VIEWS: 10 PAGES: 36 POSTED ON: 5/18/2012
European Factsheet on electronic Identity August 2011 European eID Observatory at ePractice.eu About the eID Factsheet The eID Factsheet was created as a tool for those interested to find out the European dimension of electronic Identity. Several aspects of eID usage are considered, with special focus on the concept of eID as an eGovernment enabler. The information included in each country’s factsheet has been retrieved from the eGovernment Factsheets on ePractice, which are regularly updated semi-annually by the ePractice Editorial Team with information provided or verified with from official governmental sources. The purpose of the factsheet is to be a one-page brief report highlighting the major achievements, the legal, policy, and strategic landscape affecting eID and the relevant research and implementation initiatives for 34 European countries. All 27 EU Member States are covered together with 7 additional countries that are closely related to the EU (candidate or associated countries). Material included in this sheet has been gathered from the eGovernment factsheets and has been edited to fit the purpose of this document. In order to maintain a manageable and appealing size, only the main milestones have been filtered. For some countries, information on the eID concept is vast and a strict filtering had to be performed. For other countries, too little information regarding their eID status and developments was identified and the respective sections are therefore of limited size. The interested reader may refer to the eGovernment factsheet of the respective country or to the sources given therein for further information in a given area. This Factsheet is the reference document of the European eID Observatory at ePractice. The countries covered in this document are the following: Austria Ireland Spain Belgium Italy Sweden Bulgaria Latvia United Kingdom Cyprus Lithuania Croatia Czech Republic Luxembourg FYROM Denmark Malta Iceland Estonia Netherlands Liechtenstein Finland Poland Norway France Portugal Switzerland Germany Romania Turkey Greece Slovakia Hungary Slovenia Author: EUROPEAN DYNAMICS, ePractice Consultancy Team The opinions expressed in this document are purely those of the writer and may not, in any circumstances, be interpreted as stating an official position of the European Commission. The European Commission does not guarantee the accuracy of the information included in this document, nor does it accept any responsibility for any use thereof. Reference herein to any specific products, specifications, process or service by trade name, trademark, manufacturer or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favouring by the European Commission. Austria Highlight Establishing eID as a key enabler and advancing the inclusion with innovative public services are among the priorities of the Austrian strategy. Policy & Strategy Security and trust are critical factors in eGovernment and eCommerce; Austria uses the same standards and tools for both areas (Citizen Card function, electronic signature and electronic payment) as this comes out from the eGovernment Act that entered into force on 1 March 2004. The Programme of the Austrian Federal Government 2008–2013 laid down important measures on improvement in the handling of citizen's cards for citizens. It stipulated that all IT processes and portals of the administration and local authorities should support registration with the citizen's card. All newly established electronic processes should be based on identification with the citizen's card. For citizens, it should be fundamentally possible for the verified digital signature to be contained on their ID cards. The sourcePIN Register Regulation specifies the responsibilities of the sourcePIN Register Authority which are necessary for the implementation of the citizen card concept and the cooperation with its service providers. Provisions deal with the process to create identity links; set down the duties of citizen card registration agents; validate identity and the identity link dataset. A compliant citizen card environment needs to support an interface that can bind the citizen card to the application. The sourcePIN Register Authority electronically signs a mandate representation dataset and thus prevents forgery of such datasets stored in a citizen card. A service to revoke mandates online over the Internet is provided by the sourcePIN authority. Implementation & Research In November 2005, the eCard (electronic health insurance card) rollout throughout Austria was successfully completed. The eCard replaced the paper-based health-card voucher. Approximately eight million eCards were sent out. The eCard included the possibility to activate the Citizen Card function (free of charge) and be used, additionally, for eGovernment services. As from January 2008, Austrian health insurance and eID cards began to use qualified electronic signatures. The new signature function is an ID for administrative and social security purposes. In addition, it could be used more easily for signing and encoding of information, e.g. in electronic banking. In November 2008, the first version of the new online open source citizen card middleware MOCCA (Modular Open Citizen Card Architecture) was released, allowing the implementation of citizen card based authentication at web sites without requiring the installation of software at the user’s computer. It allows offline applications such as signing of electronic documents on the local machine. In January 2009, the personalised version, http://www.myhelp.gv.atwww.myhelp.gv.at, of the popular site Help.gv.at was launched. The user profile serves at tailoring the information content of HELP.gv.at according to the needs and the life situation of the user. Additional services include a reminder service that alerts the citizen, for example, when a passport is about to expire; access to the eDelivery system 'meinbrief.at'; and the possibility to lodge user names and passwords for certain web mail services. In December 2009, the mobile version of the citizen card developed in the framework of the CIP large scale pilot STORK is launched, providing secure authentication and identification. Smart card and reader are not replaced by a mobile phone. Fourteen months later, www.handy-signatur.at was launched. The pan-European eID Factsheet – European eID Observatory at ePractice 1 Belgium Highlight The Belgian eID card is obligatory for every Belgian citizen over the age of 12 and optional for the children under 12. Law, Policy & Strategy A law on electronic forms signed with the eID card of December 2006 and two related decrees of July 2007 have been adopted by the Walloon Parliament and by the Walloon Government respectively. These decrees give the same legal value to electronic forms as that of paper forms. The user will fill in an electronic form and sign it with his/her eID. The Walloon Region is the first authority in Belgium to propose this possibility. The legal framework for the use of electronic identity cards is set in a series of Royal and Ministerial Decrees, namely: Royal Decree of 25 March 2003 on the legal framework of electronic ID cards; Ministerial Decree of 26 March 2003 on the format of electronic ID cards; Royal Decree of 1 September 2004 on the generalisation of electronic ID cards; and Royal Decree of 18 October 2006 on the eID document for Belgian children under 12. Implementation & Research In September 2009, the portal 'My.belgium.be' was officially launched, providing registered users with a direct, easy, secure and round-the-clock online access to their personal files and to various Federal Government services. Among these services feature tax return submission; police-on-web applications; online purchase of public transportation ticket; and eHealth applications. Registration has to be performed by means of the Belgian eID card, using an eID card reader. The Kids-ID card is an electronic identity card for children under 12 years of age launched on 16 March 2009. On 4 July 2009, the Federal Public Service Interior already counted about 115 100 Kids-ID cards in circulation. During the months of April and May 2009, around 1 870 parents activated the chip of the Kids-ID, by adding – through the 'Hello Parents' (Allo Parents) website – seven phone numbers that will allow the person who finds a missing child to contact his family. At the back of the Kids-ID card there is the general phone number of the Child Focus, a 24/7 service, which can be alternatively used by a person giving assistance to a child, in case none of the seven phone numbers is available. Since 4 June 2009, it has been possible for those travelling the Belgian railways to use their Belgian electronic identity card (eID) as a valid train ticket. The new eService is the first of its kind in Europe. Belgian eID can now be issued abroad. Lille is the first consular post to issue the Belgian eID and will be followed by all 120 Belgian consulates and embassies abroad, which will replace the existing non- electronic identity card of 340 000 Belgians living abroad. A nation-wide campaign for the promotion of the national eID card was launched in April 2009 in Belgium under the slogan 'Your eID as easy as can be'. This campaign aimed to introduce the current and future eGovernment applications to the Belgian population while raising awareness on the various uses of the eID card, as well as on its user-friendliness. The ePolice office or 'Police-on-Web' service allows Belgian citizens to report a number of crimes to the police online 24 hours a day. To register an eComplaint, people need to use their eID card or token. Any violent or dangerous crime requiring an immediate police response should be reported to the police in the usual manner. The pan-European eID Factsheet – European eID Observatory at ePractice 2 Bulgaria Highlight The ePortal provides access to more than 1300 services in various ministries, agencies and municipalities. Although most of the available eGovernment services on the portal provide information, some of them do require the use of special smart cards containing personal electronic signatures, provided by the State-owned company Informatsionno Obsluzhvane (Information Services Plc). Law, Policy & Strategy In October 2008, the Bulgarian Government approved a new health strategy, pursuing the introduction of eHealth cards by 2013. Each eHealth card is equipped with a microchip that stores data about the patient and the issuer, including the card number, as well as a security certificate. In March 2001, the national Assembly adopted the Law on Electronic Document and Electronic Signature, amended in 2011. Implementation & Research In May 2007, the Bulgarian Government announced its intention for a new generation of personal ID cards to be issued from 31 October 2007. The new eDocuments would look similar to the previous Bulgarian identity card and they would carry biometric information in the shape of either a thumbprint or retina scan. The eID cards were also set to contain a unique digital certificate to be issued by the Government. The card’s use could be further extended in the future to make it a general access document enabling online voting, payment of insurance and taxes, updating of health records and registration of property and cars. The new cards aim to improve security while speeding up procedures at customs' controls. Informatsionno Obsluzhvane (Information Services Plc) is a State-owned company providing personal electronic signatures contained in special smart cards used by individuals and businesses for accessing eGovernment services. In parallel, Bulgaria started issuing its first electronic health cards as part of the pilot project launched by the Ministry of Health and the National Health Insurance Fund (NHIF) in February 2007. Each eHealth card is equipped with a microchip that stores data about the patient and the issuer, including the card number and a security certificate. With this information, the patient’s insurance status and his/her assignment to a General Practitioner can be automatically checked. In addition, electronic prescriptions for medications covered by the Bulgarian health insurance fund will be recorded on the chip. The pan-European eID Factsheet – European eID Observatory at ePractice 3 Cyprus Highlight In March 2008, the Cypriot Government initiated the procedures to introduce electronic identifica- tion/authentication (eID, smart cards) for public services in order to realise seamless access to public services across borders. eID standardisation/interoperability is essential in order to put in place key pan-European services, such as cross-border company registration, electronic public procurement, job search, eVoting, eHealth etc. Law, Policy & Strategy The Legal Framework for Electronic Signatures and for relevant matters Law (N. 188(I)/2004) implements the European Directive 1999/93/EC regarding the EU Framework for Electronic Signatures. The Law effectively establishes the legal framework governing electronic signatures and certain certification services for the purpose of facilitating the use of electronic signatures and their legal recognition. It does not, however, cover aspects related to the conclusion and validity of contracts or other legal obligations which are governed by requirements, as regards their form. Furthermore, it does not affect rules and limitations in relation to the use of documents provided by other applicable legislation in force. Based on the provisions of this Law, regulations may be issued so as to define additional requirements, amongst other, for the use of electronic signatures in the public sector. The pan-European eID Factsheet – European eID Observatory at ePractice 4 Czech Republic Highlight eSignature and eStamp authentication services were introduced in July 2006. The aim was to provide all public bodies with an effective authentication system. Law, Policy & Strategy The Act on Electronic Actions and Authorised Document Conversion (No.300/2008 Coll.), also referred to as the 'Czech eGovernment Act', was adopted on 17 July 2008 and entered into force on 1 July 2009. It accords electronic and hardcopy documents the same legal status, enables the authorised conversion of hardcopy documents and sets out provisions for the use of certified eSignatures. The Act states that each eDocument has to have an authenticated eSignature, as well as a time stamp to show when the document was signed. In dealings with public authorities, the certified eSignature has the same value in certifying official documents as a hand-written signature. Electronic signatures are one of the main tools for the identification of persons and for the authentication of documents in the Internet environment. As the Public Administration’s central body competent for electronic signatures, the Ministry of the Interior conducts regulatory, supervisory and accreditation activities with regard to electronic signature products and providers in the Czech Republic. The Ministry supervises the Act, oversees compliance with obligations laid down in the law and provides support when electronic signatures are introduced in amendments to other legal regulations, thus enabling the use of electronic signatures in the PA. Implementation & Research The identification of persons, the authentication of documents in the Internet environment and access to several transactional electronic public services are based on electronic signatures. Currently, there are three certification service providers (First Certification Authority, Czech Post and eIdentity) accredited by the Government to issue eSignatures (qualified certificates, qualified system certificates and qualified time stamps) valid for communicating and transacting with the Public Administration. Their qualified certificates can be used for online transactions. eSignatures based on non-qualified certificates issued by other businesses can only be used for commercial services. Following a testing period, Czech authorities launched a first version of the Czech electronic passport at full scale in September 2006. On 1 April 2009, authorities started rolling out new electronic passports which featured a chip that contained two biometric identifiers. Issued in compliance with the requirements laid down in the European Union regulation regarding passport security and biometrics, the passports include new security features such as intricate designs and complex watermarks, as well as a chip and an antenna. The chip stores the electronic facial scan of the holder, in addition to personal details. Facial recognition maps various features. The addition of fingerprint details on the chip is being planned for a later stage. The pan-European eID Factsheet – European eID Observatory at ePractice 5 Denmark Highlight In Denmark, no plans have been formulated for introducing card-based electronic identities. However, there is a new digital signature launched in 2010. Law, Policy & Strategy The Danish Government launched an ambitious programme to issue free digital signatures as a means of user authentication for all citizens, with a view to accelerate the take-up of eGovernment services. Through the scheme, Danish citizens are issued a free software-based digital signature (OCES – Public Certificate for Electronic Services) providing sufficient security for most public and private sector transactions. Launched in early 2003, the scheme aimed at distributing 1.3 million digital signatures after four years and, ultimately, at providing all Danes with digital signatures. The official Danish eSignature may have up to a four year-term validity. The Act on Electronic Signature entered into force in October 2000. It implements the EU Directive on a Community Framework for Electronic Signatures (1999/93/EC). The definitions of “advanced” and “qualified” electronic signature under the Danish law are very close to those of the European Directive. Advanced and qualified electronic signatures cannot be issued to legal entities under the Danish law. The Danish Government has set up an official digital signature scheme, whereby all citizens are due to receive the OCES. The Act on Processing of Personal Data entered into force on 1 July 2000 in order to implement Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data. It furthermore allows individuals to access their records held by public and private bodies. The Act is enforced by the Datatilsynet (Data Protection Agency). Implementation & Research Until recently, no qualified eSignatures (i.e. advanced electronic signatures created by a secure signature-creation device and based on a qualified certificate) were offered in Denmark, as it appears that for long time no such need had arisen. Furthermore, the fact that people do not have to identify themselves in person to get an OCES signature (contrarily to qualified eSignatures) has not led to any known abuse of eGovernment applications or other applications using OCES signatures. In July 2010, the new digital signature was launched. The pan-European eID Factsheet – European eID Observatory at ePractice 6 Estonia Highlight Estonia started issuing national eID cards in January 2002. The card fulfils the requirements of Estonia’s Digital Signatures Act and it is mandatory for all Estonian citizens and residing foreigners over 15 years of age. It is meant to be the primary document for identifying citizens and residents. Its functions are used in any form of business, governmental or private communications. It is furthermore a valid travel document within the EU. It advanced electronic functions facilitating secure authentication and providing legally binding digital signature for public and private online services. Law, Policy & Strategy The Digital Signature Act (2001) grants similar legal value to digital and handwritten signatures while setting an obligation for all public institutions to accept digitally signed documents. In 2006, the DSA was amended. A clear reference to a Secure Signature-Creation Device (SSCD) was made, as required in the EU Directive 1999/93/EC on a Community framework for electronic signatures. The aim of the SSCD is to ensure the functionality of advanced electronic signatures. The Act was also amended in December 2007 while its last amendment took place in December 2010. Implementation & Research In February 2011, the Estonian Police and Border Guard (Politsei- ja Piirivalveamet) made available a new type of digital identity, the mobile-ID, which enables users to provide electronic identification and a digital signature using a mobile phone. To apply for a mobile-ID, a person must have a valid ID- card, PIN codes and a card reader and must have a contract with a mobile service provider which provides him with a SIM card. The mobile-ID can be obtained through an electronic application on the website of the Police and Border Guard. Mobile-ID certificates are valid for three years. The mobile-ID can also be used for electronic voting in elections. The project 'Mobile applications for identity card issuance and the creation of a technical solution' is funded by the EU's structural support of the European Regional Development Fund (ERDF) Citizens can log in the self-service employment portal, launched by the Estonian Unemployment Insurance Fund, by using their ID-card or mobile-ID and then create their own CV, apply for jobs, manage their own work requests, review the statements made to the Unemployment Insurance Fund about the outcomes and decisions, and inform them of any changes to their data or situation. By using their ID-card or mobile-ID to log in, employers can manage their own company's job offers and search for suitable candidates among the users of the self-service environment. In addition, it is possible to apply for severance packages. Diara is an open source application that allows public administrations to use the Internet in order to organise polls, referenda, petitions, public inquiries as well as to record electronic votes using eID cards; its first version went online at the end of August 2010. The application was developed with the support of the city of Tallinn and of the Estonian College of Technology and was made available at the OSOR Forge. The VOLIS pilot project – an Internet-based information system for local governments – was launched in the municipality of Jõgeva on 11 June 2010. Registered users can access the VOLIS system via their ID-card or by using SIM card-based identification through their mobile phones (Mobile-ID). The pan-European eID Factsheet – European eID Observatory at ePractice 7 Finland Highlight The Population Register Centre, the Certification Authority mandated by the Finnish Government created an electronic identity for Finnish citizens when providing them with a personal identity code that allows identifying Finnish citizens and foreign citizens permanently residing in Finland. The Citizen Certificate is an electronic identity. At the moment, this certificate may be attached to the chip ID card (FINEID), the chip embedded Visa Electron card issued by the OP Bank Group and the SIM card of a mobile telephone. The Population Register Centre also issues Organisation Cards to companies and legal persons. Law, Policy & Strategy The Act on Strong Electronic Identification and Electronic Signatures entered into force on 1 September 2009 replacing the Act on Electronic Signatures issued in 2003. The objective of the new Act is to create common rules for the provision of strong electronic identification services. It will likewise promote the provision of identification services and the use of electronic signatures. The Act is founded on the principle that users must be able to trust information security and protection of privacy when they use strong electronic identification services. As from 29 June 2009, all new passports issued in Finland include fingerprints stored on the chip to help improve passport security and contribute to establishing a more reliable link between the travel document and its holder. The aim of registration is to protect people's identity, improve personal security and prevent identity misuse that violates the right to privacy. Implementation & Research Launched in 1999, the Finnish Electronic ID Card is a smart card featuring the holder's photograph and containing a microchip that stores the user's eNumber. In addition to normal identification, the FINEID card can be used for electronic transactions and as an official travel document for Finnish citizens in the Nordic countries and 27 other European countries. FINEID is a secure network key for all online services which require identification of a person. It can also be used for making an official electronic signature and for encrypting email messages and attachments. The card’s chip was indeed upgraded to enable the use of fully functional digital signatures. Furthermore, since June 2004, citizens have been able to choose to have their health insurance data included in their eID card instead of the health insurance card (KELA card), with a view to carry one card instead of two. First presented by the Population Register and telecom operator Sonera in November 2004, the Mobile Citizen Certificate is a Government-guaranteed electronic identity designed to enable secure mGovernment and mCommerce transactions. The Citizen Certificate is included in a SIM card, allowing mobile phone users to easily identify themselves with a single code. In addition to user identification, the certificate also ensures authentication and confidentiality of the exchanged data, as well as information integrity and delivery of the message. This mobile service provides Finnish citizens with a secure alternative to the eID card for carrying out a number of transactions with public and private bodies. In October 2006, chip ID cards for government employees started being adopted throughout the Central Government. These cards contain a qualified certificate enabling identification for logging onto information networks, the authentication of network users, and the encryption of email and other documents, while providing a binding and undisputable electronic signature, as specified in Finnish legislation. The pan-European eID Factsheet – European eID Observatory at ePractice 8 France Highlight Digital France 2012, the Development Plan for the Digital Economy by 2012, provided for the deployment of the eID card as of 2009. The card is based on a highly secured eSignature standard. It is meant to facilitate the direct participation of citizens in the public decision-making process (e.g. online consultations and petitions). Law, Policy & Strategy In October 2008, the Secretary of State to the French Prime Minister, responsible for the Development of the Digital Economy, unveils ‘Digital France 2012’, the country’s action plan for the development of the Digital Economy by 2012. The enhancement of digital trust stands as a priority aspect of the Development Plan. Among other key measures, the plan provides for the deployment, as of 2009, of an electronic identity card (eID) on the basis of a highly secured eSignature standard. The electronic services provided online to citizens and enterprises via the portal www.service-public.fr are supported by one common electronic signature solution. The legal basis for this solution is the ordinance on electronic interactions between public services users and public authorities and among public authorities of 8 December 2005. Implementation & Research The French Government launched an electronic ID card project called INES (‘Identité Nationale Electronique Sécurisée’, or ‘Secure Electronic National Identity’), which was endorsed by the Prime Minister on 11 April 2005. In line with the Government’s initial plans, the future French eID card would have been fitted with a chip containing all identity information of the holder, two biometric identifiers (facial image and probably fingerprints), and an electronic signature allowing secure access to both eGovernment and eBusiness services and transactions. French citizens would have had to pay a fee for obtaining the new electronic document, which was planned to be mandatory. In 2005 a wide-ranging review was proposed, in particular to better address privacy and security issues. New orientations were announced, among which an Identity-related services module containing an authentication certificate and an eSignature field. Access to the biometric database would be strictly regulated and would not be possible out of judiciary proceedings. Lastly, holding an eID card would not be compulsory. Another major eIdentification and eAuthentication tool is the latest generation of health cards that started being issued at the beginning of 2007. In April 2006, the Ministry for Internal Affairs announced the calendar for the introduction of the first electronic passports in France, due to be progressively introduced between April and July 2006. Embedded with a contact-less chip, the French ePassport contains the digitalised photograph of its owner. The passport is intended to be more than a simple travel document; it could be used for the fulfilment of administrative formalities in the future. On 28 June 2009, the electronic passports were replaced by the biometric passports containing in addition the holder’s digitised fingerprints. The pan-European eID Factsheet – European eID Observatory at ePractice 9 Germany Highlight On 5 May 2010, the new German electronic identity card project (Neuer Personalausweis) received the European Identity Award 2010 in the category 'eGovernment/eHealth'. The prize was handed over to the representative of the German Ministry of the Interior in the frame of the European Identity Conference 2010 which was held in Munich from 4 to 7 May 2010. Law, Policy & Strategy In March 2005, the German Federal Government presented a common 'eCard' strategy providing a common strategic framework for a number of eGovernment smart card initiatives in the areas of citizen identification, social security information and health insurance services. The common strategy coordinates the different federal eCard initiatives, as well as the access to important databases and services in the areas of social security and tax procedures. On 15 April 2008, the Federal Government adopted the General Administrative Regulation Governing the Electronic Office ID Card, to replace the traditional paper ID cards by tamper-proof chip cards offering the possibility of integrating intra- and inter-agency services, such as time and attendance recording as well as electronic signatures, which so far have not been offered on a single uniform card. The legal basis of the conventional German Identity Cards is laid down by the Law on the Personal Identity Card, on Electronic Identity Verification and on changes regarding further provisions. In June 2007, revision of the Passport Act was approved by the Federal Council, laying down the legal foundation for the electronic Passports of the second generation, which started being issued, as initially scheduled, on 1 November 2007. In addition to the digital facial image, the new passports also feature two fingerprints in digital format. According to the Passport Act, those fingerprints are to be stored exclusively on the passport’s microchip, and they should in no case be stored locally on issuance authorities systems or in any other central database. Implementation & Research Germany's new identity card was launched on 1 November 2010. It is credit-card sized and made of polycarbonate; being more advanced than the previous model the new identity card offers many new features and capabilities for the online world. It makes it possible for individual card holders to access online services from any place and at any time with the use of a secret PIN, in case these services are offered online. Optionally, the new ID card can be used for signing electronically digital documents such as contracts or proxies. The eID cards also include optional electronic signature functionality. Used in place of the traditional ones, electronic signatures are aimed at facilitating the card’s owner to perform legally binding actions on the Internet, such as online signing of contracts. In the light of the release of the new eID card, a group of selected IT companies will provide the cardholders with an IT-Security toolkit. It will contain a secure chip card reader, information about the use of the new eID and the electronic health cards, as well as assembled components made by the companies, such as access to web-based applications or antivirus software. Germany was among the first countries to introduce the electronic Passport (ePass), which started being issued in November 2005. It was developed to comply with the Council Regulation (EC) No 2252/2004 and was equipped with a microchip, holding owner’s data, such as name, date of birth and nationality. Beyond traditionally relevant data, a digital facial image of the owner was also stored on the microchip. The pan-European eID Factsheet – European eID Observatory at ePractice 10 Greece Highlight There is currently no central eIdentification infrastructure for eGovernment in Greece. However, some initial plans for the issuance of eID cards have been presented by the Ministry of National Health and Social Solidarity and the Ministry of Labour and Social Insurance. Law, Policy & Strategy The Draft Law on eGovernment is the first pure legislative step in the Greek legal system in this field. The draft law focuses among others on the management of electronic transactions, while ensuring conditions for the legal and evidentiary value of electronic documents. The Digital Authentication Framework sets the standards, the procedures and the technologies required for the registration, identification and authentication of the eGovernment services users, including citizens, businesses, public authorities and civil servants. It also aims at creating an integrated and coherent set of policies, regarding Digital Certificates and Public Key Infrastructures. During March 2006, the Hellenic Public Administration Root Certification Authority (HPARCA) was established (Law No. 3448, Government Gazette 57/A’/15-3-2006), and on 10 November of the same year it was issued the HPARCA Certification Practices Statement (Government Gazette 1654/B’/10-11- 2006). The HPARCA agency belongs to the Ministry of Interior, Decentralisation and eGovernment and is the primary certification authority, responsible for the definition of policy and coordination of other public agencies that provide certification services. The establishment of a unique root certification authority for defining certificate policies and standards shall minimise interoperability issues. The development of the National Authentification System will enable interoperable, digital transactions of all types, will save considerable financial resources to the Government and – the most important – will stimulate the evolution of the Public Administration from a group of independently operating Agencies to a network of interoperable and collaborative Public Services that are communicating constantly with obvious benefits for the citizens and businesses. Implementation & Research The first stage of the plan for the issuance of eID cards has been accomplished with the allocation of the Social Security Registration Number (AMKA) to every citizen. Following, the second stage was realised in 2010 with the accomplishment of the electronic Prescription programme, which foresees that production, distribution and control of prescriptions and referrals for medical instruments is carried out through the use of computers and electronic means, in such a way that ensures the reliability, security and transparency of the information handled. The National Portal ‘Ermis’ aims to provide integrated and secure eGovernment services at all levels, from a central point, thus becoming the benchmark of the National System Authentication. Through the new authentication system, the user, citizen or enterprise, will submit with an electronic signature, a request to the portal. The request will then be identified and initiated by the appropriate agency. By this way the security, validity and legality of digital transactions are being ensured. The pan-European eID Factsheet – European eID Observatory at ePractice 11 Hungary Highlight Since April 2005, Hungary has a comprehensive central identification solution (Client Gate) for the identification of citizens for electronic transactions carried out between public authorities and citizens. However, there has not yet been a comprehensive solution for the identification of citizens in electronic transactions carried out between public authorities. Law, Policy & Strategy A new law adopted in Hungary in February 2008 will see the introduction of the ‘ePost Office’ for legal documents sent via electronic mail. The new bill introduces a novel independent agent to act as a go- between for judicial authorities and their clients – the ePost Office. E-mails of a legal nature will be delivered to the ePost Office which will then notify the recipient either via ordinary e-mail, or text message to a mobile phone. In order to consult the documents in question, the recipient must first use an official eSignature to send an acknowledgement of receipt to the sender. Among the eGovernment regulations laid down in Government decrees and resolutions passed between 2004 and 2008 figure the Act on Electronic Signature (2001) and the Government Decree 194/2005 (IX. 22.) on the requirements of electronic signatures and certificates used in (actions of) public administration and Certification Service Providers issuing those certificates. Implementation & Research In October 2002, in order to enable user identification, the Hungarian Government launched a range of initiatives aimed at setting up a smart card infrastructure for eServices provided by central and local administrations. The Client Gate is the electronic client access and identification system accessible via the Hungarian eGovernment portal. It is a gateway allowing users to securely identify themselves online and gain access to any transactional government service available. The updated system is planned to facilitate the introduction of new public and healthcare services, as well as the adoption of even more user friendly applications. Client Gate II is to be implemented thanks to approximately € 16 million of full EU support in 2009. The development also includes the establishment of physical access points throughout Hungary where people will be provided with information on how to use the Client Gate. The Client Gate has been operating since April 2005 and has approx. 700 thousand registered users. In October 2002, a project to identify “Detailed requirement specification for the usage of electronic signatures and smart cards in order to ensure IT security of public administration” was launched. Requirements and specifications for the development of the Hungarian electronic ID card (HUNEID) and its prototype implementation were published in late 2004. In early 2008, the HUNEID specification was upgraded in accordance with the European Citizen Card specification. The Hungarian passports issued after 28 June 2009 will contain one of their owner's fingerprints. This new biometric identifier comes in addition to the facial image which has already been stored in the chip of the current version of the passport. This is the result of a decision of the Hungarian Government made in compliance with the EU deadlines. The inclusion of the fingerprint is expected to render the use of the passports more secure and to minimise misuse risks. The pan-European eID Factsheet – European eID Observatory at ePractice 12 Ireland Highlight The Department of Finance is currently evaluating software to build a Single View of all public service identity repositories. This will be used for data quality purposes and to support a new online authentication service. Law, Policy & Strategy The Electronic Commerce Act 2000, which was voted on 20 September 2000, implements the EU Directive on a Community framework for electronic signatures (1999/93/EC). The Act provides (with some exceptions) for the legal recognition of electronic signatures, electronic writing and electronic contracts. It authorises the use of encryption and sets the rights and obligations of Certification Service Providers (CSPs). Implementation & Research The Public Service Card (PSC) ensures that people can access public services across a number of channels, with a minimum of duplication while preserving their privacy to the maximum extent possible. According to a February 2011 Department of Social Protection press release, approximately three million PSCs will start to be issued in the coming months to people over 16 who can access public services. Issuing a PSC will involve a registration process which will include the collection of a photograph and signature. PSCs will replace cards currently in use, such as the Social Services Card and the Free Travel card, with highly secure cards featuring laser engraving personalisation, a contact chip, a signature, a photograph and an expiry date. The facilities for the production and issue of the PSC are now in place and undergoing final testing. The first test cards were produced as scheduled in December 2010. The Personal Public Service Number (PPSN) is a common identification number used for taxation and social welfare purposes which is gradually being extended across the public service in the interest of improving customer service. It is mandatorily assigned to every Irish child at birth. PAYE is based on the use of a Personal Identification Number. The Revenue Commissioners PAYE Anytime Service provides a means for PAYE customers to: view their tax record; claim a wide range of tax credits; apply for tax refunds including health expenses; update an address; declare additional income; request a review of tax liability for previous years; re-allocate credits between spouses; track correspondence submitted to Revenue. The Revenue Commissioners also provide a Revenue Online Service (ROS) for business customers. This system provides a means for business customers to file returns online; make payments by laser card, debit instruction or online banking (Online Banking applies to Income Tax only); obtain online details of personal/clients Revenue Accounts; calculate tax liability; conduct business electronically; claim repayments. The ROS service is based on qualified electronic signatures. In October 2006, the Passport Office within the Department of Foreign Affairs started issuing the Irish electronic passport (ePassport). A chip securely stores biographical information which is visually displayed on the data page of the passport and a digital image of the photograph which facilitates the use of facial recognition technology at ports-of-entry. The chip incorporates digital signature technology to verify the authenticity of the data stored on the chip. The Irish ePassport facilitates facial measurements which can be used with facial recognition technology to verify the identity of a bearer. The pan-European eID Factsheet – European eID Observatory at ePractice 13 Italy Highlight In order to enable citizens to securely access eGovernment services even before the widespread dissemination of electronic ID cards, the Italian Government has also developed the National Services Card (CNS). It is a smart card allowing for the secured identification of citizens online. Law, Policy & Strategy The Strategic Plan for Innovation presented in 2008 and amended in January 2009 aims to promote innovation also through law and standards: amendments to the eGovernment Code on issues such as the medical certificates online, electronic prescriptions, online advertising on institutional sites, the electronic identity card and the National services card, the VoIP -Voice over IP- and the Public Connectivity System -SPC. The ‘Innovation Directive' encourages the public authorities to allow citizens to electronically interact within the administration by systematically providing them with a password and a pin code, as long as the eID card and the national services card are not fully rolled out. In February 2004, the Council of Ministers adopts a decree on the introduction of the National Services Card (CNS), a smart card for accessing eGovernment services. The CNS is meant to enable people that do not – or not yet – own an electronic ID card to securely use ePublic services. Contrarily to the eID card, the CNS will not constitute a 'proof of identity' and will thus not be a legal identity document. Italy has been among the first EU countries to give full legal value to electronic signatures. The Law no.59 of 15 March 1997 on the simplification of the Public Administration provided in its article 15 that the use of electronic means would be legally valid for administrative procedures. Rules regarding the use of electronic signatures and documents were further detailed in a series of presidential and government decrees adopted between 1997 and 2001. The Legislative Decree no.10 of 23 January 2002 brought the Italian electronic signature regulations into line with the Directive 1999/93/EC on a Community framework for electronic signatures. Implementation & Research The Italian eID card comprises a microchip, an optical memory and an ICAO machine readable zone for the use of the card as a travel document. It contains a set of personal data, including the holder's fiscal code, blood group and fingerprint scans. The personal data, biometric key and digital signature are only stored on the card. In accordance with data protection legislation, this data is not kept on any central database and can only be released and used if the holder gives his/her permission by inserting a PIN code. The cardholder’s fingerprint template is stored in both the microchip and the optical memory and does not allow fingerprint reconstruction. The CNS is only used in ICT-based services as an instrument of entity authentication. It can also be used to sign electronic documents with a qualified signature, as it contains not only an entity authentication certificate but also a qualified signature certificate. Since 2009, Italy is gradually entering phase II of the implementation of the European Union's Council Regulation (EC) No 2252/2004 of 13 December 2004 on “standards for security features and biometrics in passports and travel documents issued by Member States”. Phase I – concluded in 2006 – marked the inclusion in the new passports of a first biometric identifier, the holder's facial image in the International Civil Aviation Organization (ICAO) format. The pan-European eID Factsheet – European eID Observatory at ePractice 14 Latvia Highlight According to the Latvian Minister of eGovernment Affairs, the number of eSignature smart cards requested by public institutions is growing, but there appears to be a certain amount of reluctance on the part of civil servants. Data shows that currently only a few public authorities offer services for eSignature holder. Law, Policy & Strategy The Draft eGovernment Development Plan for 2010–2013 provides activities linked to with electronic identification cards usability as well as projects ensuring possibilities to provide user identity verification system, for example, submitting income statements electronically. Activities of the Draft eGovernment Development Plan will be implemented in the frame of projects funded by the European Regional Development Fund, European Social Fund, the Latvian and Swiss cooperation programme funds, as well as by National Budget. On 10 December 2008, the Secretariat of the Latvian Special Assignments Minister for Electronic Government Affairs unveils the eID card solution which will be introduced in Latvia in the upcoming years. According to the so-called “eID card concept”, the Latvian eID card will be used for proving one’s identity in an electronic environment, accessing multi-sectoral eServices and securely signing eDocuments. Moreover, the card, whose features will comply with the recommendations of the International Civil Aviation Organization (ICAO) and the relevant regulations of the European Union (EU), will also serve as a travel document, valid at both national and EU levels. In line with the planned issuance process, the first eID cards could be rolled-out in the first half of 2010. The Personal Identification Documents Law was adopted in May 2002. It states that identification documents shall contain a machine readable zone. Moreover, in 2004, the Cabinet of Ministers adopted a Regulation ‘On the citizen’s identity cards, non-citizens identity cards, citizen’s passports, non-citizens passports and stateless person’s travel documents’, which among other things provides for the inclusion of electronic chips in future identity cards. Implementation & Research On 10 February 2010 the Cabinet of Ministers of Latvia approved the eID card conception for the introduction of a national eID card; its implementation will take place from the 2011. eID cards will not only serve the identification of people travelling abroad or visiting public or municipal institutions; they will also enable authentication in the electronic environment. The Ministry of the Interior of Latvia, Office of Citizenship and Migration Affairs, is in charge of issuing the eID cards while the selected private partner after following a tendering procedure will deliver the relevant certification services. The implementation of the Conception will considerably boost the use of eSignature and eAuthentication, thus promoting eGovernment services. It is foreseen that in 2013 about 700 000 inhabitants of Latvia will receive eID cards. Overall conception needs to be completed until 2014. The estimated cost for the introduction of this solution within a four-year period is approx. 1 210 000 million lats (approximately € 2 850 000 million), including EU structural funds co-financing 1 050 000 million lats (€ 1 420 000). The target is to have produced two million cards by 2013. Price of one ID card will be approximately 10–15 lats (€ 14–21). The pan-European eID Factsheet – European eID Observatory at ePractice 15 Lithuania Highlight On 1 January 2009, the Migration Office starts accepting applications for the new personal identity cards (ID cards). The cards are used to identify a person by allowing eSignatures of documents based on a qualified certificate. The new ID card has both contact and contact-less chips integrated. The contact chip will hold a person’s identification certificate and a qualified certificate for eSignature, issued by the Residents’ Registry Service under the Ministry of Interior. The contact-less chip will carry biometric data, such as facial image and fingerprints. Law, Policy & Strategy Passed on 11 July 2000, the law regulates the creation, verification and validity of electronic signatures, the rights and obligations of signature users, the requirements for certification services and certification service providers, as well as the rights and functions of the institution of electronic signature supervision. It is compliant with the EU Directive on a 'Community framework for electronic signatures' (1999/93/EC). The concept of a 'secure eSignature' stated in Lithuanian law is identical to the notion of an 'advanced eSignature' referred to in the Directive. A secure eSignature, created by a secure eSignature-creation-device based on a valid qualified certificate is granted the same legal effect as that of a hand-written signature on written documents. It is also admissible as evidence before a court of law. An amendment to the law on electronic signature was adopted in 2002, which establishes that, in all cases, an electronic signature shall have the legal power of a hand-written signature, provided that the signature users reach an agreement among themselves. In this way, the notion of a 'contractual electronic signature' was introduced in Lithuanian law. The law does not include any specific requirements for the use of electronic signatures in the public sector. Implementation & Research In November 2007, the special government-backed multi-stakeholder eSignature Initiation Programme (E3P) enabled Lithuanians to sign electronically using a mobile phone with a new eSignature-compliant SIM card. Two codes, known only to the user, protect the ID key contained in the telephone from illegal use. Two projects related to eID management were implemented in Lithuania in 2008. The first resulted in a new type of civil servants’ IDs, issued in September 2008, while the second one was aimed at creating an eID infrastructure, which provided interoperability at national and European levels. The result is a new type of Personal Identity card, issued since January 2009 and equipped with contact and contactless chips. The contactless chip stores biometric data, namely, a face image and fingerprints. The new cards are also to be used for online public and commercial services via the eGovernment portal and other public institutions’ portals. Since November 2007, it has been possible to sign documents electronically using a mobile phone with a new eSignature-compliant SIM card. Those who wish to take advantage of the mobile eSignature need to replace their SIM card and sign an eIdentity agreement. Two codes, known only to the user, protect the ID key contained in the telephone from illegal use. The pan-European eID Factsheet – European eID Observatory at ePractice 16 Luxembourg Law, Policy & Strategy The progressive introduction of biometric documents in Europe forces the Member States to have highly secure certification services in order to protect their official documents. Consequently, LuxTrust will adhere to the relevant international standards in order to be in a position to protect the biometric documents issued in Luxembourg. This will at first apply to the new biometric passports. Implementation & Research There is currently a central eIdentity infrastructure in Luxembourg that provides an electronic ID card, LuxTrust S.A., a public/private partnership, created in 2003, to manage the development of a common Public Key Infrastructure (PKI) in order to secure eCommerce and eGovernment in Luxembourg. The consortium that was awarded the PKI contract was presented in July 2006. An infrastructure created by reputable businesses and based upon a public-private partnership should incite more local enterprises to enter the field of eCommerce. The pan-European eID Factsheet – European eID Observatory at ePractice 17 Malta Highlight In March 2004, the Maltese Government launched its ‘Electronic Identity’; a secure key network that enables citizens to access a number of interactive and transactional eServices requiring strong identification such as VAT, tax and company-related services, as well as social services, online passport requests, or online ePayment Gateway. The Electronic Identity is based on the internationally recognised four-tier security model. The eID is free of charge, available to all ID Card holders and it does not expire. Law, Policy & Strategy The Electronic Commerce Act, and especially Part V, transposed into Maltese law the EU Directive 1999/93/EC on a Community framework for electronic signatures. It provides the legal basis for the introduction of electronic signatures in eGovernment applications. There is currently no overall eGovernment legislation in Malta. The National ICT Strategy 2008–2010 has foreseen the enactment of fragmented eGovernment legislation to provide a concrete equal footing for the electronic filing of documents, accessibility for disabled persons, security, the regulation for the use of Smart ID cards, and so on. The National ICT Strategy for Malta 2008–2010 was launched in December 2007. Stream 5 of the National ICT rested, among other, on the goal of National identity management, where digital certificates and electronic signatures within a consolidated national framework will enable the Government to deliver management products like Smart e-ID cards and ePassports, as well as services such as contract signing and electronic filing of sensitive documents. Implementation & Research As of March 2007, the eID had already been implemented and launched up to the second level. The third level, which consists of a soft PKI digital certificate, has been implemented as well. Citizens can apply for an Electronic Identity by presenting themselves at an eID Registration Office of Valletta or Rabat (for Gozo) with a copy of their paper ID card and a valid email address. After corroborating his/her identity, the Registration Authority will send the applicant a username, password, and a secure PIN activation code that are unique to the user. The eID offers a simple method of identification and authentication to access the eGovernment services provided on the ‘mygov.mt’ portal. The eID number and password are used to log in, whereas the PIN activation code is used to sign for the first time into ‘mygov.mt’, to activate one’s eID account. The eID Card or Smart ID Card will mark the fourth level of the eID and thus provide each person in Malta with a very secure way of conducting eGovernment, signing electronic documents and authenticating oneself in the digital world. In parallel, a national electronic register of persons will be developed based on the registration process of the eID Card. Malta's new upgraded ePassport system with Extended Access Control (EAC) capability went live on the 28 June 2010. This new solution delivers a higher level of security and access control, in accordance with EU regulation for all Schengen Member States with the addition of a second biometric – two fingerprints – to the data already stored on the chip. Its delivery is a key milestone in the Government's ongoing strategic identity management plan. Fully integrated with Malta's existing National Identity Management System (NIDMS), EAC capability has initially been launched in Malta and Gozo and then rolled out across all embassy sites. The pan-European eID Factsheet – European eID Observatory at ePractice 18 Netherlands Highlight The eID infrastructure for businesses, eRecognition (eHerkenning), became available. eRecognition will be used for electronic communication between businesses and the government. It can also be used for electronic communication between businesses and other businesses. Law, Policy & Strategy The Electronic Signature Act was published on 8 May 2003 and became effective on 21 May 2003. The act ensures the transposition in Dutch law of the European Directive 1999/93/EC on a Community framework for electronic signatures, and provides a firm legal basis for the deployment and use of electronic signatures in eCommerce and eGovernment. Implementation & Research Authorities can use a Government-wide authentication service for their electronic services, to electronically determine whether a particular identity is valid. DigiD is available in two different levels: basic (user name and password: DigiD) and middle (DigiD + sms-authentication). DigiD (Digital Identification) provides citizens with a centralised online authentication solution for accessing eGovernment services based on a user ID and password. It is only available to people who are registered in a municipality and possess a Citizen Service Number (CSN). DigiD is currently only available in Dutch. It furthermore enables citizens and businesses to identify themselves with similar identification means to all the government agencies that provide electronic services. More and more government agencies are connecting to DigiD. As of 9 December 2010, 418 municipalities, 8 provinces and 11 water boards were connected to DigiD. Administering bodies are also connected, including the Tax and Customs Administration, Land Registry, UWV, Centre for Work and Income, Social Insurance Bank and Informatie Beheer Groep. As of the end of 2010, 8.5 million private citizens had an active DigiD with the basic security level (user name and password). DigiD (Digital Identification) for businesses was replaced by eRecognition on 1 January 2011. It enables private citizens and businesses to identify themselves to government agencies that provide electronic services. This shared facility, provided by and for the Government, is able to recognise users of electronic government services. The new service (DigiD Authorise) was introduced in 2010 for the general public. It is a national, collective facility allowing businesses and citizens to use authorisations for electronic government service provision. This facility makes it possible to authorise a third person to acquire online services provided by the government. Using the authorisation function prevents people from giving their DigiD identification code to others, or allowing others to gain access to pre-completed details. Furthermore, this service can be used for income tax filing. The pan-European eID Factsheet – European eID Observatory at ePractice 19 Poland Highlight Over the past years, the few eServices requiring the use of an eSignature in Poland have not been widely used, due to the high cost of an eSignature (at least € 60) for Polish citizens. The gradual introduction of new eServices requiring an eSignature (e.g. tax declaration online with the new eDeclarations system) and the replacement of the national ID cards with the new ID cards pre- equipped with eSignatures are expected to alter this situation. Law, Policy & Strategy The development of a 'Multifunctional Personal Document' (MPD), which could be used as an intelligent, PKI-ready smart card to replace the traditional plastic ID card, has been studied over the past years. The Ministry of Interior and Administration is responsible for the MPD project. Necessary legislative changes constitute a part of the identification documents development strategy. Adopted on 18 September 2001, the Act on Electronic Signatures was amended in 2004 and 2005 respectively. This Act is compliant with the EU Directive 1999/93/EC on a Community framework for electronic signatures. The Act on Electronic Signatures set the deadline of 1 May 2008 for the legal validity of electronic signatures, i.e. the provision of public eServices with electronic signatures. From that date onwards, the Polish public authorities have been obliged to accept documents and/or requests in electronic format accompanied by an eSignature. Implementation & Research Each Polish citizen is obligatorily provided with two distinctive identifiers: PESEL number (General Electronic System for Citizens Evidence) and NIP (Tax Identification Number). The PESEL Register (General Census Electronic System) is the main reference database for individuals. It allows citizens and entrepreneurs to access electronic services. The Tax Identification Number (NIP) is used for entities paying taxes in Poland. The electronic ID would be based on existing identification numbers and reference databases (PESEL for individuals and REGON for business). The Ministry of Interior and Administration is responsible for the MPD project. Necessary legislative changes form part of an identification documents development strategy The second stage of the project PESEL2 will see the implementation of the ‘PL.ID’ project – introduction of the Polish biometric ID card, scheduled for 2008–2013. The electronic ID is going to be based on existing identification numbers and reference databases (PESEL for individuals and REGON for business). Early May 2008 was the deadline set out in the Act on Electronic Signatures (2001) for the Polish Government to provide services for citizens with electronic signatures. The Polish Government has started putting in place the infrastructure to enable citizens to submit documents electronically. The beginning of May 2008 was the deadline, as set out in the Act on Electronic Signatures (2001), for the Polish Government to provide services for citizens with electronic signatures. This prompted the Ministry of Interior and Administration to announce in January 2008 that an incoming correspondence box would be available for free on the Electronic Platform of Public Administration Services website (ePUAP). The pan-European eID Factsheet – European eID Observatory at ePractice 20 Portugal Highlight The Citizen’s Card is the Portuguese electronic identity card (eID). It is a smart card that provides visual identity authentication with increased security and electronic identity authentication using biometrics and electronic signatures. According to the 2010 report 'Digitising Public Services in Europe: Putting ambition into action – 9th Benchmark Measurement', Portugal is among only a few countries that has abolished paper IDs in favour of smart cards, and it is one of 15 Member States that bases its eID management system on smart cards. Law, Policy & Strategy Portugal’s eGovernment drive is part of its Technological Plan. Based on this plan, the action agenda defines a set of measures, part of which are the creation of the Citizen Card. The Citizen Card combines in one single document the identification, the social security, the national health service, the taxpayer and the voter cards. The Decree-Law no.7/2007 created the Citizen's Card and regulates its issuance, replacement, use and cancellation. It also lays down the provisions for digital certificates, an electronic document which uses a digital signature. The provisions of Decree-Law no.290-D/99, Decree-Law no.165/2004, Decree- Law no.62/2003 and Decree-Law no.116-A/2006 shall apply to an eSignature based on a qualified certificate, while these certificates are subject to the applicable rules and regulations pertaining to the State Electronic Certification System (SECS). Implementation & Research The Citizen’s Card is a technological document that allows the holder to provide identification when dealing with computerised services and to authenticate electronic documents. The card combines all the keys that are indispensable for a fast and effective relationship between the citizen and a variety of public services in one single document. The citizen card has been available since October 2008. In mid-2010, the 'Direct Social Security' service became the latest functionality accessible via the Citizen Card. The new Portuguese Electronic Passport (PEP) represents the beginning of a new generation of eID documents and adheres to the most rigorous security patterns. It preserves the features of the current passport in the identification of its holder, but integrates innovative devices ranging from facial recognition to the incorporation of a contactless chip. All the information contained in the chip can only be read by specialised equipment. The SCEE is an infrastructure of public keys which supports electronic signatures and other electronic security services activated by public keys (algorithms). The SCEE architecture constitutes a hierarchy of trust that guarantees the electronic security of the State and the strong digital authentication of electronic transactions among several Public Administration services and organisations, and between the State and citizens and businesses. The SCEE operates independently from other public key infrastructures of a private or foreign nature. However, it allows interoperability with the infrastructures that fulfil the necessary rigorous authentication requirements through adequate technical mechanisms and compatibility in terms of certification policies, primarily within the scope of the EU Member States. The pan-European eID Factsheet – European eID Observatory at ePractice 21 Romania Law, Policy & Strategy Law no.455/2001 grants to eSignature the same legal status of a written signature. This effectively places electronic and printed data on an equal footing and allows electronic data to be admitted as evidence in court in the event of a dispute. The Ministry of Communications and Information Society (MCSI) is the authority in charge of the regulation of eSignatures. By Order no. 54 of the Minister of Communications and Information Society, the procedure for approving, delaying and recalling the decision of accreditation of the certification services providers is also defined (OJ no.209/ 11.03.2005). Implementation & Research The project ‘Integrated National System Introduction and Update of Information Relating to Personal Records’ has since 1 March 2011, acquired the green light after the Minister for Communications and of Interior signed a contract for financing it with structural funds. The project's implementation period is 19 months. The creation of such a system presupposes the issuance and management of identity documents in accordance with Romanian legislation with European Union recommendations. The project, by implementing IT, targets to a number of breakthroughs: be able to issue various certificates, like identity card, civil status certificate, passport, car registration and deregistration online; communicate to various public institutions and authorities of the identity data of certain persons; Identify the changes occurring in the records of persons on the basis of data updates; provide Local Registry data for evidence of people, at the request of central and local institutions and authorities. The pan-European eID Factsheet – European eID Observatory at ePractice 22 Slovakia Law, Policy & Strategy Introduction of secure electronic identification cards is necessary for transactions within eGovernment, in order to provide more effective services for citizens and the private sector, according to The 'Competitiveness Strategy for the Slovak Republic until 2010. eGovernment is a key development area and a priority of the Slovak Republic, as defined by the Information Society Strategy for 2009–2013. In order to promote the utilisation and further expansion of eGovernment services, it is necessary to support citizens with easier access to a valid electronic signature and to ensure that eGovernment services only require it in justified cases, in line with the trend of reducing administrative burdens. Healthcare and education predominantly rank among the areas of public administration with the greatest potential for the use of ICT, with a view to transforming traditional ways of service provision. Implementation & Research The JIFO initiative has created new personal unique identifiers for citizens using cryptographic algorithms and will be used within all sectors of applications (SIFO). An eID card project has been implemented since September 2009 aiming to introduce a single eID card as a means of identification and authentication of individuals within the domains of eGovernment, eHealth and possibly other areas from public and private services. It is expected to create the conditions for personalisation of eID cards and provide the necessary hardware and software infrastructure that supports the process of collecting data from citizens and the production of documents. Central distribution of eID cards to citizens will be facilitated. Electronic services of eID solutions will be made available to all citizens, including those without internet access. The call was concluded in September 2009 and implementation of the national project will continue until 2012. The pan-European eID Factsheet – European eID Observatory at ePractice 23 Slovenia Highlight The Slovenian national eID project officially started in February 2003 with the establishment of a dedicated project group. However, the project was suspended in November 2004 and as of April 2007; the eID cards had still not been introduced. In April 2008, the Identity card Act was amended thus providing new legal grounds for the introduction of the electronic ID card. The current Slovenian ID card is an authentic instrument used by citizens to prove their identity and citizenship and to cross the Slovenian borders. According to the proposals put forward by the Slovenian Government the future eID card would incorporate several functions by combining several sensitive datasets on just one card. Law, Policy & Strategy The initial version of the Electronic Commerce and Electronic Signature Act (ZEPEP) provided the legal basis for using eSignatures and developing eServices in Slovenia. The Act amending the Electronic Commerce and Electronic Signature Act more precisely defines the responsibilities of providers of Information Society services and sets the conditions for the realisation of the electronic identity card project. The Slovenian legislation literally translated the definitions of 'advanced' and 'qualified' electronic signature of the Directive 1999/93/EC on a Community framework for electronic signatures. As defined in the Act, the devices for secure electronic signing should comply with special conditions regarding security and reliability. Implementation & Research The eID cards would include a microchip, in addition to their holders’ name and address, their Personal Tax Number, their unique Personal Identification Number (PIN), their Healthcare Insurance Number, the serial and register numbers of the personal ID, and possibly two digital eCertificates: one providing access to eGovernment services, the other one for confirming healthcare insurance rights according to pertinent healthcare and health insurance regulations. Both the Personal Identification Number and the Personal Tax Number will be stored in encrypted form so as to prevent unauthorised access without the citizen's consent. This eID card with microchip will be issued by government certification authority to citizens older than 14 years. A Public Key Infrastructure (PKI) has been deployed in Slovenia and five certification authorities (Certificate Services Providers – CSPs) have been registered: the Ministry of Public Administration (SIGOV-CA for Government communications and SIGEN-CA for the general public), HALCOM-CA, AC NLB, POŠTA CA and the Ministry of Defence (SIMoD-CA). Certification Authorities in Slovenia use different approaches in mapping a single certificate with its holder’s identification data (e.g. tax number or Personal Registration Number) but all of them manage some connection between the user and his/her certificate. Slovenia has started introducing biometric passports since the end of August 2006. Beside graphic security features, the biometric passport has a chip embedded in the data page containing the holder's personal data and photograph. The bottom of the data page again contains the holder's personal data intended for machine verification of authenticity of the passport. The pan-European eID Factsheet – European eID Observatory at ePractice 24 Spain Highlight In 2009 nearly 10 million of citizens held a national eID card (DNIe). Law, Policy & Strategy The ‘Public Administration Technological Modernisation Plan 2004-2007’ (the ‘Conecta’ Plan) whose aim was to help modernise Public Administration on the basis of eGovernment, process redesign, inter-administrative coordination and cooperation, multi-channel service delivery to citizens and training of civil servants. In this respect, 43 meta-projects were launched in five key areas: electronic interactions between Public Administrations and citizens (eCertificates); eID card; citizen portal to provide access to interactive and transactional services; a set of new services for communicating with Public Administrations; and the improvement of the IT Infrastructure of the State Administration. The State Secretariat of Telecommunications and the Information Society (SETSI) announced on 26 October 2009 the launch of an action plan aimed at promoting the use of the DNIe (national eID card) among citizens and businesses to be carried out in the various Autonomous Communities (Regions) until July 2010. A key feature of the plan is the creation of www.usatudni.es, a multichannel information portal containing useful information for the citizens, the companies and the Public Administration on the benefits of the DNIe and the services accessible by means of the DNIe. In December 2003, the Parliament approved a new law on electronic signature. It established a legal framework for the future development of a national eID card. Law 59/2003 of 19 December 2003 on electronic signature replaced a Royal Decree of 1999 on digital signatures. Aimed at promoting a widespread use of digital signatures for eGovernment and eCommerce, it transposed the EU Directive 1999/93/EC on a Community framework for electronic signatures into Spanish law. Implementation & Research On 22 November 2010, the Spanish National Institute of Communication Technologies (INTECO) and a consulting company published practical guidelines for the safe use of the national electronic ID card (eDNI) on the Internet. The document seeks to give the keys to the functioning and use of the card while analysing the protection means it offers against attacks through the web. Finally, the guide explains how electronic signature and electronic certification through the eDNI guarantee one's identity as they imply compliance with a number of security and privacy criteria. On 22 September 2009, the Spanish State Secretary for the Public Service and the Portuguese State Secretary for Administrative Modernisation signed a collaboration agreement on the validation of the digital certificates of both their countries. The purpose of the agreement is to make it possible for any citizen of either country to use his/her national eCertificates for communicating and dealing with the Public Administration of the other country. The integration of both national systems will enable the validation of the eCertificates. On 13 March 2009, the Council of Ministers approves a € 14 million investment in a series of actions set to generalise the use of the national eID card and to stimulate the spread of reliable digital services and applications. Another agreement on the promotion of the DNIe signed in June 2007 was extended to approximately € 43 million. The pan-European eID Factsheet – European eID Observatory at ePractice 25 Sweden Highlight In 2005, the Swedish Government introduced the ‘official’ electronic ID card containing biometric data. The new ‘national identity card’ (nationellt identitetskort) is not compulsory and does not replace previous paper ID cards. It can be used as a proof of identity and citizenship and as a valid travel document within the Schengen area. It complies with ICAO standards for biometric travel documents; it is issued by the passport offices and manufactured by the same supplier as the biometric passport. In addition to the contact-less chip containing a digital picture of the holder, it also has a traditional chip which may be used to securely access eGovernment services in the future. Law, Policy & Strategy The E-Government Delegation released, on 19 October 2009, the report entitled 'Strategy on the work of the Public Agencies in the field of eGovernment’. Among the suggestions was the creation of a single and unified eID solution to access government services; this solution could be used in the framework of private sector services eventually. The Tax Board (Skatteverket), through a newly established committee, would coordinate the management of eIdentification, and issue regulations on eID cards and the electronic data exchange between the public authorities. Better technical/legal rules and regulations are expected to promote the use of eIdentification and eServices. The Act on Qualified Electronic Signature implements the EU Directive on a Community framework for electronic signatures (1999/93/EC). A Swedish electronic signature includes both authentication and integrity requirements. eSignature is defined as “data in electronic form attached to or logically associated with other electronic data and used to verify that the content originates from the alleged issuer and has not been altered.” The legal basis for the use of eSignatures in eGovernment services cannot be derived from generic provisions applicable to all eGovernment initiatives, but must be sought for each application area. Legislation adopted to enhance electronic signatures is usually supplemented by regulations from the different authorities specifying which electronic signature should be used. Lastly, the aforementioned Act deals with eSignatures in general and makes no specific reference to eIDs. Implementation & Research eIDs exist both as smart cards and as files stored on the hard disk. eIDs are issued in two ways: by ordering and downloading them from the user’s Internet bank while being logged on, or by ordering the eID on the Internet. A rough estimate of the use of eIDs in Sweden is that over one million users make approx. 2.5 million transactions (including both authentication and signatures) a month using eIDs for both eGovernment and other services on the market. Legal entities can also use an eID. In this case, two types of certificates come in question, namely the server and stamping certificates, for authentication and signing respectively. The certificates contain the name of the organisation and the organisational number and may also contain a URL. The contact person ordering organisational certificates must have an authorisation for this purpose from a person authorised to sign on behalf of his/her organisation. In October 2005, Sweden became the second European country to start issuing biometric passports compliant with the standards recommended by the International Civil Aviation Organization (ICAO). The ePassport has an RFID (Radio Frequency Identification) microchip embedded in its polycarbonate data page containing a digital photo and personal information of the holder. The pan-European eID Factsheet – European eID Observatory at ePractice 26 United Kingdom Highlight The Government introduced the Identity Documents Bill to Parliament on 26 May 2010. The Bill makes provision for the cancellation of the UK National Identity Card, the Identification Card for EEA (European economic area) nationals and the destruction of the National Identity Register. The UK National Identity Card and the Identification Card for EEA nationals ceased to be valid legal documents on 21 January 2011. The identity card for foreign nationals (biometric residence permit) will not be scrapped. Law, Policy & Strategy The Electronic Signatures Regulations 2002 was completed by the Electronic Signatures Regulations 2002, which implements in UK Law the European Directive on a Community framework for electronic signatures (1999/93/EC). Implementation & Research In October 2007, an ambitious pilot project to test the compatibility of several different electronic ID (eID) systems was scheduled to be undertaken in the UK. The pilot, worth over € 20 million, is part of the EU’s eID STORK project and aimed to establish EU-wide interoperability for eIDs by 2010. The Government Gateway is the main central UK identification platform and is a central registration and authentication engine enabling secure authenticated eGovernment transactions to take place over the Internet. Users need to register with the Gateway in order to use online Government services and subsequently transact securely with Government departments. Built on open standards, the site also enables the joined-up delivery of Government services by allowing various systems in different departments to communicate with it and with each other. Depending on the type of Government transactions, user identification is based either on a digital certificate issued by an accredited certification authority, or on a user ID (supplied by the Government Gateway) and a password (chosen by the user) for Government services that do not require the level of security provided by digital certificates. The services offered address both citizens and the business community. Services to citizens include submission of forms to Government departments as well the ability to carry out some services by filling in online forms on Government or private company websites. For other services, online forms will not be available and users will only be able to send forms by using software packages (such as payroll software). The pan-European eID Factsheet – European eID Observatory at ePractice 27 Croatia Law, Policy & Strategy With adoption of a Law on Electronic Signatures in 2002 (amended in 2008), a Law on Personal Data Protection in 2003 and a Law on Electronic Document in 2005, compliant with corresponding EU directives, a legal framework for the Information Society has been established. A Freedom of Information (FOI) Law was also passed in October 2003, and an eCommerce Law (harmonised with Directive 2000/31/EC) was approved by the Government in September 2003 and amended in 2008. Croatia was one of the first countries to include digital signatures into its legislation. The Electronic Signature Act (NN 10/02, NN 80/08) has been supplemented by a series of ordinances and regulations such as the Regulation on the scope of operations, content and responsible authority for operations of electronic signature certification for State Administration bodies (NN 146/04). Implementation & Research The eREGOS provides electronic transmission of an official form, known as R-Sm form, (the insured person’s specification based on calculated and paid compulsory contributions for the pension fund insurance) with authorisation for accessing the service and authentication of forms by applying smart cards with a digital certificate. The service is accessible to registered users only. Information on how to register for using the service is available at: http://www.hitro.hr/Default.aspx?sec=63. The eVAT (ePDV) is the first electronic service of the Tax administration within eTax which provides all tax payers (business subjects) in the Republic of Croatia with a simple and secure distribution of data on the periodic calculation of VAT (PDV) for a specific cost accounting period. In order to use the ePDV services, it is necessary to own a certified electronic signature issued by the Financial Agency (FINA). The pan-European eID Factsheet – European eID Observatory at ePractice 28 FYROM Highlight The first electronic passports and ID cards were due to be issued to citizens in 2006. The main policy targets for Information Technology development and eGovernment are to be found in the references of the Government Programme (2006-2010) to IT and eSociety. Among other target feature the implementation of an integrated medical information system and introduction of the eHealth card. Law, Policy & Strategy The Draft Public Administration Reform Strategy, 2010-2015 proposes groups of actions phased from 2011 to 2015. One of these is to envisage by the end of 2011 further development of horizontal solutions, provided by the Ministry of Information Society and Administration for all public administration authorities including eIdentification. In June 2002, the Law on Data in Electronic Form and Electronic Signature and related bylaws on electronic operations that involve the use of ICT, as well as the use of electronic data and signatures in judicial, administrative and commercial transactional procedures, become operational. Both the application and implementation belong to the Ministry of Finance. The pan-European eID Factsheet – European eID Observatory at ePractice 29 Iceland Highlight The Government’s objective was that every citizen in Iceland would have been offered an electronic ID, on a smartcard, already by 2008. Law, Policy & Strategy There is extensive use of authentication infrastructure in the form of digital certificates and signatures. Various government departments issue digital certificates. For example, the 1996 amendment to the Customs Act imposed electronic submissions using digital certificates for all import and export companies since 2001. On a similar note, the Directorate of Fisheries issues skippers with digital certificates for signing and encrypting catch reports. Article 4 of the Act on electronic signature, No. 28/2001 stipulates that fully qualified electronic signatures shall have the same force as handwritten signatures. Furthermore, it is stipulated that other electronic signatures can be legally binding. Supporting legislation comes through the Electronic Commerce Act, 2002 and the Public Administration Act, as amended in 2003. Implementation & Research The eIDs is to be used for government services where authentication and digital signature is required. It is also expected that the eIDs will be used to access the home banks which are used by more than 70 % of all Icelandic citizens. This project is being carried out in cooperation with the Icelandic banks: The goal is to build up an open and standardised environment for eIDs, compliant to the European standards, and at the same time, ensure that the content fulfils the requirements of both partners. The plan was to launch the electronic identities on the debit cards during autumn 2008. The bank’s plan was to renew all the debit cards in the country in 2009, so that the cards would arrive quickly in the hands of all citizens. 'Iceland Root' is at the top of the organisation pyramid of electronic identification, the system for distributing electronic certificates. This system is necessary for the production of such identification. An important part in the distribution of such certificates is that their users can rely on and easily confirm the authenticity of such certificates and electronic signatures and that a reliable source stands ready to certify such authenticity. 'Iceland Root' will be operated by a special agency under the auspices of the Ministry of Finance and will constitute the source of trust in the system of distributed electronic certificates. In March 2006, the Ministry of Justice and Ecclesiastical Affairs of Iceland has selected a US-based supplier to gather the multi-biometric data required to issue its new electronic passports. Iceland is one of the first countries to integrate both finger and face biometrics into their ePassports. The ePassports will contain ICAO/ISO-compliant biometric data (face, fingerprint, and signature) from all citizens applying for electronic passports at civil registration offices throughout the country. Collecting both face and fingerprint information makes Iceland one of the first countries in Europe to gather live biometric data, rather than relying on paper-based images. The pan-European eID Factsheet – European eID Observatory at ePractice 30 Liechtenstein Highlight The National Electronic ID-card is to be used in any form of business, governmental or private communications (identification document), as well as a travel document. Issued by the National Immigration and Passport Office, the card is not just a physical identification document but furthermore provides advanced electronic functions facilitating secure authentication, legally binding digital signature for public and private online services. Law, Policy & Strategy The current legislation on eSignatures (Signaturgesetz; SigG, registry number 784.11) has been in force since September 2003. Among other, the law implements the European Directive 1999/93/EC on a Community framework for Electronic Signatures. It has been supplemented by the regulation on Electronic Signatures of June 2004 (SigV, registry number 784.111). Implementation & Research The Prime Minister of Liechtenstein, Mr. Klaus Tschütscher announced, on 24 June 2010, that the Austrian Federal Government has created the bases upon which the 'lisign' electronic identification and electronic signature solution of Liechtenstein can be legally recognised in Austria. This will allow the 'lisign' owners to use in the future the Austrian eGovernment services in addition to the ones provided by Liechtenstein. With the introduction of the electronic identity card (eID) in 2009, customers will sign in the network and use their digital signatures, whenever signing is needed to fulfil legal requirements, as for instance, submitting tax declarations. The usage of identification and authorisation basic services will allow the holder of an eID to benefit of a media disruption free usage of eGovernment services, not only in the electronic signing of applications, but also ensuring security and confidence, as the integrity of both personal details and data will be examined. In April 2006, a comprehensive final report on the introduction of a Public Key Infrastructure (PKI) was prepared under the supervision of the Office of Human and Administrative Resources and submitted to the Government. Part of the new infrastructure, amongst other, is the electronic certificates by means of electronic identity cards that have been provided to citizens since June 2009. To this end, the National Electronic ID-card with a qualified electronic certificate is the primary document for identifying citizens and residents. On 8 November 2010, in Sala Terrana of the Austrian Federal Ministry of Interior, the Ambassador of the Principality of Liechtenstein, Her Serene Highness Princess Maria-Pia Kothbauer and the Section Chief Dr. Mathias Vogl signed a cooperation agreement for the development and operation of an infrastructure for passports and residence permits containing biometric data. The aim of this cooperation is to achieve synergies in the development of the necessary systems through the increased use of biometrics for the reliable identification of persons. Since June 2006, Austria has issued passports with a chip, known as ePassports (ePässe). Moreover, since March 2009, the chip has contained two fingerprints images of the cardholder. The prevention of document forgery and the protection of the fingerprint data can be therefore guaranteed through digital certificates, which are issued and administered by the BM.I Trustcenter. The Trustcenter set up and operated by BM.I, is thus an essential infrastructure and security component for the deployment of biometric data in identification and travel documents. The pan-European eID Factsheet – European eID Observatory at ePractice 31 Norway Highlight The Agency for Public Management and eGovernment (Difi), along with the Ministry of Justice, the Police and the National Population Registry are ready to develop a national eID card – a travel document in the Schengen area comprising a photo and fingerprints. The eID card is scheduled to be ready for discharge in the third quarter of 2011. Law, Policy & Strategy Key priorities of the Difi’s Strategy for 2009-2012 are: the development of effective transverse management models and secure eID solutions, the launch of a new citizen portal on the Internet, the promotion of a pan-European eCommerce solution and the support of environmentally friendly public procurement. Act No. 81 of 15 June 2001 relating to electronic signature (Electronic Signature Act) contains detailed provisions for electronic identification of persons and gives qualified electronic signatures equal status to traditional signatures for administration purposes. The law, lastly updated by Act No.110 of 20 December 2002, implements the relevant EU directive (Directive 1999/93/EC). Implementation & Research An 11-digit personal identification number (personnummer/fødselsnummer) can be acquired by any individual in Norway by registering with the National Register, via Norway's Tax Administration (more related info may be viewed here). Following the publication of common Public Key Infrastructure (PKI) specifications (January 2005), several commercial actors provide eSignature solutions as well. The main ones are Telenor (‘Telenor Mobile Smartpay’, using mobile phone technology) and the banks, through bank cards and a transactional model on a pay-per-service basis. In April 2008, the Government announced its plans to establish a public infrastructure to handle and verify different eIDs currently in use. This common eID-interoperability hub handles and verifies the common public eID issued by public authorities and other government-approved eID solutions. The State is going to offer all interested citizens a common public eID with a medium high security level, to be used for access to public web services. The first version of such a common eID is currently available at the MinSide and Altinn public web portals. Individuals can use the MinID solution in order to deliver tax reports, change their family doctor, deliver report cards for welfare grants, apply for college, student loans and grants, obtain access to pension information and to a number of other public services. According to latest figures, ‘MinID’ is used by approx 2.2 million of the Norwegian population over the age of 15. Since the introduction of the third version of MinID in November 2009, the system makes use of the ID-Gateway, the common platform for eID in the Norwegian public sector. ID-Gateway (ID-porten) is a common infrastructure for the use of eIDs in the public sector. The first version (1.0) of ID-Gateway was introduced in November 2009 and is currently used with MinID (the common log-in system for accessing online public services). The pan-European eID Factsheet – European eID Observatory at ePractice 32 Switzerland Highlight SuisseID facilitates participation to all electronic services requiring a secure identification of users/customers. SuisseID facilitates electronically signing of documents. The so called digital signatures cannot be counterfeited and, by law, they are equivalent to traditional signatures. Law, Policy & Strategy In Switzerland, the Federal Law on Certification Services within the scope of the Electronic Signature (ZertES, SR 943.03) lays down the requirements that must be fulfilled by an electronic signature in order to achieve the same status as a hand-written signature regulates the question of responsibility on the part of the certification service providers, approving bodies and the owners of signature keys. The Swiss Accreditation Authority (“Schweizerische Akkreditierungsstelle” or SAS) monitors the approving bodies for certification service providers. The Ordinance on electronic transmission in administration processes (SR 182.021.2) regulates the conditions for electronic data input at the confederation's administrative authorities and for the electronic opening of dispositions issued by these authorities. Implementation & Research According to the National Council’s voting in 2008, Switzerland’s national identity card will be similar to biometric passports that are to be introduced by 2010; the ID cards will include an electronically encoded photo and fingerprints on a chip. They will be in the “credit card” format already used for Swiss ID documents. They are to be provided at “family-friendly” prices. The new biometric passport on its own will cost CHF 140 (approx. € 122); a passport plus an identity card will be priced at CHF 148 (approx. € 129) for adults and CHF 68 (approx. € 59) for children. The SuisseID is the first standardized concept to provide an electronic proof of identity in Switzerland, supporting both a legally binding electronic signature as well as a method for secure authentication. Available in form of a USB key or as smart card, the SuisseID allows for conducting business online in a secure manner. By means of SuisseID, private persons are able to sign contracts with companies as well as with the public authorities directly via Internet; in addition, private companies are able to sign contracts among each other. Since May 2010, the SuisseID can already be used within the framework of over 50 online services. It was developed under the aegis of the State Secretariat for Economic Affairs (SECO) in cooperation with certification providers. The pan-European eID Factsheet – European eID Observatory at ePractice 33 Turkey Highlight A Prime Ministry Circular on an electronic citizenship card pilot project was issued on 4 July 2007. Electronic citizenship cards including biometric elements will be used for identification purposes. Thereby, biometric data will be integrated on a single electronic card. A pilot implementation will start in the social security system and deployment efforts will be carried out according to the results of this pilot implementation. Law, Policy & Strategy The Law no. 5070 on electronic signatures was enacted in 2004. The purpose of this law is to define the principles for the legal and technical aspects and application of electronic signatures. The law covers the legal status and operations concerning eSignatures and the activities of Electronic Certificate Service Providers (ECSPs). This establishes that qualified electronic signatures produced according to the identified procedures have the same legal impact with that of handwritten signatures. Secondary legislation, such as the Ordinance on the Procedures and Principles Pertaining to the Implementation of Electronic Signature Law, has also been introduced, as mandated by the law. Three electronic certificate service providers have been authorised as of November 2005. Of those, the “Public Certificate Centre” is the responsible body to provide electronic certificate services to all public institutions. The Centre was established by a Prime Minister’s circular and it is mandated that all public institutions needing electronic certificate services will acquire this service from this body. The number of electronic certificate providers increased to four. Implementation & Research The ‘MERNIS’ Central Population Management System, operational since January 2003 assigns a unique ID-number for about 120 million Turkish citizens, both alive and deceased, which can be used in many eServices. It allows computerised birth certificates and transactions on them. KPS (ID Information Sharing System) is another function of MERNIS, which enables public agencies having appropriate security authorisations to access ID information. The citizenship card, which is actually a smart card, will exclusively contain static information necessary to perform ID verification, but no dynamic data such as health information, address etc. The card will enable ID verification with different credentials such as visual security elements, pin code and biometric data (fingerprint). The biometric data will be held exclusively on the card and will not be stored in a central database. The card is going to replace the currently used national identity cards. In addition, the characteristics of the card enable its usage in any service requiring secure ID verification, such as online e-government services, financial transactions etc. In accordance with the Circular, a three-stage pilot implementation project has already been initiated in the area of social security and health. The second phase of the pilot implementation was completed and third and last phase which includes the dissemination of 300.000 ID cards to citizens has been started by August 2009. Pilot implementation will be completed by 2010 and ID cards will be distributed all over the country in 2011. The pan-European eID Factsheet – European eID Observatory at ePractice 34
"European Factsheet on electronic Identity.doc"