Skip to content

German PID Rulebook (PID-DE)

Version 0.1 – Draft for Consultation ARF PID Rulebook Version used for this document: 1.2

Introduction

Purpose

This Rulebook specifies how the ARF PID Rulebook is applied within the German EUDI Wallet ecosystem. It defines national specifications required by German legislation, system architecture, and operational constraints. The document ensures full interoperability with the EU EUDI ecosystem while reflecting the decisions made within the German ecosystem:

  • There will be just one PID Provider in Germany.
  • The PID Provider is a backend service that translates from the German national eID scheme into the eIDAS 2.0 scheme by issuing a PID in the mdoc and in SD-JWT VC formats, suitable for eIDAS Level of Assurance (LoA) High. The Wallet receives issued credentials from the PID Provider and presents them to a Relying Party.

Relationship to ARF

The ARF PID Rulebook remains the baseline reference. This document provides German national specializations. In case of conflict, German national specializations prevail.

Scope

Applies to:

  • the German PID Provider,
  • German Wallet Providers,
  • Relying Parties in Germany,
  • Trust and governance entities.

PID Attributes and Metadata

Important for Relying Parties.

All string values in eIDs are stored uppercase, following ICAO Doc 9303 for machine readable travel documents. It uses ISO/IEC 8859-1, following BSI TR-03110 Part 3 D.2.1.4. This also means that letters like "Ö" (ISO/IEC 8859-1 0x6D) are used and not replaced by "OE".

One main component of the PID Provider is the connection to an eID-Server according to BSI TR-03130 that manages an eID authorization certificate that is allowed to request the relevant attributes according to the PID specification of eIDAS 2.0. The eID-Client reads the identity data from the German eID Card, the German electronic Residence Permit or an eID-Card for Union Citizens, sends it to the eID-Server that validates the data.

The second main component of the PID Provider is a service that creates the credential in mdoc or SD-JWT format. This includes the creation of a digital signature over the identity data read by the eID-Server. The signature recognized as the PID attestation under eIDAS by Relying Parties and must fulfill eIDAS LoA high. Hence, the respective key material and access to the key material must be stored and managed in a way to resist attackers with high attack potential.

Mandatory attributes specified in CIR 2024/2977

The full list of mandatory attributes specified in CIR 2024/2977 Table 1 is supported. German eIDs issued before November 2019 do not contain any information on nationality, so nationality is therefore assigned automatically as "DE" in case of a german eID Card.

Data identifier from CIR 2024/2977 Table 1 eID Card attribute from BSI TR-03130 eID Format / Definition
family_name FamilyNames (string)
given_name GivenNames (string)
birth_date DateOfBirth (sequence) - DateString
(string: pattern [0-9]{8}, format: yyyymmdd)
if mm or dd not known 00 is returned
- DateValue (date)
birth_place PlaceOfBirth (choice: StructuredPlace) - sequence: City (string)
- FreetextPlace (string)
or
- NoPlaceInfo (string)
nationality Nationality (string) - pattern: [A-Z]{1,3}
- "DE" is set if german eID card issued before November 2019 is used

Optional attributes specified in CIR 2024/2977

Data identifier from CIR 2024/2977 Table 2 eID Card attribute from BSI TR-03130 eID Format / Definition
resident_address PlaceOfResidence (choice: StructuredPlace), FreetextPlace (string) or NoPlaceInfo (string) - StructuredPlace sequence: Street (string), City (string), State (string), Country (string: pattern [A-Z]{1,3}), ZipCode (string))
resident_country PlaceOfResidence (choice: StructuredPlace) separatly available only if StructuredPlace is returned
- Country (string: pattern [A-Z]{1,3})
resident_state PlaceOfResidence (choice: StructuredPlace) separatly available only if StructuredPlace is returned
- State (string)
resident_city PlaceOfResidence (choice: StructuredPlace) separatly available only if StructuredPlace is returned
- City (string)
resident_postal_code PlaceOfResidence (choice: StructuredPlace) separatly available only if StructuredPlace is returned
- ZipCode (string)
resident_street PlaceOfResidence (choice: StructuredPlace) separatly available only if StructuredPlace is returned
- Street (string)
resident_house_number - not available separatly
personal_administrative_number - not available
portrait - not available
family_name_birth BirthName (string) - if only FamilyNames changed, just family name at birth is returned
- if GivenNames and FamilyNames changed both names at birth are returned concatenated
- if just GivenNames changed given names at birth concatenated with FamilyNames are returned
not present if empty
given_name_birth BirthName (string) - if only FamilyNames changed, just family name at birth is returned
- if GivenNames and FamilyNames changed both names at birth are returned concatenated
- if just GivenNames changed given names at birth concatenated with FamilyNames are returned
not present if empty
sex - residence permit only, should generally be omitted in the interests of equal treatment
email_address - not available
mobile_phone_number - not available

Mandatory metadata specified in CIR 2024/2977

Data identifier from CIR 2024/2977 Table 5 eID Card attribute from BSI TR-03130 eID Format / Definition
expiry_date DateOfExpiry (date) ISO 8601 date, pattern: "yyyy-mm-dd"
issuing_authority IssuingState There is no separate authority in eID, following CIR 2024/2977 issuing_country value is used
issuing_country IssuingState (string) - pattern: [A-Z]{1,3}, always "D" for German ID cards

Optional metadata specified in CIR 2024/2977

Data identifier from CIR 2024/2977 Table 5 eID Card attribute from BSI TR-03130 eID Format / Definition
document_number - not available
issuing_jurisdiction - not available
location_status - not applicable

Additional attributes in German PID

Data identifier eID Card attribute from BSI TR-03130 eID Format / Definition
source_document_type DocumentType (string) - pattern: [A-Z]{2},
"ID" = german eID, can also be "AR", "AS" or "AF" for Residence Permit or "IC" for ID Card for EU Citizens
age_equal_or_over AgeVerificationRequestType (int) Person is above or not the given age (int)
also_known_as ArtisticName (string)
academic_title AcademicTitle (String)

Additional optional attributes specified in the ARF PID Rulebook

Data identifier eID Card attribute from BSI TR-03130
issuance_date not available
trust_anchor the ARF PID Rulebook defines that as attribute which indicates at least the URL at which a machine-readable version of the trust anchor to be used for verifying the PID can be found or looked up. But PID is issued as mdoc or SD-JWT VC. Both formats have their cryptographically approved ways to do this not relying on a string, so it will not be used in german PID

Additional attributes provided by PID issuer

Data identifier Format / Definition
status Reference to TSL in format of (IETF OAuth TSL)
Shards and sizes are depending on the change frequency of status

Encoding and mapping rules

General principle

Encoding follows ARF PID Rulebook which defines encodings of a PID based on ISO/IEC 18013-5 (Personal identification — ISO-compliant driving licence — Part5) as well as SD-JWT VC.

German format specializations for ISO/IEC 18013-5 / mdoc

Data identifier Encodingformat Comments
birth_date tdate (rfc8610) or full-date (rfc3339) may be violating the standard and contains values like "1983-00-00"
birth_place tstr (rfc8610) Just locality will be present. If value in eID is "NoPlaceInfo", attribute "no_place_info" with the value true is set. If FreetextPlace comes from eID, this is set into locality.
nationality [+ tstr] (rfc8610) one or more alpha-2 country codes as specified in ISO 3166-1, mapped from eID field with pattern "[A-Z ]{1,3}"
resident_country tstr (rfc8610) alpha-2 country codes as specified in ISO 3166-1, mapped from eID field with pattern "[A-Z]{1,3}"
sex uint (rfc8610) residence permit only, should generally be omitted in the interests of equal treatment

German mapping rules for ISO/IEC 18013-5 / mdoc

Mapping of German eID data into mdoc compatible values

Data identifier mdoc format eID format Mapping
birth_date tdate (rfc8610) or full-date (rfc3339) format: YYYY-MM-DD DateOfBirth string: pattern [0-9-]{10}, format: yyyy-mm-dd date conversion
birth_place tstr (rfc8610) PlaceOfBirth (sequence) string conversion
nationality [+ tstr] (rfc8610) Nationality (string) pattern: [A-Z]{1,3} Mapping from ICAO Country codes to alpha-2 country codes as specified in ISO 3166-1. Codes beginning with X, e.g. XK for Kosovo, are not officially recognized. However, they are unofficial codes in ISO 3166-1. These reserved codes beginning with X must be positively validated.
resident_country tstr (rfc8610) pattern: [A-Z]{2} PlaceOfResidence.Country (string: pattern [A-Z ]{1,3}) Mapping from ICAO Country codes to alpha-2 country codes as specified in ISO 3166-1. Codes beginning with X, e.g. XK for Kosovo, are not officially recognized. However, they are unofficial codes in ISO 3166-1. These unofficial codes beginning with X must be accepted.
issuing_country tstr (rfc8610) pattern: [A-Z]{2} IssuingState (string: pattern [A-Z]{1,3}} Mapping from ICAO Country codes to alpha-2 country codes as specified in ISO 3166-1

German format specializations for SD-JWT VC-based encoding

The claims vct, vct#integrity, cnf and metadata cannot be issued as selectively disclosable claims . The additional claims iat and exp would define the lifetime of the PID.

Data identifier Encodingformat Comments
birth_date string, ISO 8601-1 [ISO8601‑1] YYYY-MM-DD format may be violating the standard and contains values like "1983-00-00"
birth_place JSON object Section 4.1 of [EKYC]; Just locality will be present. If value in eID is "NoPlaceInfo", attribute "no_place_info" with the value true is set. If FreetextPlace comes from eID, this is set into locality.
nationality array of strings Section 4.1 of [EKYC]; using alpha-2 country codes as defined in Section 2.2, mapped from eID field with pattern "[A-Z]{1,3}"
resident_country string alpha-2 country codes as specified in ISO 3166-1, mapped from eID field with pattern "[A-Z]{1,3}"
sex number residence permit only, mapped following this list: 0 = not known; 1 = male; 2 = female; 3 = other; 4 = inter; 5 = diverse; 6 = open; 9 = not applicable. For values 0, 1, 2 and 9, ISO/IEC 5218 applies.

German mapping rules for SD-JWT VC

Mapping of German eID data into mdoc compatible values

Data identifier SD-JWT VC format eID format Mapping
birth_date string, ISO 8601-1 [ISO8601‑1] format YYYY-MM-DD DateOfBirth string: pattern [0-9-]{10}, format: yyyy-mm-dd date conversion
birth_place JSON object PlaceOfBirth (sequence) string conversion
nationality array of strings Nationality (string) pattern: [A-Z]{1,3} Mapping from ICAO Country codes to alpha-2 country codes as specified in ISO 3166-1. Codes beginning with X, e.g. XK for Kosovo, are not officially recognized. However, they are unofficial codes in ISO 3166-1. These reserved codes beginning with X must be positively validated.
resident_country string PlaceOfResidence.Country (string: pattern [A-Z]{1,3}) Mapping from ICAO Country codes to alpha-2 country codes as specified in ISO 3166-1. Codes beginning with X, e.g. XK for Kosovo, are not officially recognized. However, they are unofficial codes in ISO 3166-1. These reserved codes beginning with X must be positively validated.
issuing_country string IssuingState (string: pattern [A-Z]{1,3}} Mapping from ICAO Country codes to alpha-2 country codes as specified in ISO 3166-1

Verifiable Credential Type (VCT)

As a convention, all PIDs must use types in the namespace "urn:eudi:pid:". The german PID is therefore using the type "urn:eudi:pid🇩🇪1", where "1" encodes the current version of the PID Rulebook.

PIDs are issued in the compact serialized format of SD-JWT.

Example

{
    ## Base data (SD-JWT VC DM)
    "vct": "urn:eudi:pid:de:1",      # metadata that would define this as a PID in the namespace "urn:eudi:pid:"

    ## Mandatory attributes specified in CIR 2024/2977

    "given_name": "ERIKA",             
    "family_name": "MUSTERMANN",       
    "birthdate": "1983-08-12",         # may be violating the standard of the data format and have values like "1983-00-00"  
    "place_of_birth": {                # may be containing a full address when separate values are not available, may be have the attribute "no_place_info" with the value true
        "locality": "BERLIN"
    },
    "nationalities": [                 # "DE" for german eID cards issued before Nov. 2019
        "DE"
    ],

    ## Optional attributes specified in CIR 2024/2977

    "address": {
        "formatted": "HEIDESTRASSE 17, KÖLN, NORDRHEIN-WESTFALEN, D, 51147", # formatted address as sequence of Street, City, State, Country, ZipCode
        "country": "DE",                                                     # ISO 3166-1 alpha-2 country code derived from ICAO country code of eID Card
        "region": "NORDRHEIN-WESTFALEN",                                     # State
        "locality": "KÖLN",                                                  # City
        "postal_code": "51147",                                              # ZipCode
        "street_address": "HEIDESTRASSE 17",                                 # Street
    },

    "birth_family_name": "GABLER",      # may be not available

    "sex": 9,                         # other value only in case of residence_permit, should generally be omittedset to 9 in the interests of equal treatment

    ## Mandatory metadata specified in CIR 2024/2977

    "date_of_expiry": "2031-08-01",

    "issuing_authority": "DE",          # not available in german eID card but mandantory, that's why the value out of issuing country is used

    "issuing_country": "DE",            # ISO 3166-1 alpha-2 country code derived from ICAO country code used for eID Card


    ## Additional attributes

    "source_document_type": "ID",              # "ID" = german eID, can also be "AR", "AS" or "AF" for Residence Permit or "IC" for ID Card for EU Citizens

    "age_equal_or_over": {              # may be not present
        "12": true,
        "14": true,
        "16": true,
        "18": true,
        "21": true,
        "65": false
    },

    ## Additional attributes provided by PID issuer

    "status": {
        "status_list": {
            "idx": 0,
            "uri": "https://example.com/statuslists/1"
        }
    },

    # example for key binding (SD-JWT VC DM)
    "cnf": {
        "jwk": {
            "kty": "EC",
            "crv": "P-256",
            "x": "52aDI_ur05n1f_p3jiYGUU82oKZr3m4LsAErM536crQ",
            "y": "ckhZ-KQ5aXNL91R8Eufg1aOf8Z5pZJnIvuCzNGfdnzo"
        }
    }
}

Operational notes

Issuance

PID issuance in Germany will be based on eID card. The issuance will be executed by only one PID provider in Germany. PIDs will be issued in batches of separate PIDs within one credential issuance request and every PID is used only once to avoid linkability. When the PIDs have run out (or before, to allow for offline cases), a new batch is issued based on the Refresh Token used as seed credential.

The suggested lifetime of the Refresh Token is two years or the expiration date of the eID, whichever comes first. After this time, the eID must be presented again to obtain a newly generated Refresh Token.

Renewal

The PID must be renewed by the owners themselves in the event of changes to the eID, e.g., name change or new eID.

There is no automatic renewal.

Revocation

Revocation can happen in different forms. First is the revocation list of the eID Provider, which has to be defined following §10a Abs. 3 PAuswG. Second is the Status List, the PID provider issues directly.