The expansion of e-Government and online authentication possibilities in recent years increases the risk of not properly implemented authentication systems. This may often give rise to subsequent risks, such as identity theft. Whereas the legal framework has primarily focused on identity theft as a criminal act, less attention has been given to the way the Government handles information in its identity management systems. This paper considers traditional theories of European extra-contractual liability/tort law to assess whether the Government can be liable for failures in the authentication procedure.