To ensure a trusted and secure digital identity for all Europeans, the Council adopted a new framework for a European digital identity (eID).
The European digital identity wallet
The revised regulation constitutes a clear paradigm shift for digital identity in Europe. It aims to ensure that people and businesses across Europe have universal access to secure and trustworthy electronic identification and authentication.
Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, qualifications, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets simply, using their mobile phones.
The new European digital identity wallets (EDIWs) will enable all citizens to access online services with their national digital identification, which will be recognised throughout the EU, without having to use private identification methods or unnecessarily share personal data. User control ensures that only information that needs to be shared will be shared.
Main elements of the revised regulation
The co-legislators maintained the general thrust of the Commission proposal for an upgraded framework that will improve the effectiveness and extend the benefits of secure and convenient digital identity to the private sector and for mobile use. Interinstitutional discussions strengthened the legislation in several areas that are important for citizens. The wallet will contain a dashboard of all transactions accessible to its holder both online and offline, offer the possibility to report possible violations of data protection, and allow interaction between wallets. Moreover, citizens will be able to onboard the wallet with existing national eID schemes and benefit from free e-signatures for non-professional use. The main elements of the revised law can be summarised as follows:
- by 2026, each member state must make a digital identity wallet available to its citizens and accept EDIWs from other member states according to the revised regulation
- sufficient safeguards have been included to avoid discrimination against anyone choosing not to use the wallet, which will always remain voluntary
- the wallet’s business model: issuance, use and revocation will be free of charge for all natural persons
- the validation of electronic attestation of attributes: member states are required to provide free-of-charge validation mechanisms only to verify the authenticity and validity of the wallet and of the relying parties’ identity
- the code for the wallets: the application software components will be open source, but member states are granted leeway so that, for justified reasons, specific components other than those installed on user devices need not be disclosed
- consistency has been ensured between the wallet as a form of eID and the scheme under which it is issued.
Finally, the revised law clarifies the scope of the qualified website authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
Next steps
The revised regulation will be published in the EU’s Official Journal in the coming weeks and will enter into force 20 days after its publication. The regulation will be fully implemented by 2026.
Source: Council of the EU | Press release (https://shorturl.at/fxGKT)