Cross interview: the GIE SESAM-Vitale & IDEMIA Smart Identity on new Vitale card

Security upgrades and a longstanding partnership behind the new French health card

Read time: 4 minutes

The GIE SESAM-Vitale continues its longstanding partnership with IDEMIA Smart Identity to produce the Vitale card, having awarded the experienced provider of physical and digital identity solutions an eight-year contract, following a new call for tenders. The agreement covers the issuance of nearly 1 million cards per year, with an increased ambition: to address challenges related to cybersecurity, innovation, and industrial continuity.

Jean-Marc VAN BINNEVELD, Card Production Markets Manager at the GIE SESAM-Vitale, and Véronique MENARD-ROPP, Sales Director France at IDEMIA Smart Identity, have both been involved in this project since its inception. Their shared long-term experience and in-depth understanding of the issues enable meaningful dialogue about the strength and evolution of this collaboration.

IDEMIA Smart Identity is a historic partner of the GIE SESAM-Vitale. What does this contract renewal represent?

Jean-Marc VAN BINNEVELD: IDEMIA Smart Identity has been a partner of the GIE SESAM-Vitale since the very creation of the Vitale card. Together, we have seen this key device for the French healthcare system emerge, evolve, and transform. For over two decades, we have shared a common vision and supported every technological and industrial shift. Today, more than 100 million Vitale cards have been produced by our partner—a testament to a lasting, trusted, and high-performing partnership.
This new contract extends that momentum in the spirit of continuity. But it also marks a new phase: one of an integrated vision, from the design of the embedded application to card delivery, with higher requirements in terms of security, resilience, and end-to-end quality.

What are the key features of this new contract?

Véronique MENARD-ROPP: This contract builds on the foundations of previous ones. It includes:

  • the development of the Vitale applet, a new embedded application.
  • its deployment on two electronic chips (dual source), certified under Common Criteria level EAL4+ (equivalent to the security level of bank cards).
  • a guarantee to maintain this dual source (chips, OS, and applet) to prevent any risk of shortage.
  • preparation of production sites and their business continuity plans (BCP).
  • the supply of blank Vitale cards.
  • graphic personalization (printing of personal data on the card) and electrical personalization (secure integration of data into the chip), as well as envelope stuffing, postage, and shipping.
  • the ongoing compliance of all solutions with the required security level, including enhanced qualification.

This contract confirms our role not just as a manufacturer but as a comprehensive player in the value chain. We are leveraging our expertise to deliver qualified, certified solutions that comply with the latest cybersecurity standards.

What benefits are expected from this new generation of cards?

Jean-Marc VAN BINNEVELD: The goal is clear: to enhance security while maintaining ease of use for cardholders. With this new-generation, certified, and upgradable embedded application, we are meeting today’s requirements and anticipating those of tomorrow. As people involved in the project since its beginning, Véronique and I have seen how every evolution has helped strengthen both user experience and system reliability.
The organization we have set up ensures continuous production—even when facing disruptions—while maintaining the highest standard of quality and security.

How do you ensure such operational robustness?

Véronique MENARD-ROPP: We have designed an industrial setup based on resilience and continuity:

  • Two certified electronic chips to guarantee redundancy
  • Two production sites and two personalization sites
  • Dual sourcing of critical components
  • A safety stock of 1.5 million cards

This setup has been continuously strengthened over the years—proving our long-term commitment—and allows us to avoid any service disruption while meeting industrial standards.
From a security standpoint, our smart card operating systems support the most recent standards and are Common Criteria certified. Our technology is also regularly updated with the latest advances in cryptography and security mechanisms.

Beyond technology, what does this partnership represent?

Jean-Marc VAN BINNEVELD: This partnership reflects a shared vision: that of a secure and efficient public service for citizens. Together, we have built a relationship based on trust, mutual understanding, and efficiency. Its longevity is a guarantee of reliability—and I say that with full confidence, having supported this project since its very first steps.

Any final thoughts on this long-term collaboration?

Véronique MENARD-ROPP: It is a great source of pride. Producing more than 100 million Vitale cards is not only a long-term commitment but also a responsibility. Each card represents a direct link between citizens and their healthcare system. This partnership with the GIE SESAM-Vitale embodies what we do best: combining cutting-edge technology, security, and real impact on citizens.

Conclusion:
More than 100 million cards, a new generation of secure applications, EAL4+-certified electronic chips, and a resilient industrial setup: The GIE SESAM-Vitale and IDEMIA Smart Identity are extending a collaboration that combines performance, innovation, and security—all in the service of French citizens and the national healthcare system.

IDEMIA

Subscribe to our newsletter

Receive our key news and keep up with the trends in our markets by subscribing to our newsletter.

By clicking on the "Subscribe" button, you confirm that you agree to IDEMIA’s Terms of Use and Privacy Policy, and agree to the processing of your personal data and acknowledge your related rights, as described therein.

Your email address will be used exclusively by IDEMIA to send you newsletters related yo your selected topics of interest. In accordance with the law, you have rights of access, rectification and erasure of your personal data, as well as opposition of processing, which can be exercised by writing to dpo@idemia.com.