Today marks the seventh anniversary of the approval of Regulation (EU) 910/2014, of July 23, 2014, on electronic identification and trust services for electronic transactions in the internal market (the “eIDAS Regulation”), transposed in Spain via Act 6/2020, of November 11, regulating some aspects of electronic trust services.
This European initiative has been welcomed and is seen as a global benchmark given its uniqueness and innovativeness in regulating a vital link in the security of electronic transactions: trust in digital identification, deliveries, seals and certified deliveries, and electronic signature of documents (popularly known as “Electronic Trust Services”). Since it progressively took effect in 2016, the eIDAS Regulation has significantly enhanced trust in electronic transactions in the internal market and has outlined a new dimension that dictates how relations in the cyber environment are perceived today.
Interestingly, based on the recently approved Order ETD/465/2021, of May 6, regulating the remote video identification methods for issuing qualified electronic certificates (discussed here), Spain is currently the EU country with most electronic trust service providers.
What better way to celebrate the seventh anniversary of the eIDAS than gifting it an update? Done! As some of you will be aware, a new proposed Regulation (EU) was published on June 3, aiming to amend the eIDAS Regulation by establishing the new framework for the “European Digital Identity” (aspiring to be known as the “EUid” or “eIDAS 2”). This proposal, which is not yet final, seeks to further enhance the eIDAS to cause a paradigm shift in European digital identification of citizens and companies.
This proposal is the result of a study conducted by the Commission that has confirmed that, although the eIDAS has certainly progressed all matters relating to digital signature of documents, seals and certified deliveries, the same cannot be said regarding the public authorities adopting crossborder electronic identification systems. According to the study, around just 15 identification systems have been notified, which would only cover the needs of 59% of the population. Among these systems, only 7 can be used via mobile devices (a key point for users’ current expectations).
- In view of the situation, this eIDAS 2 proposal promotes the right (free and voluntary) of all individuals to have a digital identity recognized in any EU country. In fact, the target is for 80% of the population to have a European identification system (the so-called “e-ID”) by 2030. The aim of the e-ID is to provide citizens with a simple and secure way to share identification information in multiple contexts. Furthermore, the system will go further than allowing us to share our full names, addresses, national identification, foreigner identification or passport numbers securely. It will also allow us to share other relevant “attributes” in certain circumstances, such as driving license, medical certificates, professional diplomas, and bank details.
- The system will work using the European Digital Identity Wallets (digital wallets available in applications for cellphones and other devices) that will make it possible to do things with certified trust, such as identify ourselves online and offline, use information as confirmation of the right to reside, work, or study in another Member State, access public services to request birth certificates, submit tax returns, apply for college places, rent a car, buy airplane tickets, apply for a loan, or simply evidence that we are of legal age.
- The idea is that this e-ID crossborder electronic identification system will not only apply for the public administrations but will extend to private sectors such as transport, energy, banking, health, telecommunications, and many others. It remains to be seen to what degree it will be mandatory for large platforms to trust in this system to identify their users.
- Another innovative aspect of the eIDAS 2 proposal is its intention to extend the catalog of trust services that can be considered “qualified.” As a result, it envisages regulating electronic document archiving services, attestation of attributes, or electronic ledgers, among others.
There are many more points that could be discussed regarding this proposal and that pose significant challenges for which the Regtech ecosystem must start to get ready. In fact, based on a study being conducted by the Spanish Fintech Association, the proposal is being welcomed among trust service providers, who believe it is vital to start joining forces to prepare the paradigm shift and ensure we remain a benchmark country in electronic trust services.