Article published: 23.04.2026
Is it still safe to use digital ID?
The security of digital ID solutions is in the spotlight. Is there any reason to lose confidence in the digital ID solutions we use in Norway? On the contrary, secure digital identity in Norway is based on strict requirements, advanced security mechanisms and close monitoring by the authorities. Here we explain what actually makes digital ID safe, and why you can still use it with confidence.
Safe use of digital ID
Digital ID solutions are used to protect some of the most sensitive data we have: health, financial and personal information. Therefore, security must be very high. In Norway, we generally have a high level of trust in each other and in digital ID solutions. In recent weeks, it has emerged that Norway’s most widespread ID for private individuals, BankID, may be downgraded. What is happening – can we still trust the digital ID solutions?
Many questions can be asked. First, let’s explain what makes a digital ID secure:
- You must be who you say you are
Before a digital ID is issued, your identity must be thoroughly checked – often with physical identification or strong digital verification. This prevents identity theft. - Only you can access
The disclosure of your digital ID must take place in a way that guarantees that only you can receive it. Use for login takes place with several security factors (such as mobile and code), so that no one else can use your identity. - Everything is traceable and controlled
The systems are built to detect misuse and document who has done what, which provides a high level of security for both users and businesses.
Clear regulations
In Norway, we follow the EU’s eIDAS legislation, including requirements for technical standards. Digital ID issuers must comply with these technical, legal and procedural requirements and are regularly audited by international experts to ensure compliance. The independent audit reports provide the basis for approval by Nkom and inclusion on the EU’s list of providers of qualified trust services. If we do not meet the requirements, Nkom may grant an exemption. This will normally be time-limited and linked to special user groups.
What has gone wrong?
It has emerged that BankID has distributed its code chips by regular mail. This was pointed out as an insecure distribution channel as early as 2022. BankID has been allowed to continue its practice until Nkom announced in March 2026 that it can or will no longer grant an exemption. Nkom and Digdir have confirmed the information through quotes in the media.
The practice violates Principle 2 mentioned above that “Only you should have access”. There is a potential danger that outsiders could steal one of your proofs of identity. In secure solutions, there should be a secure circle in the entire issuance process, and this is a fairly obvious weakness.
But - how dangerous is it?
We don’t want to speculate on the severity of non-compliance in other people’s solutions. However, non-compliance can, in addition to creating doubts about the security of the service, also contribute to undermining confidence in the system that approves and certifies it. As an industry player, we must take this seriously.
It’s important to distinguish between the weaknesses of individual solutions and the strengths of the framework as a whole.
Commfides is regularly audited by international auditors and is certified at the highest security level.
The eIDAS regulations and the requirements for security level “high” have been developed precisely to ensure that digital identities can be trusted – even when they are used for the most sensitive services in society where the consequences of incorrect identity can be serious.
The requirements for identity control, issuance, distribution and use are comprehensive and strictly regulated.
When deviations from these requirements are detected, it is not a sign that the system is weak, but that the control mechanisms actually work.
At the same time, there is a certain amount of room for interpretation in the regulations, and practice can vary between countries, partly as a result of technological development and different risk assessments. In our experience, Norway has adopted a relatively strict interpretation of the legislation compared with some other countries. This has helped to build a high degree of trust in digital ID solutions. However, this does not mean that there is room for insecure solutions.
The challenge arises if individual incidents lower the level of ambition, or weaken confidence in the entire ecosystem.
Our assessment as a user of these regulations is that they are safe and robust, and there is no reason to weaken the general confidence in digital ID – but a reminder of how important it is to comply with the requirements.
What makes Commfides safe?
Commfides is, in addition to issuing digital IDs to private individuals, specialized in secure identity solutions for businesses.
We offer everything from single services such as digital signing and customer verification (KYC), to a wide range of certificates for identity and SSL encryption – as well as comprehensive solutions for ID control, login and identity management throughout the lifecycle.
Our employee e-ID is particularly relevant for many businesses. It’s a secure and professional digital credential for working life and is used when employees need to log in, sign or perform digital tasks in their professional role. It replaces the need to use a private e-ID in a work context and provides a clear distinction between private and professional identity.
The employee e-ID is personal, but linked to the employee’s role and is owned and managed by the company. This means clearer responsibility for use, better control over access and greater security for both the employee and the employer.
Employee e-ID is approved at the highest security level in accordance with Norwegian regulatory requirements and EU eIDAS regulations. This is particularly important for businesses with high requirements for security, compliance and traceability.
Contact us
servicedesk@
commfides.com
Phone number
+47 21 55 62 60
Opening hours
Weekdays between 08 AM - 05 PM
Visit us
Fornebuveien 1, 1366 Lysaker
