THE NETHERLANDS: Audit of Digital Identity (eIDAS) Tools in the Netherlands
The Netherlands Court of Audit recently audited the most important and widely used digital identity tools available in the Netherlands: DigiD, the public authentication tool for citizens, and eHerkenning, the private authentication tool for businesses. We concluded that they currently function satisfactorily. We have concerns, however, about the future of digital authentication.
Concern 1: higher security levels and people with poor digital skills
For security reasons, the only means to log in to DigiD in future will be by app. This will be an access barrier to people with poor digitals skills. Security and accessibility must be weighed against each other. On the one hand (right-hand side of the figure below), services must be safe and information must be properly secured. On the other hand (left-hand side), citizens must be able to work with digital authentication tools, including people with poor digital skills. Citizens must be represented and assisted in person if necessary.
Concern 2: new authentication tools under the Digital Government Act
The Dutch digital authentication system will change on 1 July 2023 when the Digital Government Act (WDO) comes into force. The bottom right of the figure below shows that new authentication tools will be introduced alongside DigiD and eHerkenning. Citizens and companies will then be free to choose which ones they use. The new Act also provides for an interface where all authentication tools come together (shown in the middle of the figure). This interface is not yet in place.
Concern 3: the wallet as an authentication tool
Subject to the approval of the European Parliament, eIDAS2 will pave the way for the wallet, a digital folder containing personal information that citizens and businesses can share with public and private parties. The wallet is also an authentication tool similar to DigiD and eHerkenning. It will be available throughout the EU and may be used for many authentications in the future. But much is still uncertain. The wallet must offer authentication of at least the same quality as the existing tools.
International comparison
Our audit included an international comparison of digital identity tools, for which we were assisted by members of the IT Working Group. We sent out a questionnaire on the tools and their cost.
We found that the tools’ functionalities varied, from only authentication to authentication, authorisation and electronic signature functionalities. Most of the tools had a public-sector owner. As regards cost, we found that users did not incur additional costs to use digital identity tools in most countries, apart from the cost of ID cards or card readers, and then in only some cases. Tracing back the tools’ initial development costs was very difficult within the audit time frame. The same was true of the total cost per annum.
Links for further reading
Report ‘Digital Identity demanding a lot from DigiD and eHerkenning’
Assessment framework IT audit eIDAS tools
International comparison (on BIEP-portal)