This special issue marks a distinctive development in the life of Identity in the Information Society. An authoritative set of research papers has been drawn from a research project investigating the rollouts of electronic identity (eID) cards across a number of European states, drawing parallels and common themes and finding distinctive policy and technology interactions amongst them. The EU member states that have been studied are Austria, Belgium, Denmark, Estonia, Finland, Germany, Spain, Sweden. There are individual papers on the evolution of ID cards in each of these countries. Each country-specific paper represents a wealth of priceless detail and analysis on this often arcane topic. It is apparent the extent to which the path development of eIDs is very dependent upon the historical picture. When change in eIDs is initiated, rarely is there a completely fresh departure, but instead there is found incrementalism which builds gradually on the previous infrastructure of technology, but also of regulation and cultural norms. Great strides in the adoption of technologies such as the esignature or qualified certificates do not appear to have happened, rather the picture seems still to be of gradually setting in place the groundwork for future more sophisticated applications.

Finland (DOI: 10.1007/s12394-010-0049-8) was the first country in the world to introduce an electronic identity card in 1999, but their card has not progressed towards replacing other online authentication devices such as bank ID cards. It serves as a travel document and is intended to aid access to eGovernment services and for electronic signing. Even in states such as Belgium (DOI: 10.1007/s12394-010-0042-2), the relatively strict privacy framework ensures the use of data is not accessible through the eID. Belgium has however achieved complete rollout but still experiences low usage rate for e-government services perhaps because its eID solution offers weaker authentication procedures. Some states, such as Sweden (DOI: 10.1007/s12394-010-0043-1), have worked hard at integrating a market-based initiative within the eID creation and development. Others, such as Denmark (DOI: 10.1007/s12394-010-0056-9), have developed the card largely from health-sector beginnings, with a gestation period of nearly 20 years. Still others, such as Estonia (DOI: 10.1007/s12394-010-0044-0), are seeing ID cards used in connection with e-ticketing and as a partial replacement for driving licences, but interestingly as a support for voting through the Internet. As in other EU states the card is used to aid online tax declaration.

Many European states have developed electronic ID cards with a host of mechanisms for the increased security and protection of personal data. With these cards, authentication requires possession of a physical eID card AND knowledge of a PIN codehence two-factor authentication. In both Belgium and Spain (DOI: 10.1007/s12394-010-0041-3) authentication allows the service provider to check the identity of citizen using the digital certificate on the card by means of the card reader and PIN.

But in Germany (DOI: 10.1007/s12394-010-0051-1) authentication is double-sidedthe citizen can check the identity of the service provider as well. The service provider must get an access certificate from a federal agency in order to access the eID data on the card. In line with data minimization, the access rights granted only cover the data required for that particular service: say citizen’s name, age or address. The card is also an electronic travel document (e-pass), an alternative to a passport, that holds biometric data including a mandatory photo while fingerprints are optional. Each ID card has a registered serial number but this number cannot be used to identify the holder in any other administrative procedure. The prize for data minimization must go to the Austrian Citizen Card (Burgerkarte) (DOI: 10.1007/s12394-010-0048-9) which carries no personal data at all, only a personal link used to produce sector-specific PINs for the respective service in each transaction. In effect, the Austrian system provides technical means against merging citizens’ data from different sectors of government.

A common framework (DOI: 10.1007/s12394-010-0052-0) has been adopted by the authors in presenting the developments on electronic ID cards and this allows considerable cross-referencing and comparison. Two further papers mine the material brought together by these diverse studies focusing on the path dependency questions introduced in the framework and exercising them on selected groups of country cases. One entitled The path dependency of national electronic identities (DOI:10.1007/s12394-010-0050-2) contrasts four national eIDs (Austria, Belgium, Germany and Spain) highlighting the differences between these systems conceived as socio-technical systems with regard to the eID itself, the eID cards as tokens, the authentication processes as well as the procedures for distribution and personalisation, the support provided for installing the technology and any provider-related regulation. It further compares the new electronic systems with the previous ones in each country, assessing the continuity with regard to the organisational, technological and regulatory path of development.

A second comparison (DOI:10.1007/s12394-010-0063-x) examines the cases of Denmark, Finland, Estonia and Sweden in order to check the validity of generalisations derived from the first four cases. The extended comparison with the four additional countries increases the variance between the eID systems in Europe by showing differing technical and organisational features such as purely software-based solutions, e.g. in Denmark, or complete outsourcing of the eIDMs, e.g. in Sweden. These four northern European country case studies have shown the significant role of banks as eID providers with a strong tendency to maintain the weaker authentication modes, such as One Time Password, raising the question to what extent the technical/academic distinction between strong and weak methods corresponds to the perception of service providers and customers. The authors recommend a comparative analysis of the auth entication modes for online banking adopting a similar actor-oriented approach. The second part of this paper, the conceptual framework of the comparative study, a combination of path analysis, institutional actor theory and policy field analysis is reviewed. The authors conclude that the framework explains some but by no means all differences between the national eID systems in Europe.