Legal flash: SPID for companies

Users can use SPID to access the services of companies that have implemented this solution, whilst companies can use SPID credentials to identify themselves with other companies or the Public Administrations.

1. The success of SPID

Italian Decree dated 24 October 2014 introduces SPID (Public Digital Identity System) which represents an electronic identification scheme, as defined according to eIDAS Regulation (Regulation EU 910/2014).
Through the notification of SPID in 2018, Italy is one of the first Member States to equip itself with a national authentication system in line with the eIDAS Regulation.
A few days ago, AgID (Agenzia per l'Italia Digitale) published new data on the use of SPID in Italy: the number of digital identities issued exceeds 25 million, with an increase of 61.5% since the beginning of 2021.[1]
This success is also due to the introduction of the obligation for Public Administrations to let citizens access their services through SPID credentials.[2]

2. Companies and SPID for users

Further, in view of the spread of SPID in Italy, there is a growing number of private providers that intend to use SPID to identify users using their services.
SPID could therefore replace the forms of electronic identification that are currently provided by some providers and which, unlike SPID, do not offer any guarantees as to the real identity of users.
To implement SPID for the identification of individuals, in line with the provisions of the Decree on Simplification and Digital Innovation, companies will have to follow the technical and administrative procedures described on the AgID website.[3]

3. Business SPID

Italian law also provides for a solution that meets the needs of companies to obtain a “business” SPID that can be used by the legal representative or other figures within the company to carry out its activities. This is the so-called “SPID for professional use by legal entities”.
The legal representative of an organisation (company, entity, enterprise, etc.), in addition to being able to obtain and use a digital identity to identify himself/herself for the performance of the company's activities, can also authorise employees to obtain SPID credentials for professional use of the same company.
During 2019, AgID published guidelines governing the procedures for issuing such a digital identity with which SPID providers must comply.

At this point, all the conditions are in place for the further spread of the Public Digital Identity System and the increasingly widespread use of this tool in both the public and private sectors.

[1] Such data are available at AgID webpage available at https://www.agid.gov.it/it/agenzia/stampa-e-comunicazione/notizie/2021/10/08/spid-oltre-25-milioni-identita.

[2] This obligation is provided by Article 24 of the so-called "Simplification and Digital Innovation" Decree Law (Decree Law 76/2020, converted into law by Law 120/2020).

[3] Please see AgID webpage available at https://www.spid.gov.it/cos-e-spid/diventa-fornitore-di-servizi/.