Translated with DeepL
The weekend before last, Swiss voters approved electronic identity by a wafer-thin majority. But while the political significance is being discussed, a fundamental question is being overlooked: What exactly did the citizens accept? What socio-economic impact can the e-ID have in the long term?
The answer is more far-reaching than "digital ID" - and could change the way we interact with authorities, banks and companies. Behind the E-ID is the SWIYU infrastructure, which is intended to enable an entire ecosystem of verifiable proofs. From confirmation of residence and debt collection register extracts to driving licences and university diplomas.
In the future, all of this could end up in a digital wallet that you control yourself. The documents are machine-readable and forgery-proof and can be shared in a data-saving manner. It is an attempt to organise digital trust, i.e. the verifiability of data, not as a service provided by private companies, but as a public infrastructure. This is comparable to roads or the rail network.
in 2021, an initial proposal failed with 64 per cent of votes against. At that time, private providers such as banks, insurance companies and IT firms were to issue and manage digital identities. The state would only have provided the master data. There was great mistrust: Who controls the data? Who makes money from it? How is my privacy protected?
"The old E-ID was a business model, the new one is a basic digital service provided by the state - comparable to roads, railways and bridges," explains Daniel Säuberli, President of the Digital Identity & Data Sovereignty Association (DIDAS), which oversaw the development of the new Federal Act on Electronic Proof of Identity and Other Electronic Evidence (BGEID), as well as its technical and organisational design. This law not only regulates the e-ID itself, but also creates the legal framework for the entire trust infrastructure and all digital proofs based on it.
The difference to the bill from the end of September is that the federal government is now the sole issuer and operator of the E-ID. However, the E-ID data is not stored on state servers, but exclusively on the user's smartphone. "Each time they use it, people decide for themselves what information they want to share and with whom," says Säuberli. "Instead of complete personal data for proof of age, the cryptographically secured information 'over 18' will be sufficient in future." Data-saving and untraceable. And I can check who the other party is and what data they are requesting before sending it."
The crucial point: when someone uses their e-ID, the transaction takes place directly between the user's smartphone and the verifier's system - peer-to-peer. The base register is only contacted to check validity, but does not store who has communicated with whom. This creates an infrastructure that is operated by the state but organised on a decentralised basis.
The system is based on international standards (W3C Verifiable Credentials, OpenID for Verifiable Credentials) and is practically completely open source, which means that anyone can view and check the code. The only exception is the issuing process as described below.
The architecture of SWIYU is based on the principles of "self-sovereign identity" Each transaction requires the explicit consent of the user. "Every transaction takes place peer-to-peer in direct dialogue with a verifier," says Säuberli. Unlike federated login from Google or Apple, there is no centralised body that could log every use.
"The use of the E-ID cannot be traced by the state or third parties," emphasises Säuberli. This is not a political declaration of intent, but technical architecture: the registers store neither movement data nor usage profiles.
But how is it ensured that nothing is actually logged? The answer lies in the system architecture and the design principle of single use: Each time the E-ID is used, the wallet ensures that proof can technically only be presented once. Even if a digitally signed proof of identity were to contain an internal identifier, this technical uniqueness eliminates any possibility of recognising or linking it across multiple transactions.
To check the validity of a proof, the wallet communicates with the state base register, which only processes a non-personally identifiable technical identifier - without drawing any conclusions about the person, time or purpose of use.
The entire trust infrastructure - from the wallet to the verification interfaces to the register services - is provided as open source and is open to independent security researchers for testing. In addition, federal agencies carry out regular penetration tests and bug bounty programmes to ensure that no hidden logging mechanisms exist.
The only exception for security reasons is the biometric issuing process for online E-ID applications.the facial recognition software used here remains proprietary for security reasons in order to make targeted manipulation more difficult. The Confederation has decided not to disclose the source code here, but relies on certified audits and high security requirements overall. This module is isolated from the rest of the system - the other components remain fully transparent and auditable.
Technically, data minimisation is made possible by modern cryptographic processes.processes such as selective disclosure allow only those attributes to be disclosed that are required for a specific application purpose - for example, age, without revealing the name or date of birth. In the future, zero-knowledge proofs (ZKPs) should also be able to be used: "I can then prove that I am over 18 with the predicate calculated via ZKPs, which is an elegant way of making the relevant information provable without disclosing it completely," says Daniel Säuberli. "These procedures can further simplify the architecture and operability, but require very precise work per use case by the federal government."
Improvements have also been made to the biometric data: it is only recorded during the online issuing process for facial data comparison, stored strictly for a specific purpose and deleted after a maximum of 15 years. No additional biometric data is collected when the passport is issued at the passport office.
SWIYU stands for "SWiss IdentitY for YoU" - a name that emphasises the federal principle and user control. The infrastructure is operated by the Federal Office of Information Technology and Telecommunications (FOITT) in cooperation with the Federal Office of Police (Fedpol). The technical responsibility lies entirely with the federal government; no private operators are involved
Technically, the system works via four components that the federal government operates on its own servers:
Basic register: Here the system checks each time the E-ID is used whether it is still valid or has been revoked. However, the register does not store who uses their E-ID when and where, nor does it contain any personal user data. It is purely a validity check.
Trust register: A publicly accessible list of all authorised issuers and verifiers, from federal authorities and cantons to private organisations such as banks or universities. Anyone who is not registered here cannot issue or verify valid proofs of identity.
Wallet (digital wallet): The app on the smartphone, developed and provided by the federal government. E-ID and other digital proofs of identity are stored here. These are encrypted in the smartphone's security module. Only the user has access; neither the federal government nor third parties can read the data.
Verification applications: Software that authorities and companies can use to check the authenticity of proofs - without obtaining more data than is necessary for the specific purpose.
The BGEID creates an infrastructure for any digital proof of identity. Driving licences, diplomas, residence confirmations, debt collection register extracts, tickets, club IDs - in future, all of these can be managed in the same digital wallet in a forgery-proof manner.
"The E-ID itself will probably never become an everyday tool, but other digital proofs that can be used as so-called trust anchors will," predicts Säuberli. The list of possible applications is long: changing addresses in just a few minutes, showing debt collection register extracts digitally without limits, opening bank accounts without video ID, redeeming e-prescriptions, signing contracts with a qualified electronic signature.
Even socially controversial applications are conceivable: Anonymous "proof of personhood" in social media - to prove that you are a human and not a bot without revealing your identity. Or digital support for political initiatives with forgery-proof declarations of intent that do not allow political views to be profiled.
The flexibility of building trust networks is particularly interesting.organisations such as universities, transport associations, companies or federations have two options: They can either build on the state-operated infrastructure, have their certificates entered in the trust register and establish their own governance within semantic standards to be defined, for example with their own rules for issuing, validity and verification.
Alternatively, however, they are free to operate their own independent trust infrastructure ("roll-your-own trust infrastructure") based on the open source code - completely under their own responsibility, but still interoperable with the overall system. "This interoperability must now be anchored in the regulations. In this way, a network of networks can be created that transfers the federal character of Switzerland to the digital world, i.e. centrally secure, decentralised and diverse," says Säuberli, describing the vision.
In practice, a university could issue digital diplomas within its own trust space, which can be verified across the entire network structure. the technical basis of the system is based on open, internationally established protocols and formats. These are used, for example:
SD-JWT VC (Selective Disclosure JWT Verifiable Credentials) for the data-saving transfer of individual attribute values,
ECDSA as a signature algorithm,
OIDC4VCI and OID4VP for the secure exchange of credentials between wallet, issuer and verifier,
as well as token status lists for verification status queries in the event of revocation.
A central element is also the binding of the E-ID to hardware, for example through a secure crypto processor in the device, as well as the use of OCA (Overlay Capture Architecture) to define the appearance and semantic structure of credentials.
DIDAS sees a targeted supporting role in this transition: "Many associations and organisations have already established functioning analogue trust networks in recent years, for example for issuing training certificates, membership cards or industry-specific certificates. "The challenge now is to transfer these established structures to the digital world in a secure and standard-compliant manner," says Säuberli.
DIDAS and specialised companies can support this process with technical and organisational support, for example by moderating the revision of existing semantic standards for use with verifiable certificates, by advising on role models and governance design and by defining suitable processes for issuing, administration and verification.
The aim is to maintain existing competences, link them to global technical frameworks and transform them into an interoperable but locally controllable digital trust ecosystem.
Daniel Säuberlin, President of DIDAS
What would have happened if the vote had failed? "Then Google, Apple, LinkedIn or Meta would continue to set the standards for our digital identity, with Swiss values as guard rails," says Säuberli. "Data sovereignty lies with international corporations, transparency and the level of data protection are corporate decisions and not democratically legitimised rules that can be guaranteed.
In effect, we would have accepted the very model that the electorate rejected in 2021: digital identity in private hands." Federated logins from tech companies are already standard today. Without a state alternative, this dependency would deepen. This would also have long-term consequences for sovereignty, democracy and digital competitiveness.
There is still a long way to go between vision and reality. "The success of the e-ID depends on how we integrate digital verifiability into our digital lives together," Säuberli points out. Without a broad ecosystem of applications, the E-ID will remain "a key without doors".
The state, cantons, municipalities, companies and organisations must develop services that create real, recurring benefits, with data economy as a basic principle, not as a marketing promise. Säuberli draws a historical comparison: "SWIYU is still in its infancy, much like the Swiss rail network at the time of Alfred Escher. He, too, could hardly imagine that high-speed trains would one day run on it." Many possibilities are not yet foreseeable today - from new business models to innovative services to protect privacy and applications to combat deepfakes.
The extremely close result of the vote is both a warning and a mandate. It shows that digital trust is fragile and needs to be continuously developed. "The new e-ID is many times more democratically and socially legitimised than the old proposal," says Säuberli. The participatory development with consultations, GitHub discussions and broad involvement of cantons, NGOs, business and science made a decisive difference.
Nevertheless, a lot of convincing remains to be done. The narrow yes vote means that a large minority still has reservations - be it data protection concerns, scepticism about digitalisation or doubts about implementation. The answer lies in practice, where transparent implementation, clear data protection rules and genuine voluntariness are crucial, and of course applications that make life easier without jeopardising data.the E-ID is free when applied for online; additional fees are only charged when issued at the counter.
While the E-ID for natural persons is now becoming a reality, the next step is already on the horizon: digital identities for organisations. Companies, associations and authorities could be uniquely identified in the SWIYU infrastructure and act as issuers or verifiers. International standards such as the Legal Entity Identifier (LEI) could serve as the basis for this.
This would enable new use cases in communication between companies and authorities: digital commercial register extracts, verifiable company data, forgery-proof supply chain certificates.
The technical architecture is in place. The legal foundations have been laid. The voters have - albeit narrowly - expressed their trust. Now the real work begins: building a digital trust ecosystem that combines data protection, user-friendliness and innovative capacity.
A system that shows that state infrastructure and technical excellence need not be a contradiction in terms. But it's about more than just the e-ID. Switzerland has the opportunity to define a coherent strategy for digital trust. Digital trust is no longer a marginal issue of digitalisation, but is becoming a decisive location factor for an innovative, resilient society. In the administration, in the economy, in civil society.
The e-ID is already a beacon and the first visible element of a more comprehensive vision: a sovereign, open and constitutionally anchored trust network that combines digital proofs, identities and communication security. Such a strategy should not only provide technical clarity, but also orientation for investors and, in particular, for politicians, for example in dealing with sensitive issues such as state data access, surveillance laws (BÜPF/VÜPF) or the increasing dependencies in the use of international cloud infrastructures. "Those who pursue a clear strategy for building digital trust can act consistently and credibly in such debates and prevent security interests and civil liberties from being played off against each other," says Säuberli.
In this way, digital trust should become the compass for digital transformation. From Switzerland, for Switzerland and perhaps also a little for the world. It can serve as the basis for sustainable innovation, trustworthy business models and as a protective space for privacy and fundamental rights. Especially in times of increasing surveillance such as chat controls.
Switzerland has all the prerequisites: strong institutions, a federal tradition, technological expertise and democratically legitimised infrastructures. "It continues to enjoy trust on the international stage," says Säuberli. "The task now is to combine these elements into a coherent, long-term vision." The foundation for this has been laid.
Further information: Detailed comparison of E-ID 2021 vs. 2025 at www.didas.swiss and www.eid.admin.ch
You can also find out more about Digital Trust here: www.satw.ch/de/publikationen/pilotstudie-digital-trust
The electorate has approved a state digital identity that functions as part of a public trust infrastructure. This not only introduces a digital ID, but also creates a basis on which many digital documents can be issued and used in a secure, verifiable and data-saving manner, such as driving licences, diplomas and confirmation of residence.
SWIYU is Switzerland's state trust infrastructure. It consists of a basic register for validity checks, a trust register with authorised issuers and verifiers, a wallet app on the user's smartphone and verification applications for authorities and companies. The data is encrypted in the device's security module. The federal government operates the infrastructure, but has no access to the contents of the wallet.
Utilisation is peer to peer between wallet and verifier. The base register only checks the validity via a non-personal technical identifier. No transaction data or usage profiles are generated. Attributes can be disclosed selectively, for example age without a name. In the future, zero knowledge proofs are planned in order to make statements verifiable without disclosing the underlying data.
The federal government is now the sole issuer and operator. The identity data is not stored centrally on government servers, but exclusively on the user's smartphone. Conscious consent is required for each use. The model aims to provide a basic digital service from the state and not a business model for private providers.
International standards are used, for example W3C Verifiable Credentials and OpenID for Verifiable Credentials. The components are generally provided as open source. One exception for security reasons is the biometric online issuing process with proprietary facial recognition, which is operated in isolation and secured via certified audits.
Possible applications range from digitally shareable register extracts to e-prescriptions and qualified signed contracts. Organisations can set up their own trust spaces and issue their certificates interoperably, for example university diplomas. In the medium term, digital identities for organisations are conceivable, for example on the basis of LEIs. Strategically, this will create a digital trust location factor. Switzerland can combine data protection, user-friendliness and innovative capacity and establish a sovereign trust ecosystem anchored in the rule of law.
