Actor | Action | Necessary preconditions, successful authorization of: | Successful identification/authentication of: | Other directly involved' actors |
Customer from country A | Identifies him/herself in bank of country B | eID mean issued in country B. Possession of physical ID-document | Authentication with eID mean issued in country B. Validity checks and verification of presented physical ID-document | eID provider in country B Database of stolen or lost documents (country of document’s origin or Interpol SLTD (stolen or lost travel documents) database Identity proofing service provider of bank |
Bank in country B | Validates PII retrieved from eID mean and physical ID-document. Validates additional data submitted following AML/CFT rules | All requested customer related data is made available to bank | PII and additional data are successfully validated against population registry and potential black/grey lists of banks. Additional data meets criteria established by AML/CFT rules | Population registry of country B |
Customer from country A and bank in country B | Entering contractual relationship | PII is validated and AML/CFT rules fulfilled. | Acceptance of bank’s terms and conditions by customer. Signing of contract by customer and bank. |
Actor | Action | Necessary preconditions, successful authorization of: | Successful identification/authentication of: | Other directly involved actors |
HP B | Requests services from Country A | HP in Country B | HP in country B the patient by Country A | National Infrastructure B, NCP B NCP A |
Patient | Requests check and provision of audit log concerning the accesses to his health data | Successful authorization of HP | authentication of the patient at PoC | NCP A, Health data administrator |
Authorized Third Party (optional) | For the member states allowing it, can perform any action the patient can perform | Successful authorization of HP and authentication of the patient at PoC NCP-B and NCP-A must both authorize a third party to act on behalf of the patient | patient at PoC | Patient, NCP A, Health data administrator |
NCP B | Requests services from Country A | Successful identification and authorization of NCP A Authentication of the patient | NCP in county B The patient by country A | NCP A |
NCP A | Responds to service requests of NCP B | Successful identification and authentication of NCP B Authentication of the patient Authorization of HP/HCPO | The patient by country B NCP A | NCP B Identity authority managing the databases of patients, HPs, HCPOs |
HCPO or other external service provider | Provides required information to NCP | Mutual successful authentication of both parties | Both parties | NCP B HCPO or other external service provider |
Health data administrators | Administrate systems processing data and pro- vide some services (e.g., excerption of audit logs) | Successful identification of health data administrators Authentication of health data administrators Assigning the role of health data administrators | Health data administrator | NCP or HCPO |
Actor | Action | Necessary preconditions, successful authorization of: | Successful identification/authentication of: | Other directly involved actors |
Person (from country) A | Requests diploma recognition from country B | Person identification following Competent Authorities requirements Presenting diploma | Person A in Country B | |
Competent Authority of country B | Verifies diploma data and qualification | Data exchange system (IMI, ENIC/NARIC) | Competent Authority of country A | |
Competent Authority of country A | Confirms diploma data and qualification | Data of diploma | National data sources for educational and qualification records in country A | |
Competent Authority of country B | Issues deed of recognition | Diploma data and qualification confirmed by Competent Authority of country A |
COUNTRY | EIDAS BASIC DATASET | ADDITIONAL ATTRIBUTES | ||||||||||||
EUID | FIRST NAME | FAMILY NAME | DATE OF BIRTH | GENDER | OTHER NAMES | NATIONALITY/CITIZENSHIP | COUNTRY | PLACE OF BIRTH | CENTURY OF BIRTH | CURRENT ADDRESS | BIOMETRY | FIRST NAME AT BIRTH | LAST NAME AT BIRTH | |
Estonia | x | x | x | x | x | x | x | |||||||
Spain | x | x | x | x | x | x | ||||||||
Luxembourg | x | x | x | x | x | x | x | x | x | x | ||||
Netherlands | x | x | x | x | x | x | x | |||||||
Norway | x | x | x | x | x | x | x | x | ||||||
Lithuania | x | x | x | x | x |
Regarding | Description of the issue | Solved how? | IF not 100% solved, then why? |
Process | Smaller municipalities are not providing digital services | Government policy and nudging towards digital services | Depends on decision and available funds of every municipality |
Subject | Sectoral ID-s are causing multiple identities | Manual connections are made between data and identities | - |
Object | eIDAS – number of credentials is too limited for the Spanish national ID | Creating national Identifier for the person (duplicated identity) | - |
Regulation | eIDAS data set limits set by regulation | - | Not under control of single Member State |
Relying Parties | - | - | - |
Technology | - | - | - |
Infrastructure | - | - | - |
EU | - | - | - |
Regarding | Description of the issue | Solved how? | not solved why? |
Process | Sector specific approach to datasets and sharing principals | Some data are shared “on paper”, which means not shared digitally. | No standardized approach agreed in state, sector specific processes |
Subject | Citizen from abroad can have multiple eID’s from same country or different country. | Manually associating the various eIDs with a single LU identity (i.e., the one in LU national population register). National population register calling the person, requesting documents, checking, and then merging data. | - |
Object | Legislation prohibits to share national ID number with parties abroad | Derived unique identifier based on LU national ID number, created by algorithm, by country and by relying party. The same code is used also in the future and tied: unique person eID = requesting country + requesting organization | National regulations |
Regulation | ID number cannot be saved by private sector (with some exception, e.g., healthcare) | Person can choose what to share by giving an official consent | National regulations |
Relying Parties | Largely sector specific processes | - | Every sector and organization are deciding their solution. Private sector cannot store national ID number, with a few exceptions which are all enumerated in a national law |
Technology | - | - | - |
Infrastructure | - | - | - |
EU | Pinpointing false positive or negative matching cases | - | eIDAS minimum dataset |
Regarding | Description of the issue | Solved how? | If not 100% solved, then why? |
Process | Person who doesn’t have CSN code, must come to the office and present data | From abroad people can connect via eIDAS and can use eIDAS identifier. | Still physical presence is required for identity matching |
Subject | False negative matches can happen because of the spelling differences between languages | The name details (letter combinations like name prefixes etc.) are coded to match language specific changes in the surname | Focus is on avoiding false positive matches. |
Object | More than one positive hits from database | In case of 2 positive hits person is asked to confirm last 3 digits of CSN (yes/no) Manual connection of identities is possible | If still in doubt, then the connection of identities will not be done (to avoid false positive and possible frauds) |
Regulation | In case of doubt in >1 positive hits legislation prevents from demanding additional data. Either new identity should be provided, or identity connection made. | Person is asked to share data voluntarily | Person can refuse sharing additional data and public services must be provided still but under new identity |
Relying Parties | Most public service providers have their own systems established | One central database with all the persons, accessible to all service providers | - |
Technology | - | - | - |
Infrastructure | - | - | - |
EU | - | - | - |
Regarding | Description of the issue | Solved how? | If not 100% solved, then why? |
Subject | If persons from abroad cannot be connected to the registered ID number, it is not possible to use public services. | Sectoral internal identifiers are used. In corona pandemic situation those internal identifiers were temporarily used as a person’s identifier in Norway, but this system was not extended. | There are some exceptions – e.g., applying to university, paying taxes or receiving critical health care. |
Object | People have a long history and rights for services (like pensions). They come with a minimum data set from abroad or with a passport. And data quality differs a lot therefore. | A person is asked to share additional data and documents to find a match. Status of identity check is available to public and private enterprises that use the National Population Register. | Inflexibility in population register and rigorous government systems connected to that register. |
Regulation | Personal unique identifier related regulation prevents changes of attributes | Third identifier is under consideration – which would be more flexible in regards of Norway legislation and would allow additional attributes and change of some data. | Restricted by Population Register legislation and therefore every change requires change in the legislation. |
Relying Parties | Data is not shared between countries flexibly. | Physically appearing to present data and or receive work permit or ID document. | Variations of legislation of population registers in different countries. |
Technology | - | - | - |
Infrastructure | - | - | - |
Cultural | People are not ready to consider possibility to use EU unified identifiers. | - | - |
EU | In some cases, it is not possible to find a user in the eIDAS register, even if the person is registered. | - | eIDAS mandates sharing information but does not mandate access to services. |
Regarding | Description of the issue | Solved how? | If not 100% solved, then why? |
Subject | - | - | - |
Object | Digital association with eIDAS is not possible yet | - | - |
Regulation | For personal ID an applicant must choose gender on a dual scale (female/male) | There are ongoing discussions how to build multiple scale for describing gender | The gender is built in the personal ID code and cannot be excluded. |
Relying Parties | Quality of background check depends quite often on the experience of the person conducting search | In most cases the process brings the identity matching to the most experienced party (SMIT) and the duplication will be discovered | - |
Technology | - | - | - |
Infrastructure | - | - | - |
Cultural | - | - | - |
EU | - | - | - |
Member state (interviewed) | Providing identifier | Identity matching | Sharing data to service providers | Record matching |
Common issues for many countries | - Physical contact required at some point in the process of digital enrolment for local ID. | - Citizen can have multiple eID from same country or different countries, as well as different names for some cases. | - Personal identifier considered as sensitive personal data. | - Private sector specific processes, not connected to national ID and often not digitalised. |
Spain | + There are several digital options available in Spain for applying for a personal ID or using public services. - Depending on its size, not all municipalities are digitally approachable for services. | + Video identification is possible. | - In some sectors (like degree documentation in education sector) the documentation must be translated to Spanish and proofed by certified authority. | - Sector specific processes, not connected to national ID and mostly not digitalised. |
Luxembourg | + Fully online application process available for persons owning an eID means notified under eIDAS. | + Possibility to manually connect identities. | - Private sector service providers cannot store national ID. | - Private sector specific processes, not connected to national ID and mostly not digitalised. + Education sector EU wide networks allow digital data sharing. |
Netherlands | - One central database with all identities. | + The name details (letter combinations like name prefixes etc.) are coded to match language specific changes in the surname. + Possibility to manually connect identities. | + Presenting a polymorphic pseudo-ID to abroad. | - Every service provider has access only to its own records. |
Norway | + Unique national identifier from other MS (if received) is stored in the population register. - Enrolment for ID cannot be done digitally today. | + Central passports register stores photo and fingerprints, and these data can be checked, to make sure that no duplicate identities are created. | + Status of identity check is available to public and private entities that use the National Population Register. | + In many cases today the national identifier of other countries is stored in population register, which increases hit rate significantly. |
Estonia | + Unique national identifier from other MS (if received) is stored in the population register. + Online application process is available (e-residency), still requiring one physical contact to receive the personal ID. - Digital association with eIDAS is not possible yet. | + The identity of the person, once created in database, is forever. Only its status will change in time (e.g., “deceased”). - Quality of background check depends quite often on the experience of the person conducting search. | + Personal ID code is not considered as sensitive data, as the code alone cannot be used for any services or transactions (e.g., frauds). | + Digital certificates (as signature) are used together with personal ID code (both included in e-ID) for approaching to services. |
Step | Description | Type | Belongs to sub-process of | Related system involved (first acquaintance) | Relations | Relying party* or service user | Next step |
E0 | Applying for MS (2) Identifier | Start | Identity matching | - | - | Person with MS (1) eID | 1. |
1. | Authentication | Task | Identity matching | Local e-service; eIDAS node | - | Identifier issuing MS (2) | 1.1 |
1.1 | Requesting personal data for identification | Task | Identity matching | - | - | Identifier issuing MS (2) | E1 |
E1 | Consent is given | Event | Identity matching | - | - | Person with MS (1) eID | 2. |
2. | Providing required personal data for application | Task | Identity matching | eID provider MS (1); eIDAS node | Person with MS (1) eID | 3. | |
3. | Validating personal data | Task | Identity matching | Validation related data source in MS(x) | eIDAS eID identifier/ ID document | Identifier issuing MS (2) | 4. |
4. | Initial identity matching | Task | Identity matching | Local identifier database | - | Identifier issuing MS (2) | G1 |
G1 | “Any doubts?” | Gate | Identity matching | - | - | Identifier issuing MS (2) | 4.1;4.3; G2 |
4.1 | Requesting for more attributes from country that issued ID presented by person (MS1) | Task | Identity matching | - | G1 “YES” | Identifier issuing MS (2) | 4.2 |
4.2 | Sharing or additional attributes | Task | Identity matching | Local identifier database MS (1) | - | e-service from MS(x) | 5. |
4.3 | Requesting for more data from person | Task | Identity matching | - | G1 “YES” | Identifier issuing MS (2) | 4.4 |
4.4 | Sharing additional data | Task | Identity matching | - | - | Person with MS (1) eID | 5. |
5. | Identity matching | Task | Identity matching | - | G1 “NO” | Identifier issuing MS (2) | G2 |
G2 | “Match found? | Gate | Identity matching | - | - | Identifier issuing MS (2) | |
5.1 | Creating new local identifier and connecting identities | Task | Identity matching | Local identifier database | Gate: “NO”; eIDAS eID identifier/ ID document; New local identifier | Identifier issuing MS (2) | 6. |
5.2 | Connecting provided and existing identities | Task | Identity matching | Local identifier database | Gate: “YES”; eIDAS eID identifier/ ID document; Existing local identifier | Identifier issuing MS (2) | 6. |
6. | Providing identifier (new or existing one) | Task | Identity matching | - | - | Identifier issuing MS (2) | 6.1 |
6.1 | Receiving identifier | Task | Identity matching | - | MS (2) identifier | Person with MS (1) eID | 7. |
7. | Requesting service from foreign MS | Task | e-service usage | - | MS (xx) identifier | Person with MS (1) eID | 8. |
8. | Authentication | Task | e-service usage | eIDAS node | - | e-service from MS(x) | 8.1 |
8.1 | Matching with local identifier | Task | e-service usage | Local identifier database MS(x) | - | e-service from MS(x) | 8.2 |
8.2 | Receiving service request | Task | e-service usage | Local e-service | Service request | e-service from MS(x) | G3 |
G3 | “Service specific data needed?” | Gate | e-service usage | - | - | e-service from MS(x) | E2;10. |
E2 | Request for service specific data is sent out | Event | e-service usage | - | G3 “YES” | e-service from MS(x) | G4 |
G4 | “Digital e-service channel available?” | Gate | e-service usage | - | - | Person with MS (1) eID | 8.3;8.4 |
8.3 | Providing requested data to receive service | Task | e-service usage | - | G4 “NO” | Person with MS (1) eID | 9. |
8.4 | Giving consent | Task | e-service usage | Local e-service of MS (xx) | G4 “YES” | Person with MS (1) eID | 9. |
9. | Validating dataset | Task | e-service usage | - | Additional attributes MS (xx) | e-service from MS(x) | 10. |
10. | Providing service | Task | e-service usage | - | G3 “NO” | e-service from MS(x) | 10.1 |
10.1 | Using service | Task | e-service usage | - | - | Person with MS (1) eID | 10.2;10.3; E3 |
10.2 | Providing/ creating new data | Task | Record matching | - | Personal data related to service use | Person with MS (1) eID | E4 |
E3 | End of service use | End | Record matching | - | - | Person with MS (1) eID | - |
E4 | New personal data received | Event | Record matching | - | Service records | e-service from MS(x) | 11. |
10.3 | Providing/ creating records | Task | Record matching | - | - | e-service from MS(x) | 11. |
11. | Record matching with local identity | Task | Record matching | - | - | e-service from MS(x) | 12. |
12 | Storing records | Task | Record matching | Local e-service | - | e-service from MS(x) | E5 |
E5 | End of service case | End | Record matching | - | - | e-service from MS(x) | - |
Country | Used PIC(s) | Uniqueness Identifier | eIDAS status | LoA | Main challenges |
Estonia | personal identification number (isikukood) | Estonian personal identification code | notified | high |
|
Finland | personal identity code (henkilötunnus or hetu) | – | un-notified | – |
|
Norway | national identity number (fødselsnummer) D-number (issued to people with temporary connection to Norway) | Derived from the Norwegian Personal Identification Number | notified | high |
|
Sweden | personal identity number (personnummer) coordination number (issued to people who need to interact with public authorities, but have never been listed in the population register) | Derived from the Swedish Personal Identification Number | notified | substantial |
|
Iceland | System ID number Personal ID number | – | un-notified | – |
|
Faroe Islands | civil registration number (p-tal) V number (for legal persons) | – | un-notified | – |
|
Denmark | personal identification number (personnummer or CPR-nummer) | Derived from DK’s unique PID number | notified | substantial |
|
Lithuania | Personal code (asmens kodas) | Personal ID number | notified | high |
|
Latvia | Personal code (personas kods) | The new type of personal code consists of eleven digits, ensuring the non-repetition of personal codes. The first digit of the personal code is "3", the second digit is an automatically generated random number from "2" to "9" by the system, and the remaining digits are automatically generated random numbers from "0" to "9" by the system. | notified | substantial and high |
|
Greenland | – | un-notified | – |
Country | PIC derived? | Digits* | 1 | 2 | 3 | 4 | 5 | 6 | h | 7 | 8 | 9 | 10 | 11 | 12 | 13 |
Estonia | + | 11 | G/Cn | Y | Y | M | M | D | – | D | Sq | Sq | Sq | Ch | – | – |
Finland | + | 11 | D | D | M | M | Y | Y | +/-/A | Sq | Sq | G | V | – | – | – |
Norway | + | 11 | D | D | M | M | Y | Y | + | Sq | Sq | Sq | Ch | Ch | – | – |
Sweden | + | 11 | Y | Y | M | M | D | D | + | Cn | Sq | Sq | G | Ch | – | – |
Iceland | + | 10 | D | D | M | M | Y | Y | + | R | R | Ch | Cn | – | – | – |
Denmark | + | 10 | D | D | M | M | Y | Y | + | Cn | Sq | Sq | G | – | – | – |
Faroe Islands | + | 9 | D | D | M | M | Y | Y | + | V | V | G | – | – | – | – |
Lithuania | + | 11 | G/Cn | Y | Y | M | M | D | – | D | Sq | Sq | Sq | Ch | – | – |
Latvia | - | 11 | 3 | R | R | R | R | R | – | R | R | R | R | R | – | – |
Greenland | + | 10 | D | D | M | M | Y | Y | + | Cn | Sq | Sq | G | – | – | – |
Description of the issue | Problem area |
A. Recurring work is done for identity verification and matching. If a person’s activities engage different domains, then identity matching results are not shared within the state. Moreover, the identity matching results are not shared between the states. | Scope |
B. There are differences in PII (Personal Identifiable Information) datasets operated by states due to their legal and cultural particularities (e.g., place of birth logic, contact address obligation, facial biometric data storage/usage, derived PNOs towards other states, pseudonyms). Therefore, common best practices are hard to be defined. | Principles |
C. Motivation for changing status quo is low due to high initial investment costs, even though risks associated with potential identity mismatch are serious. Current fragmented processes allow also to keep the scope of any error clearly local. | Principles |
D. Low capability of Population Registries to adapt to any changes in PII dataset or modifications/improvements in processes of PII handling. As central repositories with also crucial national importance Population Registries primary responsibility is to each Member State, persons currently not residents of MS may not get attention and budget. | Technology |
E. Identity verification and matching is manual work performed by personnel who are not trained/experts in ID-management (healthcare, educational personnel, etc.). | Scope |
Description of the difficulties to be tackled in co-operation | Where the Problem MAINLY LIES?* |
| Technology |
| Scope |
| Principles |
| Principles |
| Technology |
| Technology |
| Technology |
| Scope |
| Scope |
| Scope |
| Technology |
| Scope |
| Technology |
| Scope |
| Principles |
* The problem can manifest in more than one area, but here the main issue is highlighted. |
Single digital gateway use vision:1 | Fully digital process and uninterrupted customer journey | Unified maturity level | Set of attributes ensures compatibility with relying parties | ||||
Concerning: | Scope (States: internal or cooperation) | Technology and infrastructure | Principles and Regulations | ||||
Situation caused by difficulties: | user is denied of access to cross-border services | duplicated ID-s | user is not matched to identity | records are not matched to user | Cross-border services are not used or developed | ||
Impact on: | Person with positive intentions | …can easily connect all one’s identities in any information system across Nordic States |
|
|
|
|
|
Person with negative intentions | …cannot hide one’s other identities and related records across Nordic States |
|
|
|
|
| |
States | …can find a duplicated identities from Population Registries across Nordic States, and match records accordingly |
|
|
|
|
|