Published: 21 October 2019
Connectis’s eID Specialist Esther Makaay has written about the Digital Government Act for ICT Magazine. What changes to the draft legislation are now proposed?
Next year, the long-awaited Digital Government Act is due to take effect. The draft legislation will go before parliament at the end of November. The purpose of the Act is to ensure that all Dutch citizens and enterprises have secure and reliable access to the online services provided by government bodies and other organisations with public roles. That implies the availability of electronic identities (eIDs) that offer a greater assurance level than the existing DigiD.
When the Act comes into force, public service providers will be obliged to accept recognised eIDs. That will certainly include DigiD, eHerkenning and eIDAS, and the minister has the power to recognise additional eIDs that satisfy the government’s strict criteria. The minister can, however, withhold recognition. The legislation has been under development for several years. State Secretary Knops has therefore submitted written proposals to parliament for several key amendments aimed at improving alignment with the current market with additional IDs and options.
Open recognition instead of nomination
For some time, there have been calls for citizens to be enabled to access public services using a wider variety of eIDs, such as iDIN and IRMA. Under the legislation as currently drafted, the recognition of additional eIDs would be government-led. However, Knops is proposing an open recognition system: any eID that satisfied all the applicable privacy, security, reliability and utility criteria would be recognised.
Private players to have a role in enabling eID support
If the open recognition system is adopted, public service providers will be required to support each new eID that receives recognition. If numerous eIDs gain recognition, service providers may have to realise a multiplicity of interfaces. That will make it desirable to have a ‘gateway service’ that provides support for all recognised eIDs via a single interface. Although the government envisages providing such a gateway service itself, private players could also have a role. The experience with eHerkenning shows that the market is quite capable of delivering the type of system required. Connectis’s CIAM platform already offers single-interface multiple eID support, for example.
Distinction between personal and business logins is blurring
One consequence of the developments described above is that the ‘artificial distinction’ between private and business logins is gradually disappearing. DigiD is intended for personal identification, whereas eHerkenning is for business users. With eHerkenning, a company can, for example, authorise an individual to submit the company’s tax return. In that context, little or no personal data is exchanged. However, the question now being asked it whether it should be possible to request personal data via a business ID.
The changes described are needed so that future innovations can be embraced. Because the Digital Government Act has been so long in the making, its vulnerability to unforeseen developments is already apparent. It’s therefore vital that the Act is future-proofed.
The original Dutch-language article by Esther Makaay can be found on ICTmagazine.nl.
Want to know more about the Digital Government Act and making online services accessible with multiple eIDs? Fill in your contact details below, and we’ll get back to you as soon as we can.