To ensure secure, reliable and seamless access to cross-border public and private services in the EU, the Council and European Parliament have reached a preliminary political agreement on the main elements of a new framework for a European digital identity (eID).
The revised regulation represents a clear revolution for digital identity in Europe and should give individuals and businesses universal access to secure and reliable electronic identification and authentication through a personal digital wallet on the cell phone.
More and more people are using their identity and data in their daily contact with companies and government agencies. A European digital identity wallet is therefore indispensable. Thanks to this agreement, by 2030 at least 80% of citizens will be able to identify themselves electronically to access essential public services.
One of the main policy goals of the revised regulation is to provide citizens and other residents, as defined in national law, with a harmonized European digital identity, based on the concept of a European digital identity wallet.
As an electronic identifier issued under national regulations, the wallet will be an eID tool in its own right. The preliminary agreement elaborates on the concept of the wallet and its interaction with national electronic identifiers.
The confidence level should reflect the degree of trust that can be placed in the electronic identifier, and thus provide assurance that the person claiming a particular identity is actually the person with that identity. Therefore, the wallet must be issued within an electronic identification system that meets the confidence level "high." The preliminary agreement also clarifies that the issuance, use for authentication and revocation of wallets must be free of charge to individuals. Through wallets, individuals can also use electronic signatures free of charge.
In line with market dynamics and technological developments, the revised regulation expands the list of trust services to include new qualified trust services, including the provision of electronic registries and the management of remote electronic signature and seal creation devices.
The revised regulation also provides a harmonized approach to security for citizens who rely on a European digital identity when operating online and for online service providers who will be able to trust and accept digital identity solutions regardless of where they are issued.
The new rules represent a shift for providers of European digital identity solutions, providing a common technical architecture as well as a reference framework and common standards to be developed with member states. Users would therefore be able to rely on an enhanced ecosystem for electronic identity and trust services recognized and accepted across the EU.
The revised regulation should leverage, rely on, and require the use of existing certification schemes from the cybersecurity regulation to certify that the wallet meets cybersecurity requirements. To maximize alignment between the revised eID regulation and existing cybersecurity legislation, member states will designate public and private entities accredited to certify the wallet as provided for in the cybersecurity regulation.
The issuing of electronic attestations, such as medical certificates or professional qualifications, by qualified service providers has been taken over from the Commission's original proposal. In this way, the preliminary agreement ensures pan-European recognition of this data in electronic form and allows users to limit the sharing of identity data to what is strictly necessary to provide a service.
Under the revised framework, member states must conduct a unified comparison of identity data for cross-border services.
Technical work will continue in order to complete the legal text in accordance with the political agreement. Once the text is ready, it will be submitted to the Member States' representatives (Coreper) for approval. After updating by the lawyer-linguists, the revised regulation will then have to be formally adopted by the Parliament and the Council before it can be published in the EU Official Journal and enter into force.
In June 2021, the Commission proposed a European digital identity framework that would be available to all EU citizens, residents and businesses through a European digital identity wallet.
This new framework amends the 2014 regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS regulation). That laid the foundation for secure access to public services and execution of transactions, online and cross-border, in the EU.
The proposal requires member states to issue a digital wallet under a notified eID system, based on common technical standards and following mandatory certification. The proposal was accompanied by a recommendation for the development of an EU toolbox containing the technical specifications of the wallet to speed up the implementation of the revised regulation, provide guidance to Member States and avoid fragmentation.
eIDAS regulation, Council general approach, December 6, 2022
