When was the last time you logged into your Data Mailbox, filed a tax return online, or checked the driver’s points register? You likely used a “Bank Identity” or another means that allowed you to “pass through.” In the background of this entire process stood the National Identity Authority (NIA) – a system that almost everyone uses today, yet few truly understand how it operates or how broad its potential applications really are.

At first glance, NIA appears to be a system designed solely for communicating with the authorities. In reality, it is a federated platform for trusted identity verification with far wider potential. It can be used for communication with various public institutions and, under certain conditions, even with private companies.

Closely related to NIA is Bank iD, which expands the possibilities of using bank identity on a similar principle. We will explore that in more detail in a separate article.

What is NIA and why was it created?

The National Identity Authority (NIA) is a system managed by the Digital and Information Agency (DIA). Its purpose is to securely verify user identities when accessing digital services. In practice, it creates a federated environment that connects two groups:

1. Identity providers: Entities that ensure user verification (e.g., banks, state-issued means like the eID card, NIA ID, or the eGovernment Mobile Key, and potentially other commercial providers).
2. Service providers: Organisations that offer digital services (government offices, universities, health insurance companies, and in certain cases, private companies).

NIA also functions as a national node within the European eIDAS framework. This allows Czech citizens to log into services in other EU member states – and vice versa. However, for this international use, the eID card is currently the only valid means of identity verification.

How the federation works and why it is beneficial

The key concept behind NIA is that a user has one identity that they can securely use across various services. There is no need to register for each service individually or repeatedly fill out personal details.

Furthermore, NIA does not send all user data to the service provider – it only mediates the attributes that are strictly necessary. For instance, if age verification is required, it is not necessary to share the full date of birth; NIA simply confirms to the service provider that the user is over 18.

This brings several key benefits:

• Higher privacy protection: Less data in circulation means a lower risk of misuse.
• Greater user convenience: Logging in is fast and simple; the user does not need to remember dozens of different passwords.
• Cost savings for organisations: There is no need to manage robust internal verification systems or the complex agenda associated with managing user passwords.
• Trusted verification: The user’s identity is securely confirmed by an official state system, giving the service provider certainty that they are working with truthful and up-to-date data.

What identification means does NIA offer and what attributes can it verify?

For the average user, Bank Identity is the most well-known method today. Alongside it are other means, including state-issued ones such as the eID card, NIA ID, or the eGovernment Mobile Key. Every user can choose the login method that suits them best.

NIA does not just verify identity itself; it also provides specific user attributes – both in the European eIDAS standard and many others. Consequently, the user shares only those details with the service provider that are essential for using the given service.

Typical attributes include:

• First name and surname
• Date of birth
• Address
• Citizenship
• Age confirmation (e.g., “over 18”)
• …and others, depending on what the service provider needs to verify.

NIA in practice

Most commonly, you encounter NIA when logging into Data Mailbox or the Citizen’s Portal. However, its use does not end there – it is increasingly appearing in other areas as well.

• Universities and Schools: NIA is used, for example, for secure identity verification when accessing student portals. A practical example is the University of South Bohemia, where students can conveniently and securely reset a forgotten password thanks to the integration with NIA and Bank iD.
• Healthcare: Hospitals and health insurance companies are beginning to use NIA for access to patient portals or clinical test results.

Simplicity for users, certainty for organisations

For the user, the entire process is seamless – you choose your preferred method, log in, and proceed.

Whether you are visiting the Citizen’s Portal, resetting a password at university, or logging into a patient portal, you are using a digital identity that saves you time while protecting your privacy. At the same time, it provides certainty to organisations, allowing them to rely on securely verified data.