With a view to ensuring secure, trusted, and seamless access to cross-border public and private services in the EU, the Council presidency and European Parliament representatives reached a provisional political agreement on the core elements of a new framework for a European digital identity (eID).
The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication by means of a personal digital wallet on a mobile phone.
The European digital identity wallet
One of the main policy objectives of the revised regulation is to provide citizens and other residents, as defined by national law, with a harmonised European digital identity means based on the concept of a European digital identity wallet.
As an electronic identification means (‘eID means’) issued under national schemes, the wallet would be an eID means in its own right. The text of the provisional agreement further develops the concept of the wallet and its interplay with national electronic identification means.
A high level of trust
Assurance levels should characterise the degree of confidence in the electronic identification means, thus providing assurance that the person claiming a particular identity is in fact the person to which that identity is assigned. In this respect, the wallet must be issued within an electronic identification system meeting the assurance level ‘high’. The provisional agreement also clarifies that the issuance, use for authentication and revocation of wallets should be free of charge to natural persons. The wallet will also provide the possibility of e-signatures to natural persons free of charge.
Expansion of the list of trust services
In addition, to respond to the dynamics of the markets and to technological developments, the revised regulation expands the current list of trust services with new qualified trust services, including the provision of electronic ledgers and the management of remote electronic signature and seal creation devices.
A harmonised approach to security
The revised regulation also offers a harmonised approach to security, for citizens relying on a European digital identity representing them online, and for online service providers who will be able to fully rely on and accept digital identity solutions independently of where they have been issued.
The new rules imply a shift for issuers of European digital identity solutions, providing a common technical architecture and reference framework and common standards to be developed with member states. Users would therefore be able to rely on an improved ecosystem for electronic identity and trust services recognised and accepted everywhere in the EU.
Alignment with the existing cybersecurity legislation
The revised regulation should leverage, rely on, and mandate the use of relevant and existing cybersecurity act certification schemes to certify the compliance of wallets with the applicable cybersecurity requirements. To align the revised eID regulation and the existing cybersecurity legislation to the extent possible, member states will designate public and private bodies accredited to certify the wallet as provided in the cybersecurity act.
Electronic attestation of attributes by public bodies
The issuance of electronic attestation of attributes, such as medical certificates or professional qualifications, by qualified providers has been retained from the Commission’s original proposal. This way, the text of the provisional agreement ensures a pan-European recognition of such credentials in electronic form and allows users to limit the sharing of identity data to what is strictly necessary for the provision of a service.
The revised framework introduces the obligation for member states to perform unequivocal identity matching for cross-border services.
More information: Council of the EU