What is eIDAS 2.0?
eIDAS 2.0 is intended to reform the eIDAS Regulation from 2014 and eliminate previous weaknesses in the regulation as well as introduce so-called trust services and the ID wallet.
The European Commission presented a revision of the eIDAS Regulation back in June 2021. This proposal is often discussed under the buzzwords eIDAS 2021 or eIDAS 2.0.
Changes are planned in three areas:
- Weaknesses of the current version eliminated
- Additional trust services: electronic registered mail, electronic certificates for authentication, etc.
- eID Wallet: digital proof of identity for the entire European Union
Article 49 of the eIDAS Regulation states that the European Commission should review the application of the Regulation and report to the European Parliament and the Council by July 1, 2020. The aim of this evaluation mechanism was to analyze the effectiveness, efficiency, relevance, coherence and European added value of the eIDAS Regulation.
The evaluation report, which was completed in October 2020, takes stock of the regulation at the current time, its weaknesses and areas for improvement. In particular, it states that fundamental changes need to be made to the eIDAS Regulation in order to support the use cases for identification required by the private sector. Although work on eIDAS 2.0 began in 2018, it confirms and highlights the upcoming developments in detail.
The draft is currently being voted on by the Council of Ministers. It was originally due to come into force in the second or third quarter of 2023. However, a delay until 2024 is currently expected.
What will eIDAS 2.0 change?
Since the original conception of the eIDAS Regulation in 2012, the framework for trust services in our society has changed significantly. Indeed, the exponential use of online services—under the pressure of the quarantine imposed during the pandemic and the evolution of our digital habits—has drastically highlighted the need for a new framework. In addition to taking into account new electronic trust services, the so-called eIDAS “2.0” will also focus on greater normativity, in particular on the technical and operational requirements demanded of trust service providers.
Another reason for eIDAS 2.0 is that the eIDAS Regulation has not yet fully succeeded in fulfilling its original purpose.
- Only 60% of EU citizens have access to a trustworthy identification system, while acceptance is even lower.
- For its part, the interoperability of national services and infrastructures is not considered sufficient.
It therefore seemed necessary to renew the legal framework to bring it more in line with new identification practices and to promote the intra-Community integration of trust services. For legislators, amending eIDAS will also facilitate innovation and research.
Ultimately, the eIDAS 2.0 Regulation will ensure a more uniform implementation across all EU Member States to reduce the inconsistencies and differences of interpretation that occurred in the national implementation of the first eIDAS. It will also introduce new types of electronic trust services that were not previously foreseen, such as electronic proof-of-delivery services, electronic seals and qualified electronic archiving.
eIDAS 2.0 also introduces the concept of the European Digital Identity Wallet (DIW), i.e. a digital platform that facilitates identity management. This wallet will allow anyone to identify themselves online and offline on the territory of the EU for public or private services. It will also allow users to manage the sharing of their information. Its “high” level of security will be guaranteed by requirements included in this regulation, the verification and certification of which will be the responsibility of public or private actors designated by the Member States.
For example, the introduction of the concept of “zero proof knowledge” is intended to strengthen existing cryptographic means. By allowing a party to prove that it has a certain piece of information without having to disclose it, the accuracy of its statement is de facto proven.
The final proposal for the eIDAS 2.0 Regulation was published on June 3, 2021, with entry into force planned for September 2023. From this date, all member states will be obliged to provide their citizens with a digital identity folder.
Which countries and sectors will be affected by eIDAS 2.0?
The eIDAS 2.0 regulation will affect many areas of the lives of citizens of EU member states and European Economic Area (EEA) member states.
On the industry side, the majority of sectors providing online services that require a trusted electronic solution will be affected by this update. The proposal to amend the eIDAS regulation emphasizes that many sectors will benefit. The sectors mentioned by name are health, transportation, energy, banking and finance, postal services, education, digital infrastructure and drinking water. But other, unnamed sectors may of course also be affected, depending on how they use digital services and online transactions.
The public sector will clearly be one of the happy beneficiaries of the updated eIDAS regulation, as the use cases for facilitating public life will multiply. Government authorities will be directly affected as they will need to facilitate cross-border access to online public services while enabling mutual recognition of electronic identities.
What will the Digital Identity Wallet be used for?
The European Identity Card or Digital Identity Wallet (DIW) is a digital platform that will allow anyone to store and manage their electronic identities in one place, in a secure and transparent way. It will be able to store the verified elements of the biometric national ID card and authenticated and certified personal attributes such as driver’s license, birth certificate or even diplomas. This electronic wallet – which complies with the GDPR and the Cyber Security Act – will also allow European citizens to take back control of their data by opening up the settings for them to share their data.
As emphasized in the proposed amendment to the eIDAS Regulation, the European Identity Card is “increasingly seen by the public and private sectors as the most appropriate tool to allow users to decide when and with which private service provider they share numerous identity attributes, depending on their use case and security needs.”
The DIW is highly secure and can also be used offline, which will be of particular benefit to the healthcare sector in the context of ePrescriptions. It will also allow users to create their own qualified electronic signatures (QES) and seals, which will be accepted throughout the European Union. The European ID card is also intended for the business world, as it offers the possibility of creating powers of attorney and e-mandates. The aim is to simplify administrative procedures and reduce costs.
To ensure a high level of acceptance, interoperability with other services in the European Union must be guaranteed. This means that users will be able to share their information and interact with different platforms and services without having to register again. This should prove particularly useful in the transportation, medical and banking sectors.
The European Identity Card is an important and essential part of eIDAS 2.0 as it helps to promote and adopt electronic identification and trust services in the European Union. In addition, it is a further step of the European Union toward more data sovereignty. Finally, it also fulfills the objectives of personal data protection by giving power back to users over the management and sharing of their personal information.
By 2030, it is estimated that 80% of Europeans will be using wallet-based digital identifiers. From now on, digital identity will no longer be confined to cyberspace, but will be integrated into all aspects of our daily lives. In this way, the digital state will continue to evolve, offering solutions integrated with public infrastructures.
For businesses and trust service providers, the outlook is positive, as the market will continue to grow an estimated 19% from now until 2028, according to a Marketsandmarkets study. Finally, it is a safe bet that the digital wallet will continue to progress into our daily lives, facilitating users’ habits in all areas of their lives. Accelerated border crossings, remote notarized signatures and financial transactions in three clicks – this is the future that a strong digital identity promises. In terms of trends, the quality of the user experience and the protection of personal data will continue to drive the fundamental needs of users of such solutions.
Although the future leans toward the unification of identification services, the road ahead is still long and strewn with pitfalls. While European players will tend to standardize their services using eIDAS 2.0, the task of interoperability and standardization remains colossal.