Skip to content

Electronic identification (eID): The basis for trustworthy communication

Person im Anzug nutzt Fingerabdrucksensor auf einem holografischen Login-Interface vor einem Laptop.

Rely on us for the security of your eID service

If you, as an identity provider, would like to offer an electronic identification solution that is also recognised at European level, you must meet the necessary legal requirements of the eIDAS Regulation and have your identification system notified accordingly. The three security levels - low, substantial and high - are of crucial importance here. They express the degree of trust in the identity of the persons behind them and go hand in hand with increasing security requirements that you must fulfil when identifying, authenticating and managing identities.

We can support you in the eID area as follows: In a workshop format, we go through the relevant verification requirements with you, answer your individual questions and optimally prepare you for an upcoming verification and notification. As part of a GAP analysis, we assess the current level of security and identify weaknesses. Following a document review and an on-site audit, we certify the level of security you have achieved. In addition, our training courses provide you with initial insights into the world of eIDAS & ETSI.

Request a personalised quote now

Target group for the certification of identity providers for electronic identification (eID)

Our offer is aimed at a wide range of organisations involved in the secure, legally binding distribution and use of electronic identification:

  • Organisations that already identify natural or legal persons
  • or are planning to set up an identification solution
  • Providers of digital identification services, certification services or trust services within the meaning of the eIDAS Regulation

The advantages of certification at a glance

  • Objective proof of security: An independent assessment confirms the level of security achieved (low, substantial or high) for your eID service - as confidence-building proof for customers and supervisory authorities.
  • Conformity assessment as a gateway to the European market: Your service can be used throughout the EU in a legally binding manner.
  • Transparent GAP analysis: We identify optimisation potential in your current implementation.
  • Training & expertise: With our training, your employees become your company's own eIDAS.PROFESSIONALs.

Your path to becoming a certified eID service

This is how we support you holistically:

Training & Qualification

  • eIDAS.PROFESSIONAL training for your employees

Concept & preparation

  • Overview of the legal requirements for identification solutions, including the relevant eIDAS requirements, relevant ETSI standards, and assessment of these requirements in the respective context
  • Introduction to the TÜV NORD certification programme, including normative and legal requirements, interpretations and other relevant aspects
  • Workshops and preliminary audits to identify non-conformities and potential for improvement through status analyses of the PKI or trust service and GAP analysis of existing documentation and processes

Testing and conformity assessment

Standards according to which we audit:

  • eIDAS Regulation: Consideration of the requirements listed in Chapter II "Electronic identification" of the eIDAS Regulation.
  • Implementing Regulation (EU) 2015/1502: Contains the minimum requirements for technical specifications and procedures for security levels of electronic identification means.

Certification & re-certification

  • Carrying out conformity assessment and certification
  • Support with inclusion in the EU Trusted Service List

FAQ - Frequently asked questions about eID services

The aim of electronic identification systems in accordance with eIDAS is to considerably simplify identification for the cross-border processing of administrative services at European level. Companies also benefit from these eID systems, as they can be used in the corporate environment. This saves time and effort and facilitates communication with customers, among other things. Electronic identification systems have already been introduced in numerous member states (such as the online ID function of the ID card in Germany).

The eIDAS Regulation provides for harmonisation of the various national eID systems at a (security) technical level. The regulation aims to establish interoperability between the systems. This is ensured by a voluntary notification procedure of the European Commission, in which member states can have their national systems notified. The eIDAS Regulation regulates the legal framework for mutual recognition. It distinguishes between three levels of assurance: "low", "substantial" and "high".

Notified eID systems are recognised across borders and enable access to national administrative services both for citizens of the member state and for EU citizens of other member states. To this end, the notified eID system used must have an equal or higher level of security than that required for the administrative service.

These three levels describe the confidence in the accuracy of a person's identification in the digital space.

  • Low: Low requirements for identity verification - suitable for low-risk applications.
  • Substantial: Extended verification with stronger protection of the transmitted data - e.g. through two-factor authentication.
  • High: Highest requirements - e.g. through personal verification or official ID documents. This level is required for particularly sensitive administrative or business processes.

The security level depends on the protection requirements of the respective application. The more sensitive the data or legal implications of a process are, the higher the security level should be. The selection is made taking into account risks, legal requirements and user groups. A GAP analysis can help to validate the desired level and define specific measures to achieve the target.

The requirements for technical, organisational and legal measures increase depending on the level of assurance:

  • At a low level, simple authentication without proof of identity is usually sufficient.
  • At a substantial level, additional verification mechanisms, such as identity documents or digital proof, must be used.
  • The high level requires proof of a government-issued identity document, encrypted communication, logging and, if necessary, manual verification processes.

Identification refers to the initial establishment of a person's identity, for example through identification documents. Authentication is the repeated verification of this identity, for example using passwords, biometric features or two-factor procedures.

Data used for electronic identification is predominantly personal and is therefore subject to strict data protection regulations in accordance with the GDPR and eIDAS.

The duration depends heavily on the preparation of the provider - with preliminary analyses, GAP analyses and documentation, periods of between 3 and 9 months are common.

Certification bodies such as TÜV NORD carry out the tests on the basis of the eIDAS specifications and relevant standards such as ETSI or BSI.

Why we are a strong partner for you

  • Independence
    Our employees are not subject to any conflicts of interest, as they are not beholden to any product providers, system integrators, shareholders, interest groups or government agencies.
  • Expertise
    With us, you have one of the leading experts in the field of cyber security at your side, certified by the BSI as an IT security service provider for IS audits and penetration tests.
  • International network of experts
    Around the globe: We support you both nationally and internationally. Our global network of experts is at your side for all IT security issues.
  • Industry experience
    Thanks to our many years of experience in a wide variety of sectors, we can serve companies from a wide range of industries.
  • Tailored to you
    We focus on customised services - and solutions - that are ideally suited to your current business situation and the goals you have set yourself.

Do you have any questions? We are happy to help!

Additional services