Complete guide to transition from NemID to MitID
2021 will bring significant changes to Danish digital identity infrastructure. Our guide helps you navigate the migration and choose the best MitID broker for your business.
This guide is here to help you understand the basics of the new national ID solution in Denmark and to help you prepare for the transition from NemID to MitID.
Due to a fundamental infrastructural change from NemID to MitID companies that today use NemID for onboarding of clients or for authentication purposes will no longer be able to integrate to the ID solution on their own, but need to engage with a certified MitID broker.
The choice of broker is likely to determine the value that the company subsequently derives from MitID. And the purpose of this guide is to help you as a company prepare for this strategically important choice of broker and to be able to ask the right questions and set the right requirement when making your choice.
# The historical backdrop of the first digital identity solution, NemID
Denmark has a long tradition of digitisation. In 1999 the white paper Det Digitale Danmark (Digital Denmark) by MEP Lone Dybkjær and Jørgen Lindegaard, stressed the need for a national Danish strategy of digitisation. Two years later the first strategy called Digitalt samarbejde (Digital cooperation) was launched, and since then the national Danish digitisation strategies have been updated on a regular basis. In 2016 Denmark got its fifth strategy, which still applies.
As a key part of the third digital strategy, Fælles infrastruktur (Common infrastructure), the national Danish ID solution, NemID, was launched in 2010 as one of the best digital identity solutions in the world at the time. NemID offered high security, and at the same time, the solution was an excellent example of Danish cooperation between the financial sector and the public sector.
Although NemID is still reliable after more than ten years in operation, the world has changed, and new challenges and needs have emerged. To ensure that the national digital identity infrastructure can meet these challenges in the future, a major update and modernisation of the ID solution have been necessary.
This is why Digitaliseringsstyrelsen is now driving the process of transitionin from NemID to MitID, which will come into force in 2021.
In addition, the relevance of this decision has only been further confirmed by the current COVID-19 crisis. There is no doubt that this crisis will further accelerate the evolution of digitisation in a wide range of areas, and this emphasizes precisely the importance of a modern national identity solution with the highest possible security.
# What’s new in MitID?
MitID is more than just a modernisation of NemID. It differentiates from NemID at a very basic, infrastructural level which determines that companies in the future have to interact with MitID in a different way than with NemID.
The old solution: The NemID infrastructure consists of two systems; One for Government and private service providers and the other one only for the Banks. Currently, all of the parties are integrating with NemID, meaning that thousands of service providers have direct interaction with the NemID system.
To manage the load this puts on the system, integrations to NemID are standardised and somewhat inflexible.
The new solution: With MItID, only certified MitID brokers will be allowed to engage directly with the MitID core system. While this change might at first glance seem like a restriction, it has clear advantages that outweigh the limitations.
By only permitting brokers to interact directly with the core system, MitID reduces the level of risk to which the system is exposed.
This allows for MitID to accept a much wider range of flexibility in the interaction with the core system, and consequently, the MitID brokers will be able to customise the MitID- solutions and make the digital ID a strategic asset for the companies in an entirely new way, which is not possible with the current NemID.
# Timeline for NemID MitID migration
It’s important to plan the migration in your organisation.
# How MitID is different from NemID
Going forward, high-quality MitID brokers will be able to build customised ID solutions for companies to fit specific requirements to support their digital businesses.
With these new options of tailoring the digital ID solution, MitID can become much more than just a tactical piece of security software for the companies that choose the right broker.
Below we have listed the key areas within which quality MitID brokers can make a difference and help companies turn a standard digital ID solution into a critical strategic asset. These examples fall into six categories:
- User experience
- Security levels
- Collection of risk data
- Brand support
- Strategic leveraging
User experience (UX)
For companies that are dependent on a digital ID solution to onboard customers or for the customers to execute online tasks - like payment or banking transactions - a smooth user experience when identifying and authenticating is absolutely critical.
A competent broker will be able to customise MitID to ask only for the absolutely necessary data and to make the user’s interaction with the ID solution highly intuitive, while still complying with the MitID rulebook and guidelines.
Also, MitID allows for the use of a Single Sign-on (SSO), which is useful for instance if two companies offer collaborative service and want customers to be able to switch from one service to another without having to login in more than once.
In addition, the companies may need to include an option for digital signature in their MitID solution. For many organisations, digital signature ensures a high return on investment in digital channels by freeing up advisor time and enabling them to utilize self-service instead.
Since digital signature is not built into the MitID core system, the companies are dependent on the broker being able to offer a high-quality signing solution.
# Security level
It goes without saying that security is key to an ID solution, and MitID includes state-of-the-art security. However, maximum security is not needed nor desired in all situations. Occasionally, it makes sense to lower the level of security in favour of better usability. For example, if a user wants to see how his insurance coverage is for his house or car. MitID allows for companies via their brokers to implement individual solutions that allow for access on certain levels based only on one-factor security.
Obviously, choosing the right level of security in any situation strongly supports the desire of making identification and authentication as seamless as possible for the companies and their clients.
# Collection of risk data
A new feature in MitID, which enhances the security of the system but also helps to enable the context- based security adjustment as described above, is a continuous mandatory risk data gathering by the brokers. The idea is to look for unusual and suspicious patterns of use both in terms of geography and device, which could indicate fraudulent behaviour. If for example, a Danish user is suddenly logging in from a foreign country on a device, which he or she has never used before, it may indicate fraud.
Ongoing collection and distribution of risk data is yet another task that the broker is obliged to carry out.
# Support for branding
Even though MitID implementations must follow certain standards and design rules, MitID leaves the brokers with a much higher degree of freedom compared to NemID in terms of accommodating the companies’ look and feel requirements for their individual MitID implementations.
This is important because many companies want the identification and authentication solution, which is mandatory for their customers to use, not only to work smoothly but also to support and enhance the company’s overall brand values and brand identity.
Since MitID is a national Danish solution, a lot of companies with customers from other Nordic and European countries need an identification and authentication setup that goes beyond MitID and enable them to operate seamlessly across borders. This important fact, which is often overlooked, places high demands on the company’s MitID broker.
In effect, the broker must operate as an international hub for digital ID solutions and have access to a fine-mesh network of other countries’ equivalents to MitID. Only in this way can the broker offer corporate customers a true transnational identification and authorisation solution.
# Strategic leveraging
MitID allows the most ambitious and visionary brokers to offer their clients a full-fledged MitID package, which includes all of the above-mentioned points plus customised strategic advice and planning which will significantly leverage the value of the basic (technical) identity solution and turn it into a key element of the companies’ digitisation strategy. Signicat has the experience and expertise to take on this combined technical and strategic role and help companies utilise the full potential of MitID.
Signicat have built the most comprehensive, cross-border Digital Identity Platform on the market. From supporting KYC and AML compliant customer onboarding and identity data validation, to secure authentication and electronic signing, the scalable and flexible platform supports a fully paperless customer journey.
Signicat can deliver all the services needed for a digital customer journey, and Signicat customers can therefore enjoy more efficient, streamlined vendor management.
# Choosing the right MitID broker
In 2021 the transition from NemID to MitID will come into force and the phase- out of NemID will start.
Since the choice of MitID broker ought not to be taken lightly, and since the companies’ integration with their broker needs to be planned carefully in advance, it is highly recommended that companies start researching the broker market as soon as possible.
10 questions to ask a potential broker
- Does the broker have domain knowledge about the regulatory requirements in your industry, such as AM, KYC and PSD2 in banking?
- Is the broker listed by EU as a Qualified Trust Service Provider?
- Is the broker SOC2 (Service Organization Control) compliant? Does the broker have a solid track record within digital identity services?
- Is the broker able to support your entire digital journey or do you need several vendors to get access to identity verification, authentication, signing and registry lookups?
- Can the broker meet your eID needs now and in the future?
- Does the broker have experience from similar transition processes in other countries/markets?
- Does the broker offer an enterprise-ready electronic signing solution?
- Can the broker support you in reducing fraud by giving access to risk data?
- Can the broker provide MitID infrastructure possibilities for SSO (SingleSignOn)?
- Does the broker have an Information Security Management System (ISMS) following and certified in line with the ISO/IEC 27001:2013 standard?
# What Signicat can offer as a strategic partner
Companies with an ambitious vision for how digitisation should leverage their business, need an equally ambitious MitID broker as a partner to achieve their goals.
Signicat is the leading pure-play digital identity specialist in Europe, and has delivered identity services to over 1300 customers, all of them unique in their requirements and needs for security. In 2019, Signicat successfully migrated 100+ customers in Finland to a new strong customer identification protocol, the Finnish Trust Network (FTN), and is the only pure-play broker in the country.
Digital identity brokering business is regulated in Finland and Signicat is a certified FTN broker.
All MitID brokers need to be certified, but MitID offers three different levels of certification, and only by choosing a broker with a high-level certification can a company be sure to engage with a partner that has a full license to support the most creative and ambitious digital solutions and act as a sparring partner on a business strategy level.
Signicat already today has been pre-certified as the first private company, and we expect to be one of the only top certified brokers already at Q4 this 2020.
Digital identity is rarely a matter of onboarding or authentication, but each stage in a customer’s lifecycle involves identity.
Signicat’s Digital Identity Platform is a comprehensive solution that facilitates a fully digital identity lifecycle with your digital customer journey: from identity verification, validation through registry lookups, secure authentication and electronic signing for high customer engagement. Signicat’s platform will deliver a consistent customer experience and streamlined vendor management for your organisation.