The European Union has been at the forefront of digital transformation, and eIDAS 2.0 is a significant step in enhancing digital identity frameworks. This article explores its history, key features, implications for developers, and key dates.
Understanding eIDAS - What is it?
eIDAS stands for Electronic Identification, Authentication, and Trust Services. Established in 2014, it provides a regulatory framework to increase trust and security in European electronic transactions. The services covered under this regulation include:
- Electronic signatures (via Trust Service Providers)
- Online authentication processes
- Cross-border data exchange
- Digital transactions across member states
Recognising the need for a more integrated and comprehensive approach, the proposal for eIDAS 2.0 was introduced in 2021. The new framework, set for adoption in 2024, aims to enhance security, user control, and interoperability across Europe. A significant addition is the introduction of the European Digital Identity Wallet, which broadens the application of digital identity services.
The Need for Evolution - Towards eIDAS 2.0
The initial eIDAS framework, established in 2014, focused on creating a baseline for electronic identification and trust services across Europe. However, it had a limited scope and siloed implementation. The proposal for eIDAS 2.0 in 2021 aimed to address these limitations by introducing the European Digital Identity Wallet and enhancing the security, interoperability, and user control aspects. The new framework is set for adoption and implementation in 2024.
Figure 01: The Need for Evolution - From eIDAS to eIDAS 2.0
Differences Between eIDAS and eIDAS 2.0
The original eIDAS regulation provided a foundational framework for electronic identification and trust services but needed to be expanded in scope. Here are the key differences between eIDAS and eIDAS 2.0 -
- Scope and Implementation:
- eIDAS (2014): Focused on a limited scope with basic electronic identification and trust services. Implementation was often siloed within individual member states.
- eIDAS 2.0 (2024): Broadens the scope to include the European Digital Identity Wallet, promoting a more integrated approach with enhanced security, user control, and interoperability across the EU.
- Digital Wallets:
- eIDAS (2014): Did not include a digital wallet concept.
- eIDAS 2.0 (2024): Introduces digital wallets for natural and legal persons, allowing secure storage and management of personal and organisational identification data.
- Interoperability:
- eIDAS (2014): Limited interoperability between national systems, leading to fragmented digital identity solutions.
- eIDAS 2.0 (2024): Emphasises interoperability through a defined framework, ensuring compatibility across national systems.
- Security and User Control:
- eIDAS (2014): Provided basic security measures but lacked comprehensive user control over personal data.
- eIDAS 2.0 (2024): Enhances security protocols and aligns with GDPR to ensure stringent data protection and greater user control over personal information.
- Trust Services:
- eIDAS (2014): Established standards for electronic signatures, seals, and timestamps, but with limited enhancements over time.
- eIDAS 2.0 (2024): Strengthens these standards further, ensuring that digital interactions are legally binding and secure across the EU.
Key Features of eIDAS 2.0
Enhanced Electronic Identification (eID):
- Reference: Chapter II, Section 2, Articles 6, 7, 8, 9, 10, 11,12
- Purpose: Establishes a unified approach for electronic identification across EU member states.
- Impact: Ensures mutual recognition of eID schemes, simplifying cross-border digital transactions and reducing barriers. This promotes smoother, more secure interactions between individuals and organisations across member states, enhancing trust and efficiency in digital services.
European Digital Identity Wallet:
- Reference: Chapter I, Section 1, Articles 5a, 5b, 5c, 5d, 5e, 5f
- Purpose: Introduces secure digital wallets for storing personal identification data.
- Impact: Facilitates seamless online authentication, verification of various attributes (such as age and qualifications), secure document sharing, digital signatures, and other transactions requiring verified identity information. Enhances user control, privacy, and security, ensuring users have sovereignty over their personal data and can confidently perform various activities.
Trust Services:
- Reference: Chapter III, Section III, Articles 20 -45, and Articles 46a-46e
- Purpose: Strengthens standards for electronic signatures, seals, timestamps, and website authentication.
- Impact: Enhances the legal standing and security of digital interactions across the EU, providing a robust foundation for trust in electronic transactions. This enables safer, more reliable online services, supporting legal and commercial activities.
Interoperability and Security:
- Reference:
- Purpose: Promotes interoperability between national systems through a defined framework.
- Impact: Ensures compatibility and enforces robust security measures to protect personal data. This fosters a more connected and secure digital single market, making it easier for businesses and individuals to interact across borders, enhancing market efficiency and user convenience.
Data Protection and User Control:
- Reference: Various references across the eIDAS2.0 articles
- Purpose: Aligns with GDPR to prioritise data protection and user control over personal information.
- Impact: Guarantees that personal data is handled with high privacy standards, allowing users to decide what information to share. This reinforces trust in digital services by ensuring that user data is protected and controlled by the users, promoting confidence and compliance with privacy regulations.
Key Dates in the Regulation
- July 2014: eIDAS Regulation (EU) No 910/2014 established.
- June 2021: Proposal for eIDAS 2.0 to include the European Digital Identity Wallet.
- February 2022: Framework development for EUDI digital identity architecture.
- October 2022:Official publication of new trust services and technical architecture.
- June 2023:Implementation guide published by the European Commission.
- February 2024: Formal vote and approval of the eIDAS 2.0 regulation.
- May 20, 2024: eIDAS 2.0 enters into force.
- September 2024: Deadline for Member States to transpose eIDAS 2.0 into national legislation. Member states are expected to notify the Commission of their eID schemes.
- 1 September 2025: European Digital Identity Wallets must be issued to citizens and businesses.
- 2025 - 2026: Initial development and monitoring period for EUDI Wallet.
- September 2026: Deadline for delivering EUDI Wallets to citizens and adapting to new eIDAS 2.0 requirements.
- 2030:Target for 80% of EU citizens and companies to actively use the EUDI Wallet.
European Digital Identity Wallet
The European Digital Identity Wallet is a cornerstone of the eIDAS 2.0 framework. It allows EU citizens and residents to securely store and manage their personal identification data. This wallet, which is detailed in Chapter I, Section 1, Articles 5a-5f, includes the following key features:
- Provision: Each Member State must provide at least one wallet within 24 months of the implementing acts.
- Flexibility: Wallets can be provided directly by a Member State, under a mandate from a Member State, or independently but recognised by the Member State.
- Open-Source: The source code of the application software components must be open-source licensed.
- User Control: Users can securely request, obtain, select, combine, store, delete, share, and present personal identification data.
- Security: High-security standards must be met, including encryption and secure authentication mechanisms.
- Additional Functionalities: Member States may provide additional functionalities to ensure they comply with this regulation.
- Comprehensive Use: Wallets can be used for various applications such as e-government, healthcare, finance, and more, ensuring broad utility and accessibility for users across different sectors.
Implications for Organisations
- Regulatory Compliance: Simplifies adherence to regulations across the EU, enabling the development of cross-border digital services.
- Enhanced Security: Offers developers robust tools to ensure electronic transactions' security and legal validity.
- Interoperability: Provides a framework for creating compatible applications across national systems, enhancing user experience.
- User Trust: Developers can build applications that foster greater user trust by adhering to stringent data protection and trust service standards.
Conclusion
eIDAS 2.0 is a transformative regulation that enhances the digital identity landscape in the EU. By fostering a secure, interoperable, and user-friendly environment for electronic identification and trust services, it paves the way for a truly integrated digital single market. Developers are crucial in implementing these standards, ensuring a safer and more efficient digital future for all.
For more detailed information, visit theEuropean Digital ID Framework.