Background information on the ID card security vulnerability and update process

On 30 August 2017, an international team of researchers informed the Information System Authority (RIA) that they had discovered a security vulnerability in the chips of one of the world’s largest chip manufacturers. The same chips are used by Gemalto, a Swiss company producing the Estonian national ID card. The security vulnerability affected cards issued in Estonia as of autumn 2014.

The Information System Authority in cooperation with the Police and Border Guard Board and other partners prepared a solution to address the security vulnerability. The relevant software was used to update the digital components of the cards affected by the security vulnerability.

The need for certificate update concerned the following documents:

  • ID cards issued as of 16 October 2014
  • Residence permits issued as of 17 December 2014
  • Digi-ID cards issued as of 1 December 2014
  • E-residency cards issued as of 1 December 2014

ID cards issued as of 26 October 2017 have the updated software and the certificates of these cards did not need an update.

Certificates of cards that are not used digitally did not have to be renewed.

The update of the certificates ended on 31 March 2018.

Certificates affected by the security vulnerability were revoked as of 1 April 2018. If you did not update your certificates by then but need to use your ID card digitally, you will have to apply for a new ID card.

Press releases


If you didn't find an answer to your question, send it to our team.

  • See instructions
  • Please estimate your ability to use the computer, so that we can provide you with the best guidance


  • Verification failed

How can we improve the article and be more helpful?
Send Close