Skip to content

Act on Identity Cards and Electronic Identification

Electronic proof of identity

In an increasingly digitalised world, the security of personal data is of paramount importance. The Identity Card Act and the Passport Act for passports play a central role in protecting our identity and data. The capture of photographs and fingerprints is subject to specific regulations.

What is the Act on Identity Cards and Electronic Identification (PAuswG)?

The Identity Card Act (PAuswG) regulates the issuing, use and administration of identity cards in Germany. It was passed on 18 June 2009 and forms the legal basis for the identification of persons in Germany. The ID card serves as an official document for establishing identity and is mandatory for German citizens from the age of 16.

IT security is a decisive factor in the implementation of the ID card law. Without robust security measures, the data on the ID card is vulnerable to cyber attacks and misuse. TÜVIT offers solutions that meet the highest standards of cyber security and thus guarantee identity protection. The Federal Ministry of Justice and Consumer Protection provides further details on the PAuswG.

Who is affected?

The ID Card Act has an impact on a wide range of stakeholders, all of whom contribute to ensuring the security and protection of personal identity in Germany:

  • German citizens aged 16 and over: The law requires all German citizens to have a valid identity card or passport from the age of 16. An identity document is necessary to be able to officially prove your identity.
  • Authorities and public institutions: These are responsible for issuing and administering ID cards. They must comply with the legal requirements for security and data protection when processing ID card data. The ID card authorities must use technical systems for taking and electronically recording photographs and fingerprints. In doing so, they must fulfil the requirements set out in the ID Card Ordinance.
  • Companies and service providers: Companies, especially those that offer online services, can use the electronic identification function of the ID card to securely verify the identity of their customers. This mainly affects sectors that rely on secure authentication, such as banks, insurance companies and telecoms providers.
  • Private individuals: In addition to the obligation to carry ID cards, private individuals benefit from the ability to identify themselves securely online and protect their data. This is particularly relevant for the use of digital services and participation in e-government.

Requirements for the Act on Identity Cards and Electronic Identification

Obligation to issue

German citizens over the age of 16 are required to have an identity card. The identity card is usually valid for ten years.

Electronic identification function

The ID card must contain an electronic identification function that enables secure online identification. This function is crucial for the use of digital services and secure communication on the internet.

Data protection and security

The data stored on the ID card must be processed and used under strict security precautions.

Biometric data

The ID card contains biometric data, such as a digital photo and fingerprints, which are used to uniquely identify the holder. This data must be stored securely and protected against unauthorised access.

Security features

The ID card must have various security features that prevent forgery and misuse. These include special printing techniques, watermarks and other physical features.

Application & issue procedure

The law stipulates that the application for and issue of the ID card must be carried out by the competent authorities. These authorities must ensure that the identity of the applicant is correctly verified.

What TÜVIT can do for you

When it comes to the security and interoperability of electronic passports and ID cards, the IT security experts at TÜVIT are in demand. TÜVIT is recognised as a test centre for technical guidelines (TR) by the German Federal Office for Information Security (BSI).

To the competence profile
Passport and smartphone
TR-03121 Biometrics in sovereign applications
Reader for identity cards
TR-03170 Secure electronic transmission of photographs
Person in photo box
TR-03132 Secure scenarios for communication processes

What is the Passport Act?

The Passport Act (PassG) regulates the issuing and use of passports. It stipulates who can apply for a passport, what information it must contain and how passports are secured. The law contains provisions on application procedures, fees and the period of validity of passports.

An important aspect of the Passport Act is IT security, particularly in relation to biometric data and electronic components contained in modern passports. These passports, often referred to as "ePassports", contain a chip that stores biometric data such as fingerprints and a digital photo. IT security plays a crucial role in ensuring the integrity and confidentiality of this sensitive data.

Security measures include encryption technologies to prevent unauthorised access to the data, as well as mechanisms to authenticate and verify the authenticity of the passport. These measures are crucial to prevent identity theft and counterfeiting and to ensure the international recognition and acceptance of passports.

Who is affected?

The Passport Act affects all German citizens who need a passport to travel internationally. It regulates the issuing, renewal and use of passports and ensures that citizens have a valid and recognised proof of identity when travelling abroad. The law specifies which documents and information are required for the application and which security features the passport must contain. It also affects authorities responsible for issuing and managing passports and ensures that the processes are efficient and secure.

We will support you – no matter what

Get started at last!

We advise you

TÜV NORD IT Secure Communication I Berlin
To the consulting services Contact us
Goal achieved?

We check that

TÜV Informationstechnik I Essen
To the test offers Contact us

Passport Law Requirements

Application

The passport must be applied for in person at the relevant passport authority. This is usually the citizens' office or the municipal administration. In addition, the applicant must prove their identity and nationality, usually by presenting an identity card or an old passport.

Biometric data

The passport contains biometric data, including a digital photo and fingerprints. This data is recorded when the application is made.

Passport photo

The passport photo must meet certain biometric standards, e.g. neutral facial expression, looking directly into the camera, uniform background.

Period of validity

Passports are generally valid for 10 years for people aged 24 and over. For persons under the age of 24, the period of validity is 6 years.

Fees

The issuing of a passport is subject to a fee. The amount of the fee depends on the type of passport and the urgency of the issue.

Temporary passport

In urgent cases, a temporary passport with a shorter period of validity can be issued.

Obligations of the passport holder

The passport holder must keep the passport in a safe place and carry it with them when travelling abroad. The passport authority must be informed of any changes to personal details such as name or address.

Loss or theft

The loss or theft of the passport must be reported immediately to the police and the passport authority.