EHerkenning is an initiative by the Dutch government, developed in collaboration with the private sector. Following government approval, private parties can become approved suppliers
At present, the Dutch government has approved 6 suppliers for eHerkenning. Only they are authorised to supply eHerkenning. All 6 meet the same requirements that are set, and all are checked by the government. This guarantees both security and functional quality.
Requirements for suppliers
You are free to choose your supplier for eHerkenning. All suppliers meet the same strict set of requirements imposed on eHerkenning. These requirements relate to:
- security and reliability
- privacy and data processing
- information protection
- technology and functionality
- legal aspects
Suppliers may differ in a number of respects, for example, the type of login means they supply, service, price and application process. In the list of suppliers, you can compare the various suppliers based on reviews, levels of assurance and prices.
EHerkenning is supplied through a network of approved suppliers. As a result, there is no ‘single point of failure’. The potential failure of a single supplier in no way threatens overall continuity.
In addition, competition between the suppliers ensures customer satisfaction, lower pricing and a constant response to the latest technological developments.
Protecting personal data
EHerkenning is a personal login means. Consequently, when making your application, you must supply personal data to your approved supplier. The approved suppliers are specialist parties that must meet very strict requirements in relation to privacy and data processing.
Government supervision is arranged as follows:
- Checks on compliance with the requirements imposed
- Checks on the processing of personal data
- Compulsory annual Privacy Self Assessment by the suppliers and submission of a report to the regulator
Suppliers must also comply with the following requirements:
- General Data Protection Regulations (GDPR) subject to supervision of the Dutch Data Protection Authority (AP)
- ISO27001 certification, the international standard for information protection, which must demonstrate compliance with privacy legislation and regulations.
- European eIDAS requirements.
On top of this, Privacy Enhancing Technology is used.
The website of each of the approved suppliers features their privacy statement. In this statement, they give full disclosure about the processing of personal data.