swiyu and Public Beta: The e-ID is becoming a r eality

The first draft of the e-ID Act was resoundingly rejected at the ballot box in March 2021. The main points of criticism were its inadequate data protection and the issuing of the e-ID by private companies instead of the state. Three days later, various parliamentary groups submitted identical motions for a “trustworthy state e-ID”. Over the course of 2021, under the leadership of the Federal Department of Justice and Police (FDJP) and with input from academia, business, civil society and politics, a target vision for the e-ID was developed. This served as the basis for a second draft bill, which was adopted by the Federal Council in November 2023 and submitted to parliament. On December 20, 2024, the Swiss parliament voted overwhelmingly in favor of the new e-ID Act in the final votes of its winter session. In parallel with the legislative process, the e-ID project team has been working since 2022 on the technical foundations for providing the trust infrastructure defined in the Act.

The e-ID Act is technology-neutral, but sets the framework for an ecosystem based on the “self-sovereign identity” (SSI) approach. This results in a system with four central stakeholders and the associated technical components (see graphic). According to the e-ID Act, the future e-ID will be issued by the Federal Office of Police (fedpol) — in the same way as identity cards and passports. This means that it is now enshrined in law that the state acts as the issuer and that this task cannot be delegated to private providers. To apply for an e-ID, you must have a valid Swiss identity card, a valid passport or a valid foreign national identity card issued by Switzerland. Applicants can verify their identity online or in person at cantonal offices that are yet to be determined. Once the application process has been successfully verified, fedpol issues the e-ID as a cryptographically verifiable electronic proof of identity.

The Federal Office of Information Technology, Systems and Telecommunication (FOITT) provides the “swiyu” mobile app for Android and iOS to receive, store and present the e-ID and other verifiable credentials. This app is already available in the usual app stores. Storing the e-ID in the swiyu wallet on the holder’s personal device means that no central data storage is necessary. The link to the holder is established by generating cryptographic key material in the secure element of the smartphone during the application process. This means that the holder’s private key cannot be easily copied, provided the secure element components do not contain any security vulnerabilities. Once a recognition process and the technical requirements have been established, the Federal Council can authorize issuance in third-party wallets. When a holder presents the e-ID for identification, the verifier needs a counterpart to check its validity and the correct issuer and to ensure that the e-ID presented has not been altered. This takes place through a signature check by the verifier using the public signature key of the e-ID issuer. For this purpose, the issuer registers its public signature key in the base registry. With a request, the verifier can retrieve the public signature key from the base registry and carry out the signature check without leaving any data traces about the use of the e-ID on the issuer’s side. The link between the issuer’s technical entry in the base registry and the real identity of the issuer of the e-ID (fedpol) is entered in the trust registry on request. Verifiers can request this information from the trust registry when checking the e-ID. Both the base registry and the trust registry are provided and operated by the FOITT.

Since the end of March 2025, the Confederation has provided the “Public Beta” test environment for testing use cases and integration into existing systems and applications. The Beta Credential Service provided as part of Public Beta allows a Beta ID to be issued for test purposes. Detailed guidance and technical documentation can be found on the documentation page of the swiyu project. The legal obligation to publish the source code of the trust infrastructure means that components such as a generic issuer or verifier are available which facilitate the creation of custom use cases.

The short title of the law is the “e-ID Act”, and the official abbreviation is “BGEID”. It is only when you look at the long title, “Federal Act on Electronic Identity Credentials and Other Electronic Credentials” that the long-term added value of this law become apparent. The trust infrastructure provided by the FOITT standardizes a rapidly evolving technological environment, thereby creating a stable ecosystem. The functionality described above for the e-ID also applies analogously to other issuers of verifiable credentials. It is therefore not only interesting to use the e-ID to verify identity or age, but also to implement custom use cases. The range of possible use cases is truly vast. A glance at your own wallet reveals everything that could serve as verifiable credentials: membership cards, discount cards, vouchers, glasses prescription, business cards, access cards, library cards and proof of insurance, to name just a few examples. Particularly noteworthy is the combined use case in which a person first undergoes reliable identification using the e-ID and is then issued with verifiable credentials. This means that obtaining an extract from the criminal or debt enforcement register, confirmation of residence or certificates of educational qualifications can be completely digitized and automated. The e-ID and the ecosystem will be a success if a wide range of applications are made available to people in Switzerland as quickly as possible.

A referendum on the new e-ID Act has been called, and the people will once again have the final say in this second vote. According to information from the participation meeting in April 2025, the law will come into force in the third quarter of 2026 at the earliest. Nevertheless, with the availability of Public Beta and the technology decision communicated by the Federal Council, now is the right time to get to grips with the technology stack of the trust infrastructure and test the possibilities of the ecosystem for custom use cases.