Taiwan New eID Project

• Taiwan New eID Project
  • • TL;DR: Taiwan’s eID Project (2019–2023) – A Costly Failure
• Investigation into Taiwan’s eID Project (2019–2023)
  • Timeline of Key Events (2018–2023)
  • Reasons for the Project’s Failure
  • Privacy and Security Concerns Raised
  • Government Responses and Aftermath
• Follow-up Regulatory work
• Aborted human work

Generated using ChatGPT DeepResearch

TL;DR: Taiwan’s eID Project (2019–2023) – A Costly Failure

Taiwan’s electronic ID (eID) project aimed to replace traditional paper IDs with a chip-based smart card integrating multiple government services. Launched in 2019, it faced immediate criticism over security vulnerabilities, privacy risks, and lack of legal safeguards. Civil society groups, cybersecurity experts, and lawmakers warned that the eID could enable mass surveillance, data breaches, and even foreign interference, especially given reports that key contractors had ties to China.

Technical flaws, including a centralized data structure creating a “single point of failure” and potential biometric tracking, raised red flags. Politically, poor public consultation and rushed implementation fueled distrust. By early 2021, local governments refused to participate in trials, and the project was indefinitely suspended by Premier Su Tseng-chang, citing privacy and security concerns.

Over NT$1.4 billion was spent on development, but by 2023, the government paid NT$280 million in compensation to contractors, effectively terminating the project. Officials admitted that privacy laws and independent oversight were lacking, and future digital identity efforts would require stronger safeguards.

In response, Taiwan is now establishing a Personal Data Protection Commission and shifting towards a “digital ID wallet” model—a smartphone-based system expected by 2025. The failure of the eID project serves as a cautionary lesson on the need for transparency, public trust, and robust legal frameworks before implementing national digital ID systems.

Investigation into Taiwan’s eID Project (2019–2023)

Timeline of Key Events (2018–2023)

• 2018 – The Ministry of the Interior (MOI) formally launched a national electronic identification (eID) project aimed at replacing Taiwan’s paper national ID cards and separate Citizen Digital Certificates (Legislators approve motion to probe handling of eIDs - Taipei Times). The project was budgeted at NT$4.89 billion over ten years (Contractor seeks NT$526 million in compensation for Taiwan’s halted digital ID plan
  | Taiwan News | May. 8, 2023 14:34) and envisioned a smart ID card with an embedded chip to serve multiple functions (national ID, health insurance, driver’s license, etc.).

• April 2019 – Taipei-based Guo Ju Consultants Co won the government tender to develop the eID system, and the state-owned Central Engraving and Printing Plant (the national security printer) was tasked with producing the cards (Interior ministry urged to halt eID implementation - Taipei Times). (Taiwan Semiconductor Manufacturing Co. was later contracted to supply the secure chips (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine).) Plans for the new eID were finalized by August 2019 and sent to the Executive Yuan without public hearings, with the goal of completing a nationwide rollout by March 2023 (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine).

• Late 2019 – The MOI unveiled prototype designs and features of the new eID card. Officials touted its advanced security (chip-based encryption and anti-forgery features) and argued it would hold less visible personal data than current IDs while consolidating multiple ID functions (Scholar: Taiwans new eIDa juicy target for Chinese hackers
  | Taiwan News | Oct. 9, 2020 15:53) (Scholar: Taiwans new eIDa juicy target for Chinese hackers
  | Taiwan News | Oct. 9, 2020 15:53). However, civil society groups began scrutinizing the project’s legal basis and transparency. In June 2019, a NT$3.3 billion manufacturing contract had been awarded without broad public consultation (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine), raising early concerns about oversight.

• Early 2020 – The initial target to begin issuing eIDs by October 2020 was derailed by the COVID-19 pandemic. Global supply chain disruptions delayed delivery of card production equipment, prompting officials to postpone the launch (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine). By mid-2020, the government announced a revised timeline: regional trial runs would take place from January to June 2021, and full nationwide issuance would start in July 2021 (Taiwan's digital minister says personal data protection agency needed for digital ID
  | Taiwan News | Jul. 30, 2020 10:43) (New electronic IDs to launch starting from July next year - Taipei Times) (pushing the project roughly half a year behind its original schedule).

• May 2020 – Controversy erupts: A coalition of human rights NGOs and lawmakers held a press conference urging the MOI to halt the eID implementation (Interior ministry urged to halt eID implementation - Taipei Times). They revealed that the eID’s lead contractor had ties to China – the company’s owner was a partner at a Shanghai law firm subject to Chinese Communist Party controls (Interior ministry urged to halt eID implementation - Taipei Times). This raised alarm about national security risks, with activists warning that Chinese entities could gain access to Taiwan’s citizen data via the project (Interior ministry urged to halt eID implementation - Taipei Times). They demanded the rollout be delayed until rigorous security reviews and legal safeguards were in place. This marked the first major public pushback, putting officials on the defensive.

• July–August 2020 – Mounting Opposition: Nearly 100 academics, IT experts, and civil society leaders signed petitions against a hasty eID rollout (Taiwan's digital minister says personal data protection agency needed for digital ID
  | Taiwan News | Jul. 30, 2020 10:43). At a legal seminar convened by Academia Sinica’s Information Law Center, experts warned of potential data breaches, constitutional rights violations, and other issues if the new ID was rushed (Taiwan's digital minister says personal data protection agency needed for digital ID
  | Taiwan News | Jul. 30, 2020 10:43). In response, Digital Minister Audrey Tang publicly supported creating an independent personal data protection agency before issuing eIDs, to strengthen oversight and align with EU GDPR standards (Taiwan's digital minister says personal data protection agency needed for digital ID
  | Taiwan News | Jul. 30, 2020 10:43). This signaled the government’s recognition that privacy legislation and institutional safeguards were lacking. Still, MOI officials insisted the eID plan was on track for 2021.

• October 2020 – The MOI reaffirmed the July 2021 launch schedule and began preparatory steps for local trials (New electronic IDs to launch starting from July next year - Taipei Times). Trial distributions were slated for Hsinchu City, Penghu County, and New Taipei City’s Banqiao and Zhonghe districts (New electronic IDs to launch starting from July next year - Taipei Times). To assuage concerns, Interior Minister Hsu Kuo-yung emphasized that extensive security testing would be done and that using the eID for government services “would not create a record in the ministry’s database,” only in the relevant agency’s system (New electronic IDs to launch starting from July next year - Taipei Times). He noted the project would comply with Taiwan’s Personal Data Protection Act and Cyber Security Management Act (New electronic IDs to launch starting from July next year - Taipei Times). The MOI also highlighted that the cards would be produced domestically under strict supervision (at a secure printing facility with TSMC chips) and incorporate anti-counterfeit measures to protect personal information (New electronic IDs to launch starting from July next year - Taipei Times). Despite these assurances, public skepticism remained high.

• Late 2020 – Local Governments Resist: As the January 2021 pilot approached, local authorities grew uneasy. Facing constituent concerns, all three trial jurisdictions signaled they would withdraw or postpone their participation in the eID pilot (Taiwan suspends digital ID project amid safety concerns
  | Taiwan News | Jan. 21, 2021 17:26) (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). By December 2020, Hsinchu City, Penghu, and New Taipei (Banqiao/Yonghe) had effectively pulled out, citing unresolved privacy and security issues (and, likely, political caution) (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室) (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). This collapse of the test phase dealt a serious blow to the project’s credibility and momentum.

• January 21, 2021 – Project Suspended: Following the weekly Cabinet meeting, Premier Su Tseng-chang announced that the government would suspend the eID rollout indefinitely until new laws are enacted to protect privacy (Taiwan suspends digital ID project amid safety concerns
  | Taiwan News | Jan. 21, 2021 17:26). The decision came directly on the heels of local governments’ trial pull-out and intensifying warnings about personal data leaks (Taiwan suspends digital ID project amid safety concerns
  | Taiwan News | Jan. 21, 2021 17:26). Premier Su acknowledged the need for “societal consensus” on eID safety and noted the growing sophistication of international hacker attacks in agreeing to the MOI’s suspension proposal (Taiwan suspends digital ID project amid safety concerns
  | Taiwan News | Jan. 21, 2021 17:26). The NT$4.8 billion allocated to the project “will not be wasted,” officials said, but no new timeline would be given until comprehensive privacy legislation is in place (Taiwan suspends digital ID project amid safety concerns
  | Taiwan News | Jan. 21, 2021 17:26). This marked the official pause of the eID program – what was intended as a flagship digital initiative had now been put on hold due to public pressure and security fears.

• 2021–2022 – In Limbo: The eID project remained in stasis. No cards were issued, and the legal reforms demanded by critics (such as amendments to the Personal Data Protection Act and establishing an independent data watchdog) were slow to materialize. The government, facing continued scrutiny, quietly shifted focus to other digital governance efforts. In mid-2022, Taiwan inaugurated a new Ministry of Digital Affairs, hinting at a possible rethink of how to approach digital identity in the future (Hopes and Concerns for Taiwan's New Ministry of Digital Affairs). Meanwhile, the suspended eID contracts became a financial and legal quagmire. Contractors had procured equipment and developed systems in 2019–2020, and some began seeking compensation for the abrupt halt. The project’s fate was uncertain – technically just “postponed,” but with no clear path to revival without major changes.

• 2023 – Termination and Accountability: By early 2023, it was evident the original eID plan would not be resurrected. An unnamed vendor (reported to be a contractor on the project) filed a hefty claim of NT$526 million for sunk costs, prompting negotiations with the government (Contractor seeks NT$526 million in compensation for Taiwan’s halted digital ID plan
  | Taiwan News | May. 8, 2023 14:34). Interior Ministry officials maintained that they intended to “retool” the digital ID program in the future, but in reality the focus had shifted to settling disputes and closing out contracts (Bill for Taiwan’s halted digital ID program could cost NT$1B | Biometric Update) (Bill for Taiwan’s halted digital ID program could cost NT$1B | Biometric Update). After multiple negotiation rounds, the government agreed to pay about NT$280 million in compensation to the contractors for not proceeding with the system (Legislators approve motion to probe handling of eIDs - Taipei Times) (Legislators approve motion to probe handling of eIDs - Taipei Times). By late 2023, funds were set aside in the budget for the maintenance or repurposing of eID equipment, effectively winding down the project (Legislators approve motion to probe handling of eIDs - Taipei Times). In public, officials phrased it as the program remaining “suspended” until a personal data protection commission is established (Botched digital ID program to cost NT$280m - Taipei Times), but the payout of contracts signaled a de facto termination. In March 2023, the Executive Yuan formally announced the eID rollout would not resume under current conditions, and in subsequent legislative sessions officials were pressed to explain the failure and the financial losses (Contractor seeks NT$526 million in compensation for Taiwan’s halted digital ID plan
  | Taiwan News | May. 8, 2023 14:34) (Legislators approve motion to probe handling of eIDs - Taipei Times). The Legislature’s Internal Administration Committee even approved a motion in March 2024 to investigate possible misconduct in the eID’s handling (Legislators approve motion to probe handling of eIDs - Taipei Times), underscoring the project’s definitive end and the view that it had been “botched.”

(Taiwan's digital minister says personal data protection agency needed for digital ID
| Taiwan News | Jul. 30, 2020 10:43) Proposed designs for Taiwan’s new electronic ID card, which was never launched. The project aimed to replace the traditional paper ID with a smart card containing an embedded chip and digital certificate (New electronic IDs to launch starting from July next year - Taipei Times) (New electronic IDs to launch starting from July next year - Taipei Times). Despite years of development, the eID’s rollout was repeatedly delayed and ultimately suspended in 2021 amid widespread concerns.

Reasons for the Project’s Failure

Multiple factors – technical, political, legal, and administrative – contributed to the collapse of Taiwan’s eID initiative. The failure cannot be pinned on a single issue; rather, it was the result of compounding challenges and missteps:

Technical Challenges and Security Vulnerabilities: From the outset, experts warned that the eID system could introduce serious security risks that the government was not fully prepared to handle. The new card was designed to be a universal key to citizens’ data – combining identity credentials with healthcare, driving records, and more – which meant it would become a high-value target for hackers. Cybersecurity professionals cautioned that creating one digital ID for all purposes would create a dangerous “single point of failure (SPOF)” – if compromised, it could expose a trove of personal information (Scholar: Taiwans new eIDa juicy target for Chinese hackers
| Taiwan News | Oct. 9, 2020 15:53). Taiwan faces constant cyberattacks (often attributed to China), and critics argued that rolling out the eID without ironclad security would be “not wise,” effectively painting a bullseye on Taiwan’s identity infrastructure (Scholar: Taiwans new eIDa juicy target for Chinese hackers
| Taiwan News | Oct. 9, 2020 15:53). Indeed, similar smart-ID systems in other countries have been hacked before, and local information-security audits found potential weak points in the eID ecosystem. During a small pilot test, local officials raised red flags about possible data leaks in the system’s design (Taiwan suspends digital ID project over safety concerns | Digital Watch Observatory). One issue was that the MOI initially focused narrowly on the chip’s security (since it was made by reputable TSMC) but underestimated risks in the surrounding software and databases (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). Civic tech organizations pointed out that the government had not assessed the cybersecurity readiness of all agencies that would handle eID data, nor built robust protections for the data exchange platform linking those agencies (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). In short, the implementation was technically premature – the infrastructure to securely support a nation-wide eID (from encryption systems to backend data management) was not fully in place or tested. This left the project vulnerable to both real and perceived security flaws, and every new vulnerability identified further eroded public trust.

Privacy and Data Integration Issues: Technically, the eID would enable unprecedented integration of personal data across government services. While this promised convenience, it also raised the specter of mass surveillance and privacy violations. Each eID usage could generate digital footprints across different services, allowing data to be aggregated. Privacy advocates argued that without proper safeguards, the eID system could easily be abused to track citizens’ activities and assemble detailed profiles of individuals (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). For example, linking the national ID with health, education, insurance, and travel records might let authorities or even private entities trace a person’s life events in a centralized manner. One specific concern was the inclusion of a high-resolution photo on the card (initial plans called for storing a 300 dpi facial image) – critics warned this could facilitate facial recognition tracking by the state (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). Such a biometric database, if misused, might enable ubiquitous government monitoring (e.g. identifying people at protests or polling stations) without citizens’ consent. Experts noted that the system lacked “anti-surveillance” mechanisms (such as allowing citizens to see or control when their data is accessed), despite suggestions to include such features (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). In essence, the ambitious scope of data integration introduced systemic risks that the project administrators did not fully mitigate, contributing to its downfall.

Inadequate Legal and Regulatory Framework: A fundamental issue was that Taiwan’s legal system had not caught up with the project’s demands. The eID would dramatically change how personal data is used and shared, but no new laws were passed to delineate limits or oversight for this change (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). Privacy experts repeatedly highlighted that Taiwan’s existing Personal Data Protection Act and cybersecurity laws were insufficient to address the novel risks posed by a chip-based national ID (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). Unlike countries such as Germany, Japan, or Estonia – which updated their laws or enacted new legislation in tandem with launching digital IDs – the Taiwanese government forged ahead without legislative adjustments (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). This gap meant there were no clear rules on what data the eID could carry, who could access it, how long data would be retained, or how citizens could seek redress for misuse. It also meant no independent authority was empowered to oversee the massive personal data processing that eIDs would entail; Taiwan lacks a dedicated data protection commission, a fact widely criticized by civil society (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). The lack of a legal safety net not only heightened the actual privacy risks, but also became a political stumbling block – legislators and courts signaled that proceeding without new laws could be unconstitutional or illegal. Ultimately, the absence of an updated legal framework forced the project to halt (the official suspension in 2021 was explicitly to wait for new privacy legislation (Taiwan suspends digital ID project amid safety concerns
| Taiwan News | Jan. 21, 2021 17:26)), essentially stalling the project indefinitely.

Political and National Security Factors: The eID project also foundered due to geopolitical and domestic political concerns. Notably, revelations that one of the key contractors had significant business links to mainland China ignited a storm of controversy (Interior ministry urged to halt eID implementation - Taipei Times) (Interior ministry urged to halt eID implementation - Taipei Times). Given Taiwan’s tense relationship with Beijing, the idea that a company involved in producing Taiwan’s smart IDs might be influenced by the Chinese government was politically explosive. Opposition lawmakers and activists warned that if Chinese tech or personnel were involved, Taiwanese citizens’ data could be siphoned off to Beijing – an unacceptable security breach (Interior ministry urged to halt eID implementation - Taipei Times) (Interior ministry urged to halt eID implementation - Taipei Times). This issue undermined public confidence and gave political ammunition to those opposing the project. Additionally, the ruling DPP government had to weigh the optics of pushing the eID amid growing public distrust; with major local elections in 2022 and a presidential election looming in early 2024, continuing an unpopular project risked political backlash. The partisan divide contributed as well – while the DPP initially championed the digital ID as a modernization effort, the KMT and third-party legislators seized on its flaws to attack the government’s competence. Legislative committees summoned officials to grill them on eID security, and opposition members threatened to freeze funding. The broader political climate – one of deepening concern over digital surveillance (exacerbated by global examples and the Hong Kong situation) – meant the eID lacked a strong constituency. Even within the government, officials like Audrey Tang sided with the cautious approach (advocating “law first”), indicating not all were on the same page. In summary, insufficient political buy-in and the specter of Chinese interference heavily contributed to the eID’s demise.

Administrative and Implementation Missteps: Finally, internal administrative issues plagued the project from the start. Observers noted a pattern of poor communication and lack of transparency by the MOI. The eID plan was formulated and approved with minimal public input – for instance, the ministry convened a review committee that was supposed to include outside experts, but it ended up filled mostly with retired civil servants, undermining its credibility (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine). Key decisions (like the tender awards and technical standards) were made behind closed doors, causing distrust among technologists and rights groups who felt blindsided. Moreover, the project timeline was overly aggressive. Officials tried to compress the pilot and rollout into a short window (less than two years from planning to mass issuance), leaving little margin to address problems uncovered in testing. When legitimate concerns surfaced – about data security, privacy, vendor qualifications – the MOI’s initial response was often dismissive or perfunctory. For example, when experts questioned what data would be stored on the chip and whether the RFID feature could be toggled, clear answers were not forthcoming (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine). This fed a narrative that the government was either ill-prepared or “incompetent” in handling high-tech initiatives, as some critics charged (Contractor seeks NT$526 million in compensation for Taiwan’s halted digital ID plan
| Taiwan News | May. 8, 2023 14:34). Additionally, coordination failures occurred: the MOI did not sufficiently coordinate with local governments, who were ultimately responsible for issuing the new IDs to residents. This led to the embarrassing scenario of cities backing out at the last minute, suggesting the groundwork for local buy-in had not been done. There were also hints of procurement irregularities – one major subcontractor was accused of falsifying security certifications and outsourcing card production to unauthorized firms in China (Bill for Taiwan’s halted digital ID program could cost NT$1B | Biometric Update), a scandal that further tarnished the project. In sum, the administrative execution was flawed by rushed planning, insufficient stakeholder engagement, and oversight lapses, all of which compounded the technical and political problems.

These converging factors made it virtually impossible for the eID initiative to succeed. By early 2021, the project had become too controversial to continue, and even the government conceded that proceeding would be reckless given the unresolved security and privacy issues. The official verdict by many observers was that the eID was a “botched” program (Botched digital ID program to cost NT$280m - Taipei Times) (Botched digital ID program to cost NT$280m - Taipei Times) – a case study in how not to implement a national digital ID.

Privacy and Security Concerns Raised

From its inception, Taiwan’s eID plan was met with intense scrutiny from civil society groups, privacy advocates, and cybersecurity experts. They voiced a range of concerns about how the new system might threaten citizens’ rights and data security:

• Centralized Personal Data and Breach Risk: One of the foremost concerns was that the eID would centralize too much personal information, effectively putting “all eggs in one basket.” The card was to integrate data from various domains – identification, health insurance, driving records, possibly voting or financial info – and enable cross-linking of databases (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine). Advocates warned that this could turn into a nightmare if the system were hacked or misused, as a single breach might leak a citizen’s entire profile (from medical history to address to travel logs) (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine). Taiwan Association for Human Rights (TAHR) and others argued that a centralized digital ID without proper safeguards would make citizens vulnerable to identity theft and large-scale data leaks. The high-profile hacks of government systems in Taiwan’s past (often attributed to Chinese state actors) underscored the risk – critics questioned whether the eID infrastructure could withstand the “ever more sophisticated cyberattacks” seen in recent years (Contractor seeks NT$526 million in compensation for Taiwan’s halted digital ID plan
  | Taiwan News | May. 8, 2023 14:34). In pilot testing, local officials themselves raised alarm when they noticed potential information leakage points, validating these fears (Taiwan suspends digital ID project over safety concerns | Digital Watch Observatory). The prospect of a massive data breach loomed large in public discourse, especially given regional examples (for instance, breaches of India’s Aadhaar ID system or security flaws in Estonia’s eID in 2017 were cited as cautionary tales by Taiwanese experts).

• Surveillance and Privacy Violations: A broad coalition of digital rights organizations (including TAHR, Open Culture Foundation, and others) emphasized the potential for government surveillance through the eID. By making a digital transaction (whether accessing a service or authenticating identity), citizens could leave digital footprints that agencies might track (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). Without strong legal checks, nothing would prevent authorities from aggregating these logs to monitor people’s activities. Activists described scenarios of “Big Brother” oversight – for example, using the eID’s embedded photo for facial recognition, authorities could track individuals via CCTV or automate identification at public gatherings (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). The inclusion of a mandatory RFID/contactless chip raised questions: would the card be continuously readable, and could unauthorized scanners skim data from it without the holder’s knowledge (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine)? Although the MOI claimed that only basic info would be readable from the card’s exterior (New electronic IDs to launch starting from July next year - Taipei Times), the lack of transparency about technical specifications fueled suspicions. Prominent voices likened the eID to an “omniscient” tool of control that, in the wrong hands, could enable a dystopian surveillance state (Scholar: Taiwans new eIDa juicy target for Chinese hackers
  | Taiwan News | Oct. 9, 2020 15:53). Even outside of government abuse, privacy groups worried that private entities could start demanding eID data for transactions, normalizing invasive data collection. All these factors led human rights advocates to argue that the eID posed an undue intrusion into personal privacy in violation of constitutional rights – a claim that was at the heart of their petitions and, reportedly, one basis for judicial concern about the project () ().

• Lack of User Consent and Choice: Civil society also bristled at the mandatory nature of the new IDs. Under existing law, every Taiwanese citizen must have a national ID card, so the eID would effectively be forced on the entire population once implemented (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室) (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). Detractors argued that citizens should have the right to opt out of a smart ID if they do not trust it. They pushed for a choice to retain the old paper ID without a chip – at least until the eID’s safety was proven (Interior ministry urged to halt eID implementation - Taipei Times) (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine). This was not just a theoretical stance: many people felt uncomfortable with digital IDs and wanted to wait and see. Yet early on, the government did not indicate any opt-out would be allowed. Additionally, questions were raised about what data exactly the eID would carry and transmit, and whether citizens could control or limit that. Would the eID’s digital functions (like the certificate used for online authentication) be enabled by default, or could citizens decide to activate them? As late as 2020, activists complained that the government hadn’t clearly stated if features like RFID or the digital certificate could be turned off (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine). The feeling among rights groups was that the project was being done to the people rather than with their informed consent – a fundamental privacy red flag.

• National Security and Foreign Influence: Another major concern centered on who was building and managing the eID system. Investigative reports revealed that a software subcontractor for the eID had extensive business in China’s financial sector (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). Activists feared that Chinese intelligence could infiltrate the eID supply chain, either through compromised contractors or built-in backdoors. Given that cross-strait tensions are high, the prospect of Beijing obtaining Taiwan’s citizen data (names, addresses, possibly biometrics) was treated as a serious threat. Opponents pointed out that Chinese law can compel businesses to cooperate with state security, so any contractor with mainland ties might be forced to hand over data or system designs to the Chinese government (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). This led to dire warnings that if the eID went forward under the current contractors, “Beijing will have full access to all the personal information on each Taiwanese citizen” (Interior ministry urged to halt eID implementation - Taipei Times) (Interior ministry urged to halt eID implementation - Taipei Times) – an outcome framed as a national security disaster. These claims, though alarming, resonated with a public that has seen cyber espionage and data leaks used as tools of influence. Such concerns not only spooked the public but also caught the attention of lawmakers and security agencies, contributing to the project’s halt.

• Oversight and Accountability Gaps: Privacy advocates underscored that Taiwan lacked the institutional checks to safely launch a project of this magnitude. In democracies that implement national digital IDs, it is common to have an independent data protection authority (to monitor compliance and handle complaints) and updated privacy laws – Taiwan had neither during the eID rollout period (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). This meant that if anything went wrong – a breach, misuse of data, or abuse of power – there was no independent watchdog to step in. Citizens would have to rely on the very agencies collecting their data to self-regulate. Groups like the Judicial Reform Foundation and Taiwan Digital Audit (民間監督團體) decried this as unacceptable. They feared that without an empowered privacy commission, promises made by the MOI about data protection could not be enforced. This concern was borne out when the government initially showed “no intention of revising laws” to accommodate the eID (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室). The outcry eventually pressured the government to concede that a new personal data agency was needed (as described below), but the absence of one at launch time was a key concern that stalled the project. Essentially, watchdog groups argued that privacy protections must come before the ID, not after – a principle the government was forced to acknowledge once opposition grew loud.

In summary, public interest organizations and experts raised consistent, multifaceted objections to the eID. They contended that the initiative, as it stood, threatened citizens’ privacy and security on several fronts – from enabling surveillance and data mining, to increasing hack exposure, to lacking basic legal protections. These concerns were communicated through petitions, press conferences, open letters, and even lawsuits. The government’s eventual decision to suspend the project in 2021 explicitly cited many of these issues (privacy, cybersecurity, public consensus) (Taiwan suspends digital ID project amid safety concerns
| Taiwan News | Jan. 21, 2021 17:26) (Taiwan suspends digital ID project amid safety concerns
| Taiwan News | Jan. 21, 2021 17:26), indicating that the chorus of concern had proven too significant to ignore.

Government Responses and Aftermath

The Taiwanese government’s handling of the eID criticisms evolved over time – from early dismissals, to partial concessions, and ultimately to an about-face pause. Here’s how officials responded and what steps were (or weren’t) taken to address the issues:

Initial Defense and Reassurances: When controversy first emerged, MOI officials doubled down on defending the project’s integrity. Interior Minister Hsu Kuo-yung and his team made numerous public statements aimed at reassuring the public that the eID would be secure and privacy-conscious. For example, Hsu emphasized that the new electronic ID would not centralize data in a Big Brother database – any use of the eID for a government service would only be logged by that specific service’s agency, not by the MOI itself (New electronic IDs to launch starting from July next year - Taipei Times). This was meant to counter the surveillance worries by implying there’d be no single government database tracking all eID transactions. Hsu also cited Taiwan’s laws, noting the project was bound by the Personal Data Protection Act and the Cybersecurity Management Act to protect information (New electronic IDs to launch starting from July next year - Taipei Times). On the technical front, officials highlighted the robust manufacturing process: the cards would be produced domestically in secure facilities, with trusted hardware (TSMC chips) and multiple anti-counterfeit and encryption features to prevent cloning or tampering (New electronic IDs to launch starting from July next year - Taipei Times). The MOI even released information about testing, saying that penetration tests and security evaluations would be conducted thoroughly before going live (New electronic IDs to launch starting from July next year - Taipei Times). Essentially, early government messaging was: “We have this under control, and the benefits (modernization, convenience) outweigh the manageable risks.”

Engaging Critics and Expert Input: As opposition mounted in mid-2020, some in the government adopted a more conciliatory tone. Recognizing the legitimacy of certain concerns, the Tsai administration signaled willingness to adjust the implementation. Notably, Digital Minister Audrey Tang became a bridge between the government and civil society’s demands. Tang openly supported key asks from experts – she endorsed the creation of an independent Personal Data Protection Commission that would oversee the eID and related data privacy matters (Taiwan's digital minister says personal data protection agency needed for digital ID
| Taiwan News | Jul. 30, 2020 10:43). This proposal mirrored what NGOs had been calling for (to have a GDPR-style watchdog). Tang argued that such an agency, combined with involving outside specialists, would bolster public trust (Taiwan's digital minister says personal data protection agency needed for digital ID
| Taiwan News | Jul. 30, 2020 10:43). Her stance indicated that the administration was listening and understood that a purely internal oversight regime was inadequate. Concurrently, the Executive Yuan (Cabinet) began hinting that it might draft dedicated legislation to address eID privacy. Though these measures were not implemented before the project was halted, they represented an important shift from denial to dialogue. The MOI also held or attended more forums with academics – for instance, sending representatives to the Academia Sinica seminar where they faced direct criticism (Taiwan's digital minister says personal data protection agency needed for digital ID
| Taiwan News | Jul. 30, 2020 10:43). During this period, the government’s response strategy expanded from PR assurances to policy adjustments: they slowed the timeline (postponing rollout to 2021, as mentioned) and started formulating conditions (like “we will only proceed after legal safeguards are in place”).

Suspension and Acknowledgment of Issues: The most dramatic government response was the suspension of the eID program in January 2021, which was effectively an admission that the critics’ concerns had merit. In announcing the pause, the government explicitly cited privacy and security as the reasons. The Cabinet stated that “new legislation is [needed] to safeguard privacy” before the project could start (Taiwan suspends digital ID project amid safety concerns
| Taiwan News | Jan. 21, 2021 17:26). Premier Su’s remarks acknowledged both the public outcry and the evolving threat landscape – referencing how hacker attacks were growing more serious and that consensus on safety was essential (Taiwan suspends digital ID project amid safety concerns
| Taiwan News | Jan. 21, 2021 17:26). The suspension was essentially the government saying: we hear you, and we won’t push this until your concerns are addressed. This move diffused what had become a heated issue and gave the administration breathing room. Following the suspension, officials repeatedly affirmed that they were not scrapping the eID outright, but delaying it until proper protections were in place (Taiwan suspends digital ID project amid safety concerns
| Taiwan News | Jan. 21, 2021 17:26). In practice, this placated many critics, as their primary demand – “privacy first, then eID” – was met. It’s worth noting that the government also insisted that the project funds and infrastructure would be preserved (to avoid framing it as a waste), but they refrained from giving any new deadline, effectively putting the plan on ice.

Attempts to Salvage or Revise the Project: During the suspension period (2021–2022), the government took some steps that indicated a desire to eventually salvage the eID concept in a new form. One key step was starting the process of establishing a data protection authority. By late 2021, the idea of an independent Personal Data Protection Commission had gained traction not just as a policy proposal but as a legal necessity – Taiwan’s Constitutional Court issued a ruling requiring an independent agency to oversee personal data, strengthening the case for it (Botched digital ID program to cost NT$280m - Taipei Times). Premier Su and (from 2023) Premier Chen Chien-jen both affirmed that the eID would remain on hold until this commission is set up in law (Botched digital ID program to cost NT$280m - Taipei Times). Meanwhile, the government also reviewed the eID’s technical architecture. MOI and affiliated experts began considering alternative approaches to address the single-point-of-failure problem. For example, there were discussions about whether a physical card was even needed, or if a more decentralized digital identity (perhaps a smartphone-based system) could achieve similar goals with less risk. These discussions likely informed the later decision to explore a “digital ID wallet” (discussed below). However, despite these efforts, it became clear that the original eID card project in its 2019 form was beyond saving politically. Throughout 2022 and 2023, the government’s energies shifted from fixing the project to resolving its consequences – negotiating contract disputes, conducting internal reviews, and reassuring the public that lessons were learned.

Addressing Accountability: In the wake of the eID’s failure, government officials faced demands to account for what went wrong. Opposition lawmakers criticized the administration for wasting taxpayer money and called the mismanagement “worse than corruption” (Botched digital ID program to cost NT$280m - Taipei Times). In response, the MOI defended its actions by highlighting how it handled the termination responsibly. Interior Minister Lin Yu-chang revealed that the government had spent over NT$1.4 billion on the project, but through negotiations they avoided a larger loss by settling with contractors for NT$280 million instead of the NT$1 billion initially demanded (Legislators approve motion to probe handling of eIDs - Taipei Times) (Legislators approve motion to probe handling of eIDs - Taipei Times). He framed this as “the best result for taxpayers” under the circumstances (Legislators approve motion to probe handling of eIDs - Taipei Times). Essentially, officials took credit for mitigating the financial damage. The administration also accepted the need for oversight: it did not oppose the Legislature’s formation of a task force in 2024 to investigate the eID handling (Legislators approve motion to probe handling of eIDs - Taipei Times). While some responsibility was foisted onto contractors (citing issues like the vendor’s false certification and the China ties), the government implicitly acknowledged that it rushed the project. Premier Chen in 2024 remarked that implementation would not continue until proper governance (the data commission) is in place (Botched digital ID program to cost NT$280m - Taipei Times), which is a tacit admission that the initial governance was lacking. In summary, the government’s response in the end was to embrace transparency and corrective action – paying dues, opening itself to inquiry, and committing to fix structural issues (like establishing the independent data watchdog) before trying anything similar.

Impact on Future Digital Governance Initiatives: The failure of the eID project has had a significant ripple effect on Taiwan’s approach to digital governance. Firstly, it has highlighted the paramount importance of public trust and legal frameworks in implementing digital initiatives. One immediate outcome is that Taiwan is now moving to strengthen its privacy regime. Plans are underway to create an independent Personal Data Protection Commission (as required by the Constitutional Court) – a reform that might not have gained urgency without the eID saga bringing data rights to the forefront (Botched digital ID program to cost NT$280m - Taipei Times). This new agency, once established, could transform how digital projects are evaluated and monitored, ensuring future initiatives don’t bypass privacy considerations. Secondly, the government has shown a pivot in strategy for digital identity. In 2023, the Ministry of Digital Affairs announced work on a “digital ID wallet” – a smartphone-based digital identification system expected by 2025 (Taiwan suspends digital ID project over safety concerns). This approach suggests a more decentralized, opt-in model (users would store their ID digitally and present it via an app) as opposed to a compulsory card. The digital wallet concept likely draws on lessons from the eID fallout: it can be introduced gradually, possibly coexisting with physical IDs, and with more flexibility to update security features. It also shifts the paradigm from a government-issued hardware (card) to a user-controlled platform, which might alleviate some privacy fears if designed properly. However, the memory of the eID failure will temper any new project – officials know that they must proceed carefully, with extensive consultation, transparency, and pilot testing. Already, digital ministry officials have stressed that any new digital ID will be developed in the open, with personal data protection built in from the ground up (Taiwan's digital minister says personal data protection agency needed for digital ID
| Taiwan News | Jul. 30, 2020 10:43) (Botched digital ID program to cost NT$280m - Taipei Times).

More broadly, the eID’s collapse has served as a cautionary tale within the government. It underscored that technology-driven policies cannot succeed without public buy-in and robust governance. As a result, one can expect Taiwan’s future digital transformation efforts – be it smart healthcare, e-governance services, or data-sharing platforms – to incorporate more robust stakeholder engagement. The government is likely to enact clearer laws for emerging tech issues (data privacy, cybersecurity liability, etc.) before rolling out new systems. We also see a greater awareness of national security in tech procurement; the eID controversy over Chinese contractors has made agencies more vigilant in vetting suppliers for critical digital infrastructure.

In conclusion, the government’s response to the eID debacle has been a mix of damage control, policy course-correction, and forward-looking change. While the eID project itself was terminated after years of controversy, its legacy is influencing Taiwan’s digital policy in constructive ways – pressing the country to build the legal and institutional foundations necessary for any future e-identification scheme to succeed. The hope among officials and citizens alike is that the failures of the eID initiative will spur reforms that ensure future digital governance projects are secure, privacy-protective, and publicly embraced, thereby avoiding a repeat of this experience.

Sources:

• Taiwan’s Ministry of the Interior and Executive Yuan announcements (2018–2021) (Legislators approve motion to probe handling of eIDs - Taipei Times) (Taiwan suspends digital ID project amid safety concerns
  | Taiwan News | Jan. 21, 2021 17:26)
• Reporting by Taipei Times and Taiwan News on the eID project timeline, delays, and suspension (Taiwan's digital minister says personal data protection agency needed for digital ID
  | Taiwan News | Jul. 30, 2020 10:43) (Taiwan suspends digital ID project amid safety concerns
  | Taiwan News | Jan. 21, 2021 17:26) (New electronic IDs to launch starting from July next year - Taipei Times)
• Analyses by civil society (Open Culture Foundation, TAHR) and local media on security/privacy flaws (Privacy Concerns Raised Regarding New Electronic ID from Civil Society Groups, NPP | New Bloom Magazine) (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室) (Scholar: Taiwans new eIDa juicy target for Chinese hackers
  | Taiwan News | Oct. 9, 2020 15:53)
• Legislative hearing reports and officials’ statements on compensation and termination (2023) (Legislators approve motion to probe handling of eIDs - Taipei Times) (Botched digital ID program to cost NT$280m - Taipei Times)
• Expert commentary on technical risks (cybersecurity, data breaches) (Taiwan suspends digital ID project over safety concerns | Digital Watch Observatory) (Scholar: Taiwans new eIDa juicy target for Chinese hackers
  | Taiwan News | Oct. 9, 2020 15:53) and human rights critiques on privacy (〖追擊亞洲 eID(一)〗數位身分證在台灣：被低估的隱私及資安風險 – OCF Lab 開放實驗室) (Scholar: Taiwans new eIDa juicy target for Chinese hackers
  | Taiwan News | Oct. 9, 2020 15:53).

Follow-up Regulatory work

In recent years, Taiwan has taken significant steps to strengthen its legal framework and establish an independent authority to oversee personal data protection, thereby better supporting government ID projects and addressing previous shortcomings.

Establishment of the Personal Data Protection Commission (PDPC):

In response to the Constitutional Court's August 2022 judgment (No. 111-Shien-Pan-13), which mandated the creation of an independent supervisory mechanism for personal data protection by August 2025, the Legislative Yuan amended the Personal Data Protection Act (PDPA) on May 16, 2023. This amendment designated the Personal Data Protection Commission (PDPC) as the central authority responsible for enforcing the PDPA, consolidating roles previously dispersed among various ministries and local governments.

To facilitate the PDPC's establishment, a Preparatory Office was launched on December 5, 2023. This office is tasked with drafting the PDPC's organizational statute and proposing further amendments to the PDPA to enhance data protection measures. The PDPC is expected to be fully operational by August 2025.

Amendments to the Personal Data Protection Act (PDPA):

The PDPA has undergone several amendments to bolster Taiwan's data protection regime:

• May 31, 2023 Amendment: This revision increased fines for data breaches and laid the groundwork for establishing the PDPC as the exclusive competent authority for personal data protection.

• December 20, 2024 Draft Amendment: The PDPC's Preparatory Office announced a draft amendment focusing on:

  • Mandatory Reporting: Requiring entities to report personal data incidents posing significant risks to data subjects' rights to the competent authority and notify affected individuals.
  • Data Protection Officers (DPOs) and Auditors: Mandating government agencies and certain private businesses to appoint DPOs and Data Protection Auditors to oversee and audit data protection practices.
  • Prioritized Inspections: Allowing the competent authority to prioritize administrative inspections for industries with higher risks of personal data breaches.

These amendments aim to enhance accountability and ensure robust data protection practices across sectors.

Implications for Future Government ID Projects:

The establishment of the PDPC and the strengthening of the PDPA demonstrate Taiwan's commitment to addressing past challenges associated with digital identification initiatives. With a centralized authority and clearer legal guidelines, future government ID projects are expected to operate under enhanced oversight, ensuring better protection of personal data and increased public trust.

Aborted human work

• 2019 "New eID" announced by MOI
• https://www.twreporter.org/a/e-id-in-taiwan-2021-failed
  • Reporter is a good quality investigative media in Taiwan.
  • This one trace the timeline from 1998
• https://www.tahr.org.tw/news/2813
  • Taiwan Advocacy of Human Right (TAHR)
  • trace timeline from 2015 to 2021
• Court ruled in favor of gov in 2023
  • court statement
    • (zh-TW) https://www.judicial.gov.tw/tw/cp-1888-863331-1831f-1.html
    • en https://www.lexology.com/library/detail.aspx?g=3f3a21f4-d7ba-4ba9-8df6-522a180812d7
  • TAHR responded that they dropped the case for already had achieved the goal. https://www.tahr.org.tw/news/3370
• OCF petition to support legistration
  • https://www.eid.tw/
• Ministry of the Interior (MOI) spent 202 million TWD on eID
  • https://www.biometricupdate.com/202405/taiwans-digital-id-card-initiative-suspension-adds-nt202m-in-costs
• Personal Data Protection Commission (PDPC) 個人資料保護委員會 established 2023 https://news.ltn.com.tw/news/politics/breakingnews/4269150
  • https://www.pdpc.gov.tw/CP/23/
• Personal Data Protection Act (pending to be effective)
  • https://law.moj.gov.tw/LawClass/LawAll.aspx?PCode=I0050021