The EU is introducing tighter security for ID cards in order to reduce identity fraud. Today, the Council adopted a regulation which will ensure that identity cards of EU citizens and residence documents issued to EU citizens and their non-EU family members are more secure.

The new rules will improve the security of ID cards by introducing minimum standards both for the information contained in them and for security features common to all member states that issue such documents.

They do not require member states to introduce identity cards if they are not foreseen under national law.

Security standards for ID cards

Under the new rules, identity cards will have to be produced in a uniform, credit card format (ID-1), include a machine-readable zone, and follow the minimum security standards set out by ICAO (International Civil Aviation Organisation). They will also need to include a photo and two fingerprints of the cardholder, stored in a digital format, on a contactless chip. ID cards will indicate the country code of the member state issuing them, inside an EU flag.

Identity cards will have a minimum period of validity of 5 years and a maximum period of validity of 10 years. Member states may issue ID cards with a longer validity for persons aged 70 and above. If issued, ID cards for minors may have a period of validity of less than 5 years.

Phase out of old ID cards

The new rules will enter into force 2 years after adoption, meaning that by this date all new documents must meet the new criteria.

In general, existing identity cards which do not meet the requirements will stop being valid 10 years after the date of application of the new rules or at their expiry, whichever is earlier. ID cards issued to citizens aged 70 or more will remain valid until their expiry, provided they meet the specified minimum security standards and have a machine-readable zone.

The least secure cards which do not meet the minimum security standards or do not have a machine-readable zone will expire within five years.

Data protection safeguards

The new rules include strong data protection safeguards to ensure the information collected does not fall into the wrong hands. In particular, national authorities will have to ensure the security of the contactless chip and the data stored in it, so that it cannot be hacked or accessed without permission.

Residence documents

The rules also specify the minimum information to be contained in residence documents issued to EU citizens, and harmonise the format and other specifications of residence cards issued to non-EU family members of EU citizens.