European Digital Identity: eIDAS 2.0

In June 2021, the European Commission presented a proposal to create a European Framework for Digital Identity: a significant advance that seeks to provide a European digital identity wallet accessible to all European Union (EU) citizens, aiming to ensure widespread access to secure and reliable electronic identification solutions. This initiative developed from the 2014 eIDAS Regulation (“eIDAS 2.0” or “Regulation”), which established the groundwork for electronic identification and trusted services through secure access to online services and crossborder electronic transactions in the European internal market.

On June 29, 2023, after several negotiations, the Council and the European Parliament reached an initial provisional agreement, still subject to technical adjustments, on the main elements of the Regulation.

As agreed on November 8, 2023, an updated version of the provisional agreement for this new Regulation has been made available and can be accessed here.

Broadly speaking, the proposed Regulation establishes that Member States should make the European digital identity wallet, which associates national digital identities with other personal documents such as driving licenses, insurance and educational certificates, available to citizens. Thus, they will be able to provide authentication and share electronic documents using their European digital identity wallet. This has clear advantages, especially for simplifying bureaucratic processes and for greater accessibility to services, without needing to resort to other more cumbersome methods or excessive sharing of personal data.

Main Advantages

The introduction of eIDAS 2.0 and the European digital identity wallet presents a set of opportunities and advantages that includes the following in particular:

Greater security: Given the growing number of cyber threats, the regulation promotes the use of advanced technical security measures that ensure the protection of user data in accordance with the General Data Protection Regulation.

In addition, issuing and verifying users’ identification through qualified trust service providers ensures user authenticity and substantially reduces the risk of identity fraud. Therefore, organizations can have greater confidence in the the identity of users that are accessing their services, minimizing the financial losses and risks associated with fraudulent activities.

• Refined user experience: Users can easily access services in a more simplified and direct manner, which not only increases user convenience but also reduces the frustration associated with managing multiple access credentials.
• Cost reduction: Simplifying the authentication and verification process results in a reduction of costs and greater operational efficiency.
• Crossborder interoperability: The European digital identity wallet was designed to function in different sectors and countries, facilitating its use in international contexts and promoting greater interoperability and data portability in digital services, including authentication and identification.
• New qualified trust services: This new version includes electronic filing services, electronic records, electronic registered delivery services and management of remote devices for signature creation and electronic stamps.
• ESG (go-paperless) strategy: Enhances business sustainability (environmentally responsible business transactions) by reducing the use of paper and the associated carbon footprint.

Next Steps

The eIDAS 2.0 represents a significant advance in digital transformation, reinforcing the framework for secure and efficient electronic identification. It is therefore an opportunity for organizations to adjust and create an ecosystem for conducting trustworthy digital transactions and operations.

Organizations must therefore consider the following actions:

• Mapping the organizational processes that can be dematerialized
• Identifying applicable legal requirements and regulatory framework, particularly regarding contracting and electronic signatures processes
• Assessing the verification and authentication procedures and analyzing the systems used for this process (particularly the security measures adopted)
• Choosing an appropriate technological partner (qualified trusted service providers) that complies with the Regulation requirements

With the recent update of the provisional agreement for this legislation, further technical work is anticipated before the final version of the legal text can be formally concluded. The Regulation will have to be formally adopted by both the Parliament and the Council prior to its publication in the Official Journal of the European Union.