
Digital Identity in Germany: Market Status, Trends, and Regulations
This blog discusses the current market status and trends in Germany, with a focus on the status of digital identity adoption, usage, and regulations that need to be considered when entering the market.
What Is an Electronic Identity (eID)?
An electronic identity (eID) is a digital solution that proves a person’s identity online, much like a physical ID card or passport does in the real world. The eID's meaning refers to the ability to securely verify someone’s identity through digital means, making it easier to access services remotely.
It allows individuals to log in securely to digital services, verify their identity, sign documents electronically, and share selected personal attributes (such as age or nationality) — all without needing to be physically present.
In many countries, eIDs are issued by trusted authorities, such as governments or banks, and are used to simplify access to public and private digital services. With strong verification and authentication processes, eIDs help ensure secure, fast, and user-friendly digital interactions.
For organizations looking to integrate multiple eID schemes across Europe, Signicat’s eID Hub offers a unified gateway. It supports a wide range of national eIDs and enables seamless digital onboarding, authentication, and identity reuse.
How Does an eID Work?
If you live or work in the Nordics, you should be very familiar with using eIDs. 90% of the population has an eID and use this on average four times per week.
An eID could be said to be the digital equivalent of your physical identity paper, like a passport, or a driver’s license. You can use the same passport for travelling to any country, as well as for proving who you are in any context. An eID does the same thing, but digitally, within one’s country.
An eID is issued by trusted entities, typically banks or governments. To get an eID, you will identify yourself using various means, often including a face-to-face meeting, which may be outsourced to the postal service. Trust is essential in this process. As highlighted in Signicat’s Beyond Compliance report, building user trust is key to engagement with digital services. The report shows that when users trust an app or service, even if there’s a little friction like identity checks, they’re more likely to continue using it. This reinforces why secure and verified eIDs are so important in driving long-term adoption. You can access Signicat's Beyond Compliance report here to learn more about how trust impacts user engagement.
What Can You Use an eID For?
An eID can unlock a wide range of secure digital services—here are some of the most common ways it's used:
- It simplifies the process of onboarding to new digital services, as your identity has already been verified.
- Authentication. When logging back into your existing services. This means that you will have the same login information (username and password, and the second factor such as a pin code) for many different services.
- Electronic signatures. Signing contracts and legally-binding agreements.
- Attribute verification. Where you prove only some part of your identity, for example that you are over a given age.
So why is Germany, and other countries outside the Nordics so far behind on eID usage? Let’s explore the factors contributing to Germany’s slower pace in digital identity adoption.
The State of eID Adoption in Germany: Challenges and Progress
Neuer Personalausweis (nPA) was introduced in Germany in November 2010. This is a physical identity card, but also has the ability to do digital identity. Initially people had to activate the digital part to use it, which very few did. But even when the digital identity on the card is activated by default, there is very little usage, and most people do not even know about this possibility. And there are several reasons for this:
- In the initial implementation, the user would have to buy a card reader. And not to mention to make this work on the computer. This in turn also means that the card did not work with a phone or a tablet. However, this has been changed so it now works both on iPhone and Android phones.
- There are very few services where you can use it, which is a classic chicken-and-egg problem with digital identity. It does not help that the digital identity solution is very secure and reliable, when there are no services where you can use it such as in Norway where one can use it for even booking a tanning salon appointment.
If we look at the Nordics, the usage of eID is very successful. With a population of around 26 million, the penetration is around 90%, and on average, people use this four times per week. So why is Germany, and other countries outside the Nordics so far behind on eID usage?
This is a complex question to answer, and there are a combination of answers.
Why Is eID Adoption Slower in Germany?
The German population seems to be much more privacy aware than the Nordics and much more reluctant to share information online or use digital services. This, combined with generally lower levels of trust—both between individuals and toward public institutions, as highlighted by Our World in Data in a 2020 analysis—makes establishing eID much more complicated. All this creates additional challenges in delivering online services, especially in sectors like banking, which must collect extensive personal information due to the Anti-Money Laundering (AML) directive.
Another barrier to eID adoption is that German organizations have arguably been slower with digitization compared to other European countries. For banks, the main differentiator used to be the number of branches, and they had difficulties in seeing the value of digital. We still see the same thing, with for example the slow adoption of Apple Pay in Germany.
From an organizational point of view, there is skepticism towards cloud solutions, one of the reasons being concerns over whom has access to the information. And rightfully so, as for one, Germany has a history of surveillance by the political system up to the middle of the 20th century and also the uncovered surveillance of organizations in the US. As a result, there are also concerns about using cloud solutions.
Consequently, cloud solutions are taking off slower in Germany than in the Nordics.
Another interesting challenge in Germany is the Chaos Computer club. Although they have an important role of pointing out vulnerabilities, they may be overstepping, by always attacking new services such as the most recent COVID-19 tracking app (PEEP-something) endorsed by Angela Merkel’s government, and always making them look bad, even for the most minor challenges. It is also strange that they do not do the same with the social media.
Regulations Shaping eID Adoption: GDPR and AMLD in Germany
There are many regulations in place, especially in the financial sector. The purpose of the regulations are to protect individuals and society. GDPR (General Data Protection Regulation / DS GVO Datenschutzgrundverordnung) should be familiar to most of us now, and regulates how organizations are allowed to collect, store and use personal information about individuals.
Less known by the general population is the AMLD (Anti-Money Laundering Directive / GWG Geldwäschegesetz), which is in place to prevent money laundering. It is important to remember that AML (Anti-Money Laundering) compliance and requirements are designed to prevent not only financial crime, but also terrorism, slavery, and other serious offences. Because of the AMLD, financial institutions must know the identity of their customers, as well as monitoring the behavior for suspicious activity, for example transferring large amounts of money to certain countries. These requirements have become even more stringent under the Sixth Anti-Money Laundering Directive (6AMLD), which introduced clearer definitions of criminal liability and expanded the list of predicate offences across the EU. That said, you may want to learn about what 6AMLD is. Visit our page for more details.
One of the implications of AMLD is the challenge for onboarding customers digitally, meaning you do not meet them physically. Traditionally, when signing up for a bank account, you would have to visit a bank branch, and provide physical identity papers, which will be checked by an employee. In the digital world, there is an increasing requirement for doing this digitally, without any human interaction. For banks this means saving time and money as well as achieving greater geographic reach of customers. For the individual this means that they do not need to travel and can sign up a lot faster.
What Do Consumers Think About eID?
In the Battle to On-Board Report, we asked consumers about their experiences with online financial services. One of the major findings was that almost 4 out of 10 consumers have abandoned an online banking application. The main reasons are that takes too much time, it requires too much information, you have to provide physical information and that the language is confusing. The numbers and reasons were pretty consistent in the six countries where we conducted the research: United Kingdom, Germany, Netherlands, Norway, Sweden, Finland. These findings highlight the importance of balancing convenience, clarity, and trust when offering digital onboarding services, and show the real-world consequences of poor customer onboarding, including lost customers and missed business opportunities.
When asked about digital identity, about 31% of Germans responded that they have a digital identity (compared to over 61% in the Netherlands and over 91% in Sweden). Which is interesting, since there is very low usage.
People were also asked whom they would trust with their identity data, and in all countries, banks ranked highest (with the exception of Netherlands, where it was the Government). Looking at identity schemes in different countries, we see that the bank driven systems seems to be most successful. The banks are threatened by the neo-banks and need to play their trust-card. Having trust (and not money) as their main product, they should move into the identity space. They also have long experience with fulfilling regulations, and monitoring and fighting fraud, which are both important aspects of identity solutions.
In general, people want to have more digital services, but they need to be able to trust these services, and this is where banks can play an important role. The Nordics can be seen as an example of how this can be done. As stated before, more than 90% of the population uses their eID 4 times per week or more.
Even though the Nordic model is not directly transferrable to Germany, it is quite clear that trusted parties are needed in the eID space. Banks will have an important role as such players, given their experience with identifying users, as well as already being trusted and also used to fraud monitoring and complying with regulations. We already see this happening with yes® and Verimi, as described below.
To simplify for the end-users, they should be able to use the same eID everywhere, even across the public/private sectors. A Norwegian citizen can use BankID (or one of the other eIDs) for filing taxes and starting a new company on the government website. That the government decided to accept BankID, was one of the accelerators for eID usage in Norway. Typically, citizens are in touch with the government once or twice per year, but we have seen with the usage of eID, this is about once or twice per month.
In the Netherlands there is a public digital identity called DigiD, which currently is the only eID for logging into public services. There is currently work ongoing to open up for allowing the use of other eIDs to accessing public services. One candidate for this would be iDIN, which is the eID issued by the Dutch banks.
The Role of BaFin in Regulating Digital Identity in Germany
BaFin is the German Federal Financial Supervisory Authority.
It is an autonomous public-law institution and is subject to the legal and technical oversight of the Federal Ministry of Finance. It is funded by fees and contributions from the institutions and undertakings under its supervision,” according to a statement published by BaFin on March 23, 2020.
BaFin defines the German interpretation of the regulations, and enforces these in Germany, as well as taking actions whenever regulations are not followed. For AMLD there will be fines on the company for non-compliance. The consequences of non-compliance will be further increased in newer versions of AMLD, putting more personal responsibility and liability for members of the board.
Banks in general are careful to take risk, and afraid of any negative publicity for not being compliant. Their main product is trust, which may be challenged if they are not able to follow the regulations. This is one of the reasons banks have been slow in adopting new and digital services. Of course, this is now being challenged by the neo-banks, which do not have any branches and no legacy infrastructure, and where the users do everything from a mobile app.
Signicat’s identity solution will assist banks and other financial institutions in complying with regulations.
Who Are the Main eID Providers in Germany?
The use of eID in Germany is still very low, and there are still not a lot of services where you can use an eID, so this is a chicken-and-egg problem. However, there are initiatives in place to improve this.
“The interaction between citizens and companies with the administration should become significantly faster, more efficient and more user-friendly in the future.” This goal is being driven by the Online Access Act (Onlinezugangsgesetz, OZG), which aims to make all public services digitally accessible and encourages the use of secure eIDs as part of Germany’s digital transformation.
“With a view to 2022, the success of the digitization programs will not only be measured by whether all administrative services are available online, but above all by the level of acceptance and use among citizens and companies.”
There are currently several eIDs in Germany out of which we will look at three in more detail: Neuer Personalausweis, yes® and Verimi, each introduced in the following sections.
Neuer Personalausweis
The Government is trying to push the nPA (Neuer Personalausweis = German identity card) as the eID of choice. The technical implementation is excellent, but the usability could be improved. There are two ways of using the card. For a web session, the end-user is required to have an ID card reader or use a mobile app on a smartphone which reads the ID card and prompts the user for a PIN. It can also be used instore, where a trained agent can verify the card, the owner, and use the 6-digit number printed on the card as the identifier for the nPA-service. Due to the lack of services using the nPA online, most users are not even aware of the possibility of digital usage of the nPA. And of those who are aware, very few have used it.
yes®
yes® is a private initiative for eID in Germany, where they have created a frontend for utilizing the banks’ userbase. The banks part of the cooperation is currently Savings- and Cooperative banks – Sparkassen and Volks- & Raiffeisenbank. The identification is done directly at the banks Identity store. No central IDP is part of this solution. Being regulated, banks have already identified their users, and this information can be reused to simplify onboarding for other services.
yes® provides a verified identity which can be reused, for example, for authentication, electronic signatures and payment services. It can be used for onboarding with for example insurance and other organizations, but as the BaFin requirements on eID verification are very strong, using this for financial onboarding will only be possible in combination with qualified electronic signatures (QES).
Verimi
Verimi is another German scheme, and similar to yes® in many ways. This will also allow the end-users to reuse their identity for other services. Verimi is presented as an independent Identity Provider, similar to the Norwegian BankID.
End-users of each of the 13 consortium members will have the option to create a Verimi ID. If the consortium members made this simple or even automatic for their existing user base, this would increase adoption of eID usage in Germany.
Verimi is building up the customer base using video identification or nPA, which makes the eIDs BaFin -compliant. This means that the eID can be used for onboarding to other financial services. Verimi offers qualified electronic signatures as well.
Summary
Even though the German market is several years behind the Nordics in eID adoption, there are interesting things happening, especially with the new initiatives yes® and Verimi. With these, more people will be aware of the eIDs, and hopefully also the possibilities they give.
Hopefully more service providers will accept eIDs, to simplify user onboarding and authentication, as well as saving cost and time when acquiring new customers, and to provide new services, such as electronic signatures.