We have the same here in Latvia. There's an integration process available also for private services that essentially has the following workflow:
1) You redirect the user to the state 'identity service' with a specific token;
2) the user authorises either with their gov't ID card chip (less commonly used since most users don't have the chip reader) or with the bank of their choice (not all banks but most of the major ones are part of that scheme) for authentication;
3) the user gets a prompt like "company ABCD wants to get obtain the following data : Name, legal ID number" and can authenticate as normally;
4) you (as the service provider) get a response with your token, that legal ID number, and who authenticated that ID.
It seems quite reasonable - it provides a reasonably secure way of verifying someone's identity (preventing e.g. the SIM-porting impersonation scams that seem to be a problem in USA) without giving anyone the ability to impersonate someone (the ID numbers aren't considered secret like USA social security numbers - they're PII so there are restrictions in storing/using them, but knowing them isn't sufficient to so anything).
1) You redirect the user to the state 'identity service' with a specific token;
2) the user authorises either with their gov't ID card chip (less commonly used since most users don't have the chip reader) or with the bank of their choice (not all banks but most of the major ones are part of that scheme) for authentication;
3) the user gets a prompt like "company ABCD wants to get obtain the following data : Name, legal ID number" and can authenticate as normally;
4) you (as the service provider) get a response with your token, that legal ID number, and who authenticated that ID.
It seems quite reasonable - it provides a reasonably secure way of verifying someone's identity (preventing e.g. the SIM-porting impersonation scams that seem to be a problem in USA) without giving anyone the ability to impersonate someone (the ID numbers aren't considered secret like USA social security numbers - they're PII so there are restrictions in storing/using them, but knowing them isn't sufficient to so anything).