eIDAS 2.0 - The European Digital Identity Wallet

In June 2021, the European Commission proposed an update to its pan-European digital identity framework. It will enable every European to have a set of digital identity credentials that are recognized all across the EU – otherwise known as European Digital Identity (EUDI) Wallets. These ‘wallets’ are mobile applications or cloud services that collect and store digital credentials and allow them to be used secretly and securely for numerous government and non-government use cases.

At the heart of this initiative is eIDAS 2.0.

A background on the European eID Framework

Until now, the eIDAS regulation has only focused on online identification. However, the new proposal – eIDAS 2.0 – aims to extend identity to the world of physical services which can be accessed from anywhere around the globe. This leads to a requirement for a secure, trusted and efficient identification process that provides customers with a seamless experience when enrolling or using services, or buying products.

An electronic identity (eID) is a means for individuals to prove their identity electronically in order to gain access to services. In the European Union, a central authority – the government – securely stores personal identifying data in order to issue physical ID documents. This is nothing new as we have been accessing documents such as passports, European identity cards and so on, for many years.

These services have become embedded, expected and relied upon in our ‘day-to-day’ lives. Individuals trust their IDs and extend this trust into the digital world, where they use this information to gain access to a variety of services that require proof of identity, such as opening an online bank account, applying for various types of insurance or ‘patient access’ apps that connect the individual to healthcare services, appointments and data, when required.

The updated eIDAS 2.0 initiative is carried out by the European Commission. This new eID strategy is built on the existing cross-border legal framework for trusted digital identities, the European electronic identification and trust services initiative (eIDAS Regulation), which was adopted in 2014. The eIDAS Regulation establishes the framework for cross-border electronic identification, authentication and website certification within the European Union.

By September 2023, all EU member states must ensure that a Digital Identity Wallet (DIW) is available to all EU citizens, residents and businesses in the EU and usable not only for identity documents but for all attestations, including those with sensitive personal data, such as health-related data and documents.

The Evolving Framework - eIDAS 2.0

The revised proposal will focus on some of the most significant issues that affected the earlier framework. For instance, the eIDAS 2.0 framework will be able to use a self-sovereign identity (SSI) that places complete control of all identifying information in the hands of the end-users that it applies to, in both public and private partnership frameworks, as opposed to enforcing a single, rigid ID that openly reveals everything about an individual indefinitely.

Here is an example of some of the use cases:

For citizens - secure and trusted identification to access online services:

Public services such as requesting birth certificates, medical certificates, reporting a change of address
Payment authentication with a high degree of security and access to various financial services
Filing tax returns
Travel credentials such as travel passes and digital COVID certificates and also biometric verification
Checking in to a hotel
Providing documents for qualification recognition when applying for education, at home or in another Member State
Access to a personal patient summary or ePrescription
Electronic signature creation and acceptance
Renting a car using a fully digital driving license

For businesses:

Organizational digital identity that will allow a national company registry to issue company related attributes and legal entity identifiers as electronic attestation of attributes (EEAs)
Digitalization of services translates to streamlined services, cost savings, and flexibility and convenience for customers
Business continuity - trusted digital identity has become paramount as ’in-person’ contact becomes less and less
Customer onboarding for banks - due diligence checks that will rely on the wallet to undertake AML and KYC processes
Forms can be prefilled with certified attributes shared by the wallet

All of these use cases require strong user authentication and our earlier article provides details on the required Digital Identity Trust criteria.

Furthermore, in response to market dynamics and technological developments, eIDAS 2.0 adds three new qualified trust services to the current eIDAS list:

Electronic archiving services,
Electronic ledgers,
The management of remote electronic signature and seal creation devices.

Some of the Key Benefits of eIDAS 2.0

1. eIDAS 2.0 will be available to anyone - Any EU citizen, resident, and business in the Union who would like to make use of the European Digital Identity will be able to do so.

2. eIDAS 2.0 is compliant with the General Data Protection Regulation (GDPR).

3. eIDAS 1.0 was too ‘rigid’ and not at all flexible. The eIDAS 2.0 SSI structure will put the end-user in control of all identifying information.

4. The emphasis of ‘sole control’ is extremely welcome. This allows all EU citizens to exercise their rights to a digital identity that remains completely under their control.

5. Giving users complete control over all identifying information will encourage further adoption and increase user trust.

6. eIDAS 1.0 wasn’t particularly well designed for the private sector. However, with eIDAS 2.0, every industry will be able to benefit from certain aspects of the identification system.

7. eIDAS 2.0 will facilitate the digital transformation of all sectors.

8.These SSIs can provide the capability to validate only selected, vital aspects of an individual required for a particular transaction, without revealing all of their information. This is achieved by leveraging the usage of cryptographic proofs. This concept will deliver a high degree of authenticity while also respecting customer privacy,