On April 1, the unrenewed certificates of nearly 300,000 Estonian ID cards were declared void, one tenth of which had been used electronically at least once.
"An ID card with voided certificates can no longer be used electronically or updated," Information System Authority (RIA) spokesperson Helen Uldrich told ERR. "The cards will remain valid as personal photo ID and travel documents through the date marked on the card."
Of the nearly 760,000 ID cards whose certificates were suspended last Novembr due to a detected security risk, nearly 494,000 were updated by the end of March, accounting for 95 percent of ID cards used electronically. 138,000 of these were updated at Police and Border Guard Board (PPA) service points, while the remaining 356,000 were updated remotely.
The Director General of the PPA suspended the certificates of approximately 760,000 Estonian-issued ID cards on Nov. 3 last year after a team of Czech reserachers published research in which it described a potential security flaw affecting chips used in the ID cards produced for the Republic of Estonia by Infineon.
The security risk affected ID cards issed by the PPA between October 2014 and Oct. 25, 2017, including those issued to permanent residents and Estonian e-Residents. The security risk did not extend to older ID cards or Mobile ID.
The majority of unrenewed cards had not been used electronically during the past year, meaning they had not been used to digitally sign documents or sign into e-services online. Approximately 30,000 of the unrenewed cards, however, had been used electronically at least once.
Editor: Aili Vahtla