is based on the use of a Personal Identification Number. The Revenue Commissioners PAYE
Anytime Service provides a means for PAYE customers to: view their tax record; claim a wide range of
tax credits; apply for tax refunds including health expenses; update an address; declare additional
income; request a review of tax liability for previous years; re-allocate credits between spouses; track
correspondence submitted to Revenue.
The Revenue Commissioners also provide a Revenue Online Service (ROS) for business customers.
This system provides a means for business customers to file returns online; make payments by laser
card, debit instruction or online banking (Online Banking applies to Income Tax only); obtain online
details of personal/clients Revenue Accounts; calculate tax liability; conduct business electronically;
claim repayments. The ROS service is based on qualified electronic signatures.
In October 2006, the Passport Office within the Department of Foreign Affairs started issuing the Irish
electronic passport (ePassport). A chip securely stores biographical information which is visually
displayed on the data page of the passport and a digital image of the photograph which facilitates the
use of facial recognition technology at ports-of-entry. The chip incorporates digital signature
technology to verify the authenticity of the data stored on the chip. The Irish ePassport facilitates
facial measurements which can be used with facial recognition technology to verify the identity of a
bearer.




                The pan-European eID Factsheet – European eID Observatory at ePractice                      13
                                                                                           Italy
Highlight
In order to enable citizens to securely access eGovernment services even before the widespread
dissemination of electronic ID cards, the Italian Government has also developed the National Services
Card (CNS). It is a smart card allowing for the secured identification of citizens online.

Law, Policy & Strategy
The Strategic Plan for Innovation presented in 2008 and amended in January 2009 aims to promote
innovation also through law and standards: amendments to the eGovernment Code on issues such as
the medical certificates online, electronic prescriptions, online advertising on institutional sites, the
electronic identity card and the National services card, the VoIP -Voice over IP- and the Public
Connectivity System -SPC.
The ‘Innovation Directive' encourages the public authorities to allow citizens to electronically interact
within the administration by systematically providing them with a password and a pin code, as long as
the eID card and the national services card are not fully rolled out.
In February 2004, the Council of Ministers adopts a decree on the introduction of the National
Services Card (CNS), a smart card for accessing eGovernment services. The CNS is meant to enable
people that do not – or not yet – own an electronic ID card to securely use ePublic services. Contrarily
to the eID card, the CNS will not constitute a 'proof of identity' and will thus not be a legal identity
document.
Italy has been among the first EU countries to give full legal value to electronic signatures. The Law
no.59 of 15 March 1997 on the simplification of the Public Administration provided in its article 15
that the use of electronic means would be legally valid for administrative procedures. Rules regarding
the use of electronic signatures and documents were further detailed in a series of presidential and
government decrees adopted between 1997 and 2001. The Legislative Decree no.10 of 23 January
2002 brought the Italian electronic signature regulations into line with the Directive 1999/93/EC on a
Community framework for electronic signatures.

Implementation & Research
The Italian eID card comprises a microchip, an optical memory and an ICAO machine readable zone
for the use of the card as a travel document. It contains a set of personal data, including the holder's
fiscal code, blood group and fingerprint scans. The personal data, biometric key and digital signature
are only stored on the card. In accordance with data protection legislation, this data is not kept on
any central database and can only be released and used if the holder gives his/her permission by
inserting a PIN code. The cardholder’s fingerprint template is stored in both the microchip and the
optical memory and does not allow fingerprint reconstruction. The CNS is only used in ICT-based
services as an instrument of entity authentication. It can also be used to sign electronic documents
with a qualified signature, as it contains not only an entity authentication certificate but also a
qualified signature certificate.
Since 2009, Italy is gradually entering phase II of the implementation of the European Union's Council
Regulation (EC) No 2252/2004 of 13 December 2004 on “standards for security features and
biometrics in passports and travel documents issued by Member States”. Phase I – concluded in 2006
– marked the inclusion in the new passports of a first biometric identifier, the holder's facial image in
the International Civil Aviation Organization (ICAO) format.




                The pan-European eID Factsheet – European eID Observatory at ePractice                      14
                                                                                       Latvia
Highlight
According to the Latvian Minister of eGovernment Affairs, the number of eSignature smart cards
requested by public institutions is growing, but there appears to be a certain amount of reluctance on
the part of civil servants. Data shows that currently only a few public authorities offer services for
eSignature holder.

Law, Policy & Strategy
The Draft eGovernment Development Plan for 2010–2013 provides activities linked to with electronic
identification cards usability as well as projects ensuring possibilities to provide user identity
verification system, for example, submitting income statements electronically. Activities of the Draft
eGovernment Development Plan will be implemented in the frame of projects funded by the
European Regional Development Fund, European Social Fund, the Latvian and Swiss cooperation
programme funds, as well as by National Budget.
On 10 December 2008, the Secretariat of the Latvian Special Assignments Minister for Electronic
Government Affairs unveils the eID card solution which will be introduced in Latvia in the upcoming
years. According to the so-called “eID card concept”, the Latvian eID card will be used for proving
one’s identity in an electronic environment, accessing multi-sectoral eServices and securely signing
eDocuments. Moreover, the card, whose features will comply with the recommendations of the
International Civil Aviation Organization (ICAO) and the relevant regulations of the European Union
(EU), will also serve as a travel document, valid at both national and EU levels. In line with the planned
issuance process, the first eID cards could be rolled-out in the first half of 2010.
The Personal Identification Documents Law was adopted in May 2002. It states that identification
documents shall contain a machine readable zone. Moreover, in 2004, the Cabinet of Ministers
adopted a Regulation ‘On the citizen’s identity cards, non-citizens identity cards, citizen’s passports,
non-citizens passports and stateless person’s travel documents’, which among other things provides
for the inclusion of electronic chips in future identity cards.

Implementation & Research
On 10 February 2010 the Cabinet of Ministers of Latvia approved the eID card conception for the
introduction of a national eID card; its implementation will take place from the 2011. eID cards will
not only serve the identification of people travelling abroad or visiting public or municipal institutions;
they will also enable authentication in the electronic environment. The Ministry of the Interior of
Latvia, Office of Citizenship and Migration Affairs, is in charge of issuing the eID cards while the
selected private partner after following a tendering procedure will deliver the relevant certification
services. The implementation of the Conception will considerably boost the use of eSignature and
eAuthentication, thus promoting eGovernment services. It is foreseen that in 2013 about 700 000
inhabitants of Latvia will receive eID cards. Overall conception needs to be completed until 2014. The
estimated cost for the introduction of this solution within a four-year period is approx. 1 210 000
million lats (approximately € 2 850 000 million), including EU structural funds co-financing 1 050 000
million lats (€ 1 420 000). The target is to have produced two million cards by 2013. Price of one ID
card will be approximately 10–15 lats (€ 14–21).




                 The pan-European eID Factsheet – European eID Observatory at ePractice                       15
                                                                            Lithuania
Highlight
On 1 January 2009, the Migration Office starts accepting applications for the new personal identity
cards (ID cards). The cards are used to identify a person by allowing eSignatures of documents based
on a qualified certificate. The new ID card has both contact and contact-less chips integrated. The
contact chip will hold a person’s identification certificate and a qualified certificate for eSignature,
issued by the Residents’ Registry Service under the Ministry of Interior. The contact-less chip will carry
biometric data, such as facial image and fingerprints.

Law, Policy & Strategy
Passed on 11 July 2000, the law regulates the creation, verification and validity of electronic
signatures, the rights and obligations of signature users, the requirements for certification services
and certification service providers, as well as the rights and functions of the institution of electronic
signature supervision.
It is compliant with the EU Directive on a 'Community framework for electronic signatures'
(1999/93/EC). The concept of a 'secure eSignature' stated in Lithuanian law is identical to the notion
of an 'advanced eSignature' referred to in the Directive. A secure eSignature, created by a secure
eSignature-creation-device based on a valid qualified certificate is granted the same legal effect as
that of a hand-written signature on written documents. It is also admissible as evidence before a
court of law.
An amendment to the law on electronic signature was adopted in 2002, which establishes that, in all
cases, an electronic signature shall have the legal power of a hand-written signature, provided that
the signature users reach an agreement among themselves. In this way, the notion of a 'contractual
electronic signature' was introduced in Lithuanian law. The law does not include any specific
requirements for the use of electronic signatures in the public sector.

Implementation & Research
In November 2007, the special government-backed multi-stakeholder eSignature Initiation
Programme (E3P) enabled Lithuanians to sign electronically using a mobile phone with a new
eSignature-compliant SIM card. Two codes, known only to the user, protect the ID key contained in
the telephone from illegal use.
Two projects related to eID management were implemented in Lithuania in 2008. The first resulted in
a new type of civil servants’ IDs, issued in September 2008, while the second one was aimed at
creating an eID infrastructure, which provided interoperability at national and European levels. The
result is a new type of Personal Identity card, issued since January 2009 and equipped with contact
and contactless chips. The contactless chip stores biometric data, namely, a face image and
fingerprints. The new cards are also to be used for online public and commercial services via the
eGovernment portal and other public institutions’ portals.
Since November 2007, it has been possible to sign documents electronically using a mobile phone
with a new eSignature-compliant SIM card. Those who wish to take advantage of the mobile
eSignature need to replace their SIM card and sign an eIdentity agreement. Two codes, known only to
the user, protect the ID key contained in the telephone from illegal use.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                      16
                                                                  Luxembourg
Law, Policy & Strategy
The progressive introduction of biometric documents in Europe forces the Member States to have
highly secure certification services in order to protect their official documents. Consequently,
LuxTrust will adhere to the relevant international standards in order to be in a position to protect the
biometric documents issued in Luxembourg. This will at first apply to the new biometric passports.

Implementation & Research
There is currently a central eIdentity infrastructure in Luxembourg that provides an electronic ID card,
LuxTrust S.A., a public/private partnership, created in 2003, to manage the development of a common
Public Key Infrastructure (PKI) in order to secure eCommerce and eGovernment in Luxembourg. The
consortium that was awarded the PKI contract was presented in July 2006. An infrastructure created
by reputable businesses and based upon a public-private partnership should incite more local
enterprises to enter the field of eCommerce.




                The pan-European eID Factsheet – European eID Observatory at ePractice                     17
                                                                                          Malta
Highlight
In March 2004, the Maltese Government launched its ‘Electronic Identity’; a secure key network that
enables citizens to access a number of interactive and transactional eServices requiring strong
identification such as VAT, tax and company-related services, as well as social services, online
passport requests, or online ePayment Gateway. The Electronic Identity is based on the
internationally recognised four-tier security model. The eID is free of charge, available to all ID Card
holders and it does not expire.

Law, Policy & Strategy
The Electronic Commerce Act, and especially Part V, transposed into Maltese law the EU Directive
1999/93/EC on a Community framework for electronic signatures. It provides the legal basis for the
introduction of electronic signatures in eGovernment applications.
There is currently no overall eGovernment legislation in Malta. The National ICT Strategy 2008–2010
has foreseen the enactment of fragmented eGovernment legislation to provide a concrete equal
footing for the electronic filing of documents, accessibility for disabled persons, security, the
regulation for the use of Smart ID cards, and so on. The National ICT Strategy for Malta 2008–2010
was launched in December 2007. Stream 5 of the National ICT rested, among other, on the goal of
National identity management, where digital certificates and electronic signatures within a
consolidated national framework will enable the Government to deliver management products like
Smart e-ID cards and ePassports, as well as services such as contract signing and electronic filing of
sensitive documents.

 Implementation & Research
As of March 2007, the eID had already been implemented and launched up to the second level. The
third level, which consists of a soft PKI digital certificate, has been implemented as well.
Citizens can apply for an Electronic Identity by presenting themselves at an eID Registration Office of
Valletta or Rabat (for Gozo) with a copy of their paper ID card and a valid email address. After
corroborating his/her identity, the Registration Authority will send the applicant a username,
password, and a secure PIN activation code that are unique to the user. The eID offers a simple
method of identification and authentication to access the eGovernment services provided on the
‘mygov.mt’ portal. The eID number and password are used to log in, whereas the PIN activation code
is used to sign for the first time into ‘mygov.mt’, to activate one’s eID account.
The eID Card or Smart ID Card will mark the fourth level of the eID and thus provide each person in
Malta with a very secure way of conducting eGovernment, signing electronic documents and
authenticating oneself in the digital world. In parallel, a national electronic register of persons will be
developed based on the registration process of the eID Card.
Malta's new upgraded ePassport system with Extended Access Control (EAC) capability went live on
the 28 June 2010. This new solution delivers a higher level of security and access control, in
accordance with EU regulation for all Schengen Member States with the addition of a second
biometric – two fingerprints – to the data already stored on the chip. Its delivery is a key milestone in
the Government's ongoing strategic identity management plan. Fully integrated with Malta's existing
National Identity Management System (NIDMS), EAC capability has initially been launched in Malta
and Gozo and then rolled out across all embassy sites.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                       18
                                                                     Netherlands
Highlight
The eID infrastructure for businesses, eRecognition (eHerkenning), became available. eRecognition
will be used for electronic communication between businesses and the government. It can also be
used for electronic communication between businesses and other businesses.

Law, Policy & Strategy
The Electronic Signature Act was published on 8 May 2003 and became effective on 21 May 2003. The
act ensures the transposition in Dutch law of the European Directive 1999/93/EC on a Community
framework for electronic signatures, and provides a firm legal basis for the deployment and use of
electronic signatures in eCommerce and eGovernment.

Implementation & Research
Authorities can use a Government-wide authentication service for their electronic services, to
electronically determine whether a particular identity is valid. DigiD is available in two different levels:
basic (user name and password: DigiD) and middle (DigiD + sms-authentication).
DigiD (Digital Identification) provides citizens with a centralised online authentication solution for
accessing eGovernment services based on a user ID and password. It is only available to people who
are registered in a municipality and possess a Citizen Service Number (CSN). DigiD is currently only
available in Dutch. It furthermore enables citizens and businesses to identify themselves with similar
identification means to all the government agencies that provide electronic services. More and more
government agencies are connecting to DigiD. As of 9 December 2010, 418 municipalities, 8 provinces
and 11 water boards were connected to DigiD. Administering bodies are also connected, including the
Tax and Customs Administration, Land Registry, UWV, Centre for Work and Income, Social Insurance
Bank and Informatie Beheer Groep. As of the end of 2010, 8.5 million private citizens had an active
DigiD with the basic security level (user name and password).
DigiD (Digital Identification) for businesses was replaced by eRecognition on 1 January 2011. It
enables private citizens and businesses to identify themselves to government agencies that provide
electronic services. This shared facility, provided by and for the Government, is able to recognise
users of electronic government services.
The new service (DigiD Authorise) was introduced in 2010 for the general public. It is a national,
collective facility allowing businesses and citizens to use authorisations for electronic government
service provision. This facility makes it possible to authorise a third person to acquire online services
provided by the government. Using the authorisation function prevents people from giving their DigiD
identification code to others, or allowing others to gain access to pre-completed details. Furthermore,
this service can be used for income tax filing.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                        19
                                                                                   Poland
Highlight
Over the past years, the few eServices requiring the use of an eSignature in Poland have not been
widely used, due to the high cost of an eSignature (at least € 60) for Polish citizens. The gradual
introduction of new eServices requiring an eSignature (e.g. tax declaration online with the new
eDeclarations system) and the replacement of the national ID cards with the new ID cards pre-
equipped with eSignatures are expected to alter this situation.

Law, Policy & Strategy
The development of a 'Multifunctional Personal Document' (MPD), which could be used as an
intelligent, PKI-ready smart card to replace the traditional plastic ID card, has been studied over the
past years. The Ministry of Interior and Administration is responsible for the MPD project. Necessary
legislative changes constitute a part of the identification documents development strategy. Adopted
on 18 September 2001, the Act on Electronic Signatures was amended in 2004 and 2005 respectively.
This Act is compliant with the EU Directive 1999/93/EC on a Community framework for electronic
signatures.
The Act on Electronic Signatures set the deadline of 1 May 2008 for the legal validity of electronic
signatures, i.e. the provision of public eServices with electronic signatures. From that date onwards,
the Polish public authorities have been obliged to accept documents and/or requests in electronic
format accompanied by an eSignature.

Implementation & Research
Each Polish citizen is obligatorily provided with two distinctive identifiers: PESEL number (General
Electronic System for Citizens Evidence) and NIP (Tax Identification Number). The PESEL Register
(General Census Electronic System) is the main reference database for individuals. It allows citizens
and entrepreneurs to access electronic services. The Tax Identification Number (NIP) is used for
entities paying taxes in Poland. The electronic ID would be based on existing identification numbers
and reference databases (PESEL for individuals and REGON for business). The Ministry of Interior and
Administration is responsible for the MPD project. Necessary legislative changes form part of an
identification documents development strategy
The second stage of the project PESEL2 will see the implementation of the ‘PL.ID’ project –
introduction of the Polish biometric ID card, scheduled for 2008–2013. The electronic ID is going to be
based on existing identification numbers and reference databases (PESEL for individuals and REGON
for business). Early May 2008 was the deadline set out in the Act on Electronic Signatures (2001) for
the Polish Government to provide services for citizens with electronic signatures.
The Polish Government has started putting in place the infrastructure to enable citizens to submit
documents electronically. The beginning of May 2008 was the deadline, as set out in the Act on
Electronic Signatures (2001), for the Polish Government to provide services for citizens with electronic
signatures. This prompted the Ministry of Interior and Administration to announce in January 2008
that an incoming correspondence box would be available for free on the Electronic Platform of Public
Administration Services website (ePUAP).




                The pan-European eID Factsheet – European eID Observatory at ePractice                     20
                                                                               Portugal
Highlight
The Citizen’s Card is the Portuguese electronic identity card (eID). It is a smart card that provides
visual identity authentication with increased security and electronic identity authentication using
biometrics and electronic signatures. According to the 2010 report 'Digitising Public Services in
Europe: Putting ambition into action – 9th Benchmark Measurement', Portugal is among only a few
countries that has abolished paper IDs in favour of smart cards, and it is one of 15 Member States that
bases its eID management system on smart cards.

Law, Policy & Strategy
Portugal’s eGovernment drive is part of its Technological Plan. Based on this plan, the action agenda
defines a set of measures, part of which are the creation of the Citizen Card. The Citizen Card
combines in one single document the identification, the social security, the national health service,
the taxpayer and the voter cards.
The Decree-Law no.7/2007 created the Citizen's Card and regulates its issuance, replacement, use and
cancellation. It also lays down the provisions for digital certificates, an electronic document which
uses a digital signature. The provisions of Decree-Law no.290-D/99, Decree-Law no.165/2004, Decree-
Law no.62/2003 and Decree-Law no.116-A/2006 shall apply to an eSignature based on a qualified
certificate, while these certificates are subject to the applicable rules and regulations pertaining to
the State Electronic Certification System (SECS).

Implementation & Research
The Citizen’s Card is a technological document that allows the holder to provide identification when
dealing with computerised services and to authenticate electronic documents. The card combines all
the keys that are indispensable for a fast and effective relationship between the citizen and a variety
of public services in one single document. The citizen card has been available since October 2008. In
mid-2010, the 'Direct Social Security' service became the latest functionality accessible via the Citizen
Card.
The new Portuguese Electronic Passport (PEP) represents the beginning of a new generation of eID
documents and adheres to the most rigorous security patterns. It preserves the features of the
current passport in the identification of its holder, but integrates innovative devices ranging from
facial recognition to the incorporation of a contactless chip. All the information contained in the chip
can only be read by specialised equipment.
The SCEE is an infrastructure of public keys which supports electronic signatures and other electronic
security services activated by public keys (algorithms). The SCEE architecture constitutes a hierarchy
of trust that guarantees the electronic security of the State and the strong digital authentication of
electronic transactions among several Public Administration services and organisations, and between
the State and citizens and businesses. The SCEE operates independently from other public key
infrastructures of a private or foreign nature. However, it allows interoperability with the
infrastructures that fulfil the necessary rigorous authentication requirements through adequate
technical mechanisms and compatibility in terms of certification policies, primarily within the scope of
the EU Member States.




                The pan-European eID Factsheet – European eID Observatory at ePractice                      21
                                                                              Romania
Law, Policy & Strategy
Law no.455/2001 grants to eSignature the same legal status of a written signature. This effectively
places electronic and printed data on an equal footing and allows electronic data to be admitted as
evidence in court in the event of a dispute. The Ministry of Communications and Information Society
(MCSI) is the authority in charge of the regulation of eSignatures. By Order no. 54 of the Minister of
Communications and Information Society, the procedure for approving, delaying and recalling the
decision of accreditation of the certification services providers is also defined (OJ no.209/
11.03.2005).

Implementation & Research
The project ‘Integrated National System Introduction and Update of Information Relating to Personal
Records’ has since 1 March 2011, acquired the green light after the Minister for Communications and
of Interior signed a contract for financing it with structural funds. The project's implementation period
is 19 months. The creation of such a system presupposes the issuance and management of identity
documents in accordance with Romanian legislation with European Union recommendations. The
project, by implementing IT, targets to a number of breakthroughs: be able to issue various
certificates, like identity card, civil status certificate, passport, car registration and deregistration
online; communicate to various public institutions and authorities of the identity data of certain
persons; Identify the changes occurring in the records of persons on the basis of data updates;
provide Local Registry data for evidence of people, at the request of central and local institutions and
authorities.




                The pan-European eID Factsheet – European eID Observatory at ePractice                      22
                                                                                 Slovakia
Law, Policy & Strategy
Introduction of secure electronic identification cards is necessary for transactions within
eGovernment, in order to provide more effective services for citizens and the private sector,
according to The 'Competitiveness Strategy for the Slovak Republic until 2010.
eGovernment is a key development area and a priority of the Slovak Republic, as defined by the
Information Society Strategy for 2009–2013. In order to promote the utilisation and further expansion
of eGovernment services, it is necessary to support citizens with easier access to a valid electronic
signature and to ensure that eGovernment services only require it in justified cases, in line with the
trend of reducing administrative burdens. Healthcare and education predominantly rank among the
areas of public administration with the greatest potential for the use of ICT, with a view to
transforming traditional ways of service provision.

Implementation & Research
The JIFO initiative has created new personal unique identifiers for citizens using cryptographic
algorithms and will be used within all sectors of applications (SIFO).
An eID card project has been implemented since September 2009 aiming to introduce a single eID
card as a means of identification and authentication of individuals within the domains of
eGovernment, eHealth and possibly other areas from public and private services. It is expected to
create the conditions for personalisation of eID cards and provide the necessary hardware and
software infrastructure that supports the process of collecting data from citizens and the production
of documents. Central distribution of eID cards to citizens will be facilitated. Electronic services of eID
solutions will be made available to all citizens, including those without internet access. The call was
concluded in September 2009 and implementation of the national project will continue until 2012.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                       23
                                                                              Slovenia
Highlight
The Slovenian national eID project officially started in February 2003 with the establishment of a
dedicated project group. However, the project was suspended in November 2004 and as of April
2007; the eID cards had still not been introduced. In April 2008, the Identity card Act was amended
thus providing new legal grounds for the introduction of the electronic ID card. The current Slovenian
ID card is an authentic instrument used by citizens to prove their identity and citizenship and to cross
the Slovenian borders. According to the proposals put forward by the Slovenian Government the
future eID card would incorporate several functions by combining several sensitive datasets on just
one card.

Law, Policy & Strategy
The initial version of the Electronic Commerce and Electronic Signature Act (ZEPEP) provided the legal
basis for using eSignatures and developing eServices in Slovenia. The Act amending the Electronic
Commerce and Electronic Signature Act more precisely defines the responsibilities of providers of
Information Society services and sets the conditions for the realisation of the electronic identity card
project. The Slovenian legislation literally translated the definitions of 'advanced' and 'qualified'
electronic signature of the Directive 1999/93/EC on a Community framework for electronic
signatures. As defined in the Act, the devices for secure electronic signing should comply with special
conditions regarding security and reliability.

Implementation & Research
The eID cards would include a microchip, in addition to their holders’ name and address, their
Personal Tax Number, their unique Personal Identification Number (PIN), their Healthcare Insurance
Number, the serial and register numbers of the personal ID, and possibly two digital eCertificates: one
providing access to eGovernment services, the other one for confirming healthcare insurance rights
according to pertinent healthcare and health insurance regulations. Both the Personal Identification
Number and the Personal Tax Number will be stored in encrypted form so as to prevent unauthorised
access without the citizen's consent. This eID card with microchip will be issued by government
certification authority to citizens older than 14 years.
A Public Key Infrastructure (PKI) has been deployed in Slovenia and five certification authorities
(Certificate Services Providers – CSPs) have been registered: the Ministry of Public Administration
(SIGOV-CA for Government communications and SIGEN-CA for the general public), HALCOM-CA, AC
NLB, POŠTA CA and the Ministry of Defence (SIMoD-CA). Certification Authorities in Slovenia use
different approaches in mapping a single certificate with its holder’s identification data (e.g. tax
number or Personal Registration Number) but all of them manage some connection between the user
and his/her certificate.
Slovenia has started introducing biometric passports since the end of August 2006. Beside graphic
security features, the biometric passport has a chip embedded in the data page containing the
holder's personal data and photograph. The bottom of the data page again contains the holder's
personal data intended for machine verification of authenticity of the passport.




                The pan-European eID Factsheet – European eID Observatory at ePractice                     24
                                                                                        Spain
Highlight
In 2009 nearly 10 million of citizens held a national eID card (DNIe).

Law, Policy & Strategy
The ‘Public Administration Technological Modernisation Plan 2004-2007’ (the ‘Conecta’ Plan) whose
aim was to help modernise Public Administration on the basis of eGovernment, process redesign,
inter-administrative coordination and cooperation, multi-channel service delivery to citizens and
training of civil servants. In this respect, 43 meta-projects were launched in five key areas: electronic
interactions between Public Administrations and citizens (eCertificates); eID card; citizen portal to
provide access to interactive and transactional services; a set of new services for communicating with
Public Administrations; and the improvement of the IT Infrastructure of the State Administration.
The State Secretariat of Telecommunications and the Information Society (SETSI) announced on 26
October 2009 the launch of an action plan aimed at promoting the use of the DNIe (national eID card)
among citizens and businesses to be carried out in the various Autonomous Communities (Regions)
until July 2010. A key feature of the plan is the creation of www.usatudni.es, a multichannel
information portal containing useful information for the citizens, the companies and the Public
Administration on the benefits of the DNIe and the services accessible by means of the DNIe.
In December 2003, the Parliament approved a new law on electronic signature. It established a legal
framework for the future development of a national eID card.
Law 59/2003 of 19 December 2003 on electronic signature replaced a Royal Decree of 1999 on digital
signatures. Aimed at promoting a widespread use of digital signatures for eGovernment and
eCommerce, it transposed the EU Directive 1999/93/EC on a Community framework for electronic
signatures into Spanish law.

Implementation & Research
On 22 November 2010, the Spanish National Institute of Communication Technologies (INTECO) and a
consulting company published practical guidelines for the safe use of the national electronic ID card
(eDNI) on the Internet. The document seeks to give the keys to the functioning and use of the card
while analysing the protection means it offers against attacks through the web. Finally, the guide
explains how electronic signature and electronic certification through the eDNI guarantee one's
identity as they imply compliance with a number of security and privacy criteria.
On 22 September 2009, the Spanish State Secretary for the Public Service and the Portuguese State
Secretary for Administrative Modernisation signed a collaboration agreement on the validation of the
digital certificates of both their countries. The purpose of the agreement is to make it possible for any
citizen of either country to use his/her national eCertificates for communicating and dealing with the
Public Administration of the other country. The integration of both national systems will enable the
validation of the eCertificates.
On 13 March 2009, the Council of Ministers approves a € 14 million investment in a series of actions
set to generalise the use of the national eID card and to stimulate the spread of reliable digital
services and applications. Another agreement on the promotion of the DNIe signed in June 2007 was
extended to approximately € 43 million.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                     25
                                                                                Sweden
Highlight
In 2005, the Swedish Government introduced the ‘official’ electronic ID card containing biometric
data. The new ‘national identity card’ (nationellt identitetskort) is not compulsory and does not
replace previous paper ID cards. It can be used as a proof of identity and citizenship and as a valid
travel document within the Schengen area. It complies with ICAO standards for biometric travel
documents; it is issued by the passport offices and manufactured by the same supplier as the
biometric passport. In addition to the contact-less chip containing a digital picture of the holder, it
also has a traditional chip which may be used to securely access eGovernment services in the future.

Law, Policy & Strategy
The E-Government Delegation released, on 19 October 2009, the report entitled 'Strategy on the
work of the Public Agencies in the field of eGovernment’. Among the suggestions was the creation of
a single and unified eID solution to access government services; this solution could be used in the
framework of private sector services eventually. The Tax Board (Skatteverket), through a newly
established committee, would coordinate the management of eIdentification, and issue regulations
on eID cards and the electronic data exchange between the public authorities. Better technical/legal
rules and regulations are expected to promote the use of eIdentification and eServices.
The Act on Qualified Electronic Signature implements the EU Directive on a Community framework for
electronic signatures (1999/93/EC). A Swedish electronic signature includes both authentication and
integrity requirements. eSignature is defined as “data in electronic form attached to or logically
associated with other electronic data and used to verify that the content originates from the alleged
issuer and has not been altered.” The legal basis for the use of eSignatures in eGovernment services
cannot be derived from generic provisions applicable to all eGovernment initiatives, but must be
sought for each application area. Legislation adopted to enhance electronic signatures is usually
supplemented by regulations from the different authorities specifying which electronic signature
should be used. Lastly, the aforementioned Act deals with eSignatures in general and makes no
specific reference to eIDs.

Implementation & Research
eIDs exist both as smart cards and as files stored on the hard disk. eIDs are issued in two ways: by
ordering and downloading them from the user’s Internet bank while being logged on, or by ordering
the eID on the Internet. A rough estimate of the use of eIDs in Sweden is that over one million users
make approx. 2.5 million transactions (including both authentication and signatures) a month using
eIDs for both eGovernment and other services on the market.
Legal entities can also use an eID. In this case, two types of certificates come in question, namely the
server and stamping certificates, for authentication and signing respectively. The certificates contain
the name of the organisation and the organisational number and may also contain a URL. The contact
person ordering organisational certificates must have an authorisation for this purpose from a person
authorised to sign on behalf of his/her organisation.
In October 2005, Sweden became the second European country to start issuing biometric passports
compliant with the standards recommended by the International Civil Aviation Organization (ICAO).
The ePassport has an RFID (Radio Frequency Identification) microchip embedded in its polycarbonate
data page containing a digital photo and personal information of the holder.




                The pan-European eID Factsheet – European eID Observatory at ePractice                     26
                                                       United Kingdom
Highlight
The Government introduced the Identity Documents Bill to Parliament on 26 May 2010. The Bill
makes provision for the cancellation of the UK National Identity Card, the Identification Card for EEA
(European economic area) nationals and the destruction of the National Identity Register. The UK
National Identity Card and the Identification Card for EEA nationals ceased to be valid legal
documents on 21 January 2011. The identity card for foreign nationals (biometric residence permit)
will not be scrapped.

Law, Policy & Strategy
The Electronic Signatures Regulations 2002 was completed by the Electronic Signatures Regulations
2002, which implements in UK Law the European Directive on a Community framework for electronic
signatures (1999/93/EC).

Implementation & Research
In October 2007, an ambitious pilot project to test the compatibility of several different electronic ID
(eID) systems was scheduled to be undertaken in the UK. The pilot, worth over € 20 million, is part of
the EU’s eID STORK project and aimed to establish EU-wide interoperability for eIDs by 2010.
The Government Gateway is the main central UK identification platform and is a central registration
and authentication engine enabling secure authenticated eGovernment transactions to take place
over the Internet. Users need to register with the Gateway in order to use online Government
services and subsequently transact securely with Government departments. Built on open standards,
the site also enables the joined-up delivery of Government services by allowing various systems in
different departments to communicate with it and with each other. Depending on the type of
Government transactions, user identification is based either on a digital certificate issued by an
accredited certification authority, or on a user ID (supplied by the Government Gateway) and a
password (chosen by the user) for Government services that do not require the level of security
provided by digital certificates.
The services offered address both citizens and the business community. Services to citizens include
submission of forms to Government departments as well the ability to carry out some services by
filling in online forms on Government or private company websites. For other services, online forms
will not be available and users will only be able to send forms by using software packages (such as
payroll software).




                The pan-European eID Factsheet – European eID Observatory at ePractice                     27
                                                                                  Croatia
Law, Policy & Strategy
With adoption of a Law on Electronic Signatures in 2002 (amended in 2008), a Law on Personal Data
Protection in 2003 and a Law on Electronic Document in 2005, compliant with corresponding EU
directives, a legal framework for the Information Society has been established. A Freedom of
Information (FOI) Law was also passed in October 2003, and an eCommerce Law (harmonised with
Directive 2000/31/EC) was approved by the Government in September 2003 and amended in 2008.
Croatia was one of the first countries to include digital signatures into its legislation.
The Electronic Signature Act (NN 10/02, NN 80/08) has been supplemented by a series of ordinances
and regulations such as the Regulation on the scope of operations, content and responsible authority
for operations of electronic signature certification for State Administration bodies (NN 146/04).

Implementation & Research
The eREGOS provides electronic transmission of an official form, known as R-Sm form, (the insured
person’s specification based on calculated and paid compulsory contributions for the pension fund
insurance) with authorisation for accessing the service and authentication of forms by applying smart
cards with a digital certificate. The service is accessible to registered users only. Information on how
to register for using the service is available at: http://www.hitro.hr/Default.aspx?sec=63.
The eVAT (ePDV) is the first electronic service of the Tax administration within eTax which provides all
tax payers (business subjects) in the Republic of Croatia with a simple and secure distribution of data
on the periodic calculation of VAT (PDV) for a specific cost accounting period. In order to use the
ePDV services, it is necessary to own a certified electronic signature issued by the Financial Agency
(FINA).




                The pan-European eID Factsheet – European eID Observatory at ePractice                     28
                                                                                  FYROM
Highlight
The first electronic passports and ID cards were due to be issued to citizens in 2006. The main policy
targets for Information Technology development and eGovernment are to be found in the references
of the Government Programme (2006-2010) to IT and eSociety. Among other target feature the
implementation of an integrated medical information system and introduction of the eHealth card.

Law, Policy & Strategy
The Draft Public Administration Reform Strategy, 2010-2015 proposes groups of actions phased from
2011 to 2015. One of these is to envisage by the end of 2011 further development of horizontal
solutions, provided by the Ministry of Information Society and Administration for all public
administration authorities including eIdentification.
In June 2002, the Law on Data in Electronic Form and Electronic Signature and related bylaws on
electronic operations that involve the use of ICT, as well as the use of electronic data and signatures
in judicial, administrative and commercial transactional procedures, become operational. Both the
application and implementation belong to the Ministry of Finance.




                The pan-European eID Factsheet – European eID Observatory at ePractice                    29
                                                                                    Iceland
Highlight
The Government’s objective was that every citizen in Iceland would have been offered an electronic
ID, on a smartcard, already by 2008.

Law, Policy & Strategy
There is extensive use of authentication infrastructure in the form of digital certificates and
signatures. Various government departments issue digital certificates. For example, the 1996
amendment to the Customs Act imposed electronic submissions using digital certificates for all import
and export companies since 2001. On a similar note, the Directorate of Fisheries issues skippers with
digital certificates for signing and encrypting catch reports.
Article 4 of the Act on electronic signature, No. 28/2001 stipulates that fully qualified electronic
signatures shall have the same force as handwritten signatures. Furthermore, it is stipulated that
other electronic signatures can be legally binding. Supporting legislation comes through the Electronic
Commerce Act, 2002 and the Public Administration Act, as amended in 2003.

Implementation & Research
The eIDs is to be used for government services where authentication and digital signature is required.
It is also expected that the eIDs will be used to access the home banks which are used by more than
70 % of all Icelandic citizens. This project is being carried out in cooperation with the Icelandic banks:
The goal is to build up an open and standardised environment for eIDs, compliant to the European
standards, and at the same time, ensure that the content fulfils the requirements of both partners.
The plan was to launch the electronic identities on the debit cards during autumn 2008. The bank’s
plan was to renew all the debit cards in the country in 2009, so that the cards would arrive quickly in
the hands of all citizens.
'Iceland Root' is at the top of the organisation pyramid of electronic identification, the system for
distributing electronic certificates. This system is necessary for the production of such identification.
An important part in the distribution of such certificates is that their users can rely on and easily
confirm the authenticity of such certificates and electronic signatures and that a reliable source
stands ready to certify such authenticity. 'Iceland Root' will be operated by a special agency under the
auspices of the Ministry of Finance and will constitute the source of trust in the system of distributed
electronic certificates.
In March 2006, the Ministry of Justice and Ecclesiastical Affairs of Iceland has selected a US-based
supplier to gather the multi-biometric data required to issue its new electronic passports. Iceland is
one of the first countries to integrate both finger and face biometrics into their ePassports. The
ePassports will contain ICAO/ISO-compliant biometric data (face, fingerprint, and signature) from all
citizens applying for electronic passports at civil registration offices throughout the country. Collecting
both face and fingerprint information makes Iceland one of the first countries in Europe to gather live
biometric data, rather than relying on paper-based images.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                       30
                                                              Liechtenstein
Highlight
The National Electronic ID-card is to be used in any form of business, governmental or private
communications (identification document), as well as a travel document. Issued by the National
Immigration and Passport Office, the card is not just a physical identification document but
furthermore provides advanced electronic functions facilitating secure authentication, legally binding
digital signature for public and private online services.

Law, Policy & Strategy
The current legislation on eSignatures (Signaturgesetz; SigG, registry number 784.11) has been in
force since September 2003. Among other, the law implements the European Directive 1999/93/EC
on a Community framework for Electronic Signatures. It has been supplemented by the regulation on
Electronic Signatures of June 2004 (SigV, registry number 784.111).

Implementation & Research
The Prime Minister of Liechtenstein, Mr. Klaus Tschütscher announced, on 24 June 2010, that the
Austrian Federal Government has created the bases upon which the 'lisign' electronic identification
and electronic signature solution of Liechtenstein can be legally recognised in Austria. This will allow
the 'lisign' owners to use in the future the Austrian eGovernment services in addition to the ones
provided by Liechtenstein.
With the introduction of the electronic identity card (eID) in 2009, customers will sign in the network
and use their digital signatures, whenever signing is needed to fulfil legal requirements, as for
instance, submitting tax declarations. The usage of identification and authorisation basic services will
allow the holder of an eID to benefit of a media disruption free usage of eGovernment services, not
only in the electronic signing of applications, but also ensuring security and confidence, as the
integrity of both personal details and data will be examined.
In April 2006, a comprehensive final report on the introduction of a Public Key Infrastructure (PKI) was
prepared under the supervision of the Office of Human and Administrative Resources and submitted
to the Government. Part of the new infrastructure, amongst other, is the electronic certificates by
means of electronic identity cards that have been provided to citizens since June 2009. To this end,
the National Electronic ID-card with a qualified electronic certificate is the primary document for
identifying citizens and residents.
On 8 November 2010, in Sala Terrana of the Austrian Federal Ministry of Interior, the Ambassador of
the Principality of Liechtenstein, Her Serene Highness Princess Maria-Pia Kothbauer and the Section
Chief Dr. Mathias Vogl signed a cooperation agreement for the development and operation of an
infrastructure for passports and residence permits containing biometric data. The aim of this
cooperation is to achieve synergies in the development of the necessary systems through the
increased use of biometrics for the reliable identification of persons. Since June 2006, Austria has
issued passports with a chip, known as ePassports (ePässe). Moreover, since March 2009, the chip has
contained two fingerprints images of the cardholder. The prevention of document forgery and the
protection of the fingerprint data can be therefore guaranteed through digital certificates, which are
issued and administered by the BM.I Trustcenter. The Trustcenter set up and operated by BM.I, is
thus an essential infrastructure and security component for the deployment of biometric data in
identification and travel documents.




                The pan-European eID Factsheet – European eID Observatory at ePractice                     31
                                                                                 Norway
Highlight
The Agency for Public Management and eGovernment (Difi), along with the Ministry of Justice, the
Police and the National Population Registry are ready to develop a national eID card – a travel
document in the Schengen area comprising a photo and fingerprints. The eID card is scheduled to be
ready for discharge in the third quarter of 2011.

Law, Policy & Strategy
Key priorities of the Difi’s Strategy for 2009-2012 are: the development of effective transverse
management models and secure eID solutions, the launch of a new citizen portal on the Internet, the
promotion of a pan-European eCommerce solution and the support of environmentally friendly public
procurement.
Act No. 81 of 15 June 2001 relating to electronic signature (Electronic Signature Act) contains detailed
provisions for electronic identification of persons and gives qualified electronic signatures equal
status to traditional signatures for administration purposes. The law, lastly updated by Act No.110 of
20 December 2002, implements the relevant EU directive (Directive 1999/93/EC).

Implementation & Research
An 11-digit personal identification number (personnummer/fødselsnummer) can be acquired by any
individual in Norway by registering with the National Register, via Norway's Tax Administration (more
related info may be viewed here). Following the publication of common Public Key Infrastructure (PKI)
specifications (January 2005), several commercial actors provide eSignature solutions as well. The
main ones are Telenor (‘Telenor Mobile Smartpay’, using mobile phone technology) and the banks,
through bank cards and a transactional model on a pay-per-service basis.
In April 2008, the Government announced its plans to establish a public infrastructure to handle and
verify different eIDs currently in use. This common eID-interoperability hub handles and verifies the
common public eID issued by public authorities and other government-approved eID solutions.
The State is going to offer all interested citizens a common public eID with a medium high security
level, to be used for access to public web services. The first version of such a common eID is currently
available at the MinSide and Altinn public web portals.
Individuals can use the MinID solution in order to deliver tax reports, change their family doctor,
deliver report cards for welfare grants, apply for college, student loans and grants, obtain access to
pension information and to a number of other public services. According to latest figures, ‘MinID’ is
used by approx 2.2 million of the Norwegian population over the age of 15. Since the introduction of
the third version of MinID in November 2009, the system makes use of the ID-Gateway, the common
platform for eID in the Norwegian public sector.
ID-Gateway (ID-porten) is a common infrastructure for the use of eIDs in the public sector. The first
version (1.0) of ID-Gateway was introduced in November 2009 and is currently used with MinID (the
common log-in system for accessing online public services).




                The pan-European eID Factsheet – European eID Observatory at ePractice                     32
                                                                     Switzerland
Highlight
SuisseID facilitates participation to all electronic services requiring a secure identification of
users/customers. SuisseID facilitates electronically signing of documents. The so called digital
signatures cannot be counterfeited and, by law, they are equivalent to traditional signatures.

Law, Policy & Strategy
In Switzerland, the Federal Law on Certification Services within the scope of the Electronic Signature
(ZertES, SR 943.03) lays down the requirements that must be fulfilled by an electronic signature in
order to achieve the same status as a hand-written signature regulates the question of responsibility
on the part of the certification service providers, approving bodies and the owners of signature keys.
The Swiss Accreditation Authority (“Schweizerische Akkreditierungsstelle” or SAS) monitors the
approving bodies for certification service providers.
The Ordinance on electronic transmission in administration processes (SR 182.021.2) regulates the
conditions for electronic data input at the confederation's administrative authorities and for the
electronic opening of dispositions issued by these authorities.

Implementation & Research
According to the National Council’s voting in 2008, Switzerland’s national identity card will be similar
to biometric passports that are to be introduced by 2010; the ID cards will include an electronically
encoded photo and fingerprints on a chip. They will be in the “credit card” format already used for
Swiss ID documents. They are to be provided at “family-friendly” prices. The new biometric passport
on its own will cost CHF 140 (approx. € 122); a passport plus an identity card will be priced at CHF 148
(approx. € 129) for adults and CHF 68 (approx. € 59) for children.
The SuisseID is the first standardized concept to provide an electronic proof of identity in Switzerland,
supporting both a legally binding electronic signature as well as a method for secure authentication.
Available in form of a USB key or as smart card, the SuisseID allows for conducting business online in a
secure manner. By means of SuisseID, private persons are able to sign contracts with companies as
well as with the public authorities directly via Internet; in addition, private companies are able to sign
contracts among each other. Since May 2010, the SuisseID can already be used within the framework
of over 50 online services. It was developed under the aegis of the State Secretariat for Economic
Affairs (SECO) in cooperation with certification providers.




                 The pan-European eID Factsheet – European eID Observatory at ePractice                      33
                                                                                    Turkey
Highlight
A Prime Ministry Circular on an electronic citizenship card pilot project was issued on 4 July 2007.
Electronic citizenship cards including biometric elements will be used for identification purposes.
Thereby, biometric data will be integrated on a single electronic card. A pilot implementation will
start in the social security system and deployment efforts will be carried out according to the results
of this pilot implementation.

Law, Policy & Strategy
The Law no. 5070 on electronic signatures was enacted in 2004. The purpose of this law is to define
the principles for the legal and technical aspects and application of electronic signatures. The law
covers the legal status and operations concerning eSignatures and the activities of Electronic
Certificate Service Providers (ECSPs). This establishes that qualified electronic signatures produced
according to the identified procedures have the same legal impact with that of handwritten
signatures.
Secondary legislation, such as the Ordinance on the Procedures and Principles Pertaining to the
Implementation of Electronic Signature Law, has also been introduced, as mandated by the law. Three
electronic certificate service providers have been authorised as of November 2005. Of those, the
“Public Certificate Centre” is the responsible body to provide electronic certificate services to all
public institutions. The Centre was established by a Prime Minister’s circular and it is mandated that
all public institutions needing electronic certificate services will acquire this service from this body.
The number of electronic certificate providers increased to four.

Implementation & Research
The ‘MERNIS’ Central Population Management System, operational since January 2003 assigns a
unique ID-number for about 120 million Turkish citizens, both alive and deceased, which can be used
in many eServices. It allows computerised birth certificates and transactions on them. KPS (ID
Information Sharing System) is another function of MERNIS, which enables public agencies having
appropriate security authorisations to access ID information.
The citizenship card, which is actually a smart card, will exclusively contain static information
necessary to perform ID verification, but no dynamic data such as health information, address etc.
The card will enable ID verification with different credentials such as visual security elements, pin
code and biometric data (fingerprint). The biometric data will be held exclusively on the card and will
not be stored in a central database. The card is going to replace the currently used national identity
cards. In addition, the characteristics of the card enable its usage in any service requiring secure ID
verification, such as online e-government services, financial transactions etc.
In accordance with the Circular, a three-stage pilot implementation project has already been initiated
in the area of social security and health. The second phase of the pilot implementation was
completed and third and last phase which includes the dissemination of 300.000 ID cards to citizens
has been started by August 2009. Pilot implementation will be completed by 2010 and ID cards will be
distributed all over the country in 2011.




                The pan-European eID Factsheet – European eID Observatory at ePractice                      34

								
To top