A secure electronic identity for the digital and physical world
Swiss Post’s position on the e-ID Act
Rich Content Section
The needs and day-to-day life of people and companies in Switzerland are changing. Processes within companies and the public sector are increasingly being digitized. Many everyday errands and services can now be processed online, or, in fact, are now only processed online. A trustworthy electronic ID is the best way to effectively advance digital business processes without media disruptions and to develop online transactions and e-government applications. In light of this, being able to offer unique identification in the digital world with an electronic identity is a key element in ensuring the secure progress of digitization in Switzerland. The new e-ID Act creates the legal basis for a state-issued electronic identity and other electronic documents.
Secure digital systems have long been part of Swiss Post’s day-to-day operations: they create the conditions to enable Swiss Post to implement its core competency – transporting sensitive information in a secure and trustworthy way – in its physical core business as well as in the virtual world. Over recent years, Swiss Post has extended its competencies and resources in IT and encryption technology and now provides digital solutions for public authorities as well as business and private customers. SwissSign – a wholly owned subsidiary of Swiss Post, which means it is entirely in the public sector – provides certified identification and authentication solutions under the SwissID brand. SwissID is not just used by private sector companies, but also by 13 cantons, several municipalities, cities and other public authorities. It already has over 4.3 million users.
Contents of the bill
The new e-ID enables users to identify themselves securely, quickly and easily in the digital world. Anyone who has a Swiss identity card, Swiss passport or foreigners’ residence permit issued by Switzerland can apply for an e-ID. Obtaining and using the e-IDs is free and voluntary. The Confederation provides a smartphone app for the secure management of the e-ID. The e-ID can be used both online – for example, when ordering a criminal records extract electronically – and in the real world, such as to provide proof of age when buying alcohol.
Unlike the original concept for the e-ID Act, which the public overwhelmingly rejected on 7 March 2021, the current draft law envisages the State playing a major role. The e-ID is based on state-operated infrastructure. The plan, however, is to use this for more than just issuing state e-IDs. It will also be available to public and private sector bodies so that they will be able to issue other electronic documents such as criminal records extracts, driving licences, higher education certificates and doctor’s prescriptions. State trust infrastructure thus establishes the foundation for an open ecosystem that enables it to issue, use and present various electronic documents in a secure manner. The aim is to expand the ecosystem of electronic documents incrementally.
The draft takes an approach based on the principles of protecting privacy via technology (privacy by design), data economy and decentralized data storage.
Swiss Post holds the following viewpoints
1. Ecosystem development
We welcome the fact that the current draft law, i.e. the anticipated infrastructure, foresees a variety of electronic documents and is thereby moving in the direction of an open ecosystem.
We are calling for a rapid and effective approach to set up this open ecosystem.
2. Level playing field for state e-ID and private identity providers
The e-ID is not a means of authentication for logging in to a digital service; it is a digital proof of identity and a digital equivalent to a passport or identity card. We believe that this distinction has not been made clear enough in the e-ID Act, especially since the Confederation has now developed its own login solution for state applications, the AGOV authentication service.
Through AGOV, the planned state e-ID will also be used as a means of identification for the electronic patient record (EPR). Swiss Post believes the planned regulations on AGOV and the electronic patient record should be revised, especially in view of the fact that, under the provisions of the current EPRA, only electronic means of identification from certified issuers can be used to open and use the EPR. There are currently three private certified identification and authentication solutions: SwissID, TrustID and HIN eID. The new e-ID Act will enable the state e-ID to be used as a means of identification for the EPR via AGOV. However, the Confederation – as the future issuer of e-ID – will not be obliged to obtain certification.
We do not believe it is reasonable for the Confederation to be exempt from the obligation to obtain certification, unlike the currently certified issuers of digital identities. This will result in existing identity providers, who have completed expensive certification procedures for the EPR, being treated unequally and their solutions being forced out of the market.
We are calling for the same requirements for access to the EPR to apply to the Confederation when issuing the state e-ID as those covering the certification procedure for existing private identity providers.
3. Other trust-building measures
To strengthen trust in interactions in the digital world, the bill also requires the Confederation to be able to confirm the identity of verifiers (e.g. companies) based on their entry in the trust register. This also enables private customers to determine whether their business partner is who they claim to be when executing digital transactions.
From Swiss Post’s perspective, this is another key element in promoting trust between the actors in the virtual world.
Swiss Post proposes identification of the verifiers in the trust infrastructure’s register. Contrary to the Federal Council’s proposal, we propose governing the issue at legislative level in order to highlight its importance.
It is anticipated that the State will offer a state-issued electronic wallet that will be able to hold the e-ID and other electronic documents. We consider it positive that users will also be able to use other (private) applications to store and present their electronic documents.
For security reasons, we propose transferring the electronic documents only to wallets issued by recognized trust service providers.
Other measures to strengthen trust and security are possible: the European Union’s legislation goes as far as stipulating that an e-ID will be accepted for the EUID Wallet within the scope of eIDAS 2.0 only with a “high” security level.
A higher security level may help the e-ID to establish itself more quickly.
Further information
Identification
the electronic identity is a digital proof of identity that allows somebody to identify themselves online. An electronic identity consists of a personal attribute, such as a name or e-mail address, and a secret means of authentication, such as a password or biometric feature. In the physical world, identification is provided by an official document, such as a passport or identity card.
Authentication
during a login or authentication procedure, verification is carried out to establish that a person is entitled to access a particular resource or service – this is an access authorization procedure. During the login process, the first step is to confirm that a person actually holds the electronic identity they are using, and the second step is to verify that they are entitled to use the service in question. Authentication is a recurring step and generally takes place before every attempt to use a service.
AGOV
this is the authentication service operated by the Swiss public authorities. AGOV is also an identity provider and joint identity partnership between the Confederation and cantons. It went live in early 2024. It enables private individuals to register for online services run by public administrations via a standardized registration procedure if they use a digital identity that is part of the AGOV identity partnership.
SwissID and state e-ID – two different things
SwissID is a secure digital identity that can be used to access online services requiring proof of identity, such as access to the electronic patient record. However, it is not a state digital identity document. The e-ID is a digital proof of identity and therefore a digital equivalent to the passport or identity card; it is not a means of authentication for logging in to digital services.