“Who invented it?” is a popular Swiss saying. In the case of the eID, the question must be: Who threw it away? The EU is implementing a new eID concept that includes elements of the old SuisseID. Swiss companies will have to follow suit.
Much has changed since 2014, when the EU adopted the eIDAS Regulation, which regulates the EU-wide recognition of national electronic identities (eIDs). The evaluation of the regulation has led to a fundamental rethink in the EU Commission. Implementation takes too long and has remained too limited to access to government services. Cross-border authentication is still not possible in the private sector context and digital attribute certificates that can be used across borders do not even exist. Therefore, the EU wants to create a new legal framework for a uniform European authentication system. This is to be introduced by all EU member states in 2023, or more precisely, no later than 12 months after the architecture and technical standards are available. Some Swiss people are probably thinking: “They’re imitating us! In a way, this is indeed the case – but it has little to do with the eID law that was rejected at the ballot box. The new legal framework is supposed to be binding for state institutions and very large platforms – they have to accept the new European eID and are no longer allowed to impose their own eID on users – and establish a digital wallet that enables the storage of proof of ownership.
First of all, it is striking that almost everything is changing and at a high speed, but at the same time building on the acquired knowledge of the past. The expert group responsible for the eIDAS implementation status has been tasked with developing the new architecture and standards. One trusts the expertise of the experts and is not afraid of a possible fixation of these experts on their ideas of yesterday. This would be unthinkable in Switzerland in at least two respects. On the one hand, experts in Switzerland are regularly replaced as it suits the administration and the political environment, because the development of specific transdisciplinary knowledge contradicts Switzerland’s political-administrative logic, which is geared towards a balance of power. On the other hand, in Swiss eGovernment, the majority of experts are stakeholders of their specific expertise, which is focused on their topic. They have their convictions and they fight for their topic – which is why one could hardly rely on them in the reorientation.
Secondly, it is noticeable that the core of the solution development is the architecture and the technical standards are developed before the legislation takes place. The central concern here is obviously high speed and the basic assumption that technology and law are at eye level. This is also simply unthinkable in Switzerland. Here one can observe how, in e-government, technical ideas are translated into law after years of work in such a way that they make a lot of sense in the logic of the political-administrative system, but have become useless in the practice of service provision by the administration. In fact, the EU approach stands exactly in the middle between Switzerland’s two contrasting approaches to eGovernment. Here, namely, the architecture work on the meta-level, for example on the topic of business capabilities, is opposed to the demand of National Councillors such as Gerhard Andrey (Green Party), who call for a focus on small, modular solutions. However, an architecture for an eID ecosystem is a systemic approach that provides the order for the interaction of the small modules and this approach must be very concrete and hide the meta-level in the background so that a solution can be built and introduced within a few months.
Thirdly, it is noticeable that the EU Commission is planning something that the old SuisseID originally envisaged in its concept, but which was discarded during the implementation of SuisseID because it was decided to concentrate on the essentials. The EU Commission now sees the supposedly non-essentials of the past as the core of the solution: the trustworthy certification of properties. This is very comforting, because it shows: At least the Swiss engineers were once 10 years ahead of the world in their eID concepts. And at some universities, even the non-engineers have understood this and advertised it as a special quality – for example, in the Department of Economics at BFH. But of course it is impossible to preserve expertise for decades in case it becomes relevant at some point. The experts of yesteryear have all moved on to new topics since then.
Two questions remain
First, how should Switzerland react to the new announcement? For Swiss companies with EU clients, the situation is clear: by January 2023, they should be ready to implement a solution that allows the use of the EU digital wallet within a short period of time. Anything else would be a gamble on risk.
Secondly and more fundamentally, isn’t it sometimes a pretty good thing for an administration to have its own actions evaluated by the people and to react to bad evaluation results – as the EU Commission did in the case of the eIDAS Regulation? Maybe yes, maybe no. Even if the direct-democratic mechanisms allow the Swiss sovereign to intervene if things get too colourful for it, there would perhaps still be a need for further (digital) participation mechanisms for the population and the economy to speed up the rituals of the political-administrative system. But these rituals also make sense and the “fast EU” principle must first show that it works. Let’s wait and see – we do anyway.