PID – Platform of an Innovative Document

Obserwatorium biz » articles

PID – Platform of an Innovative Document

In the era of digitalization and the growing need for secure identification, Personal Identification Data (PID) has become a key element in digital identity management. Within the EUDI Wallet initiative, PID serves as the foundation for establishing a harmonized system for registration and identity management, ensuring that citizens and organizations across Europe can rely on a secure and widely recognized digital identity.

What is PID?

Personal Identification Data (PID) is a set of data issued under European or national law, enabling the identification of a natural or legal person. PID is typically issued by the same authority that maintains the civil registry and issues identity documents. Each EU Member State is required to publish a list of trusted PID providers, responsible for high-level identity verification (LoA High), issuance of PID, and making validity information available.

According to the implementing regulation on personal identification data and electronic attribute credentials, published at the end of 2024, each PID must include the following mandatory data:

  • Current surname(s),
  • Current given name(s), including, where applicable, middle name(s),
  • Date of birth (day, month, and year),
  • Country or state, province, county, local area, municipality, city, town, or village of birth,
  • User’s nationality.

Member States must also ensure the inclusion of optional attributes to guarantee the uniqueness of users’ identities within the system.

The EUDI Wallet Ecosystem and the Role of PID Providers

The EUDI Wallet ecosystem is built on collaboration among various entities, with PID providers playing a crucial role. These are trusted organizations responsible for issuing and revoking personal identification data while ensuring that this data is cryptographically linked to the user’s wallet unit. PID providers must adhere to strict security standards to maintain the reliability and integrity of the identification process.

Within the EUDI Wallet ecosystem, PID providers collaborate with digital wallet providers and relying parties (e.g., public institutions or private companies) that use PID for user identity verification. Each EU Member State must maintain a list of trusted PID providers, managed by Trusted List Providers (TLP), which includes information on certifications, policies, and trust levels (LoA).

PID and Other Credentials

Under the EU Digital Identity Regulation, four legal categories of credentials are defined:

  1. PID (Personal Identification Data),
  2. Qualified Electronic Attestations of Attributes (QEAA),
  3. Electronic Attestations of Attributes issued by a public sector body (PuB-EAA),
  4. Non-Qualified Electronic Attestations of Attributes (EAA).

The differences among these categories are mainly legal, but technically, they all adhere to recognized credential formats such as ISO/IEC 18013-5 or SD-JWT-based Verifiable Credentials.

One of the key distinctions between PID and EAA is that the presence or absence of a valid PID determines whether a wallet unit remains operational. The operational state of a digital identity wallet is crucial for its functionality.

  • A user may hold multiple PID identifiers in a single wallet unit, particularly useful for individuals with multiple nationalities or those representing legal entities.
  • If all PIDs within a wallet unit expire or are revoked, the wallet unit loses its operational state, preventing the user from performing operations that require a valid PID, such as authentication in public or private services.

However, the wallet itself does not become entirely non-functional—it can still store other data, such as attestations of attributes that are not directly linked to the PID.

Managing PID in the EUDI Wallet

The PID management process within the EUDI Wallet involves several key steps:

  1. Requesting PID issuance – The user, via their wallet unit, can request a PID from a provider.
  2. Presenting attributesThe user can present wallet attributes to relying parties (e.g., public institutions or private companies) based on their decision and successful authentication of the relying party.
  3. Wallet-to-wallet interactions – Instead of presenting attributes to a relying party, the user may share them with another user’s wallet.

The PID provider remains responsible for managing PID throughout its lifecycle. This may include:

  • Reissuing PID with the same or updated attribute values,
  • Revoking PID upon user request or under specific conditions set by the provider.

It is important to note that wallet providers and PID providers may impose compatibility restrictions, meaning that not all PID providers will support all wallet solutions and vice versa.

Security and Privacy

The security of identification data is paramount in PID management. PID providers must:

  • Verify users’ identities at a high level of assurance (LoA High),
  • Ensure that identification data is cryptographically linked to the user’s wallet,
  • Include a standard attestation identifier for a unified authentication system across the EU.

When a PID is revoked, providers must follow documented revocation policies that are publicly available. Revocation is irreversible, and users must be notified within 24 hours. Privacy protection measures must prevent linking revoked credentials to users unless required by law.

Identity Verification Methods

PID providers are trusted entities responsible for identity verification according to LoA High requirements. The identity verification process is a crucial step in PID issuance.

PID providers can use various verification methods, including:

  • Electronic identification (eID),
  • Video identification,
  • Selfie-based identification,
  • Cryptographic document verification,
  • Qualified electronic signature (QES) verification.

Each method has its advantages and challenges. For example:

  • eID simplifies cross-border electronic transactions in the EU but requires interoperability between Member States.
  • Video identification is more convenient than in-person meetings but requires a stable and secure internet connection.
  • Cryptographic document verification uses NFC technology to read identity document chips, providing more extensive identity data.

In practice, multiple verification methods may be required, as no single method can provide comprehensive evidence for every PID attribute.

Conclusion

PID is the platform of the innovative EUDI Wallet solution. Through a harmonized digital identity management system, the EUDI Wallet ensures security, interoperability, and user privacy. As technology and standards evolve, PID will play an increasingly crucial role in Europe’s digital transformation, enabling citizens and organizations to access secure and convenient digital services.

The introduction of PID marks a step towards a future where digital identity is not only secure but also widely recognized and accepted across the European Union. As key players in the EUDI Wallet ecosystem, PID providers will play a pivotal role in ensuring that the identification process remains both secure and compliant with EU standards.

 

 

 

Date of publication: 20.03.2025