Creating a new law is a long journey. We already featured several “making of” stages of the Swiss E-ID Law and the contributions of SWITCH in our E-ID category: consultation of an E-ID Concept in 2015, consultation of an early draft E-ID Law in 2017, publication of proposed law in 2018.
Another hurdle was recently cleared with the National Council approving the proposed law with relatively minor changes in March 2019 (for the interested: this business is referenced under 18.049). A minority wanted to change to government-issued Electronic Identities (eIDs), but the proposed market model was upheld.
Next step is the debate in the Commission of Legal Affairs of the Council of States in April 2019. In the absence of major changes, the law can be put in force in 2021.
Why is this law relevant to SWITCH?
Electronic identities issued under this law will maintain ties with governmental identity registers and are thus trustworthy and kept up to date. This could indeed come quite handy when onboarding new individuals into our federation when a certain assurance is crucial. For instance, an eID could be used to validate user provided attributes in the SWITCH edu-ID identity of a student applying at a university. Furthermore, the use of an eID could solve regulatory requirements when accessing very sensitive data (e.g. health-related data).
What is the engagement of SWITCH to that end?
Law making is a lengthy process, but so is its implementation. You might want to do those two tasks in parallel. But, of course, you should do this only when not expecting significant changes to the law. The Federal Office of Justice seems to share this opinion and invited a number of potential E-ID providers into a working group to start preparing the implementation of the expected law. SWITCH is one of those. The benefit to SWITCH is that we are better prepared to assess our own approach to adopting eIDs. SWITCH currently sees these options to make use of eIDs under this law:
- SWITCH to operate an E-ID IdP under the E-ID law and issue eIDs as part of its SWITCH edu-ID service.
- SWITCH not to operate an E-ID IdP itself, but accepting eIDs from other E-ID providers and thus acting as E-ID relying party under the E-ID law.
A third option is not to operate under the terms of the E-ID Law and get equivalent assurance by other means, e.g. video-identification. This could be done on the basis of official documents which are again based on the same register data as in 1. and 2. (e.g. passports or ID-cards). This approach can coexist with 1. and 2. above and extend them.
The choice of SWITCH will clearly depend on the regulatory burden to implement 1. or 2. above and how the identification market will develop. Our decision will be based on what we perceive to offer the best value for money to the Swiss higher education and research community.
We keep focused on this topic. Stay tuned…