Austria introduced electronic and mobile identity in the early 2000s and has since achieved broad acceptance and widespread use, both for online authentication by individuals or legal representatives, and for offline applications such as mobile driving licences and digital identity cards.
During EIC 2025, The Paypers met with Herbert Leitold, Director of A-SIT, Secure Information Technology Cente
r Austria, a public funded association advising the public sector on information security to find out more about how the country is developing their digital identity wallet/electronic identification and the country's roadmap for a smooth transition to the European Digital Identity Wallet (EUDI Wallet).
My journey into digital identity began with electronic signatures, in the context of the European Signature Directive, which was introduced in 1999. That was one of the first steps toward replacing handwritten signatures with digital ones at a European level.
However, I soon realised that electronic signatures are only one part of a broader digital process. They usually come at the end of a transaction—for example, to sign a contract or confirm a submission. But to initiate that process, such as accessing your online bank account, you first need to authenticate yourself. That’s where electronic identity comes in—it enables the secure start of a digital interaction.
So, in many workflows, electronic identity and signatures go hand in hand. First, you identify yourself; then, at the end, you might need a signature to complete the process.
In Austria, this understanding led to a major decision by the government in 2003 to formally issue electronic identities. That marked the beginning of Austria’s journey into eID, and it has continued to evolve ever since.
As mentioned before, Austria began its digital identity journey with a technology-neutral approach in 2003. The system initially supported smart cards, mobile phones, and other methods. The first mass rollout took place in 2005. Today, the core of our national eID framework is known as ID Austria, which enables online authentication and now covers around 50% of the population aged 14 and above.
In addition to online use, we’ve also introduced a proximity-based electronic identity, designed for in-person situations like age verification or identity checks. This functionality is delivered via a smartphone app, which is already connected with around 700,000 mobile driving licences and 300,000 digital ID cards—all stored securely on users' phones.
So, in essence, Austria currently runs two major digital identity solutions: one for online authentication and one for physical verification using mobile devices.
Source: Slide from Herbert Leitold's presentation at EIC 2025
That said, the road to adoption wasn’t always easy. Our first large-scale rollout included integrations with health insurance cards, mobile phones, bank cards, and more. Initially, uptake was slow. By around 2020, we had about 2 million users. Then came the COVID-19 pandemic, which significantly accelerated adoption, pushing the number closer to 4 million.
To give a sense of scale: Austria has a population of just over 9 million, with around 7 to 8 million people aged 14 and above—the target group for digital identity. Currently, we have around 4 million active users, and that number continues to grow, especially as we improve convenience and relevance in everyday life.
In 2021, we launched a major update that entered full production in 2023: the new ID Austria system, with a strong focus on mobile-first environments. Today, more than 50% of all authentications happen via app-to-app interactions, meaning the service and the identity verification occur directly on mobile devices. This shift has required new technologies and approaches, moving beyond traditional browser-based logins to meet the demands of a mobile-centric digital world.
Many Austrians were already aware of digital identity systems before the pandemic. However, eGovernment services alone don’t drive widespread adoption. On average, Austrians have fewer than two significant interactions—or 'qualified contacts'—with government services yearly. These include events like moving house, filing taxes, getting married, having a child, or starting studies.
There’s a clear pattern: between the ages of 20 and 30, people are more active in these interactions—completing education, changing jobs, relocating. But from 30 to 40, such administrative needs slow down. So, unless there’s a compelling reason to use an eID, many won’t engage regularly.
One standout example is the digital baby point. When a baby is born in Austria, the process is remarkably streamlined using the mobile eID app. From the hospital, parents can digitally:
Register the child’s residence in the population register
Apply for the child’s health insurance card
Obtain a birth certificate and proof of citizenship
But also get information like on work and financial matters, parent-child health pass, etc.
All of this can be done with a fingerprint on the smartphone. As I often say, when you’ve just had a baby, the last thing you want is to queue at the town hall—you’ve got more important things to focus on.
Surveys show that citizens’ most requested features are services related to moving house and managing family events, like childbirth. People want a single, unified app that handles everything, so the government handles the heavy lifting rather than the individual collecting and submitting documents.
I wouldn’t say there are no concerns—after all, your identity is deeply personal, so it’s natural for people to care about how it’s handled. But privacy and data protection have been core design principles from day one.
One of our key mechanisms is the use of sector- or organisation-specific identifiers. This means that each domain, like tax authorities, banks, or insurance companies, receives a different, unique identifier for the same individual. If, for example, a bank and an insurer were to collude, they wouldn’t be able to directly link their data based on a shared personal number, because they each receive a distinct identifier. This adds a layer of privacy by design and prevents cross-sector tracking.
Our system has been developed in continuous consultation with privacy advocates and non-governmental organisations, and we’ve conducted a formal data protection impact assessment. It’s been a 20-year journey of incremental improvements across usability, security, and privacy.
A major privacy-focused enhancement came with our 2023 relaunch, particularly regarding the handling of user attributes. Initially, the system only provided a limited dataset, such as name, date of birth, and the sector-specific identifiers. Now, it supports a broader, more flexible set of attributes, which can be shared with third parties only with the user’s explicit consent.
With the growing use of biometrics and the reality of digital footprints on platforms like social media, it’s increasingly important to ensure that only the necessary and appropriate information is shared, and only when the user agrees. That principle of data minimisation and consent-based sharing continues to guide how Austria builds trust in its digital identity infrastructure.
Austria’s current digital identity system already aligns quite closely with the core components of the EUDI Wallet. We have implemented key functionalities such as online authentication, qualified electronic signatures, attribute sharing, and representation and delegation, allowing, for instance, a parent to act on behalf of a child under 14, or someone to represent an elderly relative. We’ve also integrated proximity-based use cases, such as showing a digital ID in person via a smartphone app.
If you map the EUDI Wallet requirements against Austria’s two existing identity solutions, the overlap is substantial. So our national strategy is focused on seamless migration—building on what we already have and adapting it to meet the EUDI framework’s technical and policy standards.
From a technical perspective, there are differences in protocols, but these are engineering challenges, not strategic ones. Our goal is to ensure that citizens experience minimal disruption. With around 50% of the population already enrolled in the national eID, changing the user experience too much could lead to confusion or resistance.
The vision is simple: a citizen who can currently show their mobile driving licence to an Austrian police officer should, using the same app and interaction, be able to show that licence to a German police officer in the future. That’s the evolution toward cross-border interoperability—a central goal of eIDAS 2.0 and the EUDI Wallet initiative.
From a user experience and functionality standpoint, Austria's digital ID system has matured significantly over the past 20 years. We've learned a lot through experience, and today the system is quite robust. However, the private sector plays a critical role—not just in improving services, but in driving frequency of use, which is essential.
For governments, one of the biggest challenges is that citizens may only use digital IDs once or twice a year, like when filing taxes or accessing healthcare. That low frequency makes it difficult for users to retain familiarity with the system. In contrast, private sector use cases—such as logging into your bank account or verifying identity for online services—happen much more often. This regular engagement accelerates the learning curve and increases comfort and trust with the digital ID.
The pandemic highlighted this. During lockdowns, opening a bank account or verifying identity remotely became critical, and digital identity proved its value. Financial institutions, in particular, saw the benefit and started experimenting with these solutions. Over time, they’ve realised that integrating with a national digital ID can enhance the quality and reliability of their KYC (Know Your Customer) processes, because governments typically maintain high-quality, verified identity data.
So, it’s a mutually beneficial relationship: governments provide trusted infrastructure, and private sector adoption drives usability, innovation, and widespread acceptance. From the outset, Austria’s system was designed to be open to both public and private sectors, and that inclusivity has been a major strength in scaling adoption.
About Herbert Leitold
Herbert Leitold is Director of A-SIT, Secure Information Technology Center Austria, a publicly funded association advising the public sector on information security. He has 25+ years’ experience in information security with a focus on electronic identity, electronic signatures, or certification. Herbert joined A-SIT in 2003 after starting his career as a research assistant at Graz University of Technology in 1995 and held positions as director of the non-profit foundation Secure Information and Communication Technologies - SIC for almost 20 years and as director of the eGovernment Innovation Center EGIZ for seven years. Herbert is a member of the Austrian delegations to several international and EU bodies, like the Criteria Management Committee, the European Cybersecurity Certification Group, the European Digital Identity Cooperation Group and its Working Groups, as well as coordinates the Austrian participation in the Large Scale Pilot POTENTIAL on the EUDI Wallet.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now