With a view to ensuring secure, trusted, and seamless access to cross-border public and private services in the EU, the Council presidency and European Parliament representatives reached a provisional political agreement on the core elements of a new framework for a European digital identity (eID).
The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication by means of a personal digital wallet on a mobile phone.
More and more people are using their identity and credentials in everyday contacts with public and private entities. A European digital identity wallet is therefore indispensable. This way, at least 80% of EU citizens should be able to use a digital ID solution to access key public services by 2030.
Erik Slottner, Swedish minister for public administration
The European digital identity wallet
One of the main policy objectives of the revised regulation is to provide citizens and other residents, as defined by national law, with a harmonised European digital identity means based on the concept of a European digital identity wallet.
As an electronic identification means (‘eID means’) issued under national schemes, the wallet would be an eID means in its own right. The text of the provisional agreement further develops the concept of the wallet and its interplay with national electronic identification means.
A high level of trust
Assurance levels should characterise the degree of confidence in the electronic identification means, thus providing assurance that the person claiming a particular identity is in fact the person to which that identity is assigned. In this respect, the wallet must be issued within an electronic identification system meeting the assurance level ‘high’. The provisional agreement also clarifies that the issuance, use for authentication and revocation of wallets should be free of charge to natural persons. The wallet will also provide the possibility of e-signatures to natural persons free of charge.
Expansion of the list of trust services
In addition, to respond to the dynamics of the markets and to technological developments, the revised regulation expands the current list of trust services with new qualified trust services, including the provision of electronic ledgers and the management of remote electronic signature and seal creation devices.
A harmonised approach to security
The revised regulation also offers a harmonised approach to security, for citizens relying on a European digital identity representing them online, and for online service providers who will be able to fully rely on and accept digital identity solutions independently of where they have been issued.
The new rules imply a shift for issuers of European digital identity solutions, providing a common technical architecture and reference framework and common standards to be developed with member states. Users would therefore be able to rely on an improved ecosystem for electronic identity and trust services recognised and accepted everywhere in the EU.
Alignment with the existing cybersecurity legislation
The revised regulation should leverage, rely on, and mandate the use of relevant and existing cybersecurity act certification schemes to certify the compliance of wallets with the applicable cybersecurity requirements. To align the revised eID regulation and the existing cybersecurity legislation to the extent possible, member states will designate public and private bodies accredited to certify the wallet as provided in the cybersecurity act.
Electronic attestation of attributes by public bodies
The issuance of electronic attestation of attributes, such as medical certificates or professional qualifications, by qualified providers has been retained from the Commission’s original proposal. This way, the text of the provisional agreement ensures a pan-European recognition of such credentials in electronic form and allows users to limit the sharing of identity data to what is strictly necessary for the provision of a service.
The revised framework introduces the obligation for member states to perform unequivocal identity matching for cross-border services.
Technical work will continue to complete the legal text in accordance with the political agreement. When finalised, the text will be submitted to the member states’ representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EU’s Official Journal and enter into force.
In June 2021, the Commission proposed a framework for a European digital identity that would be available to all EU citizens, residents and businesses, via a European digital identity wallet.
The proposed new framework amends the 2014 regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS regulation), which laid the foundations for safely accessing public services and carrying out transactions online and across borders in the EU.
The proposal requires member states to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification. To set up the necessary technical architecture, speed up the implementation of the revised regulation, provide guidelines to member states and avoid fragmentation, the proposal was accompanied by a recommendation for the development of a Union toolbox defining the technical specifications of the wallet.