If at the time of domain registration, the holder identifies themselves through e‑legitimation, and the registrar indicates this in the registration transaction, the registrar is entitled to a discount on the domain registration according to the applicable price appendix.
Only e-identifications that have the "Swedish e‑identification" quality mark, at trust level 3 or higher, are initially accepted, this may change over time and the guidlines will then be updated.
Currently, the following e-identifications are covered
For personal e-identification:
BankID on file, at trust level 3 (Finansiell ID-Teknik BID AB)
BankID on card, at trust level 3 (Finansiell ID-Teknik BID AB)
Freja eID Plus at trust level 3 (Freja eID Group AB)
Mobile BankID at trust level 3 (Finansiell ID-Teknik BID AB)
AB Svenska Pass at trust levels 3 and 4 (AB Svenska Pass)
For organisation e-identification:
EFOS at trust levels 3 and 4 (Försäkringskassan), previously called MCA
Freja Organisation's eID (Freja eID Plus) at trust level 3 (Freja eID Group AB)
Mobile EFOS at trust level 3 (Försäkringskassan)
Mobile SITHS at trust level 3 (Inera AB)
SITHS at trust level 3 (Inera AB)
Source: The Agency for Digital Government in Sweden, DIGG, see link, https://www.digg.se/en/digital-services/eid
Audits
Auditing that the registration is validated with accepted e-identification may occur. The necessary documents showing this must be able to be presented upon such a request.
Domain registrations for individuals and sole proprietorships
For domain registrations for natural persons, the name and social security number (personal number) specified in the holder details must match the information disclosed by the provider of the e-identification, in the form of the person’s name and social security number.
Domain registrations for organisations
For domain registrations of a legal entity, the specified organisation number in the holder details must match the information disclosed by the provider of the e‑identification.
As many organisations do not have e-service credentials for their employees, a temporary solution is also accepted. In this case, the contact person specified for the organisation in the registration details, instead verifies themselves with personal e‑legitimation. Their name must then be matched against the information disclosed by the supplier of the e-identification.
Remember that even if there is a verified contact person, the requirements of the registrar agreement regarding the correct holder still apply. The registrar still has an obligation to ‘in an appropriate manner, verify the accuracy of the information that the Domain Holder is obliged to provide’ upon a new registration.
Technical details and tests in EPP
To indicate the use of e-identification in the registration, a new EPP extension has been introduced. This can be tested immediately. The extension refers to the "domain create" command and is optional to use. If the setting is set to "true", the registrar verifies that an electronic identification of the holder has been made and a discount for the domain registration is provided. When set to "false", no electronic identification of the data subject has been made and no discount is provided.
The addition to “domain create" looks like this:
<extension xmlns:iis="urn:se:iis:xml:epp:iis-1.2">
<iis:eid verified="false"/>
</extension>
You can test this extension by connecting to epp-preview.iis.se port 700. You use the corresponding username, password, and certificate that you already have for epptest.iis.se.
Technical details regarding this are described in the EPP manual (version 1.7).
