Government issued digital identities and credentials represent the final frontier in digitizing Swiss society. What has been a reality in countries like Estonia for some time, the EU and Switzerland are currently working on as well.
The criticism from the Swiss vote in March 2021 was addressed and a new draft law was announced yesterday. The E-ID should remain under the control of the state, the data should be stored in a decentralized manner and the citizens themselves can decide on the transfer of their data.
What has happened in this area so far
Despite the rejection of the Federal Electronic Identification Services Act in the referendum of March 10, 2021, the need for an E-ID seems to be undisputed by all parties, which was underlined by the submission of six motions with the same wording for a "Trustworthy, State-issued E-ID" three days later.
As a result, the Federal Council instructed the FDJP, in cooperation with the FDF and the Federal Chancellery, and with the involvement of the Federal Institutes of Technology in Zurich and Lausanne and the cantons, to draw up a new rough concept for the E-ID. Particular attention was to be paid to examining various technical implementation options, as well as the associated costs.
In a first step, three technical solution approaches were worked out in an outline and their embedding in the economic and social environment was explained and various possible applications of a state E-ID were examined. This outline was submitted for a broad public discussion, in which more than 50 comments were received from cantonal administrations, academia, business organizations, companies and private individuals.
On December 17, 2021, the Federal Council announced a decision on the direction of the E-ID, taking into account the draft of the rough concept and the feedback from the public discussion. Data protection (privacy by design) and user control of personal data (self-sovereign identity) were identified as foundational principles. Data protection is to be ensured by the system (Privacy by Design) and a minimization of data exchange. Data storage is to be decentralized. In addition, a state-operated infrastructure has been announced, which is to be available to both state and private agencies for issuing digital certificates (e-ID ecosystem).
A project group is to implement the first possible pilot projects through government institutions: A mobile driver's license with the Federal Roads Office (FEDRO) and the Association of Road Traffic Offices (asa) and a digital ID for federal employees with the Federal Office of Communications and the Federal Office of Personnel Affairs (FOPH).
In addition, the federal government is planning to launch a sandbox in which institutions from both the public and private sectors can launch pilot projects.
On June 13, the Council of States passed the six identical motions without any dissenting votes. This means that they have been approved by both chambers.
However, a lot has already been done in advance in the private sector: For example, through the founding of DIDAS (Digital Identity and Data Sovereignty Association) in 2020 – the goal of DIDAS is the formation of an inclusive ecosystem that strives for a privacy-first and media disruption-free digital society with global standards with local government. As a founding member, Procivis participates in this association.
On April 28, 2022, a whitepaper was also published by Digital Switzerland as a contribution to the discussion by many different experts in the private sector. It brings together the different perspectives of technology, business, administration, users and the law. The expert group concludes that a suitable technology based on SSI principles with the roles Holder, Issuer and Verifier corresponds to the optimal implementation.
“Establishing trust in the technologies and standards, as well as in the participants of such an ecosystem will be critical. This can be guaranteed through open standards, robust reference implementations, and a certification process that is instituted by the federal government.”
In addition, they provide a possible outlook for the further development:
“The starting point for the building of the e-ID ecosystem will be the issuance of the e-ID itself, together with e-ID enabled digital signatures. The Swiss government has the political mandate for this implementation. This will kick off two parallel work streams. One will focus on developing demonstrators that show potential use cases in a sandbox setting, the other on designing and building infrastructure and governance.”
This is what was newly announced yesterday
In parallel to the pilot projects, a new bill was drafted, which was to be formulated in a technology-neutral way to include possible technical developments. Detailed questions about the availability and operation of the e-ID infrastructure and various aspects of data protection and data security were also worked on with experts from the scientific community.
Yesterday's media conference and published media release opened the consultation process for the new E-ID law, which will last until October 20, 2022.
The preliminary draft of the federal law declared the purpose of the E-ID to be to ensure "secure identification by means of E-ID among private individuals and with authorities". The protection of the personality and fundamental rights of individuals is to be provided by the following principles defined in the law:
- Data protection through technology
- Data security
- Data economy
- Decentralized data storage
The prerequisite for obtaining an E-ID is a valid identity document according to the AwG or according to the federal legislation on foreigners, integration and asylum. The E-ID will be issued by the Federal Office of Police (fedpol). The E-ID will be available on a voluntary basis and can also be subsequently revoked at the request of the person holding the identity.
The infrastructure, which can also be used by public authorities and private individuals to issue digital credentials, will be provided by the federal government. Part of this is a wallet app that the Swiss population can install on their smartphones free of charge. To use and issue the E-ID, the user scans the ID with the smartphone, whereby data such as the name, photograph and ID number are read in and a comparison is made by means of a facial scan*. In addition, the Confederation will also carry out a comparison of the photograph with the image file available on the fedpol database. The technical means of storing and retaining the identity and digital proof can be chosen by the person in possession.
The presentation of digital proof will not be visible to the issuer of the proof, nor will the content of proofs be visible to the infrastructure providers. Issuing and verifying entities will enter their identifiers in a publicly visible register.
The Swiss E-ID system will comply with international standards, with the intention of making the E-ID applicable abroad at a later date. All public authorities, as well as cantons and municipalities, must accept both the E-ID and the physical ID when they perform electronic identification.
What we expect for the future
The federal government expects the dispatch on the new e-ID law in the fall of 2023 and the start of parliamentary consultation by the end of 2023.
The introduction of a full-fledged nationwide e-ID will at least take until 2025.
However, Procivis is already working with our customers and other partner companies on initial pilot applications that combine the future Swiss E-ID with other digital credentials and is actively helping to establish standards for the numerous government credentials, as well as interoperability between the mDL and SSI standards. Our existing wallet solutions, which are already in productive use in the canton of Schaffhausen, the city of Zug and other municipalities in the canton of Zug, among others, as well as the digital driver's license solution "mDL+" developed according to the global ISO standard 18013-5 and the first version of our "SSI+" solution based on Hyperledger Indy/Aries are proof that Procivis with its "mobile-first" solutions has taken a leading position when it comes to the development of secure and user-friendly e-ID wallet solutions. Procivis supports its customers not only with technological solutions, but also with our comprehensive know-how in the form of consulting: For a first step towards the future.
*How Switzerland's E-ID can one day be set up and used on citizens' smartphones, we show with our demo solution of "SSI+".