THIS CONTENT IS BROUGHT TO YOU BY University of Oslo - read more
Researchers: Digital ID management in Norway is a catastrophe
People who are denied the use of electronic ID solutions find it difficult to live full, independent lives in Norway.
Although digital identity management in Norway is in many ways a success, it has serious challenges and shortcomings, according to Marte Eidsand Kjørven.
She is a professor at the University of Oslo's Department of Private Law.
Kjørven led the Societal Security and Digital Identities project and received the Rule of Law Award for this work in 2024.
Market-based 'universal keys' are not without problems
Market-based electronic solutions such as BankID, Buypass, and Comfides have contributed significantly to the digitalisation of both the private and public sectors.
These 'universal keys' provide access to a range of important services for large parts of the population.
Examples include online banking, tax services, and health services.
At the same time, these solutions bring serious challenges related to social exclusion, the professor points out.
Identity abuse and inadequate legal protection are other challenges.
Legal rules do not sufficiently account for serious consequences
Digital identity management is complex.
A large number of actors, technical solutions, and legal regulations are involved. And digitalisation has happened rapidly.
However, Kjørven explains that the legal rules intended to ensure responsible digitalisation do not sufficiently account for the serious consequences it has brought about.
The research group directs scathing criticism of what it considers serious failings in the public governance of digital identity management in Norway.
Public governance receives harsh criticism
The word 'catastrophe' is used already in the introduction to the report.
Kjørven mentions the shifting of responsibility and a lack of legal protection, resulting in financial miscarriages of justice.
The researchers claim that these serious shortcomings can also lead to human rights violations and create challenges for democracy and national security.
It is vital to maintain good control over who has access to electronic ID solutions to avoid abuse and fraud.
Simultaneously, digital exclusion is a major problem under current conditions, according to the research group.
Some reap the benefits, while vulnerable groups bear the disadvantages and costs, the professor points out.
Digital exclusion strips people of autonomy
For many elderly people and individuals with disabilities, it is impossible to use electronic ID solutions without assistance.
The report tells the story of Bendik, who has Down syndrome and is denied BankID. As a result, he also loses access to digital public services due to his diagnosis.
A universal key in the form of an eID is necessary for access to essential services and real participation in society.
The consequences are extremely serious for those who are left without such a key, Kjørven points out.
"Norwegian authorities have left it to private actors to decide who shall have access to digital public services and who shall be excluded and thus disempowered," she says.
Miscarriages of justice, financial ruin, and broken lives
Kjørven believes it can be difficult for those who have access to the digital services they need to imagine how intrusive it is to lack an eID, and BankID in particular.
“These people do not have access to the same basic services as others, which constitutes a very serious problem, including from a human rights perspective,” the law professor emphasises.
Several serious digital fraud cases have been featured in the media in recent years.
Phishing for personal information is a common method fraudsters use to trick victims into giving up usernames, passwords, and credit card numbers.
Fraud attempts worth billions
Last year, DNB banking customers were targeted in fraud attempts totalling more than NOK 3.3 billion (349 billion USD). This was a 30 per cent increase from the previous year.
Of these, the bank managed to stop NOK 3 billion from falling into the hands of criminals.
Criminals who steal others' electronic IDs can manipulate information in public registers.
They can apply for loans and transfer money. They can also set up companies and receive public benefits on false grounds.
Some people are forced to move from their homes
This leads to major losses for individuals, companies, and the public sector.
People can have their finances destroyed and, in extreme cases, face criminal prosecution and miscarriages of justice.
Some are forced to move from their homes and have their entire futures ruined.
“These are millions of kroner from the welfare state, individuals, and businesses being channeled into organised crime, which can contribute to increased criminality and all the associated consequences,” Kjørven explains.
Many are defrauded by people close to them
Fraud within close relationships is also not uncommon, and the Supreme Court in Norway is currently hearing such a case.
A man handed over his BankID to his ex-partner to get help with daily tasks due to mental health problems.
The woman abused that access to take out several large consumer loans, for which she was later criminally convicted.
Nevertheless, the credit company has sued the man to cover its loss. He was the victim of fraud and identity theft.
Now the Supreme Court must decide whether the voluntary handover of BankID can make him legally bound to cover the loss.
Lack of national governance
Many people are also aware that for years, BankID code devices were sent to customers through the post without any verification of who collects them.
At the core of these challenges lies the absence of a holistic strategy and governance of digital identity management in Norway, according to the project group.
They write that responsibilities are fragmented. Coordination fails, and the field is characterised by a systemic lack of democratic anchoring.
The researchers believe that important decision-making processes are opaque and that stakeholders are not sufficiently involved.
Justified criticism
Marianne Henriksen is the director of professional affairs at the Norwegian Tax Administration. She believes the criticism presented in the report is constructive and justified.
“I believe the project has done a fantastic job. It's very important work that the public sector can benefit from,” she says.
The Norwegian Tax Administration collaborated with the researchers in the project through its role as owner of the National Population Register.
Henriksen describes the project's research as well-founded, constructive, and valuable.
You can listen to the Norwegian podcast episode below:
References:
Giske, M.E. DNB har aldri stoppet flere svindelforsøk (DNB has never stopped more fraud attempts), DNB News, 2026.
Kjørven et al. Helhetlig, trygg og inkluderende digital identitetsforvaltning i Norge: Anbefalinger fra SODI-prosjektet (Comprehensive, secure, and inclusive digital identity management in Norway: Recommendations from the SODI project), SODI Report 5, 2025.
Kjørven, M.E. Symptom på et større problem (A symptom of a larger problem), DN, 2026.
Thommessen et al, Norsk kvinne (80) ble bortført av svindlere til Dubai (Norwegian woman, 80, was abducted by scammers and taken to Dubai), NRK, 2024.
This content is paid for and presented by the University of Oslo
This content is created by the University of Oslo's communication staff, who use this platform to communicate science and share results from research with the public. The University of Oslo is one of more than 80 owners of ScienceNorway.no. Read more here.
More content from the University of Oslo:
-
Archaeology is helping researchers understand the effects of forced displacement
-
For 'Amalie,' going to prison was devastating. But it helped her get sober
-
“My pulse quickens every time someone says that children and young people are digital natives"
-
This offers hope for people living with dementia
-
The pressure from magma can fold solid rock in less than one day
-
Study: Art can be a safe space for artists with minority backgrounds
