Nearly five years after the European Union required member states to begin issuing new-generation biometric identity cards, Greece has once again launched a massive tender to overhaul its national identification system - a project that has become entangled in political controversy, allegations tied to the country’s wiretapping scandal, and growing concerns over the concentration of critical digital infrastructure in private hands.
The Greek Ministry of Citizen Protection on Thursday announced a new international tender worth more than €515 million, including tax, for the development of a sweeping digital identity and security documents platform that will underpin the country’s next-generation identity cards, digital authentication services and citizen verification systems.
The project, formally known as the Integrated Information System for Security Documents, is among the largest digital governance contracts ever attempted by the Greek state. Beyond replacing traditional identity cards, it seeks to create a centralized architecture for citizen authentication and electronic signatures in line with Europe’s evolving digital identity framework.
ΔΙΑΒΑΣΤΕ ΕΠΙΣΗΣ
Yet the relaunch also revives a process that has already spent years stalled by political reversals, escalating costs and questions about transparency. Under European Union rules adopted in 2019, member states were expected to begin issuing new secure biometric identity cards by 2021. Greece, however, remains among the laggards. An earlier tender launched by the left-wing Syriza government was canceled in 2019 after the conservative New Democracy administration came to power. At the time, the project’s estimated cost stood at roughly €300 million.
Over the following years, the budget expanded dramatically. By 2022, the projected cost had risen by more than 70 percent, while efforts to relaunch the procurement process became overshadowed by revelations surrounding Greece’s surveillance scandal, which exposed the use of spyware and illegal wiretaps against journalists, politicians and business figures.
Several companies reportedly involved in earlier phases of the identity-card competition were alleged in Greek media reports to have maintained close relationships with figures connected to the surveillance affair and officials within the Ministry of Citizen Protection, some of whom later resigned.
The new tender attempts to reset the process but introduces a procurement structure that analysts say could further concentrate power among a handful of large multinational technology providers.
Rather than publishing a fully specified technical framework from the outset, the ministry opted for what is known in European procurement law as a “competitive dialogue” procedure, typically reserved for highly complex or strategically sensitive projects. Under that model, key technical specifications will be shaped during consultations with shortlisted bidders, effectively allowing the eventual participants to influence the architecture of the system itself.
Critics say such arrangements tend to favor companies that already possess integrated, fully certified technology ecosystems rather than firms assembling modular solutions from multiple vendors.
The contract also grants the state the ability to modify the project’s physical scope and budget by as much as 30 percent in either direction - an unusually broad margin for a public procurement project of this scale. The timetable has also raised questions inside Greece’s technology sector.
The tender documents were uploaded to the government procurement platform on May 27, with bids due by June 25, giving interested companies less than one month to prepare submissions for one of the country’s largest-ever digital infrastructure contracts.
The ministry is simultaneously demanding that the core system be fully implemented within 18 months, despite the fact that the project involves software development, biometric infrastructure deployment, hardware installation, data migration, interoperability with existing state systems and nationwide personnel training.
Once completed, the contract would place the winning contractor in charge of operating and maintaining the system for at least a decade, with an option for an additional five-year extension.
For many observers, that long-term operational framework raises concerns about “vendor lock-in,” a situation in which governments become deeply dependent on a single supplier for critical infrastructure.
In practice, the contractor would not simply provide software or equipment but would effectively oversee the long-term operation of a core national identity infrastructure - one that could eventually sit at the center of interactions between citizens and the Greek state. The technical ambitions of the project extend far beyond identity cards themselves. According to the tender documents, the system will digitize the full lifecycle of secure document issuance, from online applications and biometric data collection to document personalization and delivery. It must also comply with the European Union’s evolving eIDAS 2.0 framework, which aims to create interoperable digital identities across the bloc.
The plans additionally include the creation of a centralized “Citizen Identity Hub” and infrastructure enabling Greeks to receive qualified digital signatures recognized throughout the European Union.
The projected scale is striking. Authorities estimate that more than 6 million ID-format documents will be issued during the project’s first three years alone, with tens of millions more expected over the following decade - figures suggesting the platform may eventually extend beyond standard identity cards to encompass a broader range of state-issued security documents.
Another controversial aspect is the government’s decision not to divide the contract into smaller components, a common practice intended to encourage wider competition. Greek officials argue that a unified structure is necessary to ensure interoperability and centralized support. But critics say the approach effectively narrows the field to a small number of global systems integrators with the financial and technical capacity to undertake such a massive project.
Questions have also emerged over the evaluation criteria. Despite the project’s strategic importance and cybersecurity implications, the contract will reportedly be awarded solely on the basis of the lowest price rather than a combined assessment of technical quality and financial value - an approach many specialists consider unusual for critical national security systems.
The tender documents also include strict cybersecurity provisions, confidentiality requirements and clauses excluding Russian involvement, reflecting both European sanctions policy and the increasingly geopolitical nature of digital infrastructure procurement.
