This year marks the tenth anniversary of the eIDAS regulation, a European Union initiative introduced in 2014 aimed at creating standardised legal and technical frameworks for electronic transactions across the EU’s single market, utilising electronic identification and trust services within the Member States. The regulation has established the framework for digital identity in the EU based on electronic identification derived from national measures.
In February 2024, the European Parliament adopted an amendment to this regulation (known as eIDAS 2.0) aimed at updating the rules to match the dynamically changing digital environment. As of April 2024, this regulation was officially signed, concluding the legislative process, and now awaits publication in the EU Official Journal. Twenty days after publication, the regulation will come into effect.
eIDAS implementation across various EU Countries
In the European Union, Member States have undertaken numerous initiatives to raise standards in electronic identification and trust services. With its secure communication system DE-Mail introduced in 2012 and the new electronic identity card nPA (neuer Personalausweis), Germany still needs to achieve the expected adoption despite declared interest and support from the federal government. In contrast, Italy’s SPID identification system and the PEC (Posta Elettronica Certificata) service have significantly gained popularity. Belgium has also seen success through the itsme initiative, supported by the banking sector and telecommunications operators, which achieved profitability and widespread adoption among adult citizens within just five years.
Despite these examples, it must be stated that most of the solutions mentioned are limited to national borders, and some are focused solely on improving communication between the administration and citizens, excluding the private sector.
Contrasting with the above, Estonia positions itself as a vanguard in digital services. It utilises the X-Road platform – a decentralised infrastructure for inter-system data exchange – ensuring data transfer security and reliability in accordance with eIDAS. Estonia has also introduced the e-Residency program, which provides status and digital identity to non-residents, allowing them access to Estonian digital infrastructure. In the Baltic countries, the Estonian solution Smart-ID has also gained popularity. Meanwhile, in the Scandinavian region, the Bank-ID identification system, which collaborates with banks and operates in two versions – Swedish and Norwegian, is highly regarded.
Generally, however, the multitude of tools allowing for entity identification, their diversity, and sometimes locality pose a severe challenge to contemporary business and European administration. Most governments worldwide use the numerical system of identifiers assigned to citizens. Yet, the length of the number, its specific purpose, and the term used in relation to it may vary. The most popular (although not all) are personal or identification code or identification number, personal identification code, social security number, national insurance number, state tax code, tax number, national identification number, registration number, social security number, personal number, etc.
Such an approach works at the national level but complicates cross-border cooperation. Some countries, such as Germany, do not use a universal identifier. Currently, as a result of the implementation of the eIDAS regulation in 2014, states can identify citizens of other countries based on their name, surname, date of birth, and place of residence. However, in practice, as happens in Poland, the most important and key remains the PESEL number. The amendment to eIDAS introduces significant improvements through the use of a so-called identity-matching mechanism.
Another issue related to the identity verification process is the lack of a uniform market approach regarding the acceptance of various identity verification methods and related interoperability. EU countries have different legal and regulatory systems. Maintaining compliance with continuously evolving technological and regulatory standards while simultaneously ensuring system flexibility for future changes is also a significant challenge.
Many EU countries already have their own eID and e-service systems, which presents a challenge in terms of integrating these systems with the eIDAS frameworks in an effective and economical way. The increasing number of cyber threats and the need for data protection also need to be remembered.
It is, therefore, not surprising that the European Union points out fundamental problems regarding identity in the currently available digital identification systems offered by EU governments:
- systems are not available to the entire population, often limited to online public services and do not allow smooth cross-border access;
- only 14% of key public service providers across all Member States allow cross-border authentication using the e-ID system;
- the number of identification events between Member States could be faster.
New concepts of digital identity.
Sovereign Identity (SSI) is an approach to digital identity that gives individuals control over the information they use to prove who they are on websites, services, and Internet applications.
SSI responds to the need for evolution in digital identity management models. With SSI, users can directly transmit their data to service providers, increasing privacy and security. This model of sovereign identity focuses on individual autonomy, enabling users to manage and control their identity data independently.
Independent (Sovereign) Identity (SSI) changes how people identify online, giving them control over their data without central identification systems. SSI functions similarly to a physical wallet with documents, allowing users to choose which data to disclose, further enhancing their privacy and online security.
The European Commission, in the revised eIDAS regulation, is implementing the European Digital Identity Framework and introducing the European Digital Identity Wallet tool, which is based on the concept of independent identity.
The digital identity wallet aims to strengthen the European single market by enabling citizens, residents, and businesses to identify and authenticate both online and offline in a manner that is:
- secure: identity data must be stored and shared using secure communication protocols,
- trustworthy: identity data must come from credible sources,
- user-friendly, convenient, and accessible -> a simple interface enabling every user to use digital identity,
- harmonised across the Union: identity recognition within EDIW across all Member States, without any barriers.
The impact of the revised eIDAS on the digital single market in the European Union
In the near future, SSI will become a standard in the European Union, forcing every online service to accept this type of identification. Member States will be able to issue verifiable attestations, and qualified trust service providers will be able to issue confirmations of specific attributes, revolutionising current identification systems. The harmonised digital identity framework aims to reduce digital barriers between Member States, allowing Union citizens and residents to benefit from digitisation while increasing transparency and protecting their rights.
Integrating several different processes within one tool will incentivize the market to provide even better customer service and potentially develop services and products previously realised in stages, requiring document scans sent via email, or not entirely achievable online.
Additionally, the revision of the regulation focuses on improving the certification processes of trust services by introducing uniform certification procedures, aiming to facilitate their implementation and ensure a high level of security and trust.
The eIDAS 2.0 regulation is a crucial element of the European Union’s strategy to ensure complete harmonisation of the principles and conditions for providing trust services in Member States, enabling full interoperability between national electronic identification (eID) systems and trust services. It aims to facilitate cross-border digital transactions in both the public and private sectors. It also seeks to engage the private sector more in developing and using trust services, which will contribute to accelerating the adoption of digital identities and trust services. Better regulatory frameworks increase consumer protection in the digital environment, essential for building trust in digital services and e-commerce. By facilitating digital cooperation and cross-border transactions, the revised eIDAS regulation contributes to the growth of the digital economy, which is crucial for the competitiveness and innovation of the European economy in the modern world.
Date of publication: 4/22/2024