Freja Regulatory Compliance

From the very beginning, Freja was designed and created to solve regulatory compliance for partners/relying parties who wanted to include e-identification (e-ID) or e-signatures as part of their business.

The Trust Framework for Swedish E-Identification

The Swedish government’s Agency for Digital Government (DIGG) publishes the DIGG Trust Framework. All issuers of e-ID must comply with this framework in order to be used by relying parties who require a certain level of trust:

Freja eID+ is approved for Trust Level 3 (LOA3) for e-ID issued to private persons
Freja OrgID is approved for Trust Level 3 (LOA3) for e-ID issued by organisations to their employees

Agreement on Prepaid E-Identification for Employees

DIGG provides a framework and an agreement for an employee of Organisation 1 to be able to log into the e-services of Organisation 2.

This enables people who have an employee e-ID to identify themselves across borders at no cost beyond what the organisation pays to the supplier for the employee e-ID.

Freja OrgID is currently the only employee e-ID connected to the framework

eIDAS

eIDAS is the EU’s cross-border framework for electronic identification.

The Swedish government determines which e-IDs must function for Swedish citizens in all EU and EEA countries.

Freja eID+ is the only Swedish e-ID that is approved deployed within eIDAS. The confidence level is classified as ‘Substantial’.

GDPR

Private E-Identification

Freja is fully compliant with the General Data Protection Regulation (GDPR) for the handling of personal data and this is built into our Privacy Policy.

The same idea that is behind GDPR, giving people control back over their data, is also a core principle of Freja. With Freja, the user has the power to give or withdraw consent over which data is shared at every opportunity and interaction.

Employee e-ID

For Freja OrgID, the processing of personal data is regulated by a PUB agreement (personal data processor agreement) where the employer becomes the personal data controller and Freja the personal data processor.

This means that you, as the employer, avoid the legal risks that arise when using a private e-ID in the workplace. Read more about the law regarding Freja OrgID here:

Become a Customer

SCA within PSD2

Payment Services Directory 2 (PSD2) is the EU’s regulatory framework for payment services. PSD2 regulates how Strong Customer Authentication (SCA) must be handled in order to be approved according to the regulations. These rules have also been further defined by the European Banking Association (EBA).

Freja meets all these regulatory requirements in order to be used for SCA in the payment area

Electronic Signatures

Freja can be used for advanced signatures, which is the level that is in principle exclusively required and used in Sweden.

A signature with Freja eID+ falls under trusted services in the eIDAS regulation (EU 910/2014) as an advanced electronic signature.

Physical Identification with the Freja ID Card

In Sweden, there is no authority that approves physical ID documents, in the same way that DIGG approves e-IDs. It is up to each recipient of physical identification to decide which ID documents are accepted.

The following industry organizations have guidelines regarding the use of Freja as a physical ID document.