What personal and biometric fields are included in Italy's digital ID dataset?

1. What the CIE’s personal identity fields include — the basics printed and on‑chip

The Italian electronic identity card (CIE) contains the standard civil identity fields one expects on an e‑ID: name and surname, place and date of birth, and the standard document identifiers used for travel and authentication — these human‑readable personal data elements are printed on the card and represented in machine‑readable form on the embedded chip in line with ICAO travel‑document recommendations ^{[1] [4] [5]}. The CIE also supports nationality and residence information such as the “COMUNE DI ISCRIZIONE AIRE” field for Italians living abroad, reflecting how personal address/registration data can be represented when relevant ^[1].

2. The biometric fields explicitly stored — photo and fingerprints (and access limits)

The contactless microchip in the CIE securely stores biometric data including the cardholder’s facial photograph and fingerprints, and these are used both to authenticate online services and to verify the identity holder at checkpoints ^{[2] [4]}. The CIE’s chip conforms to ICAO‑style e‑document practices — meaning the photograph and biometric identifiers are encoded for machine reading — and reporting notes that fingerprint data on the card are subject to restricted access in practice (for example, fingerprints are accessible only by police forces, per the CIE description) ^{[1] [2]}.

3. SPID, the IT Wallet and “qualified attributes” — how the dataset can expand beyond the CIE

Italy’s public digital identity (SPID) and the forthcoming IT Wallet are separate but interoperable systems that rely on verified personal identifiers drawn from existing documents (CIE, passport, tax number, health card) and can carry certified attributes such as professional registrations or educational qualifications; AgID guidance requires presentation of primary documents and the IT Wallet pilot intends to house a broader range of certificates and civil documents ^{[6] [7] [3]}. Namirial and other identity providers are authorized to issue digital identities and to integrate qualified attributes certified by managers (universities, professional registers), which means the “dataset” for a digital identity ecosystem can include both the CIE’s core personal/biometric fields and additional verified attributes issued by third parties ^[3].

4. Storage, standards and vendor roles — technical and policy context

The CIE’s microprocessor and security features are implemented with private vendors and conform to machine‑readable and cryptographic standards referenced by Italian suppliers such as Thales; the card is a polycarbonate ID‑1 smartcard with an NFC‑enabled chip used for online authentication and e‑government services ^{[8] [2]}. Multiple reports underscore that biometric authentication is both a security goal and a policy flashpoint — Italian researchers promote facial biometrics for stronger authentication while the national data protection authority has scrutinized emerging biometric practices (e.g., iris projects) under GDPR, highlighting legal limits on what biometrics can be collected and how they can be used ^{[9] [10]}.

5. What is not — and what remains unclear from available reporting

Public reporting and official pages summarize the CIE’s stored photo and fingerprint biometrics and core personal fields, and they describe SPID/IT‑Wallet carrying certified attributes, but none of the provided sources publishes an exhaustive, field‑by‑field schema for every dataset element (for example, a full list of data elements, their formats, and retention/processing rules is not contained in these excerpts); therefore definitive statements beyond the documented photo, fingerprints and basic civil data would exceed the available reporting ^{[1] [2] [3]}.