The EU is introducing tighter security for ID cards in order to reduce identity fraud. Today, representatives of the Romanian Presidency of the Council and the European Parliament reached an informal agreement on a regulation which will strengthen the security of identity cards of EU citizens and of residence documents issued to EU citizens and their non-EU family members. The informal agreement will now be presented to EU ambassadors for confirmation on behalf of the Council.
The proposed new rules will improve the security of these documents by introducing minimum standards both for the information contained in them and for security features common to all member states that issue them.
Security throughout the EU can only be achieved by ensuring security in each member state. The new rules on security standards for ID documents will allow us to more easily detect document fraud and identity theft, making it harder for terrorists and criminals to act, while facilitating free movement of genuine travellers.
Security standards for ID cards
Under the proposed new rules, identity cards will have to be produced in a uniform, credit card format (ID-1), include a machine-readable zone, and follow the minimum security standards set out by ICAO (International Civil Aviation Organisation). They will also need to include a photo and two fingerprints of the cardholder, stored in a digital format, on a contactless chip. ID cards will indicate the country code of the member state issuing them, inside an EU flag.
Identity cards will have a minimum period of validity of 5 years and a maximum period of validity of 10 years. Member states may issue ID cards with a longer validity for persons aged 70 and above. If issued, ID cards for minors may have a period of validity of less than 5 years.
Phase out of old ID cards
The negotiating mandate foresees that the new rules will enter into force 2 years after adoption, meaning that by this date all new documents issued must meet the new criteria.
In general, existing identity cards which do not meet the requirements will stop being valid 10 years after the date of application of the new rules or at their expiry, whichever is earlier. ID cards issued to citizens aged 70 or more will remain valid until their expiry, provided they meet the security standards and have a machine-readable zone.
The least secure cards which do not meet the minimum security standards or do not have a machine-readable zone will expire within five years.
Data protection safeguards
The proposed new rules include strong data protection safeguards, to ensure the information collected does not fall into the wrong hands. In particular, national authorities will have to ensure the security of the contactless chip and the data stored in it, so that it cannot be hacked or accessed without permission.
In addition, the new rules refer only to the security and information to be stored in the ID cards. They do not provide the legal basis for the creation of new databases at national or EU level, which is a matter of national legislation that needs to be in full compliance with data protection rules.
The proposed rules also specify the minimum information to be contained in residence documents issued to EU citizens, and harmonise the format and other specifications of residence cards issued to non-EU family members of EU citizens.
In recent years, common EU security standards have been introduced for identity and travel documents including passports, visas and residence permits for third country nationals. However, under existing rules, the security levels of national ID cards and resident documents for EU citizens and their family members still vary significantly, increasing the risk of document fraud.
The new rules are set out in a draft regulation which was proposed by the Commission on 17 April 2018.
The proposed rules do not require member states to introduce identity cards or residence documents if they are not foreseen under national law.