This section will summarise briefly which countries subscribe to an authentic source principle (i.e. the policy that each specific identity attribute should have one and only one authentic source, making all other sources for that attribute obsolete), and to what extent that this principle has impacted their identity management policies.
This is relevant from a cross border interoperability perspective, because a consistent application of the authentic source principle means that a single correct source exists for each bit of information, which can facilitate the access and exchange of this information.
The status is reported in each country as:
• Not accepted: no steps have been taken towards adopting the principle in any form yet;
• Under consideration: while no specific policy has been adopted yet, the potential benefits of the authentic source principle or an equivalent policy is being considered for the future, but without specific plans as of yet;
• Planned: while no specific policy has been adopted yet, plans are being drafted to adopt the authentic source principle or an equivalent policy in the future;
• Informally accepted: a policy decision has been made expressing a preference towards an authentic source principle or towards a set of guidelines that are equivalent to the authentic source principle, but without any formal commitment to the principle; and
• Accepted: a formal policy decision has been made to observe the principle in the country’s administrative organisation.
Country Status (Accepted / not accepted)
Description / Details
Austria Not accepted No formal adoption.
Belgium Accepted Authentic sources (e.g. the National Register) are identified by law, and their (re-)use by public administrations is mandatory.
Bulgaria Planned Enshrined in the draft eGovernance Act, which has not yet entered into force.
Croatia Not accepted No formal adoption.
Cyprus Not accepted No formal adoption.
Czech Republic Under consideration Several draft acts have been proposed, but none have been accepted yet.
Denmark Not accepted No formal adoption.
Estonia Accepted Improving access to authentic sources was one of the goals of the eID card project.
Finland Accepted Generally accepted for base identity registers (mainly the Population Information System), although data sharing between national and local governments is not yet optimal.
France Accepted The National Register functions as an authentic source of civil status information.
Germany Not accepted No formal adoption. However, under the 2007 Personal Status Law (Personenstandsgesetz) data storage in electronic form in civil status registers (Personenstandsregister) is allowed as of January 2009. Structured data exchange on the basis of an XML schema "X-Personenstand" is under development. In 2014, electronic data storage and exchange will be the obligatory procedure to maintain civil status registers.
Greece Not accepted No formal adoption.
Hungary Not accepted No formal adoption.
Iceland Not accepted No formal adoption.
Ireland Accepted All personal information relating to the PPS number is stored in a central authentic database (the Public Service Identity (PSI)). In early 2009 the Department of Finance initiated a project to build a central identity repository which will locate matches within and between the various data sources and create master records each linking to one or more records from the sources.
Italy Not accepted Not formally adopted; however, Italian eGovernment services can use the INA (‘Indice Nazionale delle Anagrafi’)-SAIA (‘Sistema di Accesso e di Interscambio Anagrafico’) system.
The INA system is an application for the exchange of citizens’ data between Municipalities and other public authorities. The identification of the citizen on all databases of the public administration is guaranteed by the ‘Fiscal Code’. INA does not contain citizen’s personal data that are kept exclusively by the Municipality where the citizen is registered, but only the minimum data that allow the public authorities to find such personal data and to know where (i.e. in which local database) they are. SAIA operates on top of INA, since it is the architecture that allows the exchange of information between Municipalities and other public authorities.
Latvia Not accepted No formal adoption.
Liechtenstein Planned Will become a part of future eIDM policy in Liechtenstein.
Lithuania Accepted The main state registers together with the related registers form the system of registers of Lithuania.
The core of the system of registers is their interaction. As regards the system of registers, an
“authentic source” principle applies as the data of related registers may not be repeatedly collected from the primary sources and registered.
Luxembourg Informally accepted No formal adoption, but implicit through the Répertoire general, which contains the official identity data for natural and legal entities.
Malta Planned The authentic source principle is one of the pillars of Maltese IDM plans for the future
The Netherlands Informally accepted No formal adoption, but implicit through the Municipality Basic Administration, which contains the official identity data for natural entities who are registered as residents in the Netherlands.
Norway Informally accepted Taken up through horizontal integration of identity resources, inter alia through the registry with the Brønnøysund Register Centre
Poland Informally accepted The State Informatisation Plan for 2007-2010 envisions interlinking existing identity databases, therefore establishing single authentic sources of the data concerning natural and legal persons.
Portugal Informally accepted A central database containing attributes of eID card holders is considered to contain authentic information (Instituto da Tecnologia da Informação na Justiça (ITIJ) - Sistema de Gestão do Ciclo de Vida de Cartão do Cidadão) Sistema de Gestão do Ciclo de Vida de Cartão do Cidadão - , which contains a key set of authentic attributes for citizens registered in it. The attributes stored in the authentication certificate of the eID card are obtained directly from the ITIJ, the other data being collected from: (a) the Identification Services (Serviços de Identificação Civil da Direcção-Geral do Registos e Notariado) in relation to the
“identification number”; (b) regarding the tax number, from the Tax authorities (Direcção-Geral de Contribuições e Impostos); (c) regarding the health number, from the Ministry of Health (Ministério da Saúde); (d) data referring to the Social Security, from the Social Security (Segurança Social).
Romania Not accepted N.A.
Slovakia Not accepted N.A.
Slovenia Informally accepted Informal adoption through the SEP2010 Action Plan.
Spain Informally accepted Informal adopted through the so called “unique counter” (ventanilla única)
Sweden Informally accepted Generally accepted for base identity registers on different levels that most often are derived from the central national population register. Excerpts from this register is also available to private entities under specific regulations.
Turkey Informally accepted The MERNIS database constitutes a de facto authentic source of population data.
United Kingdom Informally accepted Informal adoption through horizontal integration of identity sources.
Formal acceptance of an authentic source principle is thus altogether uncommon, and was reported in only 6 countries out of 32 (19%), virtually equal to the 2007 edition of the study (5 out of 32). A further 10 countries (31%) had informally adopted the principle (as compared to 9 in 2007), with another 3 (10%) planning to do so (idem as in 2007).
However, most countries do not fall cleanly into a specific category, especially when no decision has been made with regard to authentic sources, but where local practices mean that there is a de facto authentic source for identity information. This is e.g. the case in Portugal or Spain, where no specific formal decision has been made, but where specific identity sources none the less function largely as authentic sources.
Generally, the table shows that 60% of countries have formally or informally decided to adhere to the authentic source principle, or are planning to do so. As the quality of the underlying identity infrastructures continue to improve, this number can be expected to rise, which could prove to be enabling to cross border authentication, as it would become easier to obtain accurate identity information or to verify it.