In 2014, the European Union introduced the eIDAS regulation (Electronic IDentification, Authentication and trust Services) with the aim of making digital transactions accessible and secure for all European citizens and to dictate the conditions for the cross-border recognition of electronic means of identification, or digital identities.
Shortcomings of eIDAS
In subsequent years, however, the objectives of the regulation have not been pursued and achieved in a homogeneous manner in the Member States: not all countries have notified at least one digital identity system to the Commission and only 59% of citizens residing in Europe have a digital ID. Moreover, cross-border recognition has not – in concrete terms – been as successful as hoped.
eIDAS 2.0: Addressing the Shortcomings
In 2021, the European Commission, while acknowledging the foundations laid by eIDAS for the development of a market for identification and trust services in the European Union, therefore noted the need to update it in order to achieve new strategic objectives.
The update of eIDAS aims, in particular, to:
- Put personal data sovereignty back in the hands of citizens and ensure a level playing field in the use of trust services throughout the EU in line with the GDPR;
- Counter the centralized management of information by large technology companies;
- Promote the adoption of a secure and reliable European digital identity, as well as the increase of interoperability of trust services within the EU to contribute to the creation of a unified European digital market.
This will involve increasing standardization of the methods of providing trust services and using digital identities.
What’s New in eIDAS 2.0?
The revision process will conclude with the imminent publication in the Official Journal of the European Union of the revision of the eIDAS regulation (the amendments have already been officially approved by the European Parliament on 29 February 2024 and by the Council of the European Union on 26 March last) which will introduce significant innovations.
Among these, of fundamental importance are the introduction of the European Digital Identity Wallet (EUDI Wallet) and the creation of new trust services such as the electronic attestation of attributes, the remote management of qualified signature and seal devices, electronic archiving and electronic registers.
European Digital Identity Wallet (EUDI Wallet)
With eIDAS 2.0, the EUDI Wallet is born, the European Digital Identity Wallet intended to be a digital identity accepted and valid throughout the EU which, functioning as a real digital “wallet”, will allow users to collect and spend data relating to their identity and electronic attestations of attributes to third parties and to other users of European digital identity wallets. The ambition is that every citizen will be able to use it anywhere in Europe to do anything, from paying taxes to renting a bicycle.
Based on a decentralized model, the EUDI will guarantee greater privacy and protection of users’ personal data, giving them back control over their identity.
The EUDI Wallet will be issued compulsorily within 24 months from the entry into force of the technical rules and may be provided directly by a Member State, on its behalf or by private entities even prior to the recognition of the Wallet by the Member State. The Wallet must also allow individuals to sign with a qualified electronic signature free of charge for non-professional purposes.
Electronic Archiving among Trust Services
In the current version of eIDAS, the concept of electronic archiving is limited to the preservation of qualified electronic signatures. With eIDAS 2.0, electronic archiving will be understood as a service that allows the receipt, preservation, consultation and cancellation of electronic data and electronic documents in order to guarantee their durability, readability, integrity, confidentiality and provenance for the entire retention period and will finally become a trust service in its own right alongside the existing one.
Impacts and Opportunities of eIDAS 2.0
The revision of eIDAS offers a unique opportunity for innovation and economic growth in the field of digital identities and will have a significant impact on various actors, including digital service providers, Qualified Trust Service Providers and European citizens. However, there are still some challenges to be faced, such as the path towards harmonizing the security levels of digital identities and the economic sustainability of the new model.
In conclusion, eIDAS 2.0 represents an important step forward in the unification and integration of trust services in Europe. With the adoption and implementation of these new regulatory provisions, the EU will be able to continue to lead the way towards a more secure, reliable and interoperable digital environment for all its citizens and businesses. A further step towards innovation and digitization.