How to successfully mainstream eIDs in GermanyYears ago, Sweden demonstrated how electronic proof of identity for consumers can be successfully implemented with BankID. Which has become an indispensable part of everyday life in Sweden and brings added value for consumers, public authorities, and companies alike. Its great success even served as a catalyst for Swish, a P2P payment method which has millions of users today. In Germany, however, it is a completely different story: although various eIDs have already been implemented, they are hardly used on a broad scale. Why are we lagging so far behind in terms of eIDs in this country and what do we need to do to finally take full advantage of digital identities’ full potential?


In this blog post we will discuss the following (use these anchor links for quick navigation):

 

Read more about the success story of the Swedish BankID here.

 

"Germany needs a comprehensive digital awakening. We want to use the potential of digitalisation for people's development opportunities, for prosperity, freedom, social participation, and sustainability. To this end, we will set ourselves ambitious and verifiable goals and take realistic and quickly noticeable measures. [...] Trustworthy, universally applicable identity management as well as constitutionally sound register modernisation are a priority."

COALITION AGREEMENT 2021-2025 BETWEEN THE SOCIAL DEMOCRATIC PARTY OF GERMANY (SPD), ALLIANCE 90 / THE GREENS, AND THE FREE DEMOCRATS (FDP), p. 12-13

 

Digital identity management has been given priority in the coalition agreement of the "Ampel" government (German term for “traffic light”, referring to the party colours of the three governing parties currently in government), which is undoubtedly an important statement. That notwithstanding, there is very little to be found in concrete terms: how will it take place and what steps are planned for this? The answers to such questions remain in the dark. The digitalisation success of the German government will ultimately have to be measured by how much "trustworthy, universally applicable identity management" will really be put into practice and make its way into use in the coming years.

In Germany, the importance of digitalisation has been invoked across party lines for years, even decades; its concrete implementation in practice, however, has been rather slow in many areas. Whether in health care, education, or public administration – when it comes to digitalisation, there is an urgent need to catch up with many European neighbours. Digital identities in particular are an important building block for providing (legal) security for offers and business activities online.

A role model for politics: In Germany, enterprises have overwhelmingly accelerated their digital transformation process in the wake of the COVID-19 pandemic.
A role model for politics: In Germany, enterprises have overwhelmingly accelerated their digital transformation process in the wake of the COVID-19 pandemic.

 

 

Where digital identities and eIDs in Germany stand today

In Germany, there are already several eIDs that are ready for use:

  1. The online ID function of the new German identity card (nPA): All German citizens with an identity card can also use its integrated eID function. This initially required a card reader but can now also be used on smartphones via NFC if the AusweisApp 2 app has been downloaded.
  2. Verimi: This is a joint venture from the private sector with shareholders such as Allianz, Deutsche Bank, Lufthansa and many more.
  3. yes®: This is the identity service of Sparkasse banks (German savings banks), which is also offered by German cooperative banks Volksbank and Raiffeisenbank.

So various eIDs have already been implemented and available for years. However, they are by far not as widespread as BankID in Sweden is. This is in large part due to the fact that many consumers are still unclear about what digital identities actually are and what eIDs can be used for in concrete terms: therefore, the public needs to be actively informed and educated.

 

 

Digitalisation and the implementation of eIDs in public authorities

Germany’s federal system presents challenges for public authorities regarding the basic structural conditions for digital projects such as e-government. There is no uniform federal standard, and neither planning nor implementation can simply be dictated on the federal level but must be done in consultation with and with the approval of Germany’s 16 states. This creates hurdles that result in delays, particularly with large and complex projects such as the digitalisation of administration. Also, many of the already existing digital offerings are completely unknown to large parts of Germany’s population.

If successfully implemented, digital offerings can become popular: in Germany, electronically transmitted income tax returns have risen significantly over the years.If successfully implemented, digital offerings can become popular: in Germany, electronically transmitted income tax returns have risen significantly over the years.

Another issue is the political system itself: all too often its representatives aren’t open-minded towards reforms and changes of any kind, but rather stand in the way of their realisation. For instance, a report by the Scientific Advisory Board at the Federal Ministry for Economic Affairs and Energy (BMWi) in spring 2021 (link to original report in German), entitled "Digitalisation in Germany - Lessons from the Corona Crisis", voiced unequivocal criticism. In reference to Germany’s public administration and education system, it stated: "Germany has structures, processes, and ways of thinking in public administration that sometimes seem archaic. Digital transformation falters if there are no role models. The political and administrative leadership of the organisations must want digital transformation and be prepared to effectively communicate the urgency of transformation to the respective organisation." (p. 21)

  



Example: The city of Fürth in Bavaria

In public authorities’ daily business, senior political decision-makers don’t necessarily promote digital transformation, but instead put the brakes on it. As heise (a renowned source for IT news) reported earlier this year (link to original article in German), Fürth was the first German municipality to integrate the federal government's user account into its own digital administration portal in mid-2021. The Bavarian state government, however, was decidedly less enthusiastic about this level of initiative and drive. In a draft of the Bavarian digitalisation law a few months later, it contained an obligation for authorities in Bavaria to only integrate the "BayernID" by default, meaning the user account of the Free State of Bavaria. User accounts of the federal government or other German federal states were only to be integrated via BayernID. Other integrations were only to be realised with the Bavarian State Ministry for Digital Affairs’ permission. This was justified as being in the "interest of a coordinated OZG [note: Online-Zugangsgesetz or ‘Online Access Act’] implementation in Bavaria", and for this reason there were special approval requirements for the integration of user accounts other than BayernID. Ironically, the whole idea of the OZG was to enable citizens to access digital government services. Therefore, the user accounts of the federal government and the federal states should be interoperable so that all services of all authorities can be accessed, nationwide, with each account. In this specific case, however, the motto "BayernID first" seems to have reigned supreme.

 A great need to establish secure digital offerings by the German government: in 2020, over two thirds of Germans felt their data wasn’t safe on the internet.
A great need to establish secure digital offerings by the German government: in 2020, over two thirds of Germans felt their data wasn’t safe on the internet.


So, when a German municipality became active on its own accord and showed initiative in its digitalisation efforts when trying to actively promote the service level for its citizens, this was thwarted by state politics. This way, proactive actions for a swift implementation of digital projects is not championed; rather, their realisation is further bureaucratised and delayed. At the same time, it is precisely at the municipal level where citizens have the most interactions with public authorities as it represents the largest point of contact. It is therefore paramount that political decision-makers not only insist on their own authority regarding such important digitalisation projects but work together with municipalities to enable pragmatic implementations.

 

The implementation of the OZG is dragging

In 2017, federal and state governments decided to offer around 575 public administration services digitally in accordance with the OZG, which mainly concerns communication from citizens to public authorities. The original target was for this process to be completed by the end of 2022; however, this deadline will not be met. As heise reported (link to original article in German), the federal government had digitalised more than 90 of its 115 services as of the end of 2021. At the state and municipal level, on the other hand, only 50 administrative services were online – out of a total of 460 procedures. However, this number only means that these services have been implemented in at least one German municipality, not that they are available in all. It will most likely take quite some time before this will be the case. Moreover, even with services that have been digitalised, citizens may nevertheless have to submit receipts in paper form, and the response from authorities often still takes place via regular mail.

As heise also reported in March of this year (link to original article in German), in response to the delay in the OZG’s implementation, the German federal government planned an "OZG booster" to be able to implement important administrative services throughout Germany by the end of 2022. The idea is that, according to the "one-for-all principle", services should be adapted from each other and not developed separately in every case. Therefore, the federal states should technically enable their own municipalities to adopt digitalised administrative services from other federal states. However, it remains to be seen if all the states actually have the political will to do this – the example of Fürth indicates otherwise.

So while some services are offered by German authorities via eID, by no means all of them are. This is unfortunate, as the use of eIDs in contact with citizens would also create significantly more confidence on the part of the public authority staff. After all, the identities of the citizens are clearly confirmed in exchanges with eIDs. Digital identities are therefore an important building block in the digitalisation of public authorities.



More efficiency for public authorities through complete digitalisation of processes

Undoubtedly, the greatest added value for public authorities is created when data exchanges not only take place digitally between citizens and the office, but if the subsequent in-house processes also run without disrupting the medium, where data must then be entered manually. In communication, this is possible if the data from a citizen's application is transmitted securely, and the authority has legal certainty that it came from the correct sender by means of eID. If this data is then fed into the corresponding in-house system and then sent back to the citizen in the same digital form, there is a tremendous boost in efficiency. eIDs become particularly valuable for public authorities when they can replace signatures and thus help to save vast amounts of paper.



Digital offers to customer and eIDs at enterprises

It is common practice for enterprises to use online portals for their customer administration. From the enterprises’ perspective, this has the advantage that contract management can also be covered within their domain; meaning it can be maintained and adapted as desired. However, this approach also has a decisive catch: while it has those advantages for enterprises, it is not customer-centric and thus unfortunately comes at the expense of usability.

Financially highly lucrative but not yet reflected in customer centricity of digital offerings: B2C e-commerce sales in Germany.Financially highly lucrative but not yet reflected in customer centricity of digital offerings: B2C e-commerce sales in Germany.

For customers, the use of such portals means that they have to create a profile with a username and password for their login. The security level is thus shifted to users, which is loathed by users. In order to keep their effort with password management as low as possible, users’ password security suffers. Company-specific solutions with online portals therefore lead to security risks because security cannot be achieved by disregarding users’ needs, it only succeeds if usability is maintained.

With eIDs, access to online portals is much easier and more secure, as the password issue is eliminated: users can easily and securely prove their identity with their eID without having to deal with a multitude of passwords, which is certainly a big step in the right direction.

However, even with eID a login is still required, for which customers must first access their company portals, for example to download invoices. It would be more customer-centric, easier, and more convenient, if such data was sent to the customers automatically and securely by means of encryption. With eIDs used to identify the sender and recipient, this would be done in a legally secure manner.

 

Find out here how a German billing centre for the health sector has secured and automated its digital communication.

 


There are already companies that use eIDs; however, they haven’t reached the critical mass to become an integral part of everyday life for the majority of consumers yet.


 

Reasons for the slow use of eIDs in Germany

The main reason for the lack of success of eIDs in Germany has been – besides the lack of use cases – poor communication during their introduction. eIDs haven’t really come out of their starting blocks yet. Positive marketing would have been very helpful in helping people understand and accept eIDs.

This would have also created an incentive on the part of private industry to promptly create numerous use cases for digital identities in Germany. Now, however, there is a vicious circle: On the one hand, consumers’ interest in eIDs still has to be raised due to the lack of possible use cases. On the other hand, the incentive for enterprises to go ahead with the development of use cases is rather low, as eIDs are still largely uncharted territory for consumers. It would have made a meaningful difference if more advertising had been done and practical use cases had been available when the online ID function was introduced.



A personal anecdote from the author

When I went to the local authorities to pick up my new ID card, I was also asked whether I wanted to activate the new online ID function. When I enquired about it, I was told that with the online ID function I would be able to identify myself online at some point. As conclusive as this statement was, it unfortunately provided me with very little information as I had already surmised such about the "online ID function" by its name alone. Unfortunately, staff wasn’t able to tell me anything more concrete. However, I was informed that I would also need a separate device to read the identity card. None of this sounded very appealing to me: buying a separate device so that I would be able to identify myself online at some point in the future...and for what exactly was unclear. So, I politely declined and didn't have the online ID function activated; after all, I was assured that I would still be able to do so at any time later on.

This probably happened in some way or another in other German registration offices as well. However, the staff there were hung out to dry, being put in a position where they couldn’t communicate any concrete information to enquiring citizens. The concept of the online function of German ID cards thus remained far too abstract for consumers and activating them was put on the backburner. If the activation was not carried out immediately when the ID card was collected, however, it was typically not carried out at all. The consequences of this can still be felt today: in Germany, existing eIDs are barely used on a broad scale.


 

How the use of eIDs can be pushed forward in Germany

Germany doesn’t lack functioning eIDs but rather the integration of them into digital services. There is a dire need for a significant increase in use cases that are firmly established in everyday life for all citizens. In exchanges with authorities and companies, there are many points of contact for people. Obviously, digitalisation efforts need to be characterised by more usability and security.

True to the title of the German government’s coalition agreement, "Daring more progress", the government must now act accordingly. This requires federal states and municipalities as well the private sector coming together. Such collaboration can make a meaningful difference, particularly regarding communication on the topic of digital identities, in helping eIDs finally achieve their breakthrough in Germany. To make progress, it is crucial to ensure the people are on board. More importantly, they need to be kept informed about

  • what their digital identity is,
  • what they can use it for, and
  • what advantages they have when using eIDs.




BankID in Sweden as a successful model for eIDs

To see how eIDs can succeed, it is worth looking to the European North. A decisive factor in the success story of the Swedish BankID was the pragmatic cooperation between government and the private sector right from the start. BankID was ready for use only two years after the necessary legal framework was created. In order to enable the use of BankID anywhere and at any time, Mobile BankID was launched for use on smartphones – and in 2017, 95% of transactions were conducted with Mobile BankID. Easy access and broad application possibilities enabled Swedish citizens to quickly reap the benefits of eIDs from the start, making BankID a win-win for everyone.


 

Conditions for success on the consumer side:

For consumers, it is important to be willing to give eIDs a try. Those who are open to what eIDs are and what they can be used for will most likely also apply them. This mindset does exist in Germany.

Consumers are also able to conduct their business in the digital world: Today, an overwhelming majority of Germans are online.Consumers are also able to conduct their business in the digital world: Today, an overwhelming majority of Germans are online.

During the Corona pandemic, consumers increasingly carried out activities online. This applied to the private sphere, such as shopping, but also to many dealings with public authorities. Conducting business digitally has proven valuable to consumers, therefore the potential for eIDs’ applications would fall on fertile ground, especially when considering the noticeable increase in security and simplicity they bring.



Conditions for success on the part of public authorities and enterprises

For public authorities in Germany, digitalisation is often not thought through all the way. As a result, there are complicated administrative processes that are partially conducted digitally. For many services, the necessary data is already available to the authorities, but citizens have to provide it yet again when processing documents. Also, some applications can be submitted digitally but receipts still have to be submitted in hard copy. Here, it is important to digitalise all processes for all parties involved, meaning citizens and staff, and thus make them simpler for everyone. Political decision-makers must encourage and not thwart initiative and drive among municipalities in their digitalisation efforts.

For enterprises, it is important to move away from their portal solutions and to put even more focus on their customers and interested parties. Consumers reject the need for multiple online profiles and use them only reluctantly, if at all. Moreover, there is a security risk involved with these. Using digital identities in the form of eIDs can serve as a powerful remedy and present a big step in the right direction.

Time to move towards stronger security: in 2021, only about half of Germans think it is unlikely their online account will be hacked.Time to move towards stronger security: in 2021, only about half of Germans think it is unlikely their online account will be hacked.






Creating use cases in digital communication

eIDs offer far-reaching possibilities for application, especially in digital logistics. In exchanges with citizens, for instance, municipal administrations already use established and proven communication solutions where eIDs can be integrated as the first point of contact for their citizens’ concerns. This presents the great advantage of not only using a secure way of transfer, but also a clear identification of sender and recipient.

Use cases are the linchpin for establishing eIDs on a broad basis and in the long term. Particularly in communication, the use of eIDs clearly creates added value in terms of security and simplicity – after all, the exchange of messages and files between public authorities, enterprises, and consumers increasingly takes place digitally.

To create this added value for everyone, Cryptshare has decided to take up digital identities and eIDs and has taken action: we integrated the first eID into our communication solution, thereby enabling many new use cases.

 

  • Which eID has Cryptshare integrated into its communication solution of the same name?
  • How exactly does the digital message and data exchange via eID work?

 

Find out what Cryptshare has done to push digital communication to the next level by using eIDs in the next blog post.

About this blog

With our software Cryptshare we enable our customers to share e-mails and files of any size securely in an ad-hoc way with a detailed audit trail and a strong ROI.

On our blog we write about email encryption, cybercrime, security gaps, malware, data protection and more. In short, anything about data security.

Follow us