The current widespread use of the Internet and extensive availability of high-performance mobile devices have resulted in an increasingly easier dematerialisation of transactions. This socio-economic change is promoted by modern Internet users who are well-educated, technologically savvy, highly connected and constantly online. In order to be able to perform more complex online transactions, the service providers must be confident in the identity and authenticity of their counterparts. A secure way to identify people is thus fundamental to ensure legal certainty even beyond national borders. To meet this need, a recognised identification system known as e-ID or e-identity will be introduced in Switzerland for individuals. Reliable e-IDs will therefore contribute to the expansion of online transactions.
1. ELECTRONIC IDENTITY (e-ID)
Concept
Legal certainty and trust are essential prerequisites for successful business and administrative processes – this is particularly true in the digital environment. It is indeed necessary and important to have clear knowledge of the identity of all concerned parties in any transaction.[1] At this time, the Swiss Confederation uses classical identification means such as passports and identity cards to guarantee and establish the identity of Individuals. With the introduction of the new Electronic Identification Services Act (“FAEIS”), it will now be possible to prove the identity of physical persons electronically.
Definition
The Electronic Identity or e-ID refers to a set of personal identification data (surname, first name, date of birth and additional characteristics where applicable) verified by the Government.[2] This data can be embedded in a suitable medium, such as a mobile phone, a customer card with a chip or a USB key. The role of the Government is to verify and recognise concrete applications, as well as recognise, control and monitor the providers of these applications.[3] These providers may be private companies or organisations as well as administrative units of the Swiss Confederation, of the cantons or the municipalities. It will be possible to use an e-ID wherever goods or services can be accessed online, whether they are offered by private actors or by the authorities.[4]
Set-up
The operating of e-ID systems as well as the issuance of e-IDs will be the responsibility of private service providers (Identity providers: “IdP”). The State will assume a significant burden, as it will be subjecting the IdPs and the systems they have put in place to strict recognition procedures and heavy surveillance.[5]
An e-ID is set-up after the individual has contacted an IdP. The registration includes an identification which is carried out, based on the level of guarantee either by electronic means or when the applicants presents him/herself in person.[6]
The FAEIS does not establish a specific medium on which the e-ID will be implemented. The current methods of electronic identification are available on mobile phones (e.g. Mobile ID), or on cards or storage media with an integrated chip (e.g. SuisseID), or they are completely dematerialised and can be used on the Internet with a username, a password and possibly a single-use transaction code sent by mobile phone (e.g. for online banking).[7]
2. NECESSITY OF A FEDERAL ACT ON ELECTRONIC IDENTIFICATION SERVICES
The purpose of the FAEIS is to prevent anarchic development in this area and to lay down strict rules for data protection.[8] Users can thus be sure that they have state-recognised and trustworthy solutions at their disposal, enabling them to enjoy the benefits of the digital world in a simple and secure way.
On one hand, the State ensures that no one can receive an e-ID under a false identity, which guarantees legal certainty and the reliability of online services. On the other hand, the State ensures through clear legal provisions, the protection of users’ personal data.[9]
The FAEIS has been designed to be compatible with existing international regulations and to allow notification under the EU Regulation N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (“eIDAS”). In view of the high level of business and social interdependence with most EU Member States, it can be assumed that there is a fundamental Swiss interest in being integrated to the European system for the sake of international interoperability of the e-ID in the future.[10]
- DATA PROTECTION
Data security is a key concern when it comes to electronic identity. The new law makes a distinction between the high, substantial and low data-security levels.[11] These security levels differ primarily in the number of attributes and the technical and operational requirements for registration and authentication[12].
Data protection is of paramount importance for electronic identity. The new law sets clear regulations, for example on the security of computer systems, and imposes strict rules on all parties involved in the protection of the data needed to establish the e-ID.[13] These rules go beyond the usual data protection under the current Swiss Federal Act on Data Protection (“FADP”). When a person applies for an e-ID, the personal data verified by the state is only transmitted to the provider of the concrete e-ID solution with the express consent of the user. The provider will not be able to communicate this data and the information derived from it to third parties. The provider will not be able to use it for other purposes either. In addition, users will have online access to their e-ID data and will be able to decide to whom this data may be transmitted.[14]
3. CONSEQUENCES
Secure Identification on the Internet
It is expected that the federal authorities will be able to make good use of the e-ID, especially in cases where they need to securely identify physical persons who are in direct contact with the federal administration[15]. The e-ID is a suitable solution for ensuring that computer systems will be able to carry out the identification and secure authentication of people. Some practical uses are for instance the online issue of extracts of criminal records or the debt collection register[16].
In parallel with the FAEIS, the Federal Courts and cantonal legal authorities have launched the project “Justitia 4.0”. This project will bring the Swiss justice system fully into the digital age. Electronic communication will become mandatory in particular for practitioners (especially lawyers) and authorities. A highly secure central platform will set up to enable all parties to legal proceedings to exchange date with the courts, public prosecutors and other legal authorities. Consultation on the preliminary draft of the Federal Act on Electronic Communication with Courts and Other Authorities (“ECCA”) will begin in the autumn of 2020.
Economic consequences
The regulation and security of online transactions will improve Switzerland’s attractiveness and competitiveness as a business location[17]. The Federal Council aims to implement the necessary contributions to Switzerland’s successful transition to an information society[18]. The introduction of recognised and widely available means of electronic identification is a key element in the development of a comprehensive e-ID ecosystem that guarantees reliability and security of electronic transactions[19].
4. NEXT STEPS
The introduction of the FAEIS is very good way to promote online transactions. Thanks to this new law, more and more complex transactions either with the Government or between private partners will be carried out electronically and therefore more efficiently. This will also open important new business areas in Switzerland.
Due to the diversity of uses characterising the e-ID, this system could also be applied to important current technologies such as smart contracts and blockchain and enable a more secure way to conduct business.
The e-ID is a key infrastructure element on which further digital services can be built, such as fully digital eGovernment, eVoting, eBanking, eHealth, eEducation and eCommerce. It should make an important contribution to Switzeralnd’s digital transformation in the process.
On 12 February 2020, at the end of the Parliamentary phase, a referendum against the FAEIS was successfully signed. The next step will thus be a general vote on the FAEIS by the Swiss public. If this vote is positive, the FAEIS will enter into force. As the date for the general vote has not been scheduled yet it is still unclear at the moment when the law will enter into force.
Our Experience
lecocqassociate provides a full range of financial regulatory, corporate and commercial advice in relation to the structuring and incorporation of entities.
This newsletter is for information purposes only. It does not constitute professional advice or an opinion. Please contact Mr. Dominique Lecocq on drl@lecocqassociate.com for any questions.
Footnote:
[1] Explanatory report of the project of FAEIS, p. 3.
[2] The e-ID in six questions, p. 1.
[3] The e-ID in six questions, p. 1.
[4] The e-ID in six questions, p. 1.
[5] Message on the FAEIS, FF 2018 4031, 4032.
[6] Explanatory report of the project of FAEIS, p. 4.
[7] Message on the FAEIS, FF 2018 4031, 4032-4033.
[8] The e-ID in six questions, p. 1.
[9] The e-ID in six questions, p. 1; Explanatory report of the project of FAEIS, p. 4.
[10] Explanatory report of the project of FAEIS, p. 16-17.
[11] Explanatory report of the project of FAEIS, p. 5-6.
[12] Explanatory report of the project of FAEIS, p. 5-6.
[13] The e-ID in six questions, p. 2
[14] Explanatory report of the project of FAEIS, p. 41; The e-ID in six questions, p. 2.
[15] Explanatory report of the project of FAEIS, p. 36.
[16] Explanatory report of the project of FAEIS, p. 36.
[17] Explanatory report of the project of FAEIS, p. 37.
[18] Explanatory report of the project of FAEIS, p. 37.
[19] Explanatory report of the project of FAEIS, p. 38.