Electronic Identity as a Structural

Precondition of e-Government
Implementation: Case Study of Austria,
Belgium, and Bosnia and Herzegovina
Nera NAZEČIĆ, M.A.1, Tarik ZAIMOVIĆ, M.A.2 , Merima AVDAGIĆ, M.Sc.3,
Zlatan ŠABIĆ, Ph.D.4
1
UNDP Bosnia and Herzegovina, Maršala Tita 48, Sarajevo, 71000, Bosnia and Herzegovina
Tel: +387 33 563 836, Fax: + 387 33 552 330, Email: nnazecic@undp.ba
2
University of Sarajevo School of Economics and Business, Trg Oslobođenja 1, Sarajevo,
71000, Bosnia and Herzegovina
Tel: +387 33 447 559, Fax: + 387 33 447 559, Email: tarik.zaimovic@efsa.unsa.ba
3
UNDP Bosnia and Herzegovina, Maršala Tita 48, Sarajevo, 71000, Bosnia and Herzegovina
Tel: +387 33 563 850, Fax: + 387 33 552 330, Email: mavdagic@undp.ba
4
University of Sarajevo School of Economics and Business, Trg Oslobođenja 1, Sarajevo,
71000, Bosnia and Herzegovina
Tel: +387 33 447 559, Fax: + 387 33 447 559, Email: zlatan.sabic@efsa.unsa.ba
Abstract: In this paper we argue that the provision of highly accessible and
integrative electronic services for citizens and businesses require reliable state level
electronic identification and authentication management that offers at least the same
level of security and data integrity as existing (semi)manual systems. We illustrate
that by presenting and juxtaposing two conceptually different, but exceptionally well
implemented eID systems (Austria and Belgium), as well as the case of country
without implemented eID system (Bosnia and Herzegovina). First two case studies
clearly demonstrate that a successful implementation of eID system at the national
level radically improves the interaction between clients and service providers, while
the later case shows that without nationally implemented eID system, even well
designed and implemented e-Government systems, cannot transform the potential
into optimal performance and provide integrated and easily accessible services to
citizens and businesses.

Keywords: electronic identity, eID card, e-Government, e-governance, public

services

1. Introduction
E-Government is a structural reform process that implies a fundamental, customer-oriented
re-engineering of the service delivery processes of government bodies. This process
requires organizational changes within those bodies, the interoperability and security
frameworks, co-operation between government levels and government bodies, legislative
reform and adaptation of the laws, education of customers, as well as measures to prevent a
digital divide. Series of preconditions for effective implementation of e-Government must
be met, and in this process, a number of critical factors for a successful e-Government
development need to be considered – including a number of country specific risks that need
to be managed. In this process, a critical element of success is a strong political leadership
which will drive the necessary changes and guarantee co-operation between all government
levels and government bodies. It is particularly important to stress that this process will
require a drastic cultural change within government: from hierarchy to participation and
continuous team work, as well as the focus shift towards meeting the needs of the
customers, not the government itself. All this will require a long term vision and
willingness for profound re-engineering of service delivery to the end customers.
Primarily, this process requires the investment of significant efforts and resources aimed
at creating the infrastructure that will provide preconditions for implementation of systems
that can offer easily accessible and citizen-oriented e-Government services. Any
government that wants to provide integrative, accessible and proactive services to citizens
and businesses needs to seriously address the following infrastructural issues:
• Policy framework and Legislation;
• Institutionalization;
• Common network/communication infrastructure;
• Electronic ID Management;
• Interoperability framework.
Electronic identity (eID), as official proof of one’s identity, is becoming increasingly an
outstanding issue in various e-Government programs and initiatives. The electronic identity
management (eIDM) or simply electronic ID (eID), provides authentication that has the
function of corroborating claimed identities of entities in order to generate a reliable context
in which it is possible to ensure legal certainty to transactions that take place through an
electronic modality [1]. Therefore, electronic identity enables convenient and secure access
to a large number of public services. Over the last decade, this need for electronic identity,
along with electronic signature, which would protect the confidentiality and integrity of
data, became even more eminent in all domains of public sphere. All transactions
completed with use of electronic identity and electronic signature, along with support of
proper lawful acts, offer the users a legal support (legal signature).
The European Union has clearly recognized the importance of introduction of eID
solutions, as strongly expressed in "eID White Paper" from 2003: "…electronic identity is
of major importance for the deployment of secure e-Government, e-administration and e-
commerce services, and that interoperable eID systems can help in bringing Europe
together" [2]. This issue is also well addressed in many other EU policy papers such as
i2010 EU policy framework for the information society and media, adopted by the
European Commission in 2005 [3], "A Roadmap for a pan-European eIDM Framework by
2010" [4], and similar. Therefore, many EU countries have introduced eID systems even
before 2006 (Finland starting from 1999, Estonia since 2002, Belgium 2004, Italy, Sweden,
Austria, and Spain 2005) [5].
In this paper, we are using two case studies of conceptually different, but well
implemented eID systems (Austria and Belgium), and one case study of a country without
implemented eID system (Bosnia and Herzegovina) to illustrate the importance of eID
management as the key enabler of integrated and accessible e-Government solutions.

2. Case: Belgium
Belgium is comprised of no less than five government instances: federal, community,
regional, provincial and the municipality levels – each of which is responsible for particular
domains of public services [6]. Yet, the vision delineated by the FEDICT1, the Federal
Public Service for ICT of the Belgian Federal Government, responsible for defining and
implementing an e-Government strategy, is to “Enable one virtual government consistent
to the customers with full respect for every single competency.”
We will illustrate by an example of Belgium, how structural obstacles can be overcome
to make an operational e-Government system, including the Electronic Identity system as
its highlight and a baseline for further development of services. To address the

1
FEDICT was created by Royal Order on May 11, 2001, as part of the plans of the first Verhofstadt
Government to modernise the federal administration
governmental complexity issue, in March 2001 the co-operation agreement was signed2
between the Belgium federal State and the communities and regions in the context of
constructing and operating a common E-platform [7]. The aim of the co-operation
agreement’s signatories is to use ICT to transmit information to all citizens, companies,
organizations and authorities in a user- friendly way, and to provide opportunities for
carrying out electronic transactions with authorities in a trusted, secured environment.
Under this agreement, the parties created an integrated E-platform with the eID card as its
key component, to facilitate rapid, direct communication between government and citizens,
companies and other organizations, as well as among the parties themselves. This, the
primary mission of the eID project was: ”to give Belgian citizens an electronic identity card
enabling them to authenticate themselves towards diverse applications and to put digital
signatures3.”
The Belgian electronic identity card has the following features:
1. Visual and electronic identification of the cardholder;
2. Electronic authentication of the cardholder using the digital key pair technique;
3. Generating an electronic signature with legal force by the digital key pair technique
(non-repudiation);
4. The Belgian electronic identity card thus does not function as an electronic currency.
The Belgian electronic identity card is structured as a processor chip card. It enables the
data being printed on the card4, and simultaneously the data are piled up on the processor
chip of the card5. The use of private keys and the corresponding certificates is protected by
a PIN code. The use of a qualified e-signature will require the entering of the PIN code
every time a signature is to be placed, while the use of biometry is not practiced due to the
expensive and complex supplementary equipment which is required for this purpose. It is
interesting that the strategic decision has been made to use the eID card only as a means of
identification, authentication and placing e-signature, and not as a means of transmitting
data. The data is transmitted over networks, with the eID card serving the identification and
authorization purpose. The storage of data on the eID card would place the burden on the
cardholder to update those data whenever they change. Electronic data exchange over a
network relieves the cardholder from the tedious duty of regularly updating the card.
With regards to the actual process of creation of the eID card, as part of the competitive
selection process, the Government has selected a service provider to produce eID cards,
while the certification authority was selected to produce certificates6. The focal point for
issuing certificates are the municipalities, who are entrusted with acting as service counters
for eID cardholders and performing the identity checks required to issue the cards.
To ensure that the eID card qualifies for the security standards for placing a qualified
digital signature outlined in the Directive 1999/93/EC [8] of the European Parliament and
of the Council of 13 December 1999 on a Community framework for electronic signatures,
it is tested by a body competent for that purpose, in compliance with the prerequisites of the
annex III of this Directive. In addition, the certification authority chosen by the
administration requests its accreditation by a body competent for this purpose, to verify

2 This co-operation agreement was signed by the Federal State, Flemish Community, French Community,
German-speaking Community, Flemish Region, Walloon Region, Region of Brussels-Capital, Flemish
Community Commission, French Community Commission and Common Community Commission.
3
http://www.fedict.belgium.be/
4 The following data are printed on the card and can be read visually: the single ID key; ID number; basic
identification data (name, gender, date and place of birth, nationality); residence; photo; handwritten signature
of cardholder and municipality official; card’s period of validity; place of issue.
5 In addition to the duplication of the above listed, this additional data are entered on the processor chip of the
card: private key with a corresponding certificate that can be used for e-authentication; a private key with a
corresponding certificate that can be used by the cardholder to place an electronic signature with legal force.
6
www.ksz.fgov.be
whether the authority itself and the certificates it issues meet the terms of annexes I and II.
To provide eID card users the guarantee for proper functioning of the reading devices and
corresponding eID card software, a registration procedure for the devices and software is
promulgated by royal decree.
Importantly, the revision of the legal framework has been carried out to ensure the
embedding of the adequate provisions for implementation of the eID as well as other
aspects of the ePlatform. In Belgium, the guidance was received from the Directive
95/46/EC of the European Parliament and of the Council of 24 October 1995 on the
protection of individuals with regard to the processing of personal data and on the free
movement of such data. E-Government implementation thus requires the introduction of
adequate changes of regulation such as human rights protection with regards to the
processing of personal information, protection against ICT crime, ICT security, value of
electronic information, e-signatures, equal access, transparency of administration, etc. The
European Union has promulgated directives in order to provide the common platform for its
member states. New regulations and measures [9] were introduced to enforce additional
principles. In Belgium, it was found useful that the regulation issued prescribed that the
principles have as a minimum to be complied with on every new government initiative7.
The creation of the eID card has revolutionized the interaction between citizens and
government in Belgium. Up to date, over seven million cards were issued and around ten
thousand new cards are produced each day8. It enabled truly interactive and client oriented
applications such as declaring employees status, requesting car licensing plates, online
consultations with National Register file, online tax declaration, e-notary, e-procurement, e-
invoicing for public sector, monitoring foreign activities on Belgian territory, etc.

3. Case: Austria
With large array of possibilities opening up through a citizen-centred approach of the
government provided services, Austrian administration saw an opportunity to start the
process of public administration reform through the use of comprehensive set of ICT tools
and solutions. Therefore, by understanding that electronic identity management is a
baseline for any kind of citizen driven services that require confidential data exchange,
Austrian administration approached this reform in a very systematic and organized manner.
It helped of course that, unlike Belgium, Austrian government has centralized decision-
making structure, where majority of ICT decisions are taken by the e-Government lead in
the Chancellery of Austria.
Rather than introducing additional physical concept of electronic identity card, Austria
chose a practical solution: introduction of a technology for electronic signature, i.e.
technical standard which is to be applied on each existing card (bank card, employee card,
smart card etc.) rather than a physical electronic identity card itself.
In order to approach the implementation of this solution, a consortium of Austrian
banks (including cambers of commerce and industry representatives) was formed. The main
role of this organization was to offer the digital signature services aimed at ensuring
authenticity, integrity and confidentiality of users’ data and it is currently the only
accredited center in Austria which provides a qualified digital signature. Apart from
providing the technology for implementation of digital signatures i.e. certificates of digital
signature for public, private and business use, this organization also supports
comprehensive training aimed at enhancing the capacity of public administration and

7 Law of 15 January 1990 on creation and organization of a Crossroads Bank for Social Security; Clause 102
of the Programme Law of 30 December 2001, etc.
8
http://www.fedict.belgium.be/
citizens to absorb the idea of electronic identity card and electronic services, including
organizing of numerous consulting workshops and practical demos.
In general, Austrian administration spent a lot of time on awareness campaign that
promoted the issuance of certificates for electronic signatures. These campaigns were
organized with public service providers, as well as citizens, highlighting the aspects of data
protection through various security mechanisms (data encryption etc.) and positive
identification of an individual (guarantee of one’s identity), while emphasizing the legal
aspects – the fact that a certified digital signature is the same as a handwritten signature.
Furthermore, by providing a technology that enables the application digital signature, rather
than a physical identity card itself, Austrian administration widened the acceptance of
electronic citizen services and secured easier penetration throughout the population. An
effect of all these efforts was clear – making all users aware of the new possibilities that are
enabled by applying the certified digital signature to any public service transaction
(certified digital signatures are still mostly used in the public service domains, although
they are beginning to impact the work of private and public business related activates). As
a result, certified digital signature technology started appearing on all kinds of electronic
cards, including various bank cards, employee cards, citizen ID cards etc. This was
strengthened by implementation of legal amendments, which made it necessary to provide
the digital signature technology on every new bank card issued – regardless of the fact
whether or not citizen decides to these services.
Once the infrastructure of certified electronic signature body was established and
widely distributed, numbers of industries started catching on to the possibilities that came
out of it. As a result, numerous applications – both public and commercial – were designed,
which were counting on this infrastructure and citizens to use it. Some of the most common
ones are in the area of eBanking (including replacement of secret codes, bank transactions
etc.), eBusiness (support to business processes such as registering a new private business),
eHealth (cross-country patient health management) and e-Government (support to public
administration processes with replacement of hand signatures).9
In addition, a new generation of advanced citizen services is starting to take place.
With certified electronic signature, a single sign on authentication mechanism is provided,
offering a one time authentication with ensured data security to any public service (or any
other application) available to a particular citizen (or any other end user i.e. company). This
reduces time, brings cost reduction and simplification of processes, but most importantly,
provides an opportunity for collaboration of all public domain services in order to serve the
citizen in a best way possible. For example, if a citizen wants to register a new business,
once logged on using a single sign on process with certified electronic signature and once
he/she enters an application for registering a new business, this application will already be
pre-filled with all available data that is already in the system. This significantly saves time
and ensures accuracy of data. Furthermore, this opens up an opportunity for a more
advanced public services, such as offering proactive notices (for example – notification that
a drivers license will expire in six months and that a citizen should fill out a renewal form).
In the long run, this continuous cycle will continue enhancing the need for certified
electronic signatures since it simplifies and enables better access to services, as well as
continue stimulating the industry to create and continue collaboration of services,
processes, and applications which require electronic identity cards with electronic
signatures. Today, most of Austrian citizens have certified electronic signatures on one of
their electronic cards. The same trend is felt throughout the European Commission, as the
idea of a single identity management and data protection becomes even more relevant

9
A-Trust; Michael Butz; 15 April 2008, http://www.ocg.at/events/files/cc30butz.pdf
within the European borders, and eventually the world, enabling citizens to benefit from
easier access to public services, as well as continues public administration support.

4. Case: Bosnia and Herzegovina (BiH)

The use of Information and Communication Technology (ICT) by the public sector in BiH
has only recently begun to receive the systematic attention required to turn it into a critical
component of the long-term development of the country. National plan for approximation
of the Acquis identifies e-Government as one of the priorities in public administration
reform in BIH. In addition, in November 2004, at the 69th Government session, the Council
of Ministers of Bosnia and Herzegovina (state government of BiH) adopted the Policy [10],
Strategy and Action Plan for Information Society (IS) Development in BiH.
The policy envisages government reform on the basis of a wide application of
information and communications technologies. This will enable government to provide
internal and external services to better serve citizens, businesses and society at large.
However, the implementation of the Action Plan [10] shows that most of the envisaged
projects and tasks have not been implemented. Most of all, the lack of strong legal
framework is jeopardizing the consistent, relevant and effective reform for implementation
of the e-Government agenda. The complexity of the government structure of Bosnia and
Herzegovina is an additional obstacle10.
Currently, BiH has only two e-related legislation acts in place: in 2006, the Law on e-
Signature11 was adopted by the BiH Parliament, while in 2007 the Law on e-Business was
adopted, both of which are assessed as being in line with the appropriate EU Directives.
Both laws have envisaged the establishment of the Root Certification Authority (RCA) at
the State level within the Ministry for Communication and Transport of BiH, and have
provided a clear framework for usage of the electronic identity system. In addition, a
number of by-laws and regulatory acts have been prepared but are still pending adoption
and final approvals. However, up-to-date, no state-level RCA has been established, and
none of the e-signatures in accordance to the above mentioned laws issued.
In spite of the weak e-regulatory framework, BiH has succeeded in implementing some
crucial e-Government systems and services. Importantly, it started with the creation of the
central citizens’ registry entitled Citizens Identity and Protection System (CIPS). The CIPS
Directorate was established by Law on Ministries and Other Administrative Bodies12 as an
integral part of the Ministry of Civil Affairs. The CIPS Directorate is responsible for:
• IDM systems of BiH Citizens (ID cards, driving licenses, passports, etc);
• Birth, marriage certificates from registry books: request and delivery;
• Reporting on change of residence (change of address).
In addition to the ORACLE based CIPS database, the CIPS Directorate is responsible
for the State Security Network which interconnects all major cities in BIH. Recently, CIPS
Directorate has developed the new web based application based on the SOA (Server-
Oriented Architecture) principle, which supports implementation over web services, and
XML documents used as a standard for the exchange of information between the Exchange
Data Centre and applications of the users who use systems and need data from databases
who are in State ownership.
Next to the CIPS, the second ICT programme/system that we have assessed deals with
municipalities and local level of government. The Governance Accountability Project

10
Following the Dayton Peace Accords in November 1995, Bosnia and Herzegovina is comprised of the two
Entities - the Federation of Bosnia and Herzegovina and the Republika Srpska, as well as the district of Brčko.
Each of the Entities has its own constitution. The Federation is composed of 10 Cantons. All these structures
are further divided into approximately 150 municipalities.
11
Official Gazette BH 91/06
12
Official Gazette BH 15/2003
(GAP) for BiH is designed to build the capacity of a critical mass of municipalities to better
serve their citizens within a policy and fiscal framework of good governance. GAP is
currently assisting 41 legacy partner-municipalities. In the domain of ICT interventions,
GAP is implementing software registries and systems that support the concept of "one-stop-
shop" for citizens, which is mostly dealing with birth and marriage certificates.
In respect to conditions for businesses we have examined the Indirect Taxation
Authority (ITA) of BiH, which is the biggest State level institution in BiH. It has
successfully introduced a new taxation system, with the strong support of its IT Sector
which is ITA'a organizational unit responsible for maintaining, planning and development
of IT as a support to the everyday functioning of all ITA units. Recently, ITA has launched
a new "е-VAT" web system providing the registered VAT taxpayers, after they become the
users of the system, with the access to their files and data contained in the information
system of the Indirect Taxation Authority. This is a closed ITA system that allows access to
and usage of the "е-VAT" web system by companies. Among other activities and
achievements of the IT ITA sector one should underline the development of the system for
data interchange with non-ITA entities such as the institutions of Republic Srpska, the
Federation of Bosnia and Herzegovina and the State of Bosnia and Herzegovina. This
modern web application is providing more than 30 reports to end users of the system.
The fourth and last BiH ICT programme/system that we have assessed is a
comprehensive e-Government programme for state government, which started in October
2006. It is organized in a number of phases and it is envisaged that by the end of 2009 the
state government will have improved networking and collaboration system that will allow
government personnel to communicate and work in a more efficient and flexible manner.
Such systems shall support electronic communication among government personnel, day-
to-day document flow trough integrated Document and Knowledge Management System –
DKMS, document repository and advanced security and accessibility.
Finally, integrated e-Government programme will create the BiH Government web
portal that will allow citizens and businesses an insight into all relevant Government
activities in forms of the planned Government sessions, agenda, adopted legislation,
legislation drafts that are submitted to the Parliament for adoption, etc. In addition, the
system will enable citizens to actively communicate with the Government.
All the systems that we have assessed are advanced IT systems that have been built on
the latest and high-quality software solutions. They all deal with different levels and all
have citizens/users in the focus of their architecture. All have the ability to communicate
and interconnect with a number of different systems and platforms. In addition, BiH has a
proper regulatory framework and all preconditions for electronic identity systems to be in
place. Unfortunately, this is not enough, and in reality, Bosnia is lacking a strong
‘ownership’ and electronic identity management as a baseline for all more advanced public
services. The lack of State RCA for authentication of electronic signatures has impeded the
creation of execution of the last part of critical functionalities of the above described
systems (and many more that are currently being built). Although all citizens registries
within CIPS are already in some way electronically signed, citizens cannot request or
receive their electronic ID card or receive qualified electronic signatures. In addition, GAP
systems installed in different municipalities cannot talk to each other since there is no way
for on-site electronic verification of identity. Thus, the e-VAT system of ITA has to rely on
its internal certification process since it cannot link personal/owners data with company
data/registry, therefore making it imposable to verify the owner status and ID credentials.
Finally, in order to provide the possibility for DKMS of the e-Government system to
process the electronic documents, the documents need to be electronically signed. The eID
system must be introduced so that the inter-institutional certification of documents can be
possible, so as C2G services – enabling citizens to submit their "certified" requests to the
Government. Since no RCA for electronic signature exists in BiH, the e-Government
programme will also have to rely on internal infrastructure and capacities. Once again, this
is just a creation of yet another closed and internal certification system.
It is evident that Bosnia and Herzegoving has failed to establish the electronic identity
management system, and therefore, this significant piece of the overall service delivery
mechanism is missing. Consequently, all systems that offer extensive service delivery
which could be enabled with the introduction of electronic identity system are currently
forced to construct a closed internal certification systems that often have limited impact,
high maintenance demands, and resulting in very high opportunity costs.

5. Conclusions
The eID is one of the essential infrastructural requirements for the implementation of e-
Government based services. It can be used for authentication of citizens and placing e-
signature with the public sector, but also can be used by citizens and private companies to
carry out different types of transactions. For example, with regards to the banking, without
eID, each bank must maintain its own database with the identification and authentication
methods of each of its clients. Thus, each bank should make a vast investment to ensure that
identification and authentication systems are impermeable. The eID resolves this issue,
since the electronic identity can be designed to be read by appropriate terminal at any bank
so a clerk can verify the identity and authenticity of any client at any time. The eID can
have many other practical applications such as declaring employees status, requesting car
license plates, online consultation of various public registers, tele-working, online tax
declaration, signing and deposit of purchase acts, e-procurement and e-invoicing for public
sector, etc. Once widely accepted, the eID system enables many other applications which
are even hard to anticipate in time of its implementation – such as access to the public
libraries, recreation facilities, school enrolments, etc.
By examining three cases relatively different cases of Belgium, Austria and Bosnia and
Herzegovina, we have illustrated that the eID system is one of the most important
infrastructural preconditions for application of e-Government solutions. Even though
Austria and Belgium have implemented conceptually and technologically different eID
solutions, in both cases, the introduction of eID system has revolutionized the way the e-
Government systems were implemented and used, and most importantly essentially
changed the communication between citizens and service providers, both public and
business. The third case of Bosnia and Herzegovina showed that, without nationally
implemented eID system, even well designed and implemented e-Government systems
cannot develop their potential into optimal performance, and provide integrated, efficient,
and easily accessible services to citizens and businesses.

References
[1] Agostini P.L., and Naggi R., "Selecting Proper Authentication Mechanisms in Electronic Identity
Management (EIDM): Open Issues", In: D’Atri A., De Marco M., and Casalino N., Interdisciplinary Aspects
of Information Systems Studies, The Italian Association for Information Systems, Physica-Verlag HD, 2008.
[2] "eEurope: Electronic Identity White Paper", Version 1.0, June 2003.
[3] "i2010 - A European information society for growth and employment", 2005,
http://ec.europa.eu/information_society/eeurope/i2010/index_en.htm
[4] http://ec.europa.eu/information_society/activities/egovernment/policy/key_enablers/eid/index_en.htm
[5] Van Arkel, J., "In Search for the Electronic Identity of the European Citizen", AICF Conference, Tokyo,
2005.
[6] http://www.ksz.fgov.be/documentation
[7] http://www.belgium.be/eportal/application?pageid=contentPage&docId=20434
[8] http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2000:013:0012:0020:EN:PDF
[9] Dumortier, J., Informatica- en communicatierecht, Leuven, Acco, 2002, 187 p.
[10] "Policy, Strategy and Action Plan for Development of the Information Society in BiH" www.is.gov.ba.