Published on 8 December 2025
Questions & answers
1 Utilisation of AGOV
You can use the AGOV login in your electronic dealings with all Swiss authorities participating in AGOV, including cantons, their municipalities, the Federal Administration, and EMBAG-compatible third parties (EMBAG: Federal Law on the Use of Electronic Means to Carry Out Official Tasks).
You can manage your AGOV login at www.agov.ch/me.
Traditional login methods use a username and password, sometimes combined with a second authentication factor.
With AGOV, however, specific apps* on the smartphone or security keys (commonly known as "FIDO sticks") replace the usual username and password, including second factors. This is a secure and user-friendly solution.* swiyu app with the Swiss e-ID and/or the AGOV access app.
AGOV is operated from the Confederation's own data centres located in Switzerland. Your data is also stored there.
Exceptions:
Your access keys (cryptographic artifacts) are stored in the security chip of your smartphone or in the security chip of your security key (FIDO2). If you access your smartphone or security key via biometrics, your biometric data remains exclusively stored on the device or the security key and is not transmitted to AGOV.The AGOV access app offers much better security than Google Authenticator, for example, because its access keys (cryptographic artefacts) are stored on your smartphone's security chip. This technology guarantees a particularly high level of security and makes the AGOV access app very resistant to hacking. Banks also use this secure form of authentication and offer their own access apps.
The process with access apps requires each institution to provide its own app, as they cannot and must not be used jointly for more than one target system. The AGOV access app was specially developed for the secure electronic use of public services. The AGOV access app is free to download from the Apple App Store and Google Play Store. The storage space requirements on your smartphone are very low, at less than 100MB.Passkeys are a modern and secure method for passwordless authentication, where a cryptographic key is stored on the user’s device.
However, for security and regulatory reasons, AGOV only allows cryptographic keys that are stored locally on a security chip* -for example, on a FIDO2 security key or directly on the device itself.
Passkeys that are synchronized across multiple devices via cloud services such as iCloud or Google are considered less trustworthy, as they can potentially be exported. To ensure the origin and integrity of the keys at all times, AGOV only accepts hardware-bound keys that cannot be transferred, exported, or synchronized. The AGOV access app and the swiyu app for the Swiss e-ID already fully meet these requirements.* By “security chip” we refer to dedicated, non-exportable storage units for keys, such as Trusted Platform Modules (TPM), Apple’s Secure Enclave, Google’s Titan M, or the security modules used in FIDO2 security keys.
Apple mobile devices with iOS operating systems iOS 12 or later.
Mobile devices with Android operating system Android 7 or later.Further information can be found here: Operating system
Here you will find a list of suitable security keys.
- In principle, AGOV can be used worldwide by anyone, regardless of age, legal capacity, origin, location or other personal characteristics. An AGOV account always represents a natural person acting either for themselves or on behalf of someone else (see also the question on legal entities below).
From a technical and legal perspective, the following applies:
- If Internet restrictions apply to AGOV addressing elements and/or target applications, e.g. government blocks, AGOV and its target applications cannot be used directly via the affected connections.
- If the AGOV access app cannot be downloaded (e.g. due to device or country restrictions), FIDO2 security keys must be used instead.
Responsibility for checking whether a specific person is allowed to perform a certain action (e.g. checks on minimum age, legal capacity or membership of an organisation) lies solely with the target applications, not with AGOV. Likewise, the relevant target application decides whether an identity check with an official ID must be performed via AGOV.
These identity checks are internationally available (a list of accepted ID documents can be found here: Country list). If a target application requires the AHV number to be input via AGOV, the possible user group is restricted to people with a Swiss social security number (AHVN13).
Individuals act on behalf of legal entities, and these individuals can use AGOV logins. Individuals are not mapped to legal entities in AGOV. That is a matter for the target systems.
You are free to manage multiple AGOV accounts and decide for yourself which email addresses to use. While the email address stored in AGOV is not intended as a correspondence address in the sense of a business partner management of the target systems, many target systems still rely on it.
Therefore, it is common practice - and even explicitly preferred by certain target systems - to set up an additional AGOV account with your business email address. There is no legal basis preventing target systems from requiring this solution from end users.
As part of the migration from CH-LOGIN to AGOV, it is recommended to use an AGOV account with the same email address to avoid potential issues - especially with target systems that use the email address as the primary identifier.
Please note: The email address linked to an AGOV account can be changed at any time at agov.ch/me. If you manage multiple AGOV accounts in your AGOV access app, it is important to label them clearly so that you always use the correct account.
No. Access rights, affiliations, delegations, trustee relationships, etc. are not shown in AGOV, but should instead be managed and controlled by the target systems. Thus, AGOV does not determine whether you are acting as a private individual, on behalf of an organisation or in another role. The interpretation and verification of your specific role are carried out exclusively by the target system.
Conversely, one natural person can have more than one AGOV account (one for each email address) and can decide for themselves which account they want to use in which context.
As AGOV does not manage affiliations (see FAQ 1.19), their validity period is administered in the respective target systems.
AGOV can be used in all contexts (X2G*), with particular attention to FAQ items 1.10 to 1.12.
*- G2C – Government to Citizen: e.g. online tax declaration, identity documents, e-government portals
- C2G – Citizen to Government: e.g. submitting applications, providing feedback, making reports or notifications
- G2B – Government to Business: e.g. commercial register, subsidies, regulations
- B2G – Business to Government: e.g. supplying public authorities, tenders, service delivery
- G2E – Government to Employee: e.g. internal HR services, training, internal communication
- E2G – Employee to Government: e.g. internal feedback, HR notifications, compliance forms
- G2G – Government to Government: cooperation between administrations, data exchange
AGOV login accounts are personal and always represent exactly one natural person, regardless of whether they are acting for themselves via AGOV login or on behalf of an entity, for example. The responsibility for the proper use of AGOV logins, the associated applications and the transactions carried out using them lies with this natural person. This means that the person is also responsible for the secure storage and appropriate use of the associated login factors (AGOV access app and/or security key). If this person passes on an AGOV login for use to one or more other persons, a disclosure or handover of the login factors is made by the first person named (by physically passing on or registering security keys or AGOV access apps that are not exclusively under the control of the AGOV login account holder). There is no legal basis that prohibits this process for AGOV. However, provisions relating to the associated target applications and transactions carried out remain reserved.
In summary, the principle set out in the «7 important tips» video applies. Your AGOV login is personal. Do not pass it on and do not register mobile phones or security keys as AGOV login factors if you do not have sole control over them.The obligation to ensure accessibility in accordance with the principles set out below* also applies to AGOV. The AGOV developers achieve accessibility by implementing the recommendations of the Web Content Accessibility Guidelines (WCAG) and conducting usability tests with people who use certain accessibility features. AGOV users can report defective or suboptimal implementation of accessibility in AGOV to the Federal Administration (accessibility@agov.ch – this email address is only for reporting accessibility issues; messages relating to support must be sent to agov.ch/help). The AGOV access app (iOS or Android) is most commonly used for accessing AGOV. This access app is also accessible and interacts closely with the accessibility mechanisms of the respective mobile phone operating system. Scanning the AGOV QR code can be an issue for visually impaired AGOV users, as visually impaired internet users often work with their screen switched off. Security keys are an alternative to the AGOV access app, as the application flow is reproduced in full by screen readers and on braille displays.
*- Article 8 paragraph 2 of the Federal Constitution states that no person may be discriminated against because of a physical, mental or psychological disability.
- The Disability Discrimination Act (DDA) requires measures to be taken to prevent, reduce or eliminate discrimination.
- The Ordinance on the Elimination of Discrimination against People with Disabilities (EPDO) contains provisions on the requirements to accommodate people with disabilities when designing federal services.
- Article 9 of the UN Convention on the Rights of Persons with Disabilities (UN CRPD) explains the guarantee of equal access to information and services for the public.
- Furthermore, the European Accessibility Act (EAA) has been in force since 28 June 2025. Its provisions are also relevant for Swiss companies that offer products or services in the EU.
Various test pages are available at www.agov.ch/test.
An AGOV account is always linked to exactly one natural person. Your personal data form the basis for this link and therefore for handling your official transactions. The authorities define for which cases you must additionally have an official ID (photo ID or Swiss e-ID) and, if applicable, your AHV number stored in AGOV. In general, the purposes and legal bases for data processing by AGOV are outlined in the privacy statement. The processing of your personal data within the official transactions themselves, i.e. downstream of AGOV, is based on the respective legal bases of the authorities.
AGOV offers the option of verifying and storing official photo IDs. The AGOV account is then considered to be identity-verified. Each authority defines whether or not an AGOV account has to be identity-verified for its own business activities. Where necessary, AGOV automatically forwards end users to the identity verification process. The identity verification covers the entire AGOV ecosystem and is valid for five years. AGOV offers various identity verification methods:
- By post: Swiss Post AG's BmID identity verification service, for people in Switzerland.
- Online: An online identity verification procedure in accordance with the Federal Act on Certification Services in relation to Electronic Signatures and other Uses of Digital Certificates (ESigA), for people in Switzerland and abroad.
- Counter service: Identification at a counter, for people in cantons with a cantonal AGOV counter.
- e-ID: People who own a Swiss e-ID can submit this directly in AGOV. The AGOV account is then automatically identity-verified.
Not all identity verification methods are available in all contexts; this is defined by the relevant authority.
Method II (online) can only be applied by service providers who are certified to do so in accordance with the ESigA. The Federal Administration appoints one or more such service providers for specific periods, in accordance with the Public Procurement Act (PPA). At the time of issue of this FAQ (2025) this provider is Intrum AG.
If you have linked your Swiss e-ID to your AGOV account, the e-ID itself does have an expiry date, but your AGOV account does not. You can simply renew (reissue) your e-ID and continue using your AGOV account as usual with the new e-ID.
If you have stored an official photo ID in your AGOV account (an AGOV identity verification without a Swiss e-ID), this identity verification is valid for five years. After that period, the verification must be repeated. Your AGOV account remains active; you will simply be invited to renew your identity verification.
Even if you change your device — for example, your smartphone or FIDO security key — or the email address or account used for AGOV login, your AGOV account does not expire. Please keep your e-mail address up to date on agov.ch/me so that you can receive AGOV messages in case account recovery is needed.
As AGOV does not manage affiliations (see FAQ 1.12), their validity period is administered in the respective target systems.
2 Problems with AGOV
AGOV is operated by a 24/7 organisation in the Federal Administration's data centres and its availability is automatically monitored. The platform and software are designed for a high level of resilience. Any disruptions are always rectified as quickly as possible.
Users can find help articles on the website www.agov.ch/help, which in most cases enable them to solve problems themselves. If the problem still cannot be solved, users can contact the relevant office of the target application they wish to use directly. This may be a cantonal office or a federal office, for example, which usually publishes the contact details on the website of the relevant application. Alternatively, users can also contact the relevant person via the website www.agov.ch/help by accessing the appropriate help article and submitting a support request at the end (under «Were we able to help you?», click on «No, I would like to open a ticket»).
You can find solutions to common problems at www.agov.ch/help. You can also submit a support request, which will be responded to as quickly as possible.
Support for participating authorities is provided by second-level support during office hours exclusively through the creation of tickets online. To do this, go to www.agov.ch/help and open the corresponding help article. The online ticket creation starts at the end of the support article.
You can restore your AGOV login credentials (authentication factors) via the self-service option. Documentation is available at www.agov.ch/help. Depending on your situation, the recovery process can be time-consuming and may require a paid identity verification.
To avoid this, we recommend registering two authentication factors: your smartphone with the AGOV access app and a FIDO security key. You can register additional login factors at www.agov.ch/me.
Even if your app PIN appears on a list of weak or leaked passwords circulating on the darknet, it poses no security risk for the AGOV access App.
Here’s why:- The PIN only protects local access to the app – not your digital identity.
Even if someone knows your PIN, they also need your unlocked smartphone. Without access to your device, the PIN alone is useless. - The app actively defends against repeated incorrect attempts.
After several failed entries, access is blocked or the app is reset. Trying out many PINs (so-called brute-forcing) is therefore not possible. - The PIN does not replace strong authentication.
The AGOV access App uses additional security mechanisms for login to online services - such as digital certificates or two-factor authentication. The PIN only adds extra protection on the device. - Your smartphone provides additional layers of security.
Typically, your device is also secured by fingerprint, Face ID, or a device code. This keeps the app protected even if someone knows your PIN.
- The PIN only protects local access to the app – not your digital identity.
Security-sensitive applications like the AGOV access app can only be used if a screen lock (also called device login) is enabled on your smartphone – for example, a PIN code, a pattern, a fingerprint, or facial recognition (Face ID). This requirement is based on several important security considerations.
On one hand, these apps protect particularly sensitive or personal data - such as in the areas of e-banking, healthcare, email communication, government services, or internal enterprise systems. Without device protection, unauthorized individuals could immediately access such data if the device is lost or stolen.
On the other hand, many modern apps rely on authentication methods that are directly linked to the device lock. These include biometric methods like fingerprint or facial recognition, as well as device-based certificates or cryptographic keys. These only work if a screen lock is activated.
In addition, legal or regulatory requirements in certain fields explicitly mandate such protection measures - for instance in banking (under the EU PSD2 directive), healthcare (e.g. GDPR, HIPAA), public administration (eGovernment), or organizations with mobile device management (MDM).
Screen locks also provide effective protection against misuse in the event of device loss. They prevent access to installed apps without further security checks.
For this reason, it is standard - and often required - that security-critical apps only launch when an appropriate device lock is enabled. This reliably protects both the app and access to your data.
Important note: The AGOV access app does not automatically lock your device, but simply prompts you to set up a screen lock.
Please note: It is your responsibility to choose a lock method and store it in a way that allows you to access it at all times - for example, by keeping it safe or documenting the PIN code used. The AGOV recovery process cannot restore access to your smartphone if you have locked yourself out of it.
Alternative option: If you prefer not to use a screen lock on your device, you can instead use a FIDO2 security key to access AGOV access.The AGOV access App has high security requirements for the device being used. If the app cannot be installed or launched on an older or modified smartphone, this is usually due to one or more security-related factors.
A common reason is that the device has been “rooted” (on Android) or “jailbroken” (on iOS). These are modifications that grant access to protected parts of the system. While such changes offer more control, they also disable core security mechanisms, increasing the risk of malware or data theft. Devices with “Custom ROMs” or an unlocked bootloader are likewise considered compromised. The AGOV access App detects these modifications and blocks execution for security reasons.
Another possible reason is the absence of a security chip. Modern smartphones include dedicated hardware like a “Secure Element,” a “Trusted Platform Module (TPM),” or a “Trusted Execution Environment (TEE)” to securely store sensitive information like biometric data or cryptographic keys. Apple devices use the “Secure Enclave,” while Samsung often relies on “Knox.” These components are essential for secure applications, especially those using device certificates or FIDO2 authentication. Without such a chip, or if it's not certified, the AGOV access App cannot function.
Outdated operating system versions can also cause problems. Android and iOS versions that no longer receive security updates are vulnerable to known exploits. Therefore, the AGOV access App requires a current, supported OS. If this requirement is not met, the app will refuse to start.
Some less common Android variants or special distributions – even those designed with security in mind – also pose challenges. These include enterprise-hardened Androids or open-source project versions. Even if secure, they are not officially whitelisted and are therefore unsupported in the AGOV access security architecture.
The app also requires specific device security features to be enabled – such as a screen lock (PIN, fingerprint, or facial recognition) and functioning system integrity checks. If these safeguards are missing, the app cannot meet its security standards.
In summary: The AGOV access App only runs on unmodified, up-to-date devices equipped with secure hardware that are listed as officially compatible. This protects your personal data and secures the connected systems.
If your device is not compatible, you can use a FIDO2 security key as an alternative way to securely access AGOV access.
3 AGOV, other logins and the e-ID
AGOV and CH-LOGIN are currently running in parallel; while CH-LOGIN is available only for the Federal Administration's eGovernment, AGOV can be used by all Swiss authorities. The CH-LOGIN will be fully replaced by AGOV as soon as possible. Users can already switch to AGOV for all CH-LOGIN applications.
The Swiss state e-ID will be usable directly in AGOV as a login factor, thus rendering the AGOV access app (and security keys) obsolete for e-ID users. The AGOV login via the AGOV Access App or a security key remains available as an alternative. This allows end users to freely choose whether to use the e-ID, the AGOV Access App, or the security key as a login factor.AGOV will also support the linking of existing AGOV accounts with the new e-ID (n:1). For AGOV and the underlying target applications, the e-ID has the advantage that the end user can reliably confirm their identity without having to go through identity verification procedures, such as video identification, in AGOV. Please refer to the video: Use of the e-ID with AGOV.
The AGOV access app can be linked to your AGOV account and then serves as a login factor for authentication processes via AGOV.
In the swiyu wallet app, you can store, among other things, your Swiss e-ID*. This e-ID can also be used as a login factor for AGOV sign-ins.
You are free to choose whether to use, for your AGOV login, the AGOV access app, the swiyu wallet app containing your e-ID*, or a security key (FIDO2). These login factors can also be combined freely.
* as soon as available
4 Miscellaneous
The authentication service of the Swiss authorities needed a short name that was easy to pronounce and usable in all the languages of Switzerland plus English - without transation - and was available as intellectual property in Switzerland.
The «AGOV» acronoym is made up of the terms «authentication» and «government». It is pronounced: /ˈeɪ.ɡɒv/ or /ˈeɪ.ɡɑːv/ or /ˈɑː.ɡɒv/AGOV's appearance is based on a colour palette derived from Digital Public Services Switzerland (DPSS). The aim is to consciously avoid using any colours associated with cantons or the Swiss Confederation – as the login flow runs via AGOV from various authorities and back again.
The AGOV logo evolves the squares of the DPSS logo into an extended form that symbolizes the grip of a key.
The design of AGOV focuses on user friendliness and accessibility: it offers optimal contrast, a presentation adjusted for all screen sizes, and a content structure optimised for aids such as screen readers.
The Swiss Confederation is not responsible for processing reviews – that lies with the relevant platform provider, e.g. Google and Apple. Their terms and conditions apply. The Swiss Confederation does not process the evaluations itself. Questions and suggestions on the AGOV access app can be submitted via the support form at www.agov.ch.help.
The number of reviews submitted is very low (in the per mil range of AGOV users) as, unlike many other apps, the AGOV access app does not ask for users to provide an assessment. Reviews are only submitted at the initiative of the users via the relevant platform.
There are no special regulations for private training and support offerings related to public services; market freedom applies. The Swiss Confederation (Federal Administration) does not verify or certify these offerings.
It is the responsibility of the end users to assess the suitability, quality, and seriousness of the offerings and decide whether they wish to use them. In particular, attention should be paid to which personal data is disclosed. Access credentials should not be shared.
The AGOV login is based on three guiding principles: security, user-friendliness, and accessibility. These principles have been reviewed by security experts and confirmed through user testing.
Easy use in everyday life
The login itself is very straightforward. It works similarly to a TWINT payment: Open smartphone → scan QR code → done.One-time setup
Only the initial setup is a bit more demanding. It is similar to setting up smartphone-based e-banking access:- The correct app* must be downloaded from the Apple App Store or Google Play Store.
- Then registration must be completed.
For people who rarely install new apps, this can present a small hurdle at first – for example, if the login data for Apple or Google accounts are not immediately available.
Support and inclusion
Not all users have the same experience with digital processes. That is why it is important that clear information, simple instructions and reliable support are available (AGOV help portal agov.ch/help). Help from family or friends also plays a major role. In this way, even less experienced people can benefit from secure and user-friendly solutions right from the start.* SWIYU App for the Swiss e-ID** or AGOV access App (also works without e-ID)
** as soon as availableOnly genuine AGOV QR codes work in the AGOV access app. The camera app, however, can also open QR codes that lead to external websites. This feature can therefore expose users to fraudulent sites – a practice known as quishing.
The term quishing is a modern derivative of the word phishing, which itself comes from the English fishing. While phishing originally referred to «fishing» for passwords or confidential data through deceptive emails or websites, quishing describes the same fraudulent method but via a QR code. The term results from merging QR (for Quick Response, the name of the square matrix code) and phishing. This results in a concise combination that expresses both the information carrier (QR code) and the method (phishing) – in other words: QR-code phishing → quishing.
Here you can find the technical FAQs as well as glossary entries: FAQ & Glossary