The Swiss already rejected the proposal for a 2018 federal law on electronic identification services (e-ID Act) on 7 March 2021. As a voluntary system, the proposed Act aimed at unique identification of individuals by means of assigned e-IDs, provision of which would be by a number of federally approved providers acting as single access points. The identity providers would either be private companies, communal or cantonal authorities. Given that generally the required know-how for such technical developments predominantly remain in the hands of private sector, the proposed Act would have effectively paved the way for public-private partnerships, which could be seen as one of the central points for public objection.
On a trust-sensitive subject as such, reliance mainly on public-private partnerships with a centralised governance model seemed rather compromising where digital representation and identification of users would be reduced to a mere business matter.
Fast forward to summer 2022 when a new draft law was announced. Moving away from a purely centralised model, the new state-operated infrastructure – namely the e-ID ecosystem – is seemingly set to embed core principles such as data protection by design, self-sovereign identity management and data minimisation. In addition, a decentralised data storage mechanism would be integrated in the infrastructure. Digital credentials would then be issued both by the state and private actors.
In this context, a public consultation period was initiated with the deadline of 20 October 2022[i].
In essence, the proposed Act[ii] is drafted based on four principles, namely data protection through technology, data security, data economy and decentralised data storage. The system will be offered free of charge and voluntary, hence revocable at the request of an e-ID holder. With privacy enhancing techniques (PET) in place, the ecosystem would in principle ensure that generated digital proofs of users are not visible to the issuers of these, nor would the content of the said proofs be accessible to the infrastructure providers.
With the federal office of police (fedpol) being assigned as the issuing authority, it is expected that by the end of year 2023 the parliamentary consultations for the proposed Act would commence.
With similar developments in the European Union (EU), in summer 2021 the 2014 Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS) was set to undergo a revision with an aim to extend its current scope, among other things. In this regard, a proposal for a regulation, namely eIDAS 2.0, was also put forward in order to establish a framework for a European Digital Identity.