On 4 June 2026, Rolf Rauschenbach, deputy head of the e-ID Unit at the Swiss Federal Office of Justice, told a project participation meeting what close observers had already feared: the rollout of Switzerland's state-run swiyu electronic identity is slipping again. The internal federal-administration test phase planned for July has been postponed because security adjustments to user-data encryption and the trust infrastructure are only partially complete. "It is possible that the introduction of the e-ID will be delayed accordingly," Rauschenbach said — putting the 1 December 2026 launch date squarely at risk.
This is now the third timeline to wobble. The Federal Council originally targeted summer 2026. In late February 2026 that became 1 December 2026, after the Swiss Federal Audit Office (SFAO/EFK) published its second audit of the e-ID key project. And now even December looks shaky, before a single member of the public has been issued a credential.
The audit that started the slide
The SFAO's February finding was blunt and, frankly, alarming. Switzerland's e-ID is designed to encrypt user data end-to-end as it moves between participants in the system. Yet the auditors reported that the concept for that encryption had not been finalised — even though the project's own planning documents set an end-of-2025 deadline. For the separate "trust infrastructure" platform that underpins issuance and verification, the SFAO found that an encryption concept "has not even been consistently addressed."
The auditors did not mince the trade-off. They recommended preserving the project's stabilisation phase in full, even if that meant pushing the launch back, on the reasoning that "the error-free nature and maturity of the product are more important than its timely introduction." That is the right instinct, and it deserves to be steelmanned before it is criticised.
The strongest case for taking the time
A national e-ID is not a consumer app. It will eventually anchor digital signatures, company formation, age verification for restricted purchases, and interactions with cantonal and federal authorities. If the cryptography that protects who-requested-what is bolted on late or done badly, the failure mode is not an inconvenient bug — it is mass exposure of citizens' identity transactions, and an irreversible collapse of public trust. Switzerland already knows how fragile that trust is: voters rejected a private-sector e-ID model in March 2021 by 64.4% to 35.6%, and approved the current state-run version on 28 September 2025 by just 50.39% to 49.61%, on 49.55% turnout. A system that ships insecure would hand the next referendum-by-petition campaign its slogan. On those terms, the SFAO is correct: a date is not worth a breach.
But repeated slippage is a symptom, not a virtue
Proportionate, evidence-based regulation does not mean treating delay as a moral achievement. The uncomfortable truth is that the encryption concept being unfinished in 2026 is not prudent caution — it is a planning and governance failure. End-to-end encryption of user data and the trust infrastructure's cryptographic design are not late-stage polish; they are load-bearing foundations. That they were still "concepts" past their own 2025 deadline tells you the security architecture was sequenced after, rather than alongside, the rest of the build. The SFAO did not catch a clever team being careful. It caught fundamentals running behind.
This matters for the privacy promise the project is staking its legitimacy on. Switzerland's revised Federal Act on Data Protection (nFADP/revDSG), in force since September 2023, codifies privacy-by-design and data minimisation, and the Federal Data Protection and Information Commissioner (FDPIC/EDÖB) is the supervisory authority. swiyu's whole pitch — decentralised identifiers, verifiable credentials, the citizen holding their own data in a wallet — is a genuinely good, rights-respecting bet that aligns with those obligations. But privacy-by-design is meaningless if the encryption that operationalises it is the last thing finished. As consultant Martina Kolpondinos has noted, even with decentralised building blocks "the core of the e-ID trust infrastructure remains dependent on central operational integrity." The decentralised wallet does not absolve the state of getting the central cryptographic plumbing right first.
What proportionate looks like here
The answer is neither to shame the team into shipping on 1 December nor to let the date drift indefinitely while "trustworthiness" becomes a euphemism for institutional drift. It is to do three things in the open. First, publish the encryption and trust-infrastructure concepts for external review — swiyu's components are already developed publicly on GitHub, so there is no excuse for the threat model and key-management design to remain internal. Second, let the FDPIC sign off on the data-protection-impact assessment before the public test phase, not after, so privacy-by-design is a gate rather than a retrospective. Third, set the next date only once the cryptography is built and audited — and then hold it.
Switzerland made the right structural choice in 2025: a state-issued, decentralised, data-minimising e-ID is exactly the model an open, innovative digital economy should want, and a marked improvement on the private-issuer scheme voters killed in 2021. The frustration is that a sound design is being undermined by unsound delivery. A razor-thin mandate is not a reason to rush; it is a reason to ship something that earns the other 49.61% — once, and correctly.