BAMF - Bundesamt für Migration und Flüchtlinge - Data protection and data security

Navigation and service

Data protection and data security

The electronic residence title offers a very high level of security for your data. It improves protection from identity theft and ensures that your personal data are secure. Technical mechanisms ensure that information is not read, copied or altered without authorisation.

In contrast to simple radio chips that are used in key cards or ski passes, for example, the electronic residence title does not send the information stored on it to every data reader device. The distance between card reader and card is limited to just a few centimetres. Before data are transmitted, the card checks whether the office or authority making the enquiry has the right to consult the data. It is not possible to read your data from a great distance without it being noticed. In addition, all information and transmissions are securely protected with internationally-recognised and established technical procedures (encryption and signature).

Biometric data

The electronic residence title contains a digital photograph and two digital fingerprints. These features, known as "biometric features" are used exclusively by state authorities to securely establish the authenticity of the document and whether if it belongs to the holder. In accordance with legal conditions, the biometric details may only be viewed by authorised governmental offices such as:

  • the Federal Office for Migration and Refugees (BAMF),
  • immigration authorities,
  • Federal and Länder police,
  • offices of the customs administration for combating illegal employment of foreign nationals,
  • other customs administration departments,
  • Federal Office for Goods Transport,
  • Federal Employment Agency, and
  • social services authorities (e.g. for welfare assistance).

The fingerprint data will remain stored at the immigration authority until you collect your electronic residence title. They will then be permanently deleted when you receive your new document at the latest. Similarly, Bundesdruckerei GmbH, which produces the electronic residence title, will not store any of your data. As soon as you collect your new document, the fingerprint data will only be stored in the chip in your electronic residence title.

You can be asked to place your fingers on a relevant device at inspection points. This device will then compare the fingers on the device with the fingerprint data stored in the chip on your electronic residence title. The comparison will only take place between you and your electronic residence title.

Supplementary conditions (obligations)

If an electronic residence title is issued with supplementary conditions, these supplementary conditions will also be stored in the electronic residence title's chip. Only official authorities (e.g. police and customs) may read the supplementary conditions. To do this, the document must be present. It is not possible for the data to be read via the Internet.

You maintain full control – use of the online identity function

Your personal data are also secure on the Internet. Only someone who has the electronic residence title in his possession and who knows the secret 6-digit number (PIN number) can release information for electronic transmission.
To do this you will identify yourself with your electronic residence title to service-providers who have been checked and authorised by the state Issuing Unit for Terminal Certificates (Vergabestelle für Berechtigungszertifikate - VfB). Only these providers have the technical facility to read their customers' identity data. The Issuing Unit checks each individual service-provider to see if it complies with data protection conditions and to find out which data are actually required to develop the service. It is ultimately you who decide which data will be transmitted by entering your PIN number.

Your contribution to ensuring the security of your electronic residence title on the Internet

The entire system that protects electronic residence title data from unauthorised access operates at an extremely high technical security level. The security level of the chip itself is actually of the highest possible standard. All the protocols and mechanisms used for the electronic residence title have been tested by specialists. Its security is however also dependent on the security mechanisms of your computer.

Therefore you must also contribute towards maintaining permanent security. Please use your electronic residence title as carefully as you would your cash card. Take careful note of the following instructions:

  • Always keep your electronic residence title secure. Do not leave it unattended if another person could gain access to it.
  • A very important issue for protecting your personal data is protecting your PIN. Do not give your PIN to anyone else. If you write down your PIN, do not keep it with your electronic residence title (e.g. in your wallet)
  • Never write your PIN on your electronic residence title.
  • If you lose your electronic residence title, you must notify your immigration authority immediately of the loss and have the online identity function blocked by the staff there or use the emergency telephone hotline to do so.

Signing contracts securely over the Internet using electronic signatures

Your own handwritten signature can be replaced by a "signature certificate" for the legally-binding conclusion of digital contracts over the Internet. The electronic signature allows the recipient (contracting partner) of a document to see if documents have been altered after they have been digitally signed.

Protecting your data on the Internet

Abbildung der Tastatur AusweisApp

  • Regularly update your virus protection program, firewall, operating system and the AusweisApp (ID application). Use the security updates provided by the relevant software manufacturers.
  • If you use a basic reader without its own keyboard and you are not sure if your computer is free of malware, use the AusweisApp's integrated screen keypad to enter your PIN. You can use the mouse for this. You can find more information about reader devices and the AusweisApp under the heading Required equipment.
  • Only place the electronic residence title on the reader device when you want to use it on the Internet.
  • Change your PIN regularly. This can be done free of charge and simply on your own PC. Do not use any combinations of numbers printed on the identity card (e.g. your date of birth or the access number) or sequences of numbers that are easy to guess (e.g. 123456).

You can find more information on this subject and how to use the Internet securely on the web pages of the Federal Office for Information Security (BSI).

Date 17 December 2015

Additional Information

Frequently questions

Are fingerprints stored in the local immigration office permanently?

No. They are stored until the electronic residence title is given to the applicant. After this, the data are deleted irrevocably.

Are my data secure from hackers during transmission?

Your data are encrypted every time they are transmitted. All information and transmissions are protected with internationally recognised and established encryption processes.

Each provider wishing to use the electronic residence title for its services must apply for the relevant state authorisation certificate from the Issuing Office for Authorisation Certificates [Vergabestelle für Berechtigungszertifikate (VfB)] which is part of the Federal Office of Administration [Bundesverwaltungsamt]. The Issuing Office has strict rules about the data required to perform the service.

Are my data secure when using the internet?

Yes, your personal data are in fact more secure than if you were to use the internet without an electronic residence title when shopping or participating on social networking sites. The on-line identity function checks before each action whether the service provider really is the one it purports to be.

Are the old residence titles still valid?

The existing residence titles in passports and replacement passport documents retain the validity entered there until 31.08.2021 at the latest.