Table of Contents
- 1 Key Takeaways:
- 2 An Overview of Electronic Identification, Authentication and Trust Services (eIDAS)
- 3 Why eIDAS Needs an Update
- 4 What Is eIDAS 2.0?
- 5 What Are the Objectives of eIDAS 2.0?
- 6 What Are the New Updates in eIDAS 2.0?
- 7 The European Digital Identity (EUDI) Wallet
- 8 Impact of eIDAS 2.0 on Stakeholders
- 9 eIDAS 2.0 Timeline
- 10 Conclusion
- 11 Identity.com
Key Takeaways:
- eIDAS 2.0 is the updated version of the Electronic Identification, Authentication, and Trust Services regulation (eIDAS) by the European Union.
- eIDAS 2.0 aims to improve the security, usability, and inclusivity of electronic identification (eID) and trust services across the EU.
- A key feature of eIDAS 2.0 is the European Digital Identity Wallet (EUDI Wallet), which enables EU citizens to securely store, manage, and share their identity data, credentials, and attributes as needed.
In 2014, the European Union took a significant step towards reshaping and unifying its digital landscape through the adoption of a unified legal framework known as eIDAS, which stands for Electronic Identification, Authentication, and Trust Services. Moreover, this advancement provided individuals and businesses within the EU with trusted identities valid for cross-border transactions among EU member states. With their national electronic identification (eID), users could access public services and conduct business across different EU countries. They enjoy the same level of security and legal validity as traditional offline methods offer. Building on this foundation, the introduction of eIDAS 2.0 seeks to further enhance the digital infrastructure, promising even greater efficiency and trust in the digital economy.
An Overview of Electronic Identification, Authentication and Trust Services (eIDAS)
The eIDAS regulation, adopted in 2014 and fully implemented in 2018, establishes a clear legal framework for electronic identification (eID) and trust services in the European Union. It defines their legal status, admissibility as court evidence, and enables cross-border recognition of eIDs. This means individuals can use their eID with the same level of trust and validity across all EU member states.
eIDAS focuses on two key areas:
- Electronic Identification: eIDAS sets standards and requirements for eID systems, allowing them to function with varying levels of security (assurance levels) for accessing online services across the EU. This simplifies online interactions for citizens. It enables them to easily log in to government portals, bank accounts, or other services regardless of their home country.
- Trust Services: The regulation covers a wide range of trust services, such as electronic seals, timestamps, and website authentication certificates. These services play a crucial role in verifying the authenticity, trustworthiness, and security of electronic transactions.
Why eIDAS Needs an Update
The eIDAS regulation, adopted in 2014, aimed to create a unified system for secure electronic identification (eID) across Europe. While successful in many ways, the digital identity landscape has evolved significantly. New services and eID models have emerged, creating a fragmented market. Private companies now offer eID solutions, but these often lack the clear rules and transparency of “approved” eIDAS schemes. These approved schemes undergo rigorous checks and are recognized across the EU, ensuring a high level of security.
Today’s users expect a seamless and secure online experience. They want to easily access both public and private services (like healthcare and banking) with a single login. Unfortunately, current solutions fall short. eIDAS primarily focuses on accessing public services across borders, neglecting the needs of the private sector. Even for public services, there are still barriers, leaving many citizens without access to trusted eIDs that work across borders. In fact, only 59% of EU residents can currently use a trusted eID across the EU.
Social media and other private companies offer login options using existing accounts (like Facebook or Google login), but these raise concerns about data control and security. They often lack verification against physical identities, making them more vulnerable. Additionally, using these platforms across services can lead to unclear data sharing and privacy issues. Studies show many users are unaware of how their data is used, and lengthy privacy policies hinder informed decisions.
While secure, existing eIDs under eIDAS have limitations in usability within the private sector, identity verification, data management, and user control. This mirrors concerns about platform login solutions.
These issues, along with weaknesses in member state notification procedures and trust service framework implementation, necessitate an eIDAS update. While eIDAS provides legal certainty for some services, challenges remain in ensuring consistent oversight and security levels across the EU. Addressing these problems is critical for a more effective, secure, and inclusive electronic identification system in Europe.
What Is eIDAS 2.0?
eIDAS 2.0 is the updated version of the Electronic Identification, Authentication and Trust Services regulation (eIDAS) implemented by the European Union. It aims to build on the original eIDAS regulation by addressing its shortcomings and enhancing the EU’s digital identity framework.
The main objective of eIDAS 2.0 is to create a more secure, user-centric, and inclusive system for digital identification, authentication, and trust services across the EU. This update is designed to improve the efficiency of cross-border and cross-sector services, enabling secure electronic identification solutions for both public and private sectors.
A key element of eIDAS 2.0 is its alignment with the EU’s broader digital strategy. By introducing the European Digital Identity Wallet, it empowers citizens to manage their personal information securely, providing greater transparency and control over their data. Additionally, it seeks to foster the development of a unified digital market across the EU, making digital transactions more accessible, efficient, and secure.”
What Are the Objectives of eIDAS 2.0?
The primary goals of eIDAS 2.0 include:
- Seamless Cross-Border Digital Identity: Ensure individuals and businesses have access to secure and user-friendly digital identity solutions that function seamlessly across EU member states, meeting both user expectations and market demands.
- Cross-Border Public and Private Services: Enable both public and private service providers to confidently rely on secure digital identity solutions when delivering services across borders.
- User Control and Data Security: Empower citizens with complete control over their personal data used within digital identity solutions. Guarantee data security to enhance trust and confidence in the digital ecosystem.
- Level Playing Field for Trust Services: Promote equal conditions for qualified trust services across the EU. This fosters a fair environment for service providers and strengthens trust in digital transactions.
What Are the New Updates in eIDAS 2.0?
The shift from eIDAS to eIDAS 2.0 introduces two major changes to strengthen the EU’s digital identity framework:
- Trust Services: eIDAS 2.0 refines the rules for Qualified Trust Service Providers (QTSPs), particularly focusing on identity verification for individuals and businesses receiving qualified certificates. This aims to harmonize regulations across the EU, ensuring consistency. Additionally, new qualified trust services, such as digital archiving, electronic ledgers, and managing remote electronic signature devices, are introduced, expanding the scope of services.
- European Digital Identity Wallet (EUDI Wallet): One of the most significant innovations in eIDAS 2.0 is the introduction of the EUDI Wallet. This secure, user-controlled digital wallet allows individuals to store, manage, and selectively share their identity data, credentials, and attributes. The wallet can be used for both online and offline services, allowing users to easily share their credentials with relying parties, such as government agencies or private companies, for identity verification or electronic signatures.
The European Digital Identity (EUDI) Wallet
EU member states will offer a secure digital wallet, the EUDI wallet, based on a compliant electronic identification scheme. These wallets will follow common technical standards, ensuring they work together seamlessly. Additionally, mandatory compliance checks guarantee security, with optional certifications providing an extra layer of trust within the European cybersecurity framework. Importantly, these procedures align with the strict data protection regulations outlined in the General Data Protection Regulation (GDPR), giving you complete control over your information and strong safeguards for user privacy.
Key Features of the EUDI Wallet
- Security: The EUDI wallet prioritizes security with high-level protections for your personal data. You control what information you share and with whom.
- Convenience: This user-friendly wallet simplifies tasks like accessing public services, applying for jobs, or traveling throughout Europe.
- Interoperability: The EUDI wallet works across all EU member states, allowing you to use it for identification anywhere in Europe.
Impact of eIDAS 2.0 on Stakeholders
The proposed eIDAS 2.0 regulations aim to create a more secure and user-friendly digital identity system across the European Union. This benefits a wide range of groups, including citizens, businesses, service providers, etc.
Here’s what’s expected:
- Easier and More Secure Transactions: eIDAS 2.0 streamlines online interactions with standardized authentication methods, boosting security and convenience.
- Improved User Experience: Both individuals and organizations will experience a smoother flow when accessing services online.
- Enhanced Customer Service: Organizations can offer improved customer experience by eliminating the need for users to manage multiple digital identities.
- Inclusive Access: eIDAS 2.0 widens access to services for everyone. This is especially beneficial for those with disabilities or residing in remote areas, as it reduces the requirement for physical presence.
- Robust Security and Privacy: A privacy-by-design approach prioritizes data security, minimizing the risk of identity theft.
- Stimulated Economic Growth: Standardization clarifies market conditions, encouraging innovation and economic growth.
- Simplified Regulatory Compliance: eIDAS 2.0 facilitates adherence to crucial cross-border regulations like KYC (Know Your Customer), AML (Anti-Money Laundering), and GDPR (General Data Protection Regulation).
eIDAS 2.0 Timeline
The European Union recently approved the updated eIDAS regulation (eIDAS 2.0) on February 29, 2024. While an official effective date hasn’t been announced yet, we can expect some clarity soon.
Here’s a quick timeline of its development:
July 2020: An evaluation of the original eIDAS regulation, mandated by Article 49, was completed.
June 2021: The European Union proposed an update to eIDAS.
December 2022: The Council of the European Union adopted a common position on the updated regulation.
November 2023: Negotiators from the European Parliament and the Council reached a provisional agreement.
February 2024: The European Parliament formally adopted the updated eIDAS 2.0 proposal.
The official publication date in the EU’s Official Journal will trigger the official effect. After that, member states will have 24 months to implement the new regulation. This includes providing citizens with access to the European Digital Identity (EUDI) wallet.
Conclusion
The recently approved eIDAS 2.0 regulation marks a significant step towards a secure and interoperable digital identity ecosystem across the European Union. By prioritizing user-friendliness, robust security, and streamlined processes, eIDAS 2.0 empowers citizens, businesses, and governments alike. While the exact implementation timeline is still forthcoming, the foundation is now laid for a more secure and inclusive digital future for all Europeans.
Identity.com
Observing regulations like eIDAS is crucial for a organization like ours, which is deeply involved in the digital economy and, most importantly, the digital identity that drives it. The work of Identity.com, as a future-oriented company, is helping many businesses by giving their customers a hassle-free identity verification process. Our company envisions a user-centric internet where individuals maintain control over their data. This commitment drives Identity.com to actively contribute to this future through innovative identity management systems and protocols.
As members of the World Wide Web Consortium (W3C), we uphold the standards for the World Wide Web and work towards a more secure and user-friendly online experience. Identity.com is an open-source ecosystem providing access to on-chain and secure identity verification. Our solutions improve the user experience and reduce onboarding friction through reusable and interoperable Gateway Passes. Please get in touch for more info about how we can help you with identity verification and general KYC processes.