About .beID
.beID is the Belgian electronic identity card, which Belgium citizens or EU citizens residing in Belgium can use for secure electronic authentication and signing.
The ID-card is a smart card that includes a microchip, which stores personal information. It is issued by the Belgian government and is available for citizens over 12 years old. For children below 12, a version without the signing function is available (known as Kids-ID). There is also a version for foreign residents.
Here is a sample ID-card (specimen):
Sample ID-card
To be able to use the .beID-card, the user needs:
- A USB smart card reader connected to the computer to read the details on the ID-card.
- ID-card client software installed on their computer.
- PIN code to confirm their identity. The PIN code is issued together with the physical ID card. There are two PIN codes associated with the card, one for authentication and one for signing. The ID-card also includes the needed certificates for authentication and signing.
See also the Test page.
Key features
- It produces trusted identities verified by the Belgian government.
- Signatures that use .beID are classified as Qualified Electronic Signatures (QES).
Level of assurance
.beID is eIDAS certified and supports "high" level of assurance.
If you need more information about the level of assurance, please contact the identity provider.
Use case examples
.beID can be used for:
- Digital onboarding: To be able to apply for a loan, the bank may require a user to register and become a customer of this bank. The ID-card can be used as a stand alone method or in combination with other services provided by Signicat to verify an identity (see for example ID Document and Biometric verification).
- Authentication: When the user has completed the digital onboarding process, the ID-card can be used to log into their account. The authentication will result in a type of response that depends on the type of authentication protocol used.
- Electronic signing: Your bank customer can apply for a loan and sign the loan application with the ID-card.
The same service is used for these use cases. However, the eID can be configured with different flows. For example, onboarding a new customer is a one-time occurrence, while authentication is a repetitive action for the customer. You may set up a simpler user flow for recurring authentications. The level of assurance that is required depends on the services you offer.
For technical integration details:
- For identity proofing and authentication, see the eID Hub Quick start guide.
- For signing, see the Electronic Signing documentation.
Authentication
Holders of a .beID card can use it to log into the website of a service provider that supports this method. The following example illustrates a typical authentication session for an end-user holding an ID-card.
This example assumes the end-user has already installed the necessary software, connected a card reader and inserted their valid card into the reader.
- The user selects .beID as login method and is asked to insert the ID-card into their card reader.
- The user confirms the agreement to the card being read.
- The user provides their personal PIN code.
- The user is authenticated from the certificate on the ID-card.
The actual screens may have a different graphical profile in your setup.
For details about how you can test this flow, see the Test page. For details about user information you can retrieve via the .beID, see the Attributes reference.
Electronic signatures
The .beID card also allows end-users to sign documents electronically through third-party signing. The signature that is produced in this process is a Qualified Electronic Signature (QES), which has the same legal validity as a traditional handwritten signature on paper.
The screenshots below show the end-user flow for signing a document.
For technical integration details, see the separate Electronic Signing documentation.