(no title)

-the ID card which trusts the government PKI and has its own private key and certificate

- the application that does some certificate checks and facilitates communication between the card and an eID server

- an eID server which is connected to the PKI and regularly received short lived certificates to present to the card, does revocation checks, validity checks and a bunch of other stuff. Also provides a list of fingerprints of TLS certificates of eID services allowed for the session

- an eID service which opens a session with the eID server indicating requested data and ultimately receives this data from the eID server. They own the legalese certificate of which data they have access to.

- maybe another provider wrapping all this and the required certifications,. compliance and hardware into an easy to use API. But could also all be the same.

It could be argued that the government has influence on the eID server providers - which do the actual communication with the card and are the first to receive the data before passing it on - via access to the necessary PKI, but they're not directly involved in the communication.