Setting Up mitID for Your Danish Business: Expert Tips and Insights

Doing business in Denmark requires adherence to various legal requirements and digital solutions that enhance operational efficiency. One essential aspect of navigating the Danish business landscape is implementing mitID, Denmark's digital identification solution. This article provides an in-depth look at the process of setting up mitID for your Danish business along with expert tips, potential challenges, and insights into its significance.

What is mitID?

mitID is a modern digital identification system introduced to streamline identification processes across various sectors in Denmark. It serves as a replacement for the previous NemID, offering enhanced security features and a user-friendly interface. MitID allows both individuals and businesses to authenticate themselves when accessing a range of public and private online services, including banking, governmental websites, and business platforms.

The Importance of mitID for Businesses in Denmark

Having a reliable digital identification system such as mitID is crucial for any business operating in Denmark. Here are several reasons why:

1. Simplified Identification: mitID provides a unified digital identity that simplifies communication and transactions with various authorities and services.

2. Enhanced Security: mitID employs advanced security measures, including biometric recognition and two-factor authentication, safeguarding both personal and business data.

3. Efficiency in Operations: By enabling quick access to essential services, mitID helps streamline administrative tasks, reducing time spent on manual identification processes.

4. Regulatory Compliance: Many services in Denmark require digital identification to comply with legal regulations, making mitID vital to maintaining adherence to the law.

5. Access to E-Government Services: A mitID account ensures seamless access to important government portals, allowing businesses to manage taxes, submit necessary forms, and communicate with the Danish Business Authority and other institutions.

Prerequisites for Setting Up mitID

Before you can successfully set up mitID for your Danish business, certain prerequisites must be met. Here's what you need:

1. Danish CPR Number: If you are the owner of a business in Denmark, you will need a Danish citizens' registration number (CPR) to apply for mitID.

2. Business Registration: Ensure that your business is properly registered with the Danish Business Authority (Erhvervsstyrelsen) and has the necessary documentation.

3. Digital Signing Agreement: If your business is represented by a person with power of attorney, a digital signing agreement might be necessary.

4. Smartphone or Hardware Token: To complete the registration and use mitID, you will need a smartphone or a hardware token for receiving authentication codes.

Steps to Set Up mitID for Your Danish Business

Setting up mitID can seem daunting, but following these structured steps can make the process smoother:

Step 1: Initiate the Registration Process

1. Navigate to the official mitID website.

2. Click on the “Get Started” button which typically leads you to the application page.

3. Select the option for business users or “Erhverv” to ensure you're entering the right section relevant to your business.

Step 2: Enter Required Information

1. Fill in the business registration number (CVR number), which proves that your company is recognized and legit.

2. Provide your Danish CPR number and other necessary identity information associated with your business.

Step 3: Choose an Authentication Method

You can opt to authenticate via your smartphone by downloading the mitID app or you can choose a hardware token if preferred. Ensure that whichever method you choose aligns with the visibility and access practices you wish to establish for your business.

Step 4: Complete the Verification Process

1. Follow the on-screen instructions provided to verify your identity.

2. This may include scanning a QR code or confirming your identity through additional biometric measures on your smartphone.

Step 5: Review and Approve Conditions

Review the terms and conditions carefully, which outline your responsibilities and the functionalities of mitID. Agree to these conditions to proceed.

Step 6: Create Your mitID

Once verification is successful, proceed to create your unique mitID credentials. This includes setting a secure password that meets the specified requirements.

Expert Tips for Using mitID Effectively

Once you've set up mitID, utilizing it effectively can significantly benefit your business operations. Consider these expert tips:

Tip 1: Regularly Update Your Details

Keep your contact details, including email and mobile numbers, updated in the mitID system. This ensures you receive crucial notifications and updates regarding your business transactions.

Tip 2: Encourage Employees to Use mitID

If your business employs individuals who are involved in handling sensitive transactions, ensure they also have their personal mitID set up, as it provides an added layer of security.

Tip 3: Familiarize Yourself with the Features

Take time to explore the various features offered by mitID. This may include functionalities like secure digital signatures which can reduce time spent on contract management.

Tip 4: Monitor Security Advice and Updates

Stay informed about the security practices recommended by authorities regarding mitID. Implement strong password policies and educate employees about phishing attempts that may compromise their identification security.

Tip 5: Utilize mitID for Financial Services

Embrace mitID when dealing with banks and other financial institutions. Most financial services in Denmark have integrated mitID for authentication, thereby simplifying your procedures.

Common Challenges When Setting Up mitID

While setting up mitID generally involves straightforward steps, challenges can arise. Understanding these can help you navigate the process more effectively.

Challenge 1: Technical Issues

Users may encounter technical difficulties such as issues with the website or app. If your attempts to set up mitID are unsuccessful due to technical errors, consider retrying during off-peak hours or contacting customer support for assistance.

Challenge 2: Document Verification Delays

In some cases, document verification might take longer than expected. Ensure you have all necessary documents ready and consider following up if your application appears to be taking an unusually long time.

Challenge 3: Misplaced Credentials

Losing your mitID credentials or being locked out can hamper business operations. Always keep your recovery information secure and consider setting up a trusted recovery method to avoid being locked out.

Challenge 4: Ensuring Business Representatives Have Proper Access

When you have multiple people managing different aspects of your business, ensure everyone who needs access has their own mitID set up, and that roles and permissions are clearly defined.

Benefits of mitID for Your Business Operations

Setting up and effectively using mitID presents multiple advantages for your business:

Efficiency Boost

Businesses can swiftly complete transactions and actions that require identity verification, reducing time spent on bureaucratic processes. This is especially beneficial in the management of invoices, taxes, and regulatory compliance.

Cost-Effective

By adopting a digital solution like mitID, businesses can significantly cut costs associated with printing, mailing documents, and customer service support for identity verification.

Improved Customer Trust

Using secure methods of identification can enhance clients' trust in your business. Transparency and security in identity verification foster a reliable business reputation.

Accessibility and Flexibility

mitID offers a versatile approach, allowing business owners to access services and complete transactions anytime and anywhere. This flexibility can aid in managing customers and operational tasks from various locations.

Best Practices for Implementing mitID in Your Business

To completely harness the benefits of mitID, ensure the following best practices are instituted:

Best Practice 1: Train Staff Appropriately

Provide training sessions for your staff regarding the usage of mitID. This ensures everyone within your team understands the importance and functionality of mitID and how to navigate it effectively.

Best Practice 2: Integrate mitID Across Your Business Processes

Reassess your business workflows to identify where mitID can be integrated most effectively, be it in client verification processes or financial transactions.

Best Practice 3: Establish a Support Framework

Having a dedicated support framework to assist employees in the onboarding and ongoing usage of mitID can mitigate frustrations and enhance employee engagement regarding the digital solution.

Best Practice 4: Maintain Compliance with Legal Regulations

Regular checks to ensure that your usage of mitID complies with the latest regulations will not only protect your business's credibility but also help avoid legal complications.

Legal and Regulatory Framework Behind mitID (NemID Transition, eIDAS, and Danish Requirements)

mitID is not only a technical login solution – it is part of a wider legal and regulatory framework that affects how your Danish business identifies itself online, signs documents and communicates with authorities. Understanding this framework helps you stay compliant and avoid problems with SKAT, banks and other public and private counterparts.

From NemID to mitID: the regulatory background

mitID was introduced as the national digital ID solution replacing NemID. The transition is anchored in Danish legislation on digital identification and electronic signatures and is coordinated by the Danish Agency for Digital Government in cooperation with banks and public authorities. For businesses, this means that NemID employee signatures and NemID Erhverv are being phased out and replaced by mitID Erhverv and business roles based on the company’s CVR number.

The legal purpose of the transition is to increase security (for example through stronger authentication and better fraud prevention), ensure long‑term technical stability and align Danish rules with EU requirements for electronic identification and trust services.

mitID and the EU eIDAS Regulation

mitID is designed to comply with the EU eIDAS Regulation, which sets common rules for electronic identification, electronic signatures, seals and trust services within the EU and EEA. Under eIDAS, electronic signatures can have different assurance levels, and qualified electronic signatures are legally equivalent to handwritten signatures in all EU member states.

For your Danish business this has several practical consequences:

Digital signatures made with approved mitID-based solutions can be used as legally binding signatures on contracts, board resolutions and other documents, provided the chosen solution meets the required assurance level.
Authorities and many private organisations in Denmark are obliged to accept electronic signatures that meet eIDAS standards, which reduces the need for paper documents and physical presence.
Cross-border recognition of electronic identification and signatures is facilitated, making it easier to work with partners and customers in other EU/EEA countries when they use compatible eID solutions.

Danish requirements for electronic identification and signatures

In Denmark, public authorities are required to use secure electronic identification for access to self‑service solutions and digital communication. mitID is the primary method for this, and businesses are expected to use mitID when they log in to platforms such as Virk.dk, TastSelv Erhverv (SKAT), e‑Boks Erhverv and other public portals.

Key Danish requirements that affect your company include:

Mandatory digital communication: Most companies must receive and send official messages from authorities digitally, typically via e‑Boks linked to the CVR number. Access to these messages usually requires mitID.
Secure login for tax and reporting: Filing VAT, payroll taxes, corporate income tax and other reports through SKAT’s systems requires strong electronic identification. mitID Erhverv is the standard solution for this.
Use of digital signatures in business processes: Many public tenders, grant applications and registrations at authorities require electronic signatures that meet specific assurance levels, which are supported by mitID-based solutions.

Roles, liability and internal controls

The legal framework places responsibility on the company to manage mitID access correctly. The business is expected to define who may act on its behalf and to ensure that only authorised persons have access to sensitive services such as tax, banking and official correspondence.

In practice this means:

The company must appoint responsible persons (for example, administrators in mitID Erhverv) who manage roles and rights for employees, accountants and external advisors.
The business is generally liable for actions carried out with its digital identity, unless it can document misuse or security breaches and that reasonable internal controls were in place.
Internal procedures for granting, changing and revoking access are important to meet regulatory expectations and to reduce the risk of fraud or unauthorised filings.

Security, AML and KYC obligations

Banks and other financial institutions in Denmark are subject to strict anti‑money laundering (AML) and know‑your‑customer (KYC) rules. mitID is a central tool in fulfilling these obligations, as it provides strong identification of owners, directors and authorised signatories.

When your company opens a bank account, applies for financing or changes signatory rights, the bank will typically require that the relevant persons use mitID for identification and signing. This helps the bank meet its legal duties to verify identities, ownership structures and control over the company.

Data protection and GDPR aspects of mitID

The use of mitID involves processing personal data, including identification data and log‑in information. This processing must comply with the General Data Protection Regulation (GDPR) and Danish data protection rules. Public authorities and service providers that operate mitID act as data controllers or processors and must ensure appropriate technical and organisational security measures.

Your business also has responsibilities:

Access to systems via mitID should be limited to employees and advisors who need it for their tasks, in line with the principle of data minimisation.
Logs and documentation of access and signatures should be handled securely and retained only as long as necessary for legal, accounting and audit purposes.
Employees must be informed about how their personal data is processed when they use mitID in the course of their work, for example in internal privacy notices.

Practical implications for Danish businesses

Because mitID is embedded in Danish and EU regulation, it is not optional for most companies that interact with authorities and financial institutions. To stay compliant, your business should:

Ensure that at least one person with the right authority has functioning mitID access linked to the company’s CVR number.
Implement clear internal rules for who may sign what with mitID, and how access is managed when employees join, change roles or leave.
Coordinate mitID use with your accountant or external bookkeeper so they can handle tax, VAT and reporting on your behalf in a legally secure way.

By understanding the legal and regulatory framework behind mitID, you can use it not only as a login tool, but as a compliant and efficient foundation for your digital business processes in Denmark.

Types of mitID Solutions for Businesses (mitID Erhverv, Private mitID, and Sector-Specific Setups)

Choosing the right mitID setup is crucial for smooth cooperation with Danish authorities, banks, and business partners. In practice, most companies will work with three main types of solutions: mitID Erhverv (business mitID), private mitID used for business purposes in limited situations, and specialised sector setups used in regulated industries.

mitID Erhverv – the standard solution for Danish businesses

mitID Erhverv is the primary and recommended solution for companies registered with a Danish CVR number. It is designed for legal entities and allows you to manage access for owners, directors, employees, accountants, and external advisors in a structured way.

With mitID Erhverv, you can:

Log in to public self-service platforms such as Virk.dk, TastSelv Erhverv (SKAT), e-Boks Erhverv, and the Danish Business Authority
Sign digital documents and agreements on behalf of the company, including contracts, bank documents, and filings with authorities
Assign and revoke rights for different roles (e.g. payroll, VAT, corporate tax, customs, e-Boks access)
Connect multiple employees and external bookkeepers under the same CVR with clearly defined permissions

mitID Erhverv is mandatory in practice for most companies that need to:

Submit VAT returns and payroll reports (e.g. via eIndkomst)
Handle corporate tax, dividend tax, and withholding obligations
Receive and read digital post from authorities in e-Boks
Use online banking in the company’s name, including approving payments and viewing accounts

For accounting and payroll processes, mitID Erhverv is usually the only efficient way to give your accountant or bookkeeper the access they need without sharing private credentials.

Private mitID used for business purposes

Private mitID is issued to individuals and is linked to their personal CPR number. It is primarily intended for private use, but in some situations it is still used in a business context.

Typical examples include:

Sole proprietors (enkeltmandsvirksomhed) who log in with their private mitID to access tax and VAT for the business, because the business is not a separate legal entity from the owner
Very small or newly established businesses that temporarily use the owner’s private mitID to handle initial registrations and simple filings before mitID Erhverv is fully set up
Company owners and directors who sign certain documents as private individuals (for example, personal guarantees, loan agreements, or shareholder-related documents)

However, relying on private mitID for ongoing business operations has clear disadvantages:

Access cannot be safely shared with employees or external advisors
It is harder to separate private and business responsibilities and to document who approved what
It increases the risk of non-compliance with internal control, audit, and data protection requirements

For these reasons, accountants and advisors generally recommend moving to mitID Erhverv as soon as possible, especially once you have employees, external bookkeepers, or more complex reporting obligations.

Sector-specific mitID setups and integrations

Some industries in Denmark use sector-specific solutions or integrations on top of standard mitID to meet additional regulatory and security requirements. These setups still rely on mitID as the core identification method, but add extra layers or specialised access flows.

Common sector-related setups include:

Banking and financial services – companies often use mitID Erhverv in combination with bank-specific roles and approval rules (for example, “four-eyes” approval for payments, separate roles for preparing and approving transactions, and limits per user). Access to corporate online banking is usually tied to mitID Erhverv identities and the company’s CVR.
Auditors, accountants, and payroll providers – external advisors are granted access via mitID Erhverv roles defined by the client company. This allows them to log in to SKAT, eIndkomst, Virk.dk, and e-Boks on behalf of the company without using private mitID or generic shared logins.
Public sector suppliers – businesses that deliver goods or services to the public sector often use mitID to access procurement portals, invoicing systems (e.g. NemHandel / EAN invoicing), and contract management platforms. Access is typically controlled via mitID Erhverv roles linked to the CVR.
Highly regulated industries – companies in areas such as healthcare, social services, and financial compliance may combine mitID with sector gateways and logging requirements to ensure that every access and signature can be traced to a specific employee and role.

When choosing your setup, it is important to consider not only how you log in, but also how you document authorisations for audits, tax inspections, and internal control. Sector-specific configurations based on mitID Erhverv make it easier to demonstrate who had access to financial data, who submitted VAT and tax returns, and who approved payments.

How to choose the right mitID solution for your company

For most Danish businesses with a CVR number, mitID Erhverv should be the main solution. Private mitID should be limited to personal matters and, where applicable, to very simple sole proprietor setups. Sector-specific configurations are relevant if you operate in a regulated field, handle large payment volumes, or work closely with public authorities.

From an accounting and compliance perspective, the key is to ensure that:

Each person uses their own mitID identity
Access rights in mitID Erhverv reflect real responsibilities in the company
External bookkeepers and advisors are given clearly defined roles instead of shared logins
Changes in staff or ownership are quickly reflected in your mitID setup

This approach reduces the risk of errors in VAT, tax, and payroll, strengthens your internal controls, and makes cooperation with your accountant and the Danish authorities significantly smoother.

Roles and Access Management in mitID (Assigning Rights to Employees, Accountants, and External Advisors)

Correctly setting up roles and access in mitID is crucial for secure and efficient management of your Danish business. Whether you work with internal staff, an external accountant or a bookkeeping firm, clear access rules help you protect sensitive data, avoid errors in filings and stay compliant with Danish regulations.

Understanding roles in mitID for businesses

For most companies, access is managed through mitID Erhverv, which connects user identities to your CVR number. Instead of sharing one login, each person gets their own mitID and specific rights. Typical roles include:

Legal representative / owner – usually the person registered in the CVR as owner, director or signatory. This person can approve new users, assign rights and sign binding documents on behalf of the company.
Administrator – sets up and manages users in mitID Erhverv, defines which systems they can access (for example SKAT, e-Boks, virk.dk) and what they are allowed to do there.
Employee user – has limited, task-based access, for example to submit VAT returns, register payroll data or read company mail in e-Boks.
External advisor / accountant – receives access only to the areas necessary to perform agreed services, such as bookkeeping, VAT, payroll or annual reporting.

Assigning access to employees

When you grant mitID access to employees, the goal is to give them enough rights to do their job, but not more. In practice, this usually means:

Allowing finance staff to view and submit VAT (moms) returns, check tax account balances and manage payment deadlines for A-tax and AM-contributions.
Giving payroll staff access to eIndkomst, so they can report salaries, A-tax, AM-bidrag and holiday pay correctly and on time.
Allowing selected employees to read and respond to messages in e-Boks, for example letters from SKAT, ATP, municipalities or other authorities.
Restricting access to sensitive areas such as changes to company registration, bank agreements or signing of binding contracts to the owner or director.

Always link each user to a real person with their own mitID and avoid shared logins. This makes it easier to track who did what and reduces the risk of misuse.

Granting access to accountants and external bookkeepers

Many Danish businesses use an external accountant or bookkeeping firm. With mitID, you can give them targeted access without giving up full control. Typical rights for an external advisor include:

Submitting and correcting VAT returns and accessing your tax account to reconcile payments and refunds.
Reporting salaries, A-tax and AM-contributions in eIndkomst and handling corrections when needed.
Accessing e-Boks to download letters from SKAT and other authorities and ensure that deadlines are met.
Preparing and filing annual reports and corporate tax returns, depending on your company form and turnover.

When you set up access for an accountant, define in writing which rights they should have and who in your company is responsible for approving filings and payments. You can, for example, allow the accountant to prepare VAT returns, while the owner or director uses their own mitID to approve the final submission and payments.

Principles for secure access management

To keep your mitID setup secure and compliant, follow these basic principles:

Least privilege – give each person only the access they need. A payroll assistant does not need rights to change company registration data, and a junior bookkeeper does not need to sign binding agreements.
Separation of duties – where possible, separate tasks such as preparing and approving VAT returns or salary payments. This reduces the risk of fraud and errors.
Individual responsibility – every user must have their own mitID and must not share codes or devices. This is a core requirement in Danish digital security practice.
Regular reviews – at least once a year, and whenever staff or advisors change, review all mitID roles and remove access that is no longer needed.

Onboarding and offboarding users

When a new employee or advisor starts working with your company, create their mitID access as part of a structured onboarding process. Clarify:

Which systems they need (for example virk.dk, SKAT, e-Boks, eIndkomst).
Which actions they are allowed to perform (view, prepare, submit, approve).
Who they should contact if they need additional access or encounter login problems.

When someone leaves the company or you end cooperation with an external bookkeeper, remove or adjust their mitID rights immediately. This is essential for data protection, especially when they had access to salary information, tax data or other sensitive business information.

Documenting your mitID access structure

For both security and compliance reasons, it is good practice to document how access is managed in your company. This can be a simple internal overview that lists:

Who is the legal representative and who are the mitID administrators.
Which employees and advisors have access to which systems and functions.
How you handle changes in roles, new hires, resignations and changes of external accountants.

Clear documentation makes it easier to cooperate with your accountant, respond to questions from authorities and demonstrate that you handle digital access in a responsible way.

By setting up roles and access in mitID carefully, you protect your company against mistakes and misuse, while ensuring that employees and advisors can work efficiently with Danish authorities and digital business systems.

How mitID Integrates with Danish Public Systems (Virk.dk, SKAT, e-Boks, and Other Authorities)

mitID is the central digital key that connects your Danish business to almost all public systems. Once correctly set up, it allows you, your employees and your external accountant to log in securely, sign documents and manage obligations on behalf of the company across platforms such as Virk.dk, SKAT (TastSelv Erhverv), e-Boks and a wide range of authorities and financial institutions.

Logging in to Virk.dk and business self-service solutions

Virk.dk is the main entry point to most public self-service solutions for businesses in Denmark. With mitID Erhverv, you can:

Register and update company information linked to your CVR number
File VAT (moms) returns and pay VAT for monthly, quarterly or half-year periods, depending on your registration
Report and adjust A-tax (withholding tax) and AM-bidrag (labour market contribution) for employees
Submit annual reports to the Danish Business Authority (Erhvervsstyrelsen)
Manage registrations for payroll schemes, import/export and other sector-specific permits

Access to these services is controlled by roles in mitID Erhverv. You can grant your accountant or external bookkeeper rights to use Virk.dk on behalf of your company without giving them access to everything. This is particularly useful for delegating routine tasks such as VAT filing or payroll reporting while keeping strategic or sensitive functions under the control of management.

Using mitID with SKAT (TastSelv Erhverv)

SKAT’s business portal, TastSelv Erhverv, is fully integrated with mitID. When you log in with mitID Erhverv, you can:

View and pay outstanding tax balances, including corporate tax (selskabsskat) and withholding obligations
File and correct VAT returns, including reverse charge and EU trade reporting
Submit payroll information that feeds into the Danish income register (eIndkomst)
Access payment IDs and deadlines for upcoming tax and VAT payments
Download statements and documentation needed for bookkeeping and audits

For many companies, the accountant handles most interactions with SKAT. By assigning the correct mitID roles, you ensure that your accountant can manage VAT, A-tax and AM-bidrag on time, while you as owner or director retain overall control and can log in at any time to verify what has been reported and paid.

Receiving and managing digital mail in e-Boks

e-Boks is where most official communication from Danish authorities is delivered. With mitID, your company can access:

Letters and decisions from SKAT about tax assessments, VAT control and payment reminders
Notifications from the Danish Business Authority regarding annual reports, changes to company details and compliance requirements
Messages from municipalities, courts and other public bodies relevant to your business

It is crucial to log in regularly or to delegate access via mitID to a trusted person, such as your accountant or office manager. Missed messages in e-Boks can lead to fines, missed deadlines for appeals or delayed registrations. With the right mitID setup, you can ensure that at least one responsible person monitors e-Boks and reacts quickly to any authority correspondence.

Integration with other authorities and public services

Beyond Virk.dk, SKAT and e-Boks, mitID is used across a wide ecosystem of Danish public and semi-public services, for example:

NemKonto administration – linking your company’s bank account to receive refunds from SKAT, public subsidies or other payments from authorities
Statistics Denmark (Danmarks Statistik) – submitting mandatory statistical reports for certain industries and company sizes
Municipal self-service portals – applying for permits, environmental approvals, building permissions or local subsidies
Public procurement platforms – logging in to tender portals to submit bids and sign contracts digitally
Digital signing solutions – signing agreements, declarations and authority forms with a legally binding electronic signature based on mitID

In many cases, the same mitID Erhverv identity is used across all these systems, which reduces complexity and lowers the risk of errors compared to managing separate logins for each authority.

How mitID supports your accounting and compliance processes

For businesses working closely with an external accountant or bookkeeper in Denmark, mitID is a key tool for efficient collaboration. When properly configured, it allows your advisor to:

Access all necessary public portals to prepare and submit VAT, tax and payroll reports
Download statements and confirmations directly from SKAT and other authorities for reconciliation in your accounting system
Monitor deadlines and upcoming payments to avoid interest and surcharges
Handle corrections and clarifications requested by authorities without delays

This integrated approach means that your internal bookkeeping, your accountant’s work and the data held by Danish authorities are aligned. It reduces manual data entry, helps prevent missed deadlines and supports a clean audit trail for both tax and financial reporting.

Practical recommendations for smooth integration

To make the most of mitID’s integration with Danish public systems, consider the following practices:

Define clear roles in mitID Erhverv for owners, directors, employees and external advisors
Ensure that at least two people can access critical systems such as Virk.dk, SKAT and e-Boks, to avoid bottlenecks when someone is absent
Coordinate with your accountant when setting up or changing access rights, so they have exactly the permissions they need
Review access rights regularly, especially after staff changes or changes in collaboration with external bookkeepers
Document internally who is responsible for monitoring e-Boks, filing VAT and tax, and updating company data with authorities

When these elements are in place, mitID becomes a powerful and secure hub that connects your Danish business to all essential public systems, supports compliant accounting and tax handling, and makes everyday administration significantly more efficient.

Security and Compliance Considerations When Using mitID in Your Company

Using mitID in your Danish company is not only a practical necessity, but also a central element of your security and compliance setup. mitID is the primary digital ID solution used to access public authorities such as SKAT, virk.dk and e-Boks, as well as many banks and private providers. This means that how you configure, use and monitor mitID has a direct impact on your company’s legal compliance, data protection and risk exposure.

MitID as a legally binding authentication method

When an employee, owner or external advisor logs in with mitID on behalf of your company, the actions they perform are generally treated as legally binding for the business. Submitting VAT returns, approving tax information, signing digital documents or granting access rights can all have legal and financial consequences. You should therefore:

Clearly define who is allowed to act on behalf of the company in public systems and online banking
Document internal authorisations (for example, board decisions or powers of attorney) that match the rights given in mitID
Regularly review whether the people with access still have a valid role and mandate

Compliance with Danish and EU regulations

MitID is part of Denmark’s implementation of EU eIDAS rules on electronic identification and trust services. For your company, this has several practical implications:

Digital signatures and logins with mitID are widely recognised as strong authentication and can be used to meet “strong customer authentication” and “two-factor authentication” requirements in many contexts
Authorities expect that access to sensitive systems (for example, tax, payroll, social contributions) is protected by secure login such as mitID
Using mitID correctly supports your compliance with sector rules, for example in finance, accounting and payroll administration

However, using mitID does not replace your own compliance obligations. You still need internal procedures for authorisation, documentation, internal controls and audit trails.

Access control and segregation of duties

One of the most important security considerations is how you manage roles and access rights in mitID, especially if you use mitID Erhverv. Poorly configured access can lead to unauthorised filings, payments or data access. To reduce risk, you should:

Apply the principle of least privilege – give each user only the rights they need to perform their tasks
Separate critical functions where possible, for example:
- One person prepares VAT and tax data, another person submits it
- One person sets up payments, another approves them
Use role-based access for groups of employees instead of ad hoc individual rights whenever feasible
Ensure that external bookkeepers and advisors only receive access to the systems and periods they actually work with

Onboarding, offboarding and changes in employment

Many security incidents arise not from technical weaknesses, but from outdated or incorrect access. To stay compliant and protect your company, you should have clear procedures for:

Onboarding: When a new employee or external accountant needs mitID-based access, define in writing which systems they may access (for example, SKAT, e-Boks, virk.dk, pension providers, banks) and at what level
Role changes: When an employee changes position, promptly adjust their mitID rights so they match the new responsibilities
Offboarding: When someone leaves the company or you end a cooperation with an external advisor, immediately revoke or update their mitID access to all systems where they acted on behalf of the business

Documenting these steps is important both for internal control and for demonstrating due diligence if something goes wrong.

Technical security and device management

MitID itself uses strong encryption and multi-factor authentication, but your company’s overall security also depends on how devices and login environments are managed. Consider the following measures:

Ensure that devices used for mitID logins (computers, smartphones, tablets) are protected with PIN, password or biometric login and are regularly updated
Use reputable antivirus and endpoint protection solutions, especially on devices used for banking, tax and payroll
Avoid shared user accounts on computers that are used for mitID logins
Limit the use of public or unsecured Wi-Fi networks when logging in to sensitive systems with mitID
Establish clear rules for remote work and the use of private devices for business-related mitID logins

Handling lost, stolen or compromised mitID

If a mitID used for company purposes is lost, stolen or suspected to be compromised, fast reaction is crucial. Your internal guidelines should specify:

How employees must report suspected misuse or phishing attempts
Who is responsible for blocking or suspending mitID and adjusting access rights
How you review recent logins and transactions in systems such as SKAT, online banking and e-Boks
When to involve your bank, mitID support, your accountant or legal advisor

Training employees to recognise phishing emails, fake login pages and suspicious SMS messages is a simple but highly effective security measure.

Data protection and confidentiality

MitID is often used to access systems that contain personal data and confidential business information, such as payroll, employee tax details, social security numbers, customer data and financial statements. Under the GDPR and Danish data protection rules, your company must ensure that:

Only authorised persons can access personal data via mitID
Access is logged and can be traced if you need to investigate an incident
Data is not exported, stored or shared in insecure ways after login (for example, unencrypted spreadsheets with salary data)
Data processing agreements are in place with external providers who access your systems using mitID on your behalf

Regular internal audits of who can access which data through mitID-based logins help you identify and correct excessive or outdated rights.

Documentation, logging and audit readiness

From a compliance perspective, it is not enough to have secure practices; you also need to be able to document them. To support both internal control and potential external audits, you should:

Keep an updated overview of all systems where the company uses mitID for login or signing
Maintain a register of users with mitID-based access on behalf of the company, including their roles and rights
Store records of changes to access rights, including who approved them and when
Regularly review logs from key systems (for example, tax, payroll, banking) for unusual or unauthorised activity

Working securely with external accountants and advisors

Many Danish companies give their external bookkeeper or accountant access to public systems via mitID. This can be efficient and fully compliant if handled correctly. To reduce risk, you should:

Use formal agreements that clearly describe which systems the advisor may access and for what purposes
Assign access via structured roles rather than sharing personal mitID credentials (which is not allowed)
Regularly verify that the advisor’s access matches the current scope of work
Revoke or adjust access immediately if you change advisor or move tasks in-house

Embedding mitID in your overall security strategy

MitID should be seen as one component of your broader security and compliance framework, not a complete solution on its own. Combine mitID with:

Clear internal policies for IT security, access control and use of company systems
Regular employee training on secure digital behaviour and recognition of fraud attempts
Periodic risk assessments focusing on systems accessed with mitID
Close cooperation with your accountant, IT provider and bank to align technical and procedural safeguards

By treating mitID as a strategic security tool rather than just a login method, you strengthen both the protection of your company’s assets and your compliance with Danish and EU requirements.

Onboarding New Employees and External Bookkeepers to mitID Safely

When you onboard new employees and external bookkeepers to mitID, you are effectively giving them the keys to your company’s digital identity. A structured and secure onboarding process helps you stay compliant with Danish rules, protect sensitive data and avoid mistakes in communication with SKAT, e-Boks, banks and other authorities.

Define who really needs mitID access

Start by mapping which roles in your company actually need mitID access and to which services. Typical examples are:

Employees handling VAT (moms), payroll (lønsum, A‑skat, AM‑bidrag) and annual reports
Management who must sign documents, loan agreements or submit official registrations
External bookkeepers and accountants who manage day‑to‑day bookkeeping and reporting

Limit access to the minimum necessary. For example, a payroll assistant may only need access to e‑Income and SKAT, while your external accountant may need broader access to VAT, corporate tax and annual reporting.

Use mitID Erhverv and clear role assignments

For companies with a CVR number, mitID Erhverv is the standard solution. As the legal representative or administrator, you should:

Create or confirm your role as administrator in mitID Erhverv
Set up roles and rights that match your internal processes (e.g. “Payroll”, “VAT & Tax”, “Bank & Financing”)
Assign employees and external advisors only to the roles they need for their tasks

Always separate rights for approving and preparing submissions where possible. For example, one person can prepare VAT returns, while another person approves and submits them via mitID. This reduces the risk of errors and fraud.

Secure onboarding of new employees

When a new employee joins, follow a standardised onboarding checklist for mitID:

Verify identity and employment – confirm the employee’s CPR, employment contract and role before granting any access.
Check their private mitID – if they will use private mitID for work-related logins, ensure this is allowed by your internal policy and that they understand the responsibility.
Create user in mitID Erhverv – add the employee with their correct CPR and assign only the necessary roles and rights.
Document granted access – record which systems and rights the employee has received, and who approved it.
Provide training – show the employee how to log in securely, how to recognise phishing attempts and how to handle codes and devices.

Make sure new employees understand that mitID credentials are personal and must never be shared, even with colleagues, management or external partners.

Onboarding external bookkeepers and accountants

External bookkeepers and accountants often need broad access to your financial and tax data. To onboard them safely:

Sign a clear engagement letter or contract that defines which tasks they perform (e.g. VAT, payroll, annual report, corporate tax) and which systems they may access.
Grant access via mitID Erhverv roles or via digital power of attorney (fuldmagt) where relevant, rather than sharing internal logins.
Limit their rights to the areas they actually manage – for example, allow access to SKAT and e‑Income, but not to all bank functions if this is not necessary.
Agree on approval flows – decide which reports and submissions the bookkeeper prepares, and which you as owner or director must approve and sign with mitID.

Review access for external advisors at least once a year, and immediately when the cooperation ends or their responsibilities change.

Internal policies and documentation

To keep onboarding consistent and compliant, create simple written procedures for mitID use in your company. These should cover:

Who is allowed to administer mitID Erhverv and assign rights
How to request new access and who must approve it
How to document granted rights and changes over time
How to handle lost devices, suspected misuse or security incidents

Store this documentation together with your other internal policies, such as IT security and GDPR guidelines. This makes it easier to demonstrate control if SKAT, your bank or other authorities ask about your access management.

Security, GDPR and data minimisation

mitID gives access to personal and financial data that is protected under the Danish Data Protection Act and GDPR. When onboarding employees and external bookkeepers, you should:

Grant access only to data that is necessary for their tasks (data minimisation)
Ensure that external advisors have appropriate data processing agreements in place when they handle personal data on your behalf
Inform staff and advisors about your rules for storing, sharing and deleting data obtained via mitID logins

Consider logging and regularly reviewing who has accessed sensitive systems and when. This helps you detect unusual activity and supports compliance with Danish and EU data protection requirements.

Offboarding: removing access quickly and safely

Secure onboarding is only effective if offboarding is just as strict. When an employee leaves or you end cooperation with an external bookkeeper:

Immediately remove their roles and rights in mitID Erhverv.
Update any digital powers of attorney (fuldmagter) that gave them access to SKAT, banks or other authorities.
Document the date and time when access was removed and who performed the change.
Review whether passwords, approval flows or internal procedures need to be updated.

Quick and documented offboarding reduces the risk of unauthorised access to your company’s tax, payroll and financial information after a person is no longer involved in your business.

By treating mitID onboarding and offboarding as a controlled process rather than an ad‑hoc task, you strengthen your company’s security, comply with Danish requirements and make cooperation with employees and external bookkeepers smoother and more reliable.

Handling Changes in Company Structure (New CVR, Mergers, Ownership Changes) and Their Impact on mitID

Changes in your company’s structure almost always affect how you manage mitID. Whether you register a new CVR number, merge companies or change ownership, you must update your digital identities so that access to public systems, banks and e-Boks remains correct and compliant with Danish rules.

New CVR number: setting up mitID from scratch

When you create a new Danish company and receive a new CVR number, you must treat mitID as a fresh setup. Rights and roles from an old CVR cannot simply be “moved over” informally – they must be created again under the new legal entity.

In practice this means:

Registering the company with the Danish Business Authority (Erhvervsstyrelsen) and ensuring that the legal representatives are correctly listed in the CVR register
Choosing the right mitID solution (typically mitID Erhverv) and appointing at least one administrator with the authority to assign roles
Granting access to key systems such as TastSelv Erhverv (SKAT), virk.dk, e-Boks Erhverv and banking platforms based on the new CVR

If you work with an external accountant or bookkeeper, you must explicitly grant them rights under the new CVR. Old NemID or mitID authorisations linked to a previous company or CVR are not valid for the new entity.

Mergers and restructurings: aligning mitID with the “surviving” company

In mergers, demergers or other restructurings, one CVR may continue while another is closed, or a completely new CVR may be created. mitID must always follow the legal reality registered in the CVR register.

Key points to consider in a merger or restructuring:

Identify the surviving CVR: If one company continues, mitID roles and access should be consolidated under this CVR. Users who previously worked under the closing company must be granted rights under the surviving CVR.
Close access for discontinued entities: When a CVR is deregistered, access linked to that CVR must be removed. This includes roles in mitID Erhverv, authorisations in SKAT and access to e-Boks for the old company.
Update sector-specific access: If you use special portals (for example for payroll, customs, or industry-specific reporting), check that the CVR and P-number references are updated and that mitID roles reflect the new structure.

For larger restructurings, it is often efficient to plan a detailed access matrix in advance: which employees, owners and external advisors need which rights under the new structure, and from which date old access should be removed.

Ownership changes: updating legal representatives and signing rights

When ownership changes but the CVR remains the same, the most important step is to ensure that the correct persons are registered as legal representatives and signatories in the CVR register. mitID relies on this information to determine who can act on behalf of the company.

Typical situations include:

New owners or directors: Once the new management is registered, they can be given administrator roles in mitID Erhverv and full access to tax, banking and reporting systems.
Former owners leaving the company: Their access should be removed promptly, especially to SKAT, e-Boks, payroll systems and online banking. Leaving old access active can create compliance and security risks.
Changes in signing rules: If the company moves from single to joint signature or vice versa, you must review who can approve actions in systems that rely on mitID for binding signatures (for example, loan agreements or major contracts via the bank).

From a compliance perspective, it is important that the people who can sign digitally with mitID are the same people who are authorised to sign according to the company’s articles and the CVR register. Misalignment can lead to disputes about the validity of agreements.

Impact on accountants, bookkeepers and other external advisors

Structural changes often affect external partners first, because they rely on mitID-based access to handle your daily accounting and reporting. If you change CVR, merge entities or replace owners, you should:

Inform your accountant or bookkeeper in advance about the planned changes and dates
Review their current authorisations in SKAT, e-Boks and other portals and decide which ones must be transferred, extended or closed
Set up new mitID roles or power of attorney (fuldmagter) under the correct CVR so they can continue submitting VAT returns, payroll reports and annual accounts without interruption

For companies with frequent structural changes, it is often useful to define a clear internal process: who is responsible for updating mitID, how quickly changes must be implemented, and how access for external advisors is documented.

Practical checklist when your company structure changes

Whenever you create a new CVR, merge, demerge or change ownership, it is helpful to follow a structured approach to mitID:

Confirm the new legal structure and CVR information in the Danish Business Register.
Identify who should be legal representatives and mitID administrators in the new or changed company.
Set up or adjust mitID Erhverv so that roles match the new structure.
Update access to SKAT, virk.dk, e-Boks, banking and sector-specific portals.
Remove access for people who no longer have a role in the company, especially former owners and employees.
Inform your accountant, payroll provider and other advisors and verify that they can still access the systems they need.
Document the changes for internal control and for potential audits.

By handling mitID proactively whenever your company structure changes, you reduce the risk of blocked access, missed deadlines for tax and reporting, and unauthorised use of your company’s digital identity.

Troubleshooting and Support: Where to Get Help with mitID Issues (Banks, mitID Support, and Advisors)

Even with a well-planned setup, mitID for business can occasionally cause problems – from login errors on virk.dk to missing access rights for your accountant. Knowing where to turn for help saves time and reduces the risk of missed deadlines for VAT, payroll tax or corporate income tax filings.

Typical mitID problems Danish businesses face

Most issues fall into a few recurring categories:

Login problems to public platforms (for example virk.dk, skat.dk, e-Boks Erhverv or Digital Post)
Access rights not working for employees, external bookkeepers or auditors
Blocked or expired mitID identifiers, lost app access or problems with the mitID code display
Company data not matching CVR, changes in ownership not reflected in mitID Erhverv
Integration issues between mitID and online banking or sector-specific systems

Before contacting support, it is always worth checking the basics: correct CVR number, correct role in mitID Erhverv, updated contact details in the Central Business Register (CVR) and whether there is a known outage on the relevant public portal.

When to contact your bank

Banks in Denmark play a central role in mitID, especially when your business uses mitID for online banking, payments and account overview. You should contact your bank if you experience:

Problems logging into business online banking with mitID
Issues signing payment files, salary files or direct debits
Need to link or delink mitID identifiers to bank agreements after changes in staff or ownership
Questions about transaction limits or security settings linked to mitID logins

Most banks provide dedicated business support lines and secure messaging via netbank. Have your CVR number, account numbers and details of the affected mitID user ready. For changes in authorisation (for example adding a new director or finance manager as a signatory), banks often require signed documentation that matches the information registered in CVR.

Official mitID support channels

For technical problems with the mitID app, code display or the mitID Erhverv administration itself, the primary help sources are:

mitID support (user support): Helps with blocked identifiers, forgotten passwords, device changes, and guidance on how to activate or deactivate mitID.
mitID Erhverv administrator resources: Online guides and FAQs for company administrators on setting up roles, assigning rights and managing employees’ access.
Public authority helpdesks: For example, virk.dk or skat.dk support if the problem only appears on a specific public portal while mitID works elsewhere.

When contacting official mitID support, be prepared to verify your identity and your role in the company. For security reasons, support staff cannot see or change your password, but they can guide you through secure reset and reactivation procedures.

How your accountant or external advisor can help

Accountants and external bookkeepers who work daily with Danish systems such as virk.dk, skat.dk, e-Boks and payroll platforms are often the fastest route to a practical solution. They can:

Check whether the right roles and permissions are assigned in mitID Erhverv
Identify if the problem is related to tax, VAT or payroll system settings rather than mitID itself
Coordinate with your bank or mitID support on your behalf, based on a power of attorney or granted access rights
Help design a robust access structure so that one blocked mitID does not paralyse your reporting or payments

For example, if your company must file VAT quarterly or monthly and your main mitID administrator is unavailable, a prepared backup structure with an external accountant can prevent late filing penalties and interest.

Step-by-step approach to solving mitID issues

To handle mitID problems efficiently, follow a simple escalation path:

Identify where the error occurs. Check if the issue appears on all platforms or only on one system (for example only on your bank’s website or only on virk.dk).
Verify roles and data. Confirm that the user has the correct role in mitID Erhverv, and that company information and signatories are correctly registered in CVR.
Use online self-service. Many issues can be solved via self-service: resetting a password, reactivating a device, or adjusting access rights for employees.
Contact the relevant support.
- If the problem is with online banking or payments – contact your bank.
- If the problem is with the mitID app, code display or identifier – contact mitID support.
- If the problem is limited to a public portal – contact that portal’s helpdesk.
Involve your accountant or advisor. If deadlines for VAT, payroll tax, A-tax, AM-contribution or corporate tax are approaching, ask your accountant to help secure temporary access or alternative filing routes.

Preventive measures and when to review your setup

Many support cases can be avoided by reviewing your mitID setup regularly, especially when:

You appoint or remove directors, beneficial owners or authorised signatories
You hire or dismiss key finance staff, payroll staff or external bookkeepers
Your company changes legal form, merges, splits or receives a new CVR number
You add new banking agreements or new digital services that require mitID

Schedule periodic checks of who has which rights in mitID Erhverv, and ensure there is always more than one person who can access critical systems and sign mandatory filings. This reduces the risk that illness, holidays or staff turnover will lead to missed reporting deadlines or blocked payments.

By combining the right support channels – your bank, official mitID support, public authority helpdesks and experienced advisors – your Danish business can resolve mitID issues quickly and keep daily operations, tax compliance and payments running smoothly.

Costs and Timeframe: What Danish Businesses Should Expect When Implementing mitID

When planning mitID implementation for your Danish business, it is important to understand both the direct costs and the realistic timeframe for getting fully up and running. While mitID itself is a national eID solution and the core registration is free, you should expect expenses related to your bank, your IT setup, and internal administration.

Direct costs of mitID for Danish businesses

The basic issuance of a mitID for a private person is free, but businesses typically use mitID Erhverv or bank-integrated solutions, which can involve fees. The exact prices vary between banks and providers, but most Danish companies should expect the following cost categories:

Bank fees for business access – Many banks charge a monthly fee for business online banking that includes mitID-based login and signing. For smaller companies this is often in the range of approximately DKK 50–150 per month, while larger corporate packages can be higher depending on the number of users and services included.
Fees for additional users and roles – Some banks and providers charge for adding extra users or advanced role management. This can be a fixed monthly amount per user or a tiered price based on the number of active users.
Hardware tokens or code displays (if used) – mitID is primarily app-based, but certain users (for example, employees without smartphones) may need a physical code display or hardware token. These devices are usually subject to a one‑off fee per unit, and replacement of lost devices may incur an additional charge.
Integration with accounting and ERP systems – If your business uses integrated solutions (for example, connecting mitID-based signing to your accounting software, payroll system, or digital signature platform), your software provider may charge setup fees and a monthly subscription. For small and medium-sized businesses this is often bundled into existing software plans, but advanced integrations or API access can add several hundred DKK per month.
External advisory and setup assistance – If you involve an accountant, bookkeeper, or IT consultant to configure mitID Erhverv, assign roles, and connect it to Virk.dk, SKAT, e-Boks and banking systems, you should expect hourly rates. For smaller setups, many firms complete the work within a few hours; more complex organisations may require a larger one‑off project.

For a typical small Danish company with a single CVR number, one owner and a few employees, the ongoing direct costs of using mitID are usually modest compared to the overall administrative budget, but they should still be included in your financial planning.

Internal time investment and administrative workload

Besides direct fees, the main “cost” of mitID implementation is internal time. The legal representative of the company (for example, the director registered in the CVR) usually needs to be involved, and several steps must be completed in the correct order.

For a straightforward setup in a small or newly established business, you can often expect:

Preparation and data collection – 30–60 minutes to gather CVR information, personal identification, bank details, and to clarify who should have which rights (owner, accountant, external bookkeeper, payroll staff).
Initial registration and activation – 1–2 hours to register mitID Erhverv or the relevant business solution, confirm identity, and link the business to public services such as Virk.dk and SKAT.
Assigning roles and access – 30–90 minutes to create user profiles, assign rights to employees and external advisors, and test that they can log in and sign on behalf of the company.
Internal training – 30–60 minutes per key user to explain how mitID works, how to approve payments, sign documents, and access public authorities securely.

For most small businesses, the total internal time from decision to fully functional mitID setup is typically within a working day, spread over several shorter sessions. Larger organisations with multiple departments, complex approval flows, or several CVR numbers should plan for a longer internal project with more coordination.

Typical implementation timeframe

The overall timeframe for implementing mitID in a Danish business depends on whether the company is newly established, whether the legal representative already has a private mitID, and how quickly banks and providers process requests.

Under normal conditions, you can expect the following approximate timeline:

New company with a new CVR number – After the CVR is registered, the legal representative can usually start the mitID process almost immediately. If the representative already has a private mitID and all documentation is in order, basic access to public self‑service (for example, Virk.dk and SKAT) can often be in place within 1–3 working days, depending on any identity checks and bank procedures.
Existing company switching from NemID to mitID – Most transitions are handled digitally. If roles and rights are already clearly defined, the switch can often be completed within a few hours of active work, although some services may require additional verification or testing.
Complex structures (groups, multiple CVR numbers, foreign owners) – If the company has foreign owners, multiple signatories, or a complex group structure, expect a longer timeframe. Identity verification for foreign representatives, bank compliance checks, and coordination between entities can extend the process to several weeks from initial planning to full operational use.

It is important to factor in possible waiting times for bank approval, delivery of any physical tokens, and scheduling with your accountant or external bookkeeper. Planning ahead helps avoid delays in accessing SKAT, registering for VAT, or submitting mandatory reports.

Hidden and long‑term costs to consider

Even though mitID is designed to simplify digital administration, there are some less visible costs that Danish businesses should be aware of:

Ongoing maintenance of user rights – Every time an employee joins or leaves, or when you change bookkeepers or auditors, someone must update mitID roles and access. Failing to do so can create security risks or practical problems when important tasks cannot be completed.
Support and troubleshooting – Lost devices, expired identification, or login problems can require time from internal administrators, your bank, or external advisors. While individual incidents may be minor, they add up over the years.
Compliance and documentation – To meet Danish regulatory and GDPR requirements, businesses should document who has access to which systems and why. Keeping this documentation up to date requires periodic reviews and adjustments.

These long‑term aspects are not usually large cash expenses, but they do affect how much internal time and attention your finance and administration teams must allocate to identity and access management.

How to keep mitID implementation efficient and cost‑effective

To control both costs and timeframe, it is useful to approach mitID implementation as a structured mini‑project:

Define in advance who needs access to which systems (for example, Virk.dk, SKAT, e‑Boks, online banking, payroll, accounting software).
Ensure the legal representative and key users have valid identification and, where relevant, an active private mitID.
Coordinate with your bank and your accountant or external bookkeeper early, so that roles and rights are set correctly from the start.
Document the setup, including who is responsible for maintaining user rights and handling changes in company structure.

By planning ahead and using professional support where needed, most Danish businesses can implement mitID within a predictable timeframe and with manageable costs, while gaining secure and compliant access to the digital infrastructure that underpins accounting, tax, and day‑to‑day financial management in Denmark.

Data Protection and GDPR Aspects of Using mitID in Business Processes

Using mitID in your Danish business means you are processing personal data every time an employee, owner or external advisor logs in, signs documents or accesses public systems. This makes the General Data Protection Regulation (GDPR) and Danish data protection rules directly relevant to how you implement and use mitID in your daily workflows.

What personal data is processed when using mitID?

mitID involves several categories of personal data that fall under GDPR:

Identification data: name, CPR number (for private mitID), and unique mitID identifiers
Contact details: phone number and email linked to the mitID user
Authentication data: login events, device information and security logs
Role and access data: which rights a user has in mitID Erhverv (e.g. access to SKAT, e-Boks, banking, Virk.dk)

Your company does not control the entire mitID infrastructure (this is handled by the official mitID operators and banks), but you are responsible for how you use mitID in your business processes and which personal data you collect, store and combine with mitID-based access.

Who is the data controller and who is the data processor?

In most cases, your Danish company is the data controller for the processing of personal data related to employees, owners and external advisors when you:

Assign and manage mitID Erhverv roles and permissions
Use mitID to access tax information in TastSelv Erhverv (SKAT), e-Boks or Virk.dk
Store logs or documentation of who approved which transactions or filings

The official mitID providers and relevant banks act as separate data controllers for the core mitID infrastructure. If you use an external accounting firm or payroll provider that accesses public systems via mitID on your behalf, they will typically act as a data processor for your company. In that case, you must have a written data processing agreement that complies with GDPR Article 28.

Legal basis for using mitID in your business

To comply with GDPR, you must be able to point to a clear legal basis for each type of processing related to mitID. For Danish businesses, the most common legal bases are:

Legal obligation (Article 6(1)(c)) – for example, using mitID to submit VAT (moms), payroll (eIndkomst), annual reports, or other mandatory filings to SKAT, Erhvervsstyrelsen and other authorities.
Legitimate interest (Article 6(1)(f)) – for example, using mitID to control and document which employees or external bookkeepers have approved payments, signed contracts or accessed sensitive financial data, as long as you have balanced this against the employees’ privacy rights.
Contract (Article 6(1)(b)) – for example, when access via mitID is necessary to fulfil an employment contract or a service agreement with a client.

In most standard business scenarios, you do not need consent from employees to use mitID for work-related access, as long as you rely on legal obligation or legitimate interest and respect the principles of data minimisation and purpose limitation.

Data minimisation and role-based access

GDPR requires that you only process the personal data that is necessary for a specific purpose. In practice, this means you should:

Use role-based access in mitID Erhverv so employees only see the systems and information they need (for example, giving a bookkeeper access to SKAT and eIndkomst, but not to banking or HR systems if not required).
Avoid sharing one mitID login between several people. Each user must have their own identity and role, so you can document who did what and when.
Limit the number of administrators in mitID Erhverv to those who genuinely need full rights.

Well-structured roles in mitID Erhverv not only improve security but also support GDPR compliance by reducing unnecessary access to personal and financial data.

Logging, documentation and retention periods

When you use mitID, various logs are created, such as login times, approvals and access to specific services. Under GDPR, these logs are personal data if they can be linked to an identifiable person.

For Danish companies, it is important to:

Define how long you keep access logs and approval records. For example, financial documentation is often kept for at least 5 years under Danish bookkeeping rules, but you should not automatically keep all access logs longer than necessary for security, audit or legal defence purposes.
Ensure that logs are stored securely, with restricted access and, where possible, pseudonymisation or aggregation for reporting.
Be able to document to Datatilsynet (the Danish Data Protection Agency) which logs you keep, for what purpose and for how long.

Security measures when using mitID

GDPR requires “appropriate technical and organisational measures” to protect personal data. When using mitID in your company, this typically includes:

Clear internal policies on who may have mitID Erhverv administrator rights and how new users are onboarded and offboarded
Secure storage of devices used for mitID (e.g. company phones, hardware tokens) and procedures for immediate blocking if a device is lost
Regular review of user rights to ensure that former employees, temporary staff and external advisors no longer have access once cooperation ends
Training employees and bookkeepers on phishing, social engineering and safe handling of mitID approvals

These measures help you comply with GDPR’s integrity and confidentiality requirements and reduce the risk of unauthorised access to tax, payroll and other sensitive data.

Data subject rights and transparency

Employees and other individuals whose data is processed via mitID have rights under GDPR, including the right to information, access, rectification and, in some cases, restriction or objection.

To comply with these rights, your company should:

Include information about the use of mitID in your privacy notices for employees and, where relevant, for clients and external advisors
Be able to explain which personal data is processed when someone uses mitID to access company-related systems and why
Have procedures to respond to access requests, including explaining what logs and documentation you hold that relate to mitID-based actions

Cooperation with external accountants and advisors

Many Danish businesses allow external accountants or bookkeepers to access SKAT, eIndkomst, e-Boks and other systems via mitID Erhverv. Under GDPR, you must:

Ensure there is a written data processing agreement if the accountant acts as a data processor for your company
Define clearly which systems the external advisor may access and for which purposes
Regularly review and, if necessary, revoke access when the cooperation changes or ends

This reduces the risk of unauthorised access and helps you demonstrate compliance if Datatilsynet or another authority requests documentation.

Data breaches involving mitID

If a mitID login is compromised or misused, this can lead to unauthorised access to personal and financial data. Under GDPR, you must:

Assess whether the incident constitutes a personal data breach
Document the incident, including what happened, which data may be affected and which measures you have taken
Report the breach to Datatilsynet without undue delay, and no later than 72 hours after becoming aware of it, if there is a risk to the rights and freedoms of the affected individuals
Inform the affected individuals if the risk is high (for example, if sensitive financial or salary data has been accessed)

Having a clear incident response plan that includes mitID-related scenarios makes it easier to act quickly and correctly.

Practical steps to stay GDPR-compliant with mitID

To integrate mitID into your business processes in a GDPR-compliant way, consider the following practical steps:

Map where and how mitID is used in your company (SKAT, e-Boks, banking, payroll systems, sector portals)
Update your internal data protection policy and employee privacy notices to include mitID
Set up structured, role-based access in mitID Erhverv and review rights at least once a year
Ensure data processing agreements are in place with external accountants, payroll providers and other service partners who use mitID on your behalf
Define retention periods for logs and approval records and implement technical controls to enforce them
Train relevant staff so they understand both the security and GDPR aspects of using mitID

By combining the strong authentication offered by mitID with clear GDPR-focused procedures, your Danish business can protect sensitive data, meet legal requirements and maintain trust with employees, clients and authorities.

Case Examples: How Different Types of Danish Businesses Use mitID in Daily Operations

mitID is now a core tool in the daily work of most Danish businesses, regardless of size or industry. Below are practical examples of how different types of companies typically use mitID in their routines, and how a structured setup can save time, reduce risk and support compliance with Danish rules.

Small Service Company (e.g. Freelancer, Consultant, One-Person Business)

A sole trader or small consultancy with a single owner often uses a private mitID linked to the business’ CVR number via Virk.dk and TastSelv Erhverv. In practice, mitID is used to:

Log in to TastSelv Erhverv to report VAT (moms) – for example quarterly for businesses with annual turnover under DKK 5 million, or monthly for higher turnover
Approve payment of A-tax and AM-bidrag for any employees through eIndkomst
Access and download annual tax statements, preliminary income assessments and SKAT messages in e-Boks
Sign digital documents with the bank, such as business loans, overdraft facilities or card agreements
Communicate securely with the Danish Business Authority (Erhvervsstyrelsen) regarding registration changes, industry codes or accounting obligations

Because the owner is often the only user, access management is simple. However, if an external accountant is involved, the owner typically grants rights via mitID Erhverv or a power of attorney in TastSelv, so the accountant can handle VAT, payroll and tax reporting without needing the owner’s private mitID for each login.

Medium-Sized ApS with Employees and External Bookkeeper

A typical Danish ApS with 5–30 employees usually uses mitID Erhverv with clearly defined roles. Daily use often includes:

Management: The director or owner has administrator rights in mitID Erhverv, creates user profiles and assigns roles for finance, HR and external advisors
Bookkeeper / Accounting firm: Logs in with their own mitID to:
- Submit VAT returns and EU sales without VAT (EU-salg uden moms)
- Report salary, A-tax and AM-bidrag via eIndkomst each month
- Check outstanding liabilities and payment deadlines to SKAT
- Access company mail in e-Boks, including reminders, control notices and decisions
HR or payroll responsible: Uses mitID to manage NemKonto registrations, reimbursements (refusion) for sickness and maternity via NemRefusion, and to access Udbetaling Danmark messages

In this setup, mitID is integrated into fixed monthly routines: payroll cut-off, submission of eIndkomst, VAT deadlines and reconciliation. The company typically has internal procedures describing who approves what, and how mitID rights are updated when employees join or leave, to avoid former staff retaining access to sensitive tax and salary data.

Retail or Hospitality Business with Cash Registers and Multiple Locations

Shops, cafés, restaurants and other retail businesses often have several branches under one CVR or multiple CVR numbers in the same group. mitID is used to:

Register and update POS systems and cash registers with SKAT where required
Handle VAT reporting for each unit, including split between food, beverages and other goods where relevant
Manage payroll for hourly employees, including holiday pay (feriepenge) reporting and A-tax
Communicate with the Danish Working Environment Authority (Arbejdstilsynet) and municipalities about permits, inspections and conditions

Often, only a few trusted people (e.g. finance manager and external accountant) have mitID access on behalf of the company. Store managers typically do not get mitID rights, but instead send data (hours, sales reports) to the central finance function, which then uses mitID to report to authorities.

IT or Consulting Company with Remote Staff and International Clients

Knowledge-intensive companies with remote employees and cross-border activities use mitID to keep Danish compliance under control while staff work from different locations. Common daily uses include:

Accessing Virk.dk to manage registrations for VAT, import/export and possibly VIES for EU trade
Submitting VAT returns that include cross-border services, ensuring correct treatment of reverse charge and B2B/B2C rules
Handling digital post from SKAT, Erhvervsstyrelsen and foreign tax authorities where cooperation is routed via Danish authorities
Signing digital contracts and documents with Danish banks and financial institutions

Because employees may be spread across Denmark or abroad, the company usually has strict internal rules on who may use mitID on behalf of the business, and how access is granted to external accountants or payroll providers. mitID Erhverv makes it possible to give an external partner limited rights, for example only to payroll and VAT, without access to bank or other systems.

Holding and Investment Companies

Holding structures and investment companies often have limited daily operations but significant financial transactions. mitID is used primarily to:

File annual accounts and mandatory reports to the Danish Business Authority
Submit corporate tax returns and handle communication with SKAT about group taxation, losses and dividends
Sign bank and investment agreements, including custody accounts and loan facilities
Manage changes in ownership and board composition in the CVR register

Because these companies may have several owners and board members, it is important to keep mitID roles updated when there are changes in management, mergers or restructurings. The administrator in mitID Erhverv ensures that only current signatories and advisors can act on behalf of the company.

Startups and Scale-Ups Receiving Public Funding

Startups applying for grants, innovation funding or guarantees from Danish or EU programmes use mitID to:

Submit applications and documentation via digital self-service solutions on Virk.dk and other public portals
Sign grant agreements and guarantee documents digitally
Report on milestones, use of funds and financial statements to funding bodies
Handle VAT, payroll and tax reporting as the company grows and hires staff

In many startups, the founder initially uses a private mitID for everything. As the company scales, it is usually more efficient and secure to switch to mitID Erhverv, define roles, and give the accountant or CFO structured access so that compliance does not depend on a single person.

How an Accounting Firm Uses mitID Across Multiple Clients

Accounting firms and external bookkeepers are heavy mitID users. On a typical day, they log in with their own mitID to act on behalf of many different clients. Common tasks include:

Submitting VAT and payroll reports for dozens of companies according to each client’s deadlines
Reconciling tax accounts and payment statuses in TastSelv Erhverv
Downloading SKAT statements and messages from e-Boks for audit and year-end work
Assisting clients with registration changes, new CVR numbers, deregistration for VAT or payroll, and changes in company form

To make this work securely, each client grants the accounting firm specific rights via mitID Erhverv or TastSelv power of attorney. This means the accountant can work independently, while the client retains full control and can revoke access at any time. For many Danish businesses, this collaboration model is the most efficient way to ensure that mitID is used correctly and that all reporting to authorities is handled on time.

Across all these examples, the pattern is the same: mitID is the key to daily interaction with Danish public systems. A clear role structure, documented procedures and cooperation with a professional accountant make mitID a practical tool rather than a barrier in your company’s operations.

Final Thoughts on mitID for Your Danish Business

Establishing mitID for your Danish business opens doors to a multitude of advantages. From enhancing security and automating processes to ensuring compliance, mitID stands as a pillar in the Danish digital economy. By following the outlined steps, leveraging expert tips, and being aware of potential challenges, you can successfully integrate this essential tool into your business operations. Embracing digital identification not only streamlines your own processes but also fosters a secure and trustworthy environment for your customers, thereby reinforcing your business presence in Denmark.

When undertaking key administrative actions that may involve the risk of errors and penalties, we recommend contacting a specialist. If necessary, we invite you to a consultation.