Summary

  • Freja eID Group AB is a Swedish listed digital-identity company whose core economic unit is not the mobile app itself but a verified identity decision that another organisation can use for login, signing, customer onboarding, staff credentials, in-person ID checks or cross-border public-service access. The end user is not the main payer; relying parties, public authorities, employers and integrators carry the revenue logic.
  • The public record supports a real growth story but not a finished proof of unit superiority. The 2025 annual report shows group net sales of SEK 51.1 million, Freja eID segment net sales of SEK 37.6 million, 564 subscription customers at year-end, 1.577 million users and strong net revenue retention in the second half. The Q1 2026 interim report then shows group net sales of SEK 15.54 million and Freja eID segment net sales of SEK 13.45 million.
  • The strongest evidence for Freja's value is regulatory and institutional rather than purely commercial. DIGG approved Freja eID Sweden AB as a supplier in Sweden's authorisation system for electronic identification from 1 January 2026, the Riksdag record confirms the obligation on most state agencies to use services from authorised suppliers, and the Riksdag also approved a national e-identification act coming into force on 1 December 2026.
  • The thesis remains conditional. Freja can charge for identity assurance if each paid check lowers fraud losses, call-centre work, manual document review, exclusion risk, procurement friction and operational failure enough to beat BankID, a state eID, a card-reader solution, manual KYC vendors or a relying party's own checks. Public evidence proves demand and regulatory tailwinds; it does not yet disclose per-check gross margin, conversion uplift, fraud-loss reduction, support savings, churn by customer segment or service-level economics.

One paid check is a decision about who carries the cost of being wrong

Imagine a Swedish public authority, a bank-adjacent service, a pharmacy chain or an employer choosing how a person should prove identity before getting access to a sensitive service. The visible action is tiny. A user opens an app, scans a QR code, approves a login, signs a document, shares selected attributes or presents a digital ID card for a physical check. The customer sees a line item in a contract or a monthly invoice. It can look like a charge for one login.

That is the wrong unit. A relying party is buying a decision that lets it avoid doing a harder job itself. It is paying someone else to issue and maintain the identity credential, to verify an ID document, to control the user's authentication flow, to record transaction evidence, to meet a trust framework, to answer regulators and to absorb part of the liability when the credential was issued to the wrong person. The economic unit is a verified digital identity check. The check may be used for a login, an electronic signature, an onboarding step, a staff credential, a digital passport check or an in-person ID validation. What matters is that the relying party uses the result to decide whether the person at the other end of the transaction is allowed through.

That unit gets expensive quickly. If the relying party handles identity itself, it must pay for document capture, liveness checks, fraud analysis, manual review, customer support, exception handling, legal terms, audit records, cyber controls, data protection, accessibility and re-checks when something fails. If the process is too strict, good users abandon onboarding or call support. If it is too weak, fraud enters through a loan application, account recovery flow, public-service portal or workplace access system. If the service depends on a single eID provider, an outage or eligibility gap can shut out users who cannot obtain that credential. The paid check is therefore a bet that an external identity network can make this bundle cheaper, safer and easier to defend than the relying party's own alternative.

Freja eID Group AB is built around that bet. Its public pages and filings describe a company that sells digital identification, electronic signatures, physical ID verification, organisation identity, international user onboarding and white-label identity infrastructure. Its business documentation says users do not pay for Freja and that the company receives revenue from customers using the service. It offers two broad commercial models: charging when a user identifies or signs, and fixed subscription pricing for unlimited or agreed use. For Organisation eID, the subscription model applies. For personal eID, the customer can choose between a tick-based model and subscription. Contract periods are usually 24 or 36 months, while the Swedish public-sector freedom-of-choice contract follows DIGG terms.

The first question, then, is not whether Freja has an app. It has one. The question is whether Freja can make each identity check worth paying for in a market where Swedish BankID is deeply embedded, the Swedish state is launching its own e-identification, public authorities are being pulled into a multi-provider authorisation system, and the hardest users are often the people whom the dominant system does not reach. The available evidence supports the idea that Freja has found a valuable institutional opening. It does not yet prove that the average check is profitable, that the private-sector customer base can scale without heavy subsidy, or that users will tolerate enough onboarding friction to sustain the assurance claim.

The company is a listed Swedish identity group, not just a consumer app

Freja eID Group AB (publ), organisation number 556587-4376, is a Swedish public company listed on Nasdaq First North Premier Growth Market in Stockholm under the short name FREJA. The company website is https://frejaeid.com and the business-facing site is https://org.frejaeid.com. The investor page says the group operates in two segments. The Freja eID segment develops and runs the electronic identity Freja. The Fulfilment segment delivers secure logistics and handling of physical devices used for digital identities, such as bank tokens and PIN envelopes. The group says it has offices in Sweden and Serbia and about 30 employees; the 2025 annual report explains that development staff in the Serbian subsidiary are mainly focused on the Freja eID segment.

The group structure matters because the payer does not buy a generic app store download from a small consumer start-up. It buys from a listed company that carries a regulated identity brand, a Swedish corporate presence, an audited reporting obligation and a history under the Verisec name. The annual report says the group consists of Freja eID Group AB, Freja eID Sweden AB and the Serbian subsidiary Freja eID doo. It also says Freja eID Sweden AB is the company that conducts the Freja eID segment business and holds the immaterial assets and customer contracts. Public market governance is not a guarantee of service quality, but it gives relying parties and public buyers a more inspectable counterpart than a private app vendor.

Ownership is dispersed in the public market. The 2025 annual report names Alcur Select as the largest shareholder at 10.84 percent of votes and shares as of 31 December 2025. That does not make Alcur a controlling parent. It means Freja eID Group AB remains a listed parent company exposed to public reporting, share-price pressure, financing needs and investor expectations. That context matters for a relying party because digital identity is a continuity service. A customer wants a provider that can keep investing in security, support, certification, mobile releases, onboarding processes and regulatory interfaces. A company that is still loss-making at group level but improving operating cash flow must show that it can fund that continuity without constantly weakening the product.

The public financial record gives a useful starting point. Group net sales were SEK 51.092 million in 2025, up from SEK 43.907 million in 2024. The operating result before depreciation and amortisation was SEK 1.294 million in 2025 after a negative SEK 4.320 million in 2024, while EBIT remained negative at SEK 14.133 million and net result remained negative at SEK 15.311 million. Segment Freja eID reported external net sales of SEK 37.635 million in 2025, up from SEK 25.191 million in 2024. Segment Fulfilment reported SEK 13.458 million, down from SEK 18.716 million. The identity segment is therefore the growth engine, while fulfilment is a legacy and cash-supporting line with a different revenue pattern.

The first quarter of 2026 strengthened that direction. The Q1 2026 interim report shows group net sales of SEK 15.540 million against SEK 12.595 million in Q1 2025. Freja eID segment net sales were SEK 13.453 million against SEK 7.963 million a year earlier, while Fulfilment fell to SEK 2.087 million from SEK 4.632 million. Segment Freja eID therefore accounted for most of the group's quarterly revenue and grew sharply year on year. At the same time, group cash at period end was SEK 13.796 million, and the group remained investment-heavy, with acquisitions of intangible assets in the quarter at SEK 3.290 million.

This is the profile of a company trying to cross from identity platform investment into recurring usage economics. The article's title is deliberately not about a generic login because Freja's reported strategy is broader than login share. It is about whether the avoided failure is valuable enough to fund the platform.

What the customer buys beyond the product name

Freja sells several related things under one trust architecture. The personal eID allows an individual to identify online, sign electronically, approve transactions, share attributes and use a digital ID card. The business documentation says Freja can be used for login, electronic signatures, customer onboarding, GDPR consent, long-term transactions, two-factor authentication, service identification and other functions. With user consent, the relying party can receive attributes such as social security number, age, date of birth, physical address, email address and mobile phone number, with country-specific limits.

The in-person ID card feature extends the unit from online login to a physical encounter. Freja's business page describes a digital ID screen in the app showing verified information, including photo, name, age and Swedish personnummer, and says a verifier can scan a QR code or use an online portal to check whether the digital ID is valid. That matters because many digital-identity providers sit only in web flows. Freja is trying to become a bridge between online and physical assurance: the same verified identity can be used by a service desk, shop, school, pharmacy, association or employer that needs a fast check without inspecting a plastic credential.

Organisation eID is a second unit. It separates the user's private identity from a role-based organisational attribute. Freja's documentation says the organisation adds an attribute to a user's profile, such as a work email or alias, while Freja handles the personal identity attributes it issues. The relying party remains responsible for the organisational attributes and controls issuance and revocation. Transaction data under Organisation eID is stored as evidence for 10 years, according to the company's FAQ, but the relying party is responsible for attributes and transaction history arising from the data it submits. This is economically important. For an employer or municipality, the value is not only proving that a person exists. It is proving that the person is acting in a role at a specific time and that the role can be revoked without taking away the person's private identity.

International identity is a third unit. Freja's business site says people from more than 170 countries can register with a biometric passport and that Freja lets Swedish services interact with people without a Swedish personal identity number. The company has introduced a Universal Personal Identifier, or UPI, for users without a personnummer. The Swedish Migration Agency's official digital-passport-check page confirms a practical use case: some residence-permit applicants can use the Freja app to scan and share passport information digitally rather than presenting a passport in person. The page says the Freja app is approved by Swedish authorities, requires an e-passport, camera and NFC reader, and may take up to 24 hours for the final security check. The same page says using Freja in that flow can become a first step toward a full Swedish eID once the person later registers with the Tax Agency.

White label is a fourth unit. Freja's white-label page says operators, government agencies and large organisations can offer a digital identity solution built on Freja technology under their own brand. In September 2025 the company announced a pilot agreement with Teracom, the state-owned Swedish secure-communications company, for a separate customised eID environment for an unnamed end customer. The press release said the pilot was expected to generate at least SEK 0.5 million per month during the test period plus about SEK 0.5 million in start-up revenue, with the parties aiming to put the environment into production in the first half of 2026 if the pilot succeeded. That is not the same as recurring production proof, but it shows how Freja can sell the avoided build cost: a customer with high assurance needs can rent a certified identity platform instead of building one from scratch.

These four units share one logic. Freja is selling identity assurance that someone else can rely on. The buyer wants fewer false identities, less manual work, less exclusion, stronger compliance and a defensible procurement path.

Pricing logic begins with who pays, not who taps the app

The cleanest pricing clue is Freja's own customer FAQ. It says end users do not pay, that Freja does not monetise the user database with advertising and that revenue comes from customers using the service. It describes two price models: one in which the customer is charged each time a user identifies with Freja, such as logging in or signing electronically, and a subscription model with a fixed monthly price for unlimited use. Organisation eID uses subscription. Personal eID can use the tick-based or subscription model. Contracts normally run for 24 or 36 months.

That pricing choice reveals the economic tension. Usage-based pricing aligns Freja with each check, but it can deter high-volume services if every additional login feels like a variable cost. Subscription pricing creates budget predictability for the customer and recurring revenue for Freja, but Freja then needs enough fixed monthly revenue to cover support, security, platform load and certification while usage rises. For the customer, the preferred model depends on uncertainty. A service with occasional high-assurance onboarding may prefer per-check pricing. A municipality, healthcare provider, employer or public authority with recurring staff and citizen use may prefer a monthly contract that makes identity a standing utility.

The Swedish authorisation system adds a public-sector price layer. DIGG's fee and compensation page says the authorisation system is an alternative to public procurement: DIGG approves all suppliers that meet its requirements, public actors pay DIGG, and DIGG pays suppliers. The model includes fixed compensation and variable transaction compensation. For electronic identification, DIGG also provides additional fixed compensation for suppliers that offer a connection through Sweden Connect. DIGG's page also says public actors' fees are calculated by monthly transaction count multiplied by a transaction fee, plus DIGG's administrative cost recovery. In a separate September 2025 Freja announcement, Freja said its agreement with DIGG under the authorisation system would give it SEK 4.5 million per year plus possible variable compensation and separate add-on services for foreign users: SEK 2.5 million of base compensation for up to 31.25 million transactions per calendar year, SEK 0.08 per transaction above that threshold, and SEK 2 million for providing a Sweden Connect technical connection.

This is a crucial number because it shows what "paid identity check" can mean in the public sector. The base compensation is not a rich per-check toll if volume is high. SEK 2.5 million for up to 31.25 million transactions implies that the public system is not primarily paying Freja a large fee for each standard government login. It is paying for participation, resilience, technical availability and supplier diversity. The upside comes from volume above the threshold, technical connection compensation and add-on services such as international-user flows. For Freja, this is both attractive and limiting. It creates a recurring revenue floor and forces public visibility, but it does not by itself prove that every government login can carry a large margin.

Private-sector pricing is less transparent. Freja does not publish a full commercial price sheet for all relying parties in the public material reviewed. Integrator pages indicate that customers may buy usage-based plans that include a number of logins or signatures, with overage or plan upgrades, but that is partner-channel evidence rather than Freja's own official price table. The public article therefore cannot compute a precise private-sector price per check. It can only infer that Freja's economics combine fixed subscriptions, transaction charges, public-sector compensation, white-label project revenue and add-on services for harder identity cases.

That is enough to test the thesis. A relying party will not pay because "Freja login" is inherently valuable. It will pay if the check prevents failures that cost more: fraud loss, account-takeover remediation, abandoned onboarding, manual staff time, non-compliance, duplicate identity records, inaccessible public services, or a procurement burden caused by relying on a single dominant provider.

The filings show growth, but also the cost of making assurance credible

Freja's 2025 annual report gives the best evidence that the identity segment is becoming a subscription platform. At the start of 2025, Freja had 441 subscription customers. At year-end it had 564. Users increased by 25 percent during the year to 1.577 million. The company reported net revenue retention of 131 percent in Q3 2025 and 134 percent in Q4, and gross revenue retention of 96 percent in both quarters. Those figures are management-reported and late-year, so they should not be treated as a multi-year proven SaaS pattern. Still, they are material because identity services depend on expansion inside the same customer base. If an authority or employer starts with one use case and then adds Organisation eID, signatures, foreign-user login or physical ID, the value of the relationship grows without requiring a fresh customer acquisition each time.

Freja's reported revenue mix also shows a business moving from project and one-off patterns toward recurring services. In 2025, group net sales from performance obligations fulfilled at a point in time were SEK 26.148 million, while those fulfilled over time were SEK 24.944 million. Within Segment Freja eID, the over-time portion was SEK 24.354 million against SEK 13.281 million at a point in time. In 2024, Segment Freja eID over-time revenue was SEK 16.844 million against SEK 8.347 million at a point in time. The direction is consistent with subscription and recurring service economics. It is also consistent with a company still doing implementation, onboarding and add-on work.

The cost side is heavy. Segment Freja eID had external net sales of SEK 37.635 million in 2025 and personnel costs of SEK 31.089 million. Other external costs were SEK 9.366 million, while activated product development was SEK 9.273 million. Segment EBITDA was SEK 6.471 million, but after depreciation and amortisation the segment EBIT was negative SEK 6.752 million. Adjusted EBITDA for the segment was SEK 11.476 million and adjusted EBIT was negative SEK 1.748 million. The group remained net loss-making. The reason is not hard to see: digital identity requires continuous platform development, customer integration, certifications, security processes, mobile updates, support staff, documentation and regulatory engagement.

This is where the economic unit becomes honest. A verified digital identity check appears cheap when it is compared with one password login. It is expensive when the provider must maintain the whole assurance chain. Freja has to verify documents, support users, maintain app releases, protect personal data, issue certificates and integration materials, store evidence where required, manage Sweden Connect and API connections, serve public and private relying parties, and continue improving accessibility. Its own 2025 retrospective says the login form had to be updated for Swedish accessibility requirements that entered into force on 28 June 2025, and that connected services using OpenID Connect and IdP had updates completed or planned. That is a small example of a persistent cost: identity providers do not only run servers; they inherit legal and user-experience changes.

The Q1 2026 interim report suggests the growth curve continued, but it also shows why profitability cannot be assumed. Group net sales rose to SEK 15.540 million for the quarter, and Freja eID segment net sales were SEK 13.453 million. Yet the business still invests, with acquired intangible assets of SEK 3.290 million in Q1, and the group had SEK 13.796 million in cash at quarter end. Freja therefore needs recurring revenue to keep rising before the assurance infrastructure becomes clearly self-funding.

The public evidence supports "real traction" more than "finished economics." A customer count of 564 is meaningful. A user base of 1.577 million is meaningful. A 2026 public-sector revenue floor is meaningful. But the missing metrics are the ones a relying party would want most: average revenue per active relying party, gross margin per transaction, support cost per verification attempt, conversion rate from started registration to verified identity, fraud-loss reduction after Freja adoption, and the share of failed checks that drive manual work back to the customer.

Regulation is Freja's biggest tailwind and a source of future price pressure

Digital identity is a regulated trust product. Freja's commercial argument would be weaker if it were only a private login method. The strongest public evidence comes from Sweden's digital-government framework.

DIGG announced on 17 September 2025 that Freja eID Sweden AB had signed an agreement within the authorisation system for electronic identification and met DIGG's requirements, allowing it to deliver electronic-identification services to public actors from 1 January 2026. DIGG framed the system as a way to create more alternatives for private individuals and reduce dependence on a single eID solution. The announcement explicitly said many e-services rely on one electronic-identification solution today, which can make important e-services unavailable if that issuer has an outage and can exclude people who cannot or do not want to use that credential.

The Riksdag's text of the authorisation-system regulation states that a state agency under the government that requires electronic identification for an individual's access to digital services shall use the electronic-identification services provided by suppliers in the authorisation system, with exceptions for certain security-sensitive bodies. That legal obligation is the reason Freja's public-sector opportunity is not just sales aspiration. Once connected, Freja can become a valid option in government services where it previously had no practical access.

Riksdag material also confirms a future competitor. On 17 June 2026, the Swedish Parliament published that a national e-identification act had been approved and would come into force on 1 December 2026. The government wants to secure access to electronic identification in society. The national eID may be granted to Swedish citizens, foreign residents registered in Sweden and certain immunity-number holders, with the purpose of meeting EU electronic-identification requirements. DIGG's e-legitimation page says the police authority's Sverige-id is planned for December 2026 and that it will be linked to the national ID card.

That development cuts both ways. It validates Freja's long-standing argument that the identity market needs alternatives to bank-issued identity. It also means Freja is not the only institutional answer. In a few years, a relying party may compare Freja with BankID, Freja+, AB Svenska Pass, Sweden's state eID, manual passport checks, in-house KYC, third-party verification services and EU digital wallets. The more official alternatives exist, the harder it becomes for any private eID provider to charge premium prices for basic domestic login. Freja must therefore defend a more specific value proposition: foreign users, role-based identities, workplace credentials, white-label infrastructure, public-sector continuity, physical ID card verification, and a combination of online and in-person assurance.

The EU layer adds another market opening. The European eIDAS framework and the coming European digital identity wallet move digital identity toward cross-border public-service acceptance. The European Commission's eID community pages list Sweden's eID scheme as notified and include Freja eID as a notified Swedish eID means. Freja's own public pages say Freja is the Swedish eIDAS solution and can be used for EU public services, although implementation by member states is gradual. This is not enough to prove a large European revenue pool, but it shows why Freja's 170-country passport support and Swedish approval matter. If identity moves from national bank-login convenience toward interoperable assurance, Freja's non-bank issuance model becomes more strategically relevant.

The main regulatory risk is price compression. Public systems often value competition and resilience, but they also impose standard prices, equal terms and administrative reporting. DIGG's public fee page says intended 2027 fees for public actors are SEK 0.18 excluding VAT per completed electronic identification and SEK 0.18 per completed electronic signature, while also saying that fee changes do not affect supplier compensation. A public fee model that is meant to recover DIGG's costs and compensate suppliers can discipline prices. Freja's advantage is access and legitimacy; the constraint is that the state is also designing the market.

BankID dominance defines the competitive problem

Freja's biggest substitute is not a new start-up. It is the habit of logging in with BankID. The Nordic Co-operation's public guidance says BankID is by far the most widely used e-identification in Sweden and that most private businesses and public agencies requiring login and identification use BankID. DIGG's own e-legitimation page lists established private individual eIDs as BankID, Freja+ and AB Svenska Pass, and notes that all three have the Svensk e-legitimation quality mark. It also explains that a person must be a customer at a participating bank to obtain BankID, while Freja+ can be obtained through the Freja app by registering with a valid ID document and photo and then activating the plus level by passport scan or an ATG service-point visit.

That makes Freja's market problem unusually precise. It is not trying to convince Sweden that digital identity is useful. Sweden already believes that. It is trying to convince relying parties that the marginal value of an additional eID option, a non-bank route or a role-based credential exceeds the cost of integration and support. That is harder than selling to a country with no digital identity habit because the default is already convenient for many users.

The case for Freja is strongest where BankID does not solve the full problem. BankID depends on bank issuance and usually a Swedish personal identity number. DIGG and Nordic Co-operation materials show that this excludes some people or makes eligibility dependent on a bank relationship. Freja is positioned for users with coordination numbers, protected identities, foreign passports and public-sector access needs outside the bank perimeter. It is also positioned for organisational roles, where a private citizen's bank credential is not the same as a municipal employee, journalist, lawyer, pharmacist, golf-club member or contractor acting in a defined capacity.

The 2025 annual report gives examples of that role-based path. It says Freja OrgID began by solving challenges for municipalities around e-service identity and that by the end of 2025 around one-third of Sweden's municipalities had agreements for Freja OrgID. It also says the press card for journalists and photographers became digital in Freja OrgID in 2023, the Swedish Bar Association followed in 2024 with digital lawyer identification, Länsförsäkringar introduced a digital service card based on Freja OrgID in spring 2025, and discussions began with the Swedish Golf Federation for a golf ID card for more than half a million golfers. These examples are company-reported, but they are credible enough to show why Freja is not only chasing consumer login share.

The weakness is that role-based identity can fragment. Every profession, employer, association and authority has its own issuance rules, revocation processes, liability concerns and user-support patterns. Freja's claim is that a common platform reduces that duplication. The cost risk is that customisation and support consume the margin if every role product behaves like a mini-project. The company has to turn those use cases into repeatable components.

The avoided fraud case is real, but hard to measure from public data

Fraud provides the clearest intuitive reason to pay for identity checks. Riksbank material in the Payments Report 2024 says fraud had risen sharply and that fraud was the crime category that increased the most in Sweden in 2023. The same Riksbank page says card fraud and social-engineering fraud increased the most among fraud offences, with card fraud cases up 44 percent from 2022, and describes common social-engineering calls where a fraudster pretends to represent a bank and tricks a victim into signing something with BankID or giving sensitive information. Brå, the Swedish National Council for Crime Prevention, reported that more than 180,000 fraud cases were reported in 2022 compared with 50,000 in 2000, and that social engineering represented a smaller share of reports than card fraud but a much larger share of proceeds of crime.

This context does not mean every Freja check prevents fraud. It means relying parties operate in an environment where identity decisions carry financial and reputational risk. Strong eID can reduce some fraud surfaces by binding an action to a credentialed person, showing transaction details, requiring consent and creating a record. It can also introduce new social-engineering risk if users are tricked into approving the wrong transaction. Freja cannot make fraud vanish. Its unit must be judged against the specific failure mode it addresses.

For onboarding, the avoided cost may be manual document review. The Swedish Migration Agency's digital passport check shows the public-service version of this unit. The agency needs to confirm that a passport is valid and belongs to the applicant. The traditional process may involve an in-person embassy or agency visit, sometimes outside the applicant's home country. The digital option asks the user to scan a chipped passport with the Freja app, wait for verification and share the passport information through the agency e-service. The agency page explicitly says some applicants can do this digitally instead of presenting the passport in person. The value is not merely fraud reduction. It is fewer appointments, fewer trips, faster case progression and a reusable identity pathway for a person entering Swedish public systems.

For private services, the avoided cost may be conversion loss. A company selling financial, healthcare, betting, regulated commerce or member services can lose customers if onboarding demands too many forms or too much waiting. A verified eID may reduce abandoned sessions by replacing manual upload and support. But this is exactly where public evidence is incomplete. Freja does not publicly disclose conversion improvement by customer, manual-review savings, fraud chargeback reduction, or support-call reduction after implementation. The thesis remains unproven at the case level without those metrics.

For employers and municipalities, the avoided cost may be lifecycle management. A role-based ID lets the organisation issue and revoke a digital staff credential while the user's private identity remains separate. That can reduce plastic ID-card handling, shared-device confusion, account recovery and role ambiguity. Again, the public evidence shows adoption but not unit cost. We know Freja says around one-third of Swedish municipalities had OrgID agreements at year-end 2025. We do not know the average monthly fee, number of active role identities per municipality, revocation volume, support cost or savings against incumbent card systems.

The correct conclusion is therefore narrower than a vendor pitch. Fraud and manual identity work create a real budgetary problem. Freja has credible products aimed at that problem. Public evidence does not yet prove the average relying party's return on investment.

Onboarding friction is the price users pay when customers want higher assurance

Freja's economic unit depends on user trust. If the user cannot complete registration, the relying party pays in support tickets and abandonment. If the user dislikes the app, the relying party's "simple" identity option becomes another barrier. App-store and help-page signals are therefore useful, but they must be handled carefully.

Google Play listed the Freja app at 3.5 stars with 3.8 thousand reviews and more than 500 thousand downloads when reviewed, and the phone-specific rating display showed 3.6 with 3.72 thousand reviews. Recent visible reviews complained about document scanning, NFC passport scanning and UI/UX. Apple's App Store page, depending on storefront, showed very few ratings in the view reviewed, while the app description emphasised identifying, age proof, digital signatures, Organisation ID, protected-identity access and eIDAS. Trustpilot showed a small sample, 13 reviews and an average TrustScore around 3 out of 5, with Trustpilot noting the company had not invited reviews. These signals do not establish service quality, but they are market evidence that onboarding friction is not theoretical.

The Swedish Migration Agency page confirms part of the complexity. The user needs a phone or tablet with a camera and NFC reader, a chipped passport, a personal link, an app registration, a photo, passport scanning and a final verification that may take up to 24 hours. For a single applicant, that may be easier than an embassy trip. For a family, the page says each passport may need its own phone or repeated deletion and re-registration if only one device is available. That is a meaningful friction cost. The economic test is whether the digital process still beats the physical alternative.

Freja also has to maintain trust by showing users what they share. Its product pages emphasise consent and attribute transparency. The relying party defines which attributes it requests, and the user accepts or refuses. That is good for privacy signalling, but it is also a conversion moment. If the relying party requests too much, the user may decline. If it requests too little, the relying party may need another check. The paid identity check is therefore partly a product-management discipline: choose the minimum attributes that make the decision defensible.

Accessibility adds another cost. Freja's 2025 retrospective says Swedish accessibility rules entering force on 28 June 2025 required updates around login-form time limits, including QR-code flows. This is not marginal for identity. A user who cannot scan a code in time is not merely inconvenienced; the user may be locked out of a public or regulated service. A provider that sells public-sector continuity must design for slower users, older users, disabled users, shared devices, poor cameras, failing NFC reads and language support. Freja added multiple languages across its app and portals in 2025, according to its retrospective. That is part of the unit cost.

The buyer might not see these costs when comparing price quotes, but they determine whether the service becomes trusted infrastructure or a support burden. The app-store complaints are not proof that Freja is weak. They are reminders that identity assurance is paid for partly with user effort.

Public-sector continuity is a product, not just a policy slogan

Freja's most defensible institutional claim is continuity. If a state agency, municipality or publicly funded service only accepts one eID, service access depends on the availability, eligibility and user adoption of that one provider. DIGG's Freja approval notice says this explicitly: reliance on a single e-identification solution can make important e-services unavailable during an issuer disturbance and exclude people who cannot or do not want to use that credential. The authorisation system is designed to increase alternatives, robustness and access.

For Freja, this creates a public-service value proposition that is not measured only in transaction revenue. It sells a second path. That path has value even when most users still choose BankID. In infrastructure economics, the backup does not need majority share to matter. It needs to be certified, connected, maintained and available for the users who need it or during the moments when the primary path fails.

This is where the public-sector unit differs from private KYC. A government agency may not be trying to maximise conversion in a commercial funnel. It may be trying to avoid excluding a resident, foreign worker, student, protected-identity user, young person, elderly person or person without a bank relationship. The avoided failure is a rights and access failure, not just fraud loss. Public actors can therefore justify a multi-provider identity cost even when the cheapest single-provider calculation looks attractive.

The 2026 state eID complicates this. A state-issued credential may eventually take some continuity burden away from Freja. But it may also make the public sector more accustomed to multiple credentials and reinforce the principle that bank dominance is not enough. Freja's opportunity is to be a working, commercially maintained alternative before the state credential matures. Its risk is that the state solution compresses demand for paid alternatives if public actors see it as sufficient.

The public record suggests the transition will be long rather than immediate. The Riksdag-approved national eID act comes into force on 1 December 2026. Issuance, adoption, device support, private-sector acceptance, EU wallet alignment and user habit will not all change overnight. Freja's job is to prove its complementary uses before the state credential becomes another default.

Supplier and cloud dependence should be visible, but not overread

The controlled topic includes cloud service dependency, so the public technical surface deserves a bounded look. Public DNS and RDAP records can show nameservers, mail routing, corporate domain dependencies and public IP ownership. They cannot prove Freja's internal architecture, resilience, data residency, cyber controls, vendor contracts or the hosting path for sensitive identity processing.

Public DNS for frejaeid.com showed Oracle Cloud nameservers: ns1.p201.dns.oraclecloud.net through ns4.p201.dns.oraclecloud.net. Mail exchange records pointed to Ports Group mail hosts, and the SPF record included Ports Group and a Websupport mail include. The main frejaeid.com web address resolved to 193.14.90.68, whose RIPE RDAP name appeared as SE-PORTS-NET2. The business site org.frejaeid.com resolved to the same address. The public portal minasidor.frejaeid.com resolved to 185.202.64.181 and kontroll.frejaeid.com to 185.202.64.189; RIPE RDAP for the 185.202.64.181 address returned a network name associated with the former Verisec allocation. A CAA record for frejaeid.com included an incident email address at Freja.

These records are relevant because relying parties should understand that identity services are not disembodied. Even a Swedish identity provider has public dependencies on DNS, mail, hosting and application infrastructure. Oracle Cloud nameservers are an external dependency. Ports Group mail is an external dependency. The public portal addresses show parts of the online service surface. But the evidence stops there. It does not show where personal data is stored, how production systems are segmented, which cloud or on-premises systems run core identity verification, what service-level agreements exist, or whether an outage in a supplier would interrupt critical functions.

The annual report and product documentation do provide a softer operating view. Freja is an identity platform with mobile apps, APIs, OpenID Connect, REST integration, Sweden Connect options, client certificates, test environments, root certificates and release notes. The developer page says customers can integrate through REST API, client library, OpenID Connect or an integration partner. It also says Freja services require SSL connections with client and server certificate verification. This is consistent with a serious relying-party integration surface. It does not by itself prove quality. A production identity service is judged by uptime, incident response, audit results, data handling and support during real failures.

The public article cannot score Freja's cyber posture. It can say the buyer's due diligence should include supplier concentration, service-level terms, incident reporting, data residency, subcontractor lists, continuity testing and exit rights. The more Freja sells itself as public-service continuity, the more those terms become part of the price.

Customer dependence is lower than it was, but not eliminated

Freja's customer-concentration data changed materially between 2024 and 2025. The 2025 annual report's note on customer revenue says the largest group customer represented 9.7 percent of group net sales in 2025, the second largest 7.3 percent and the third largest 6.7 percent. In 2024 the largest customer represented 20.2 percent of group net sales. Within Segment Freja eID, the largest customer represented 9.1 percent in 2025, while the largest Fulfilment customer represented 36.9 percent. The identity segment therefore appears less concentrated than the fulfilment segment and less concentrated than the group was in 2024.

That is positive for resilience. A digital identity provider serving public authorities, municipalities, private services and role-based customers should not depend on one buyer. Subscription customer growth from 441 to 564 also reduces single-customer exposure. But the customer base is still small compared with national-scale infrastructure. A few large public-sector contracts, white-label deals or high-volume integrator relationships can still drive reported ARR changes.

The authorisation-system deal is a case in point. Freja said the agreement adds SEK 4.5 million in annual recurring revenue from 2026. Against 2025 Freja eID segment net sales of SEK 37.6 million, that is a meaningful addition. It also comes from a public framework whose rules and compensation can change. A good revenue floor can become a policy dependency.

Customer dependence also appears through integrators. Freja's developer page says organisations can use integrators and that integrators are resellers of the product. Integrators reduce friction for relying parties that do not want a direct build, but they can also intermediate customer relationships and margin. A large public or private service might reach Freja through Sweden Connect, a third-party identity provider, a signature platform, a municipal service vendor or an integration partner. Freja's public reports do not break out direct versus partner-originated revenue. That is a missing metric because partner economics determine how much value Freja keeps per check.

Switching costs are meaningful but not absolute. Once a relying party integrates Freja, trains support staff, updates privacy notices, configures attribute requests and includes Freja in authentication flows, removal is not free. For Organisation eID, issued role credentials and revocation processes deepen the link. For white-label, a production deployment could become highly sticky. But Swedish relying parties can often keep multiple identity methods in parallel. That reduces lock-in for Freja because customers can add or remove traffic share without a full platform migration.

The best customer economics would combine low integration friction, recurring subscription revenue, expanding use cases and visible support savings. Public evidence suggests the pieces exist. It does not prove the average mature customer margin.

The company has to manage two different cost curves

Freja's business is not one cost curve. The Fulfilment segment handles secure logistics, programming and distribution of physical devices for digital identities. It produced SEK 13.458 million in 2025 net sales and positive EBIT of SEK 3.815 million. The Freja eID segment is the growth segment, with higher product development and certification cost and negative EBIT. Group management has to decide how much to use fulfilment cash flow, equity financing and customer prepayments to fund the identity platform.

The 2025 balance sheet showed intangible assets of SEK 30.120 million, cash of SEK 14.899 million at year-end and accrued costs plus deferred income that included advance-invoiced customers of SEK 12.720 million. The 2025 cash-flow statement showed cash flow from operating activities of SEK 7.092 million for the year, improved from negative SEK 15.872 million in 2024. It also showed investment in intangible assets of SEK 12.273 million. That is the platform-investment trade: operating cash flow improved, but the company continued capitalising development.

For the relying party, this matters indirectly. A digital identity provider needs to be durable. If Freja underinvests, the service risks falling behind regulation, fraud patterns, accessibility needs, app-store platforms and EU wallet standards. If it overinvests ahead of revenue, the company may need more capital or higher prices. The correct buyer question is not whether the provider is profitable today. It is whether the provider's recurring revenue path can fund the required assurance work over the contract period.

Freja's late-2025 and Q1 2026 data are encouraging. The segment growth rate is high, customer count is rising and public-sector regulation is creating new mandatory access points. The cost base remains the proof burden. Personnel cost, product development and depreciation do not disappear because users like the app. Each new credential, jurisdiction, language, attribute, accessibility requirement and customer category can increase complexity. A narrow login provider can standardise faster. A broad identity assurance provider has a bigger market but a more complex cost base.

The white-label strategy is a good example. A customer that needs its own branded eID may pay meaningfully more than a standard login relying party. Freja can monetise its platform without acquiring every end user under the Freja brand. But white-label also introduces customised requirements, separate operating environments, contractual negotiations, security due diligence and potential delivery risk. It can raise average revenue per customer while reducing product simplicity.

The unit economics are therefore not "more checks means more margin" automatically. They are "more repeatable checks, under standardised assurance and integration patterns, with low support cost, means more margin." That is a higher bar.

What would make one check worth paying for

A relying party should compare Freja against the cost of a failed identity decision. The comparison has at least seven components.

First is fraud loss. If a verified identity prevents a fake account, fraudulent loan, account-takeover flow, illegal age-restricted purchase, unauthorised access to a health record, or fraudulent benefit claim, the value can be large. But prevention value depends on the baseline fraud rate, the attack type and whether the attacker can still socially engineer the user into approving a legitimate-looking transaction.

Second is manual labour. If Freja replaces document upload review, call-centre handling, embassy appointments, staff ID-card administration or repeated passport checks, the value can be measured in minutes and salary cost. The Swedish Migration Agency passport flow is a strong public example of replacing or reducing a physical appointment requirement for some applicants.

Third is conversion. If a digital eID lets a user enter a service quickly, the relying party may lose fewer good users. If the registration or NFC scan fails, conversion may worsen. App-store complaints make this a real watchpoint.

Fourth is compliance. A public actor or regulated business may need a government-approved eID, a strong customer authentication method, an auditable signature, a data-processing agreement or a role-based staff credential. Freja's DIGG approval and Svensk e-legitimation status help here.

Fifth is inclusion. Users without BankID, without a bank relationship, with coordination numbers, with protected identities or coming from abroad may need another route. Freja's business case is strongest when excluding those users has legal, political, service or revenue consequences.

Sixth is resilience. Multiple eID options reduce dependence on one issuer. This matters to public services even if the second option has minority share.

Seventh is integration and switching cost. The relying party must build, test and support Freja. It may need to change authentication screens, train staff, update privacy notices, handle consent text and maintain certificates. A cheap per-check price can be uneconomic if the integration burden is high for a small service.

The available evidence supports Freja on compliance, inclusion, public-sector continuity and product breadth. It is weaker on fraud-loss reduction, support savings, conversion uplift and exact private-sector pricing. That is why the article's conclusion cannot say the unit is already proven across the market. It can say Freja has credible institutional reasons to charge for the unit and that the public record is consistent with rising customer willingness to pay.

Public evidence used

The core evidence is public and inspectable:

The missing data that would change the judgement

The most important missing metric is gross margin per identity decision. Freja reports segment revenue and costs, but not the marginal economics of a login, signature, digital passport check, Organisation eID event or physical ID-card validation. Without that, investors and relying parties cannot know whether growth is improving the unit or simply absorbing more support and development work.

The second missing metric is verified conversion and failure rates. How many users start Freja registration for a relying-party flow and finish? How many fail because of NFC scanning, document type, camera quality, language, age, protected identity, device compatibility or final manual review? What share of failures produce customer-support work for Freja versus the relying party? These data would show whether high assurance is reducing or shifting friction.

The third missing metric is fraud and manual-review displacement. A public authority or bank-adjacent service would want to know whether Freja reduces fraudulent submissions, manual reviews, rework, appeals, support calls and physical appointments. The Migration Agency use case strongly suggests a time-and-travel saving for eligible applicants, but the public material does not disclose aggregate hours saved or case-processing impact.

The fourth missing metric is customer-segment profitability. Municipal OrgID, international-user public services, private e-commerce, regulated finance, physical ID-card verification, white-label infrastructure and fulfilment each likely have different gross margins. A blended segment result hides whether Freja's growth comes from standard scalable usage or from bespoke high-touch customers.

The fifth missing metric is service reliability. Public identity decisions need high availability and rapid incident communication. The public technical surface gives clues about DNS and integration, but not audited uptime, incident postmortems, support response distributions or subcontractor resilience.

These gaps do not undermine the existence of the business. They define the proof still needed.

The public record supports the institutional thesis, not a universal price premium

The evidence supports a restrained version of the thesis. Freja eID can charge for identity assurance when the relying party is buying more than a login: regulatory standing, inclusion of users outside BankID, role-based workplace credentials, digital passport handling, public-service continuity, physical ID-card verification, white-label identity infrastructure or a documented consent-and-attribute exchange. The public record shows growth, public approval, broad product scope and a credible reason for Swedish institutions to add Freja as an identity option.

The public record suggests that Freja's best market is not every routine domestic login. BankID dominance and the coming state eID make basic Swedish authentication a hard place to command premium economics. Freja's stronger claim is that it solves edge cases that are no longer edge cases for institutions: foreign residents, coordination numbers, public services that cannot rely on one issuer, employees acting in a role, sectors that need their own credential, and customers that need a compliant identity route without building it themselves.

The available evidence is consistent with a company moving toward scalable recurring revenue. Freja eID segment net sales grew strongly, subscription customers increased, users increased, public-sector ARR was added for 2026, and NRR/GRR figures in late 2025 suggest expansion inside existing accounts. But the thesis remains unproven without per-check margin, conversion, support, fraud-reduction and retention data by customer segment.

For a relying party, the practical test is simple. If the Freja check replaces a manual process, opens a legally required access route, reduces dependence on a single identity issuer, reaches users the dominant credential misses, or prevents enough high-cost failures, it is worth paying for. If it merely adds another button beside an already working BankID flow without reducing risk, labour or exclusion, the price will be harder to defend. Freja's strategic challenge is to make the avoided failure visible on every invoice.