Table of Contents
- 1 Key Takeaways:
- 2 An Overview of Electronic Identification, Authentication and Trust Services (eIDAS)
- 3 Why eIDAS Needs an Update
- 4 What Is eIDAS 2.0?
- 5 What Are the Objectives of eIDAS 2.0?
- 6 Key Changes in eIDAS 2.0
- 7 The European Digital Identity (EUDI) Wallet
- 8 Impact of eIDAS 2.0 on Stakeholders
- 9 eIDAS 2.0 Timeline
- 10 Conclusion
- 11 Identity.com
Key Takeaways:
- eIDAS 2.0 updates the original eIDAS regulation, offering a standardized framework for electronic identification and trust services throughout the EU.
- This revision targets technological progress, market changes, and the digital economy’s growing demands to improve trust, security, and accessibility in online transactions.
- A key feature of eIDAS 2.0 is the European Digital Identity Wallet (EUDI Wallet), which enables EU citizens to securely store, manage, and share their identity data, credentials, and attributes as needed.
In 2014, the European Union took a significant step towards reshaping and unifying its digital landscape through the adoption of a unified legal framework known as eIDAS, which stands for Electronic Identification, Authentication, and Trust Services. Moreover, this advancement provided individuals and businesses within the EU with trusted identities valid for cross-border transactions among EU member states. With their national electronic identification (eID), users could access public services and conduct business across different EU countries. They enjoy the same level of security and legal validity as traditional offline methods offer. Building on this foundation, the introduction of eIDAS 2.0 seeks to further enhance the digital infrastructure, promising even greater efficiency and trust in the digital economy.
An Overview of Electronic Identification, Authentication and Trust Services (eIDAS)
The eIDAS regulation, adopted in 2014 and fully implemented in 2018, establishes a clear legal framework for electronic identification (eID) and trust services in the European Union. It defines their legal status, admissibility as court evidence, and enables cross-border recognition of eIDs. This means individuals can use their eID with the same level of trust and validity across all EU member states.
eIDAS focuses on two key areas:
- Electronic Identification: eIDAS sets standards and requirements for eID systems, allowing them to function with varying levels of security (assurance levels) for accessing online services across the EU. This simplifies online interactions for citizens. It enables them to easily log in to government portals, bank accounts, or other services regardless of their home country.
- Trust Services: The regulation covers a wide range of trust services, such as electronic seals, timestamps, and website authentication certificates. These services play a crucial role in verifying the authenticity, trustworthiness, and security of electronic transactions.
Why eIDAS Needs an Update
The eIDAS regulation, adopted in 2014, aimed to create a unified system for secure electronic identification (eID) across Europe. While successful in many ways, the digital identity landscape has evolved significantly. New services and eID models have emerged, creating a fragmented market. Private companies now offer eID solutions, but these often lack the clear rules and transparency of “approved” eIDAS schemes. These approved schemes undergo rigorous checks and are recognized across the EU, ensuring a high level of security.
Today’s users expect a seamless and secure online experience. They want to easily access both public and private services (like healthcare and banking) with a single login. Unfortunately, current solutions fall short. eIDAS primarily focuses on accessing public services across borders, neglecting the needs of the private sector. Even for public services, there are still barriers, leaving many citizens without access to trusted eIDs that work across borders. In fact, only 59% of EU residents can currently use a trusted eID across the EU.
Social media and other private companies offer login options using existing accounts (like Facebook or Google login), but these raise concerns about data control and security. They often lack verification against physical identities, making them more vulnerable. Additionally, using these platforms across services can lead to unclear data sharing and privacy issues. Studies show many users are unaware of how their data is used, and lengthy privacy policies hinder informed decisions.
While secure, existing eIDs under eIDAS have limitations in usability within the private sector, identity verification, data management, and user control. This mirrors concerns about platform login solutions.
These issues, along with weaknesses in member state notification procedures and trust service framework implementation, necessitate an eIDAS update. While eIDAS provides legal certainty for some services, challenges remain in ensuring consistent oversight and security levels across the EU. Addressing these problems is critical for a more effective, secure, and inclusive electronic identification system in Europe.
What Is eIDAS 2.0?
Building on the foundation of the first eIDAS regulation, eIDAS 2.0 seeks to address its shortcomings and move the EU towards a more secure, user-centric, and inclusive digital identity landscape. It prioritizes enhancing efficiency within the internal market, particularly for cross-border and cross-sector services (both public and private) that rely on secure electronic identification solutions.
The EU’s digital strategy is centered on achieving the goals outlined in its 2030 Digital Compass. Key milestones include granting citizens online access to essential public services and their electronic medical records by 2030. eIDAS 2.0 plays a fundamental role in achieving these goals by empowering citizens with a secure and user-friendly digital identity and fostering a thriving EU digital single market.
What Are the Objectives of eIDAS 2.0?
The primary goals of eIDAS 2.0 include:
- Seamless Cross-Border Digital Identity: Ensure individuals and businesses have access to secure and user-friendly digital identity solutions that function seamlessly across EU member states, meeting both user expectations and market demands.
- Cross-Border Public and Private Services: Enable both public and private service providers to confidently rely on secure digital identity solutions when delivering services across borders.
- User Control and Data Security: Empower citizens with complete control over their personal data used within digital identity solutions. Guarantee data security to enhance trust and confidence in the digital ecosystem.
- Level Playing Field for Trust Services: Promote equal conditions for qualified trust services across the EU. This fosters a fair environment for service providers and strengthens trust in digital transactions.
Key Changes in eIDAS 2.0
The transition from eIDAS to eIDAS 2.0 introduces two primary changes:
- Trust Services: eIDAS 2.0 refines the rules for qualified trust service providers (QTSPs), particularly those concerning identity verification for individuals and businesses receiving qualified certificates. This ensures clearer and more harmonized regulations across the EU. Additionally, it introduces new qualified trust services, such as digital archiving, electronic ledgers, and managing remote electronic signature devices.
- European Digital Identity Wallet (EUDI Wallet): A key innovation in eIDAS 2.0 is the EUDI wallet. This secure, user-controlled digital wallet allows individuals to store, manage, and selectively share their identity data, credentials, and attributes. Users can access various online and offline services using the EUDI wallet. When needed, they can conveniently share their credentials with relying parties for authentication purposes. Relying parties are any public or private entities (e.g., government agencies, online businesses) that depend on electronic identification or trust services to verify user identities or use electronic signatures during online interactions.
The European Digital Identity (EUDI) Wallet
EU member states are required to issue an EUDI wallet under a secure, compliant electronic identification scheme. These wallets adhere to common technical standards, undergo mandatory compliance checks, and may also undergo optional certifications within the European cybersecurity framework. Importantly, certification procedures align with the strict data protection regulations outlined in the General Data Protection Regulation (GDPR), guaranteeing strong safeguards for user data privacy.
Features of the EUDI Wallet
- Issuance: Free for users (though businesses may incur costs), EUDI wallets are issued under a high-assurance eID scheme and come with built-in validation mechanisms to ensure authenticity.
- Functionality: Users can securely request, store, select, and share verified personal data and electronic proofs of attributes with their consent. This enables seamless authentication for online and offline access to various public and private services. The wallet also allows users to sign documents with qualified electronic signatures.
- User Control and Privacy: EUDI wallets prioritize user control. Users have complete transparency and control over how their data is used within the wallet. Wallet issuers cannot collect unnecessary information or combine user data with other services without explicit user consent.
- User-Friendly Interface: Designed for ease of use, EUDI wallets can be accessed even without an internet connection. The interface displays an “EU Digital Identity Wallet Trust Mark” to assure trust service providers issuing electronic documents and certificates to the wallet. Relying parties (e.g., online businesses) can easily authenticate user credentials and personal information before granting access to services.
- Inclusive Accessibility: The wallets comply with accessibility standards for people with disabilities.
- Security: EUDI wallets prioritize high security standards with encryption and authentication mechanisms to protect user data and prevent unauthorized access or data breaches.
- Digital Documents: Users can securely store and share various digital credentials and documents, such as national ID cards, driver’s licenses, and educational certificates.
- Voluntary Adoption & Convenience: Using an EUDI wallet is entirely voluntary, but it offers increased convenience, security, and efficiency compared to traditional methods.
- Pseudonym Option: Users can choose to use pseudonyms when legal identification isn’t required.
- Transparency and Auditability: Member states are required to disclose wallet source codes (with limited security exceptions) for transparency and auditing purposes.
- Violation Reporting: The wallet dashboard allows users to track transactions, report data protection issues, and request data deletion.
- Mutual Recognition & Interoperability: Electronic identification issued in one member state is recognized by both online and offline public and private entities across all EU member states. This enables seamless cross-border authentication and service access.
Use Cases of the EUDI Wallet
The EUDI wallet has a wide range of use cases, including:
- Online access to government services
- Opening bank accounts
- Applying for university
- Filing tax returns
- Verifying age and other identity attributes
- Managing eHealth data
- Paperless travel
- Accessing online subscriptions
Impact of eIDAS 2.0 on Stakeholders
The proposed eIDAS 2.0 regulations aim to create a more secure and user-friendly digital identity system across the European Union. This benefits a wide range of groups, including citizens, businesses, service providers, etc.
Here’s what’s expected:
- Easier and More Secure Transactions: eIDAS 2.0 streamlines online interactions with standardized authentication methods, boosting security and convenience.
- Improved User Experience: Both individuals and organizations will experience a smoother flow when accessing services online.
- Enhanced Customer Service: Organizations can offer improved customer experience by eliminating the need for users to manage multiple digital identities.
- Inclusive Access: eIDAS 2.0 widens access to services for everyone. This is especially beneficial for those with disabilities or residing in remote areas, as it reduces the requirement for physical presence.
- Robust Security and Privacy: A privacy-by-design approach prioritizes data security, minimizing the risk of identity theft.
- Stimulated Economic Growth: Standardization clarifies market conditions, encouraging innovation and economic growth.
- Simplified Regulatory Compliance: eIDAS 2.0 facilitates adherence to crucial cross-border regulations like KYC (Know Your Customer), AML (Anti-Money Laundering), and GDPR (General Data Protection Regulation).
eIDAS 2.0 Timeline
The European Union recently approved the updated eIDAS regulation (eIDAS 2.0) on February 29, 2024. While an official effective date hasn’t been announced yet, we can expect some clarity soon.
Here’s a quick timeline of its development:
July 2020: An evaluation of the original eIDAS regulation, mandated by Article 49, was completed.
June 2021: The European Union proposed an update to eIDAS.
December 2022: The Council of the European Union adopted a common position on the updated regulation.
November 2023: Negotiators from the European Parliament and the Council reached a provisional agreement.
February 2024: The European Parliament formally adopted the updated eIDAS 2.0 proposal.
The official publication date in the EU’s Official Journal will trigger the official effect. After that, member states will have 24 months to implement the new regulation. This includes providing citizens with access to the European Digital Identity (EUDI) wallet.
Conclusion
The recently approved eIDAS 2.0 regulation marks a significant step towards a secure and interoperable digital identity ecosystem across the European Union. By prioritizing user-friendliness, robust security, and streamlined processes, eIDAS 2.0 empowers citizens, businesses, and governments alike. While the exact implementation timeline is still forthcoming, the foundation is now laid for a more secure and inclusive digital future for all Europeans.
Identity.com
Observing regulations like eIDAS is crucial for a organization like ours, which is deeply involved in the digital economy and, most importantly, the digital identity that drives it. The work of Identity.com, as a future-oriented company, is helping many businesses by giving their customers a hassle-free identity verification process. Our company envisions a user-centric internet where individuals maintain control over their data. This commitment drives Identity.com to actively contribute to this future through innovative identity management systems and protocols.
As members of the World Wide Web Consortium (W3C), we uphold the standards for the World Wide Web and work towards a more secure and user-friendly online experience. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more info about how we can help you with identity verification and general KYC processes.