Where we are right now and what we want
With more and more everyday activities shifting to the digital world, digital proof of one's identity is becoming enormously important. Secure digital identities already play a key role in the digital ecosystem: they guarantee high security requirements, protect individuals and processes and create trust between senders and recipients. In order to leverage the potential of digital identities, what is needed above all is harmonisation of regulation and cooperation between the public and private sectors.
Secure digital authentication and identification channels are also the basis for an effective digitalisation of our state. Many internal authority processes, but also those related to citizens and businesses, can only be transferred from the physical citizens' office to the digital future of the administration via a reliable, digital identity standard. Particularly in view of the implementation of the European eIDAS Regulation, the Federal Government must avoid special national rules in the regulation of authentication and identification channels at all costs. The implementation of the eIDAS Regulation should be understood as an important contribution to more data and consumer protection in Germany and should be actively promoted.
Recommendations for action for the new legislative period
Promote the use of digital identities in the economy
Existing measures to promote digital identities have so far not been sufficient to mobilise their potential in a sustainable manner. What is needed is better coordinated and, above all, more focused funding that provides targeted information about potential, supports the development of prototypes in showcase projects and ensures coherent anchoring in legislative projects. In order to ensure widespread application in the economy and administration and to guarantee a competitive range, there should also be consistent use of existing solutions from European providers. What we need here is an innovation- and growth-friendly climate for the most diverse models of digital identification, which enables competition in an open market, but always uses the same bases (e.g. to achieve the various trust levels according to the eIDAS Regulation) and is designed to be interoperable. In addition, there must be incentives for the use of private capital and public investment. Existing private sector as well as sovereign solutions for secure digital identities should be further promoted to drive development in Germany and the EU.
Despite often converging regulatory objectives, the identification requirements in the different sectors differ. There is therefore a need for cross-sector harmonisation of identification requirements. The aim should be to establish a uniform, technical minimum standard throughout Europe, which allows the implementation of specific solutions and at the same time standardises the underlying security mechanisms. In addition, the reusability of secure digital identities should be improved and data portability should be specifically strengthened by promoting and authorising data trustees and other "trusted third parties".
Strengthen European cooperation
The European market is too fragmented in regulatory terms for the Europe-wide use of identity services and the scaling of the business models of identity service providers. There is currently no single internal market. Even already at national level, sector-specific requirements hamper the growth and market penetration of identity services and thus digital business models. This should be remedied as quickly as possible through European harmonisation, standardisation and cooperation. The creation of uniform Europe-wide minimum standards is also needed for the use of hardware and software security modules in smartphones. The eIDAS Regulation could form the basis for the definition of harmonised requirements for digital identities in the EU as well.
Thinking digital identities and trust services together
The use of eIDAS tools must be promoted politically on a broad scale and, in addition to use in the public sector, must also be consistently enabled in applications in the private sector. In this context, greater emphasis must be placed on the broad scope of application and the added value for everyday use. In order for a European ID system to become established and create relevance with the user, it is necessary to expand daily use by including application possibilities for identification or authentication at all levels of trust. Administrations in particular can contribute to solving the "chicken and egg" problem. Much would already be achieved if public authorities accepted eIDAS tools and the online ID card function across the board. In addition, public authorities should be obliged to use the eIDAS tools, for example, when protecting their websites with a corresponding authentication certificate.