eHerkenning is a secure login method that allows employees of organisations to access government services and other connected organisations.
To ensure that only the correct individual gains access, it is essential to verify the identity of each applicant during the registration process.
Registration and identity verification
During registration, Digidentity verifies your identity using your ID document. In most cases, you will be asked to read the NFC chip in your ID. This allows us to confirm that the document is genuine and that the data has not been altered.
Alternatively, you may be asked to upload photos of the front and back of your ID. These images are checked automatically to validate the authenticity of the document.
Both methods may involve processing your Citizen Service Number (BSN), which is present on Dutch identity documents.
For self-employed individuals (ZZP), the BSN is required to establish a connection with the BSN Link Register (BSNk). For employees of other organisations, the BSN is not required for this purpose.
Where applicable, the BSN may be used temporarily to validate the authenticity of the document. The BSN is deleted immediately after this validation step. When reading the NFC chip, the BSN is removed straight away. For ZZP registrations, this happens after the BSNk link has been established.
The processing of BSN is based on applicable legal frameworks, including requirements under the Dutch Digital Government Act.
Authorisation and legal representation
An eHerkenning means is always linked to an organisation. Digidentity must verify that the applicant is authorised to act on behalf of that organisation. For this, we use data from the Dutch Chamber of Commerce (KvK).
After entering the KvK number, we check whether the applicant is registered as an authorised representative. If so, the application continues automatically.
If the applicant is not listed as authorised, approval is required from one or more authorised representatives. These individuals must also complete identity verification.
Depending on the organisation’s registration at the Chamber of Commerce (individually authorised, jointly authorised, or limited authority), one or more approvals may be required.
Company Administrator
Employees can request to become a Company Administrator. Once approved by the legal representative(s), a Company Administrator can manage eHerkenning applications within the organisation.
This includes approving new applications from employees, reducing the need for repeated approval by legal representatives.
A minimum of eHerkenning level 3 (Complete) is required to become a Company Administrator. Administrators can only approve applications for the same or lower assurance level. For example, an administrator with level 3 cannot approve a level 4 application.
Data storage and retention
Identity verification takes place within the Netherlands. We only store data that has been successfully verified, and all data is hosted in secure data centres within Europe.
The following retention periods apply:
- Identity document photos: 45 days
- Verification reports: 7 years (to meet compliance requirements)
For more information on how Digidentity processes personal data, including retention periods and involved third parties, please refer to our privacy documentation: https://www.digidentity.eu/documentation
Designation and supervision
Digidentity is one of the providers designated by the Dutch Ministry of the Interior and Kingdom Relations to issue eHerkenning means.
As a participant in the eHerkenning framework , Digidentity operates under strict supervision by the relevant authorities.
Compliance is demonstrated through regular audits.
Digidentity operates a certified Information Security Management System (ISMS) in accordance with ISO 27001 and is assessed annually by independent auditors.
In addition, Digidentity is certified under ETSI 319 411-1 and 319 411-2 for the issuance of PKI certificates and qualified electronic signatures.