By November 1, 2019, your organization must be connected to eRecognition. What does that mean for your organization? What does it provide and what choices can be made? In this article we list everything.
eHerkenning is the authentication tool that gives you secure access to the digital services of the government and other affiliated organizations. With only one digital key it is possible to communicate with all these organizations. This is cost-saving and efficient, since you no longer have to deal with different access procedures for each organization.
In addition, there is a legal requirement that all Dutch organizations and agencies connect to eHerkenning no later than November 1, 2019. For this, you can choose from several eHerkenningingsmakelaar such as KPN[LINK?], who have developed applications to arrange this for your organization. The application focuses on the level of reliability required. This depends on the type of data your organization wishes to exchange and what digital services you wish to purchase. This reliability level determines the security level and thus the type of data that employees within your organization may exchange with other organizations and agencies through eRecognition.
Personal
eHerkenning has five levels of reliability. The higher the level, the more sensitive the information the connected employee is shown. On the other hand, the service provider sharing this data needs more information about the identity of the connected employee taking this digital service. However, a higher level of reliability also means that an employee must provide more personal data, such as official documents about his or her identity, during the application for an eRecognition tool. Because eRecognition is person-related; one employee may have different authorizations than a colleague.
The 5 levels of reliability
Below is an overview of the eHerkenning reliability levels. This lists the course of the application procedure and the login methods for each reliability level.
eH1 and eH2 are the lowest confidence levels. Besides a username and password, you do not need any additional data to log in. These security levels do not meet the guidelines of the General Data Protection Regulation (AVG), which came into effect in 2018, and for this reason, few parties are still applying for eH1 or eH2. Approved eRecognition brokers will therefore almost never advise you to choose one of these two security levels unless there is a very specific reason for doing so.
When logging in with eH2+ and eH3, 2-factor authentication is used. Depending on which eRecognition broker you request the eRecognition tool from, you will receive a "token. This can be either a unique set of numbers previously shared with the applicant or a randomly generated PIN code that is communicated to the applicant via SMS or a dedicated device when logging in. In addition to the token, the username and associated password must of course be entered. The difference between eH2+ and eH3 is in the authorization check at the time of application: for eH3, a person must physically identify themselves, while the authorization check for eH2+ takes place entirely online. eH3 is widely seen as the new standard and is the most requested eRecognition level. Thus, most municipalities and provinces use eH2+ or eH3, as do the Tax Office and the Central Judicial Collection Agency.
The highest confidence level, eH4, requires a PKI government certificate. PKI stands for Public Key Infrastructure. There are several PKIoverheid certificates, such as server certificates and professional certificates, but for eHerkenning only the personal certificate is relevant. This is a digital certificate that meets strict government requirements and is linked to the State of the Netherlands root certificate. The PKIoverheid certificate is often on a USB stick or smartcard and is required to complete the login process. For now, KPN, Logius and a handful of municipalities are using eH4. Because of the recent introduction of the European eIDAS regulation, which makes it safer for organizations and institutions to do business online within European borders, eH4 is expected to increasingly become a requirement. Indeed, cross-border data exchange in many cases requires a high level of reliability, and only eH4 suffices for that.
Customized Access
It may seem convenient to immediately request the highest level of reliability for all employees involved. However, the different levels of trust ensure that you are authorized to exchange data that a colleague is not allowed to see. So it could just be that you get a PKI government certificate, while your colleague logs in with a PIN sent by text message.
In addition, a different fee applies to each level of reliability. In addition, the application for a PKIoverheid certificate involves additional costs. This is another reason not to apply for eH4 for every employee who has to exchange data digitally or may purchase digital services. Should you need a higher level of reliability at a later stage, upgrading is always possible, please contact your eRecognition broker.
Getting Started
Regardless of whether you want to apply for one or more eRecognition resources or connect your organization to eRecognition, you need to find out what level of reliability is required to do so. Go through the following steps:
Answer the following questions:
Which organizations or agencies would you like to purchase services digitally from?
With which organizations or agencies do you want to exchange data digitally?
Find out what levels of trustworthiness the organizations and agencies you want to do business with online use. You can find this information here or on their websites.
Find an eRecognition broker that suits your organization. KPN is one of the government-approved eRecognition brokers[LINK?] The company can help you answer questions from Step 1, help your organization connect to eHerkenning and apply for an appropriate level of trust for all employees. We also offer an additional service in the form of an eRecognition management module.
Admin module
The KPN eHerkenning admin module[LINK?] provides an overview of all employees within an organization who have an eHerkenning agent and information about their assurance level. One employee acts as the authorization manager. He or she has the ability to request a change in a colleague's assurance level, but not to change the assurance level himself or herself. The management module is not a requirement, but it makes managing eHerkenningingsmiddel and authorizations simple and clear. Also, your organization is eligible for a volume discount when you request eRecognition agents through the KPN eRecognition management module.
