Q&A Digital Identity Regulation Proposal

Identification allows us to prove who we are and can take the form of passports and identity cards. Digital identification helps us save time and simplify interactions. Various private and public providers are currently offering digital identification means, allowing users to access different public services online or to make use of online banking, for example. Digital identities offer varying degrees of trustworthiness and security. Big platforms allow their users to log in to various services online, from shopping to reading news but these log-ins are not giving users full control on what data they share to identify themselves with online services.

Credentials are pieces of information containing claims about a person, in a digital format, which allow an individual’s identity, qualities and skills to be verified quickly, securely, and reliably, enabling the verifier to trust in the veracity of the claim. Issuers of credentials are third parties (mostly organisations) which the verifier trusts. Thus, credentials can help the subject of the claim to participate fully in society and the economy.

Credentials include a variety of information, such as first name, surname, date of birth, educational qualification, professional qualifications, work experience and so on. Unlike traditional credentials (such as identity cards, diplomas or certificates), digital credentials are presented in a digital format, using technologies such as cryptography, in order to ensure security, validity and authenticity of the information.

As part of the eIDAS Regulation update, digital credentials are introduced to address the security and privacy concerns associated with sharing personal information online. They can be devised in a way that allow people to prove statements about themselves and their relationships with anonymity ( i.e. without revealing identifying data). Due to their ability to provide verified information in a secure and private manner, verifiable credentials are becoming increasingly popular as a reliable and secure digital authentication tool. One well known example of a digital credential used in the recent past is the EUDCC/ Green Pass.

Digital wallets are commonly defined as hard or software applications in which digital objects are stored in analogy to physical wallets. The eIDAS Regulation update introduces the European Digital Identity Wallets (EUDI Wallets) to collect, store and share the digital credentials of all European citizens.

These European Digital Identity Wallets will be applications that allow us to safely store our digital identity and all our digital credentials. Many citizens are already using digital wallets on their smartphones to store their boarding passes when they travel or to keep their virtual bank cards for convenient payment. Under the new rules, European Digital Identity Wallets will be available to everyone. European Digital Identity Wallets are personal digital wallets allowing citizens to digitally identify themselves, store and manage identity data and official documents in electronic format. These may include a driving licence, medical prescriptions or education qualifications. With the wallet, citizens will be able to prove their identity where necessary to access services online, to share digital documents, or simply to prove a specific personal attribute, such as age, without revealing their identity or other personal details. Citizens will have full control of the data they share al all times.

Digital wallets for digital identities issued by Member States in accordance with the eIDAS Regulation, will play a key role in enabling us to take our digital identity and associated digital credentials from one place to another in the digital world. 

The main novel element offered by the new rules is that everyone will have a right to have a European Digital Identity Wallet which is accepted in all Member States. But at the same time, there will be no obligation. Users will be able to control what personal data they want to share with online services. While public services and certain private services will be obliged to recognize the European Digital Identity, its security features make it attractive for all private service providers to recognize it for services that require strong authentication, creating new business opportunities.

You will be able to use it to access both public and private online services in the EU, in particular those requiring strong user authentication. Examples of these could be accessing a bank account or applying for a loan, submitting tax declarations, enrolling in a university in  your home country or abroad and many other things that you do with your existing, physical means of identification.

The European Digital Identity Wallet can be used in many ways such as to prove your age, share credentials, for rental or banking purposes, travelling, applying for a job and many more digital services. Some examples are:

Receive, store aand share credentials: Peter has installed a personal digital wallet on his mobile phone. It has been provided by his home country, ensuring that the wallet has been issued to him personally. Peter's digital wallet allows him to download, store and use his basic personal data, a driving licence, a diploma, and a bank card he used to carry around as physical cards in his physical wallet.

Renting an apartment: Yavor is preparing to move to another Member State to take up a new position. He can use the EUDI Wallet to show his rental history, employment information, and credit score when applying for an apartment lease (revealing their identity only upon signature of the contract).

Signing contracts: Kjerstin uses her EUDI Wallet when signing contracts online, as it provides a secure digital signature, eliminating the need for paper documents and physical signatures.

Initiating Payments: Danika, for business purposes, holds banking accounts at financial institutions in several Member States. Previously, to authorize transactions when banking electronically, she had to use different means (e.g. a fingerprint, a one-time passcode, or affirmation to transaction approval queries send to her personal device). Now all banks use her EUDIW Wallet for this purpose.

The European Digital Identity wallets will be built on the basis of trusted digital identities provided by Member States, improving their effectiveness, extending their benefits to the private sector and offering personal digital wallets that are safe, free, convenient to use, and protect personal data.

For this initiative, the Commission builds on the existing cross-border legal framework for trusted digital identities, the Europeans electronic identification and trust services initiative (eIDAS Regulation).

Adopted in 2014, it provides the basis for cross-border electronic identification, authentication and website certification within the EU. However, it does not contain any obligation for Member States to provide their citizens and businesses with a digital identification system enabling secure access to public services or to ensure their use across EU borders. Nor does it contain provisions regarding use of such identification for private services, or with mobile devices. This leads to discrepancies between countries.

Some countries offer identification system to their citizens while other do not and, when they do, not all these systems can be used cross-border. The coronavirus pandemic and the shift towards the use of digital services has shown that this has limitations that need to be addressed urgently.

No. The European Digital Identity Wallets will build on national systems that already exist in some Member States. Today, not every person living in the EU has access to a means of digital identification.

Member States will offer the wallets to their citizens and residents at the national level. Everyone will be able to download, install and use the European Digital Identity Wallet on their personal smartphone or device.

The proposal provides for a high level of security. The Commission will propose and agree with Member States on standards, technical specifications and operational aspects to ensure the Member States' Digital Identity Wallets have the highest security levels. Member States will certify their wallets to ensure they comply with these requirements. Any personal data will be shared online only if the citizen chooses to share that information.

No. That is not the aim of the regulation. Digital identities will continue to be provided by Member States. The European Digital Identity framework builds on this basis, and extends the functionalities and usability of national eIDs by means of a personal digital wallet.

The Commission will propose and agree with Member States standards, technical specifications and operational aspects through an implementing act.

Member States should issue the new European Digital Identity Wallets one year after entry into force of this new Regulation. The first wallets should be available in early 2025.

The digital identity wallet presents various challenges that must be addressed in order to ensure its successful adoption and use by citizens. One of the most important challenges is providing a simple and intuitive user experience that is designed with the user's needs in mind and pays particular attention to accessibility aspects. Citizens must be able to easily navigate the system and access the services they need without encountering barriers or difficulties that may discourage them from using it.

Another critical challenge is ensuring a high level of security and reliability of the technological component. The digital identity wallet must be designed with robust security features that prevent unauthorised access and protect the user's personal information. Additionally, it must be able to provide all the guarantees necessary to ensure citizens' privacy while providing an intuitive system to track and control the information that will be shared with third parties.

A third challenge is how to manage the permissions for access to personal information that users grant to trusted third parties, such as banks, government agencies, or healthcare providers. The wallet must be able to manage these authorisations in a secure and transparent manner, giving users full control over who can access their information and for what purposes.

Finally, the digital identity wallet must provide a reliable system capable of managing the information of minors and family members for whom there is a delegation. This means providing robust identity verification mechanisms that prevent unauthorised access and ensuring that access is granted only to authorised individuals.

Addressing these challenges will be essential for the successful implementation and adoption of the digital identity wallet. By providing a user-friendly and secure system that meets citizens' needs and expectations, the digital identity wallet has the potential to revolutionise the way we interact with government services, financial institutions, and other organisations that require identity verification.

The coronavirus pandemic has accelerated the need for effective and user-friendly digital services across the EU. There is no time to lose. It is essential that Member States start working with the Commission and the private sector immediately to prepare the implementation of the European Digital Identity framework. Close cooperation will be organised from day one of the adoption of the proposal by the Commission to discuss the technical implementation and identify common standards.

Work will start immediately to agree on the way forward with Member States. The aim is that by September 2022, Member States, in close cooperation with the Commission, agree on the Toolbox to implement the European Digital Identity Framework and that the Commission publishes the Toolbox in October 2022. Once the technical framework has been agreed, it can be tested in pilot projects.

Building an ecosystem based on open source solutions and common standards for the European digital identity portfolio is important for several reasons.

First, the use of open source solutions allows for greater transparency and collaboration among developers, ensuring that the technology is reliable and secure.

Second, the adoption of common standards enables greater interoperability between different digital identity platforms and solutions, simplifying identity verification processes and increasing the efficiency of digital transactions.

Thirdly, an ecosystem based on open source solutions and common standards for digital identity could foster the widespread adoption of this type of technology, enabling European citizens to securely and reliably access digital services across the EU.

Furthermore, an open and standardised ecosystem can foster interoperability between different solutions, reduce development costs, and facilitate adoption by a broad spectrum of market players, thus fostering the diffusion of digital identity as a reliable and secure electronic authentication tool.

Finally, the adoption of open standards and open source solutions can stimulate innovation, allowing new players to enter the market and offer new services and functionalities.