Technically, what is happening?

The new BankID is based on the open technology called WebAuthn (The Web Authentication API) developed by FIDO and W3C, with participants from several of the world's largest tech companies. The password becomes redundant and is replaced by "something you are" along with "something you have," the phone or tablet.

WebAuthn is a secure technology that protects users well without sharing unnecessary data. BankID (and WebAuthn) with biometrics/PIN consists of a "key pair" (credentials) consisting of a private key securely stored on your phone and a public key together with a randomly generated key ID used at the site where you want to log in. Your biometrics or PIN never leave the phone, and the technology is well protected.