Skip to main content
About Signicat

Norwegian BankID - STØ - Changes and their effects on Signicat solutions

From 1 April 2026, Norwegian BankID will be issued solely by Stø AS, and the current BankID Server and legacy signing formats will be phased out in favour of new OIDC and PAdES based services. Signicat is updating its solutions so that your Norwegian BankID services remain compliant and available throughout this transition.

These changes affect several Signicat products that you may be using with Norwegian BankID. To help you understand what this means in practice, we have grouped the information by use case. Choose the section or sections that match how you use Norwegian BankID with Signicat to see what changes, how we will support you, and which actions you must take on your side before 1 April 2026 to avoid disruption.

Summary and background

The following information was provided in a statement from the provider of BankID in Norway - Stø AS about the phasing out of BankID-server and the new infrastructure for signing:
https://developer.bankid.no/bankid-oidc-provider/important-updates-04-2025/

BankID in Norway is moving to a single issuer, Stø AS, and major technical changes take effect by April 1, 2026. The old BankID Server and OIDC signing from Stø will be discontinued. We will migrate our internal connection to OIDC; however, this does not affect or limit your chosen authentication provider. Your existing SAML integrations and the Authentication REST API will continue to function.

Although some adjustments may be required due to the certificate changes, there are no restrictions on continuing to use your current authentication method—whether OIDC, SAML, or the Authentication REST API.

A new PAdES-based signing service launches in September 2025, replacing the old SEID SDO format. Business signature solutions using BankID Server will stop working and will be replaced, from April 1st. 2026. This means that the formats of SEID-SDO and PAdES will co-exist until this date, and only PAdES will remain after April 1st. 2026. Brønnøysundregisteret aim to start acceptepting PAdES within 31/12/2025.

This is the information package that Signicat has sent out.

What is Signicat doing about this?

First and foremost - Signicat are working on ensuring that there will be no disruption of service to our customers, regardless of which API the customer is consuming for providing Norwegian BankID (NBID).

As stated in the information letter from Signicat “Important information_changes to Norwegian BankID require action before April 1, 2026” - Signicat recommends that our customers migrate to the Digital Trust Platform and Sign API v2. It is understood however, that this may not be possible for all customers within the timeframe of the BankID-server decommissioning.

To start using the CSC API signing service and to switch from BankID Server to OIDC, all customers must obtain new merchant certificates.

Signicat is fully committed on ensuring that there is no disruption of service for the customers.

Customers are on different APIs and different solutions. These will be addressed in the following fashion, and with the necessary changes in customer integrations:

Sign API v2 (Digital Trust Platform)

Pre-requisite: Requires customer to make a new integration to Signicat

  • Document signing - For use-cases of signing single or multiple PDF documents, such as agreements etc., Technical note: BankID CSC from NBID is implemented.
  • Text signing - For use-cases of keeping a shorter and simpler signing, using plain text, such as confirming an account-to-account-transfer. Technical note: authentication-based signing with a simplified UX is implemented.

Enterprise API customers - SOAP & REST

  • For authentication-based signing - no changes required by customers. Handled in full, by Signicat. The overall flow and functionality will remain the same as before. The difference will be in the underlying connection between Signicat and Stø/NBID.
  • For signed statement, where a text is being signed - Signicat will re-route the services to use one of two options:
    • Authentication-based signing: The signed result will be having a token representation that is different from the token from the BankID-server solution. Technical note: signature token will be XAdES instead of SEID-SDO NB! As previously advised, parsing the signing result is not recommended, but customers who have still done so and are currently parsing data out of the signing result, they will need to update this parsing to adapt to a new format.
    • A re-route from Signicat to the new NBID CSC signing, in the event that a stronger signature on the document is required by the customer (QES) - with token representation differing, with XAdES instead of SEID-SDO.
  • BankID’s signature method (sending document to NBID for signing) - Affected customers will have to choose one of two options:
    • A re-route from Signicat to authentication-based signing for the specific method - with token representation differing, with signed XAdES instead of SEID-SDO.
    • A re-route from Signicat to the new NBID CSC signing, in the event that a stronger signature on the document is required by the customer (QES) - with token representation differing, with PAdES/XAdES instead of SEID-SDO.

Express API customers

  • Merchant Sign - No impact.
  • End-user-sign - Signature result will differ, with signed DSS PAdES instead of SEID-SDO

 

BankID-server and connected registries

Signicat provides a connection for our customers to two parties that are directly affected by the decommissioning of BankID-server:

  1. Kartverket - for mortgage registration (nor: Tinglysning)
  2. Brønnøysundregisterne (BRREG) - for Movables Registry (nor: Løsøreregisteret) and Company Registration (nor: Selskapsetablering)

An information e-mail was sent out by BRREG to its customers/users on October 17th in lieu of the changes in Stø, urging for an indication and response regarding which format that will be used going forward, as they will be supporting both SEID-SDO and PAdES (PAdES from 01.01.2026).

I have my connected services sourced with/through Signicat. What is my answer to the registries?

Signicat will support SEID-SDO until the decommissioning date for our existing customers on Enterprise and Express APIs. However, a transition from SEID-SDO to PAdES will be necessary for any customer on Enterprise and Express API from 01.01.2026 and latest 31.03.2026.

For the new solution - Sign API v2 which is on the Digital Trust Platform, is integrating directly with the new services from Norwegian BankID/Stø, and thus support PAdES (not SEID-SDO).

The transition to PAdES is an agenda that is fully supported by Signicat, and also the rest of the industry.

In short; customers of Signicat will be using PAdES going forward for these registries.

Contact

If you have any questions please reach out to us using Contact Us in the Signicat Dashboard. Our documentation provides more information if you need it.