Founder and Group Director of Liga, current member and prior co-chair of the Danish National Cyber Security Council.
The increasing treat from cybercrime-networks has put cybersecurity on top of the agenda. But Germany and Denmark are pointing to ways of handling the challenges. By injecting Trust into the framework of Zero Trust.
Denmark is currently implementing the 3rd. generation of eID – MitID – following a period of 15 years of development and maturing. With the eID Card and now Smart eID Germany has proven the process can be accelerated with great ingenuity and by delivering mutual benefits to both public and private sectors and citizens.
As current member and prior co-chair of the Danish National Cyber Security Council advising the political decision-makers, founder and Group Director of an IT cybersecurity software company, and one of the contributors to the development of the Danish eID solution, I have had the privilege of following the process in Denmark closely.
eIDs as the foundation of cybersecurity
There are many components to efficient and reliable cybersecurity. Different practises, tools, frameworks, and services. However, implementing digital solutions enabling only using validated digital identities as the foundation for all other cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of threats and ultimately trust.
This has been the guiding principle of the successful digitization throughout Denmark and recently this was affirmed by the EU updating the Network and Information Security Directive with NIS2.
The story of the Danish eID
For more than 15 years, Denmark has provided public access to eID. 3rd. generation is now available delivering one unified system giving both citizens, employees, public authorities, and businesses easy access to solely accepting and using validated digital identities. Ensuring compliance within the framework of eIDAS and ultimately NIS2.
Ever since the beginning of the development and implementation of the Danish eID, this process has been a close corporation between the public and private sectors. Both in terms of strategies, the technical solutions, and the implementing roll-out.
The Danish eID has played a key role in the digitization of the Danish society – a process which was commenced around the turn of the millennium and has placed Denmark as one of the most digitized countries in the world today. It was clear from the get-go that using a solution for validated digital identification was the prerequisite if the trust and security of in-person physical interaction was to be inherit in the digital sphere: How can we be sure that the one, we think we are talking to, letting in or sharing materials with, is actually who he says he is, if we can’t see him or hear him speak?
The answer was to develop a solution using already validated means of identification such as personal social security-number, passport, etc. The 1st. generation combined username, password, and a one-time numerical code from a physical paper code-card. The 3rd. generation is now available as a smartphone app and the use of passwords is gradually being abandoned.
Future proofing: Availability, convinience and validated trust
The greatest leap forward though – and where we see similarities between Germany and Denmark in terms of ambitions and initiatives, are the new possibilities being given the private sectors and the increased corporation between public and private sectors in both development and roll-out.
With the 3rd. generation of the Danish eID comes a new version of the employee-version: “MitID Erhverv” a unique solution available free of charge to all business and institutions to implement IAM within the Zero Trust. Developed in corporation primarily with the financial sector.
This article was published in the German news media Tagesspiegel in July 2022:
Digital Onboarding with eID
Password Reset with eID
Classic password reset solutions do not guarantee the user’s identity. This can compromise the user account opening to data leaks and severe security issues. Using a trusted eID solves this.