eHerkenning

eHerkenning
Name	eHerkenning
Type	Digital identity and authentication
Founded	2009
Country	Netherlands

eHerkenning

eHerkenning is a Dutch digital identity and authentication framework used for business-to-government and business-to-business access to online services. It acts as a standardized access method enabling organizations to authenticate representatives from firms, non-profits, and public bodies when interacting with online portals operated by agencies such as Belastingdienst, Kadaster, UWV, KVK, and Rijksoverheid. The system was developed in response to interoperability needs among stakeholders including Logius, Ministry of the Interior and Kingdom Relations (Netherlands), and private sector providers.

Overview

eHerkenning originated as part of national efforts to harmonize electronic identity management alongside initiatives like DigiD, eIDAS Regulation, and European digital identity frameworks championed by the European Commission. It is administered within a landscape featuring service providers such as SIDN, KPN, PostNL, and specialist vendors that issue credentials under accreditation schemes similar to those used by Stichting Nederland ICT and certification authorities recognized across the Dutch public sector. The model supports federated authentication patterns found in projects by Atos, Accenture, Capgemini, and Dutch municipal IT programs led by entities like VNG.

Purpose and Functionality

The primary purpose is to provide authenticated access for representatives of legal entities to online services from organizations such as Belastingdienst, UWV, SVB, BOA, and private portals maintained by companies like Rabobank, ING Group, ABN AMRO, and utilities such as TenneT and Enexis. Functionality includes identity vetting, role-based authorization, and delegation features comparable to systems used by Chamber of Commerce registries like KVK and land registries like Kadaster. eHerkenning supports certified assurance levels aligning with frameworks promoted by NEN, ISO/IEC 27001, and EU-level standards including eIDAS Regulation. Integration examples reference operational interfaces similar to APIs provided by Common Ground projects and middleware platforms used by Centric and Ordina.

Organisation and Governance

Governance involves coordination among stakeholders such as the Ministry of Finance (Netherlands), Logius, certificate authorities, trust service providers, and sector representatives including MKB-Nederland and VNO-NCW. Accreditation, auditing, and policy setting draw on practices by Stichting Certificering Broek, NCSC-NL, and standards bodies like NEN. Commercial trust service providers operate under contracts and supervisory arrangements with public authorities comparable to procurement relationships seen with Atos Nederland and Capgemini Nederland. Oversight mechanisms reference compliance approaches used by Autoriteit Persoonsgegevens and legal frameworks including provisions of the Dutch Civil Code and EU directives handled by European Parliament committees.

Levels and Assurance Classes

eHerkenning implements multiple assurance classes to differentiate trust and delegation, analogous to assurance tiers in eIDAS Regulation and certification hierarchies in ISO/IEC 29115. These classes are commonly designated as EH1 through EH4 and map to risk profiles used by service providers such as Belastingdienst, UWV, and RVO. Higher classes require stronger identity proofing performed by accredited providers like KPN, PostNL, and specialist identity firms associated with Digidentity and iDIN-style ecosystems. Role delegation and power-of-attorney processes mirror administrative procedures found in Chamber of Commerce filings and notarization practices involving entities like Koninklijke Notariële Beroepsorganisatie.

Integration with Dutch Government Services

Integration is visible across portals operated by Belastingdienst, Kadaster, UWV, DigiD, Belastingdienst Zakelijk, RVO, and municipal back-offices coordinated by VNG. The scheme enables suppliers and contractors working with ministries such as Ministry of Security and Justice (Netherlands), Ministry of Health, Welfare and Sport (Netherlands), and Ministry of Infrastructure and Water Management to access tendering, tax, and permit systems. Technical interfaces align with identity federation patterns used in projects by Logius, and compatibility considerations reference EU initiatives led by the European Commission and interoperability work by ENISA.

Security and Privacy

Security measures follow practices from NCSC-NL, ISO/IEC 27001, and guidelines issued by Autoriteit Persoonsgegevens, emphasizing cryptographic credentials, PKI-backed authentication, and audit trails comparable to controls in eIDAS Regulation. Privacy considerations involve data minimization and purpose limitation consistent with the General Data Protection Regulation and Dutch implementation by Autoriteit Persoonsgegevens. Incident response and vulnerability management coordinate with national cyber-defense actors such as NCSC-NL and private CERT teams from firms like Fox-IT and Secura.

Adoption and Criticism

Adoption has been driven by mandates and incentives from agencies like Belastingdienst, UWV, and RVO, and uptake among small and medium enterprises represented by MKB-Nederland and corporate users including banks such as ING Group and Rabobank. Criticism has arisen concerning market concentration among trusted providers, interoperability with EU cross-border identity schemes promoted by the European Commission, usability for smaller entities cited by Consumentenbond, and concerns about administrative burden similar to debates around DigiD and national e-government programs. Proposals for reform reference discussions in bodies like Tweede Kamer der Staten-Generaal and reports from advisory institutions such as SER and CPB.

Category:Digital identity