Published on June 3rd, 2021, the final proposal for eIDAS 2.0 aims to rectify existing deficiencies and establish an efficient mechanism for European Citizens to acquire a globally recognized digital identity.
eIDAS 2.0 introduces the European Digital Identity Wallet (EUDI), expanding the scope of identity to cover physical services and transactions accessible globally. Users retain sole control over personal information and data, marking a pivotal role for digital identity verification.
Goals and Benefits of eIDAS 2.0
The original eIDAS regulation focused on electronic identification and trust services, emphasizing secure electronic interactions. eIDAS 2.0 extends the scope to include electronic registered delivery services, authentication certificates, and seals for electronic documents.
A crucial shift in eIDAS 2.0 is the development of Qualified Trust Service Providers (QTSPs), responsible for ensuring compliance with high-level security standards. The eIDAS 2.0 regulation defines a Qualified Trust Service (QTS) and a Qualified Trust Service Provider (QTSP) to demonstrate compliance with high-security standards and eIDAS obligations.
QTSPs must meet various security conditions as specialized providers ensuring secure online transactions, such as electronic signatures, electronic seals, digital certificates, or timestamp services. These conditions include robust cryptographic algorithms, authentication methods, individual transaction audit trails, and a secure system architecture.
eIDAS 2.0 seeks to expand the concept of identity to physical services accessible globally, allowing every European to possess a set of digital identity credentials recognized throughout the EU, referred to as European Digital Identity Wallets (EUDI). These wallets, as mobile applications or cloud services, securely store digital credentials for various government and non-government use cases, necessitating a robust identification process.
Secure Electronic Transactions Among Citizens, Corporations, and Public Authorities
Aligned with Europe’s ‘Path to digital decade’ initiative, eIDAS 2.0 aims to enable 80% of EU citizens to utilize digital identification by 2030. This involves the ability to authenticate one’s identity beyond borders, provide precise consent for sharing individual personal data, and have evident knowledge of recipients and reasons of shared information.
The legislation introduces the EUDI wallet, transforming the EU’s digital identity framework. While discussions have primarily focused on citizen and consumer implications, the implementation of the new framework must consider businesses’ distinct identification requirements.
Digital Identity
Digital identity involves three parties: the issuer or identity provider, the user (identity holder), and the relying party (which uses the identity provided by the issuer).
Possessing digital identity, such as a digital ID card, allows individuals to prove their identity, but it doesn’t provide information on their qualifications or rights. Yet, access to digital services often requires such attributes, like professional qualifications, medical certificates or driving licenses. These attributes are crucial elements of digital identity systems, verified by a qualified trust service provider.
Digital Identity Verification – Providing Information with Explicit Consent
A pivotal feature of eIDAS 2.0 is the user’s exclusive control over their personal information. The development of the EUDI Wallet is geared towards streamlining the access to online services, facilitating secure transactions, and easing cross-border operations and travel for both individuals and businesses. This is achieved by centralizing the storage and management of electronic identification and trust services, including electronic signatures and electronic certificates. Users can conveniently access and utilize their data and certificates whenever required from this centralized location.
This enhanced approach increases accessibility for users and facilitates efficient use of these services.
Data Privacy
The EUDI Wallet collects only essential information for its services, avoiding the merging of personal data from other sources unless explicitly requested by the user. It prioritizes user privacy and data protection through privacy by design and selective attribute disclosure.
Additional Principles of Providing Electronic Attribute Certification Services
- Qualified and non-qualified providers of electronic attribute certification services may not combine personal data related to the provision of these services with personal data from other services they offer.
- Personal data related to the provision of electronic attribute certification services is logically separated from other stored data.
- Personal data related to the provision of qualified electronic attribute certification services is physically and logically separated from any other stored data.
- Entities providing qualified electronic attribute certification services deliver such services within a separate legal entity.
eIDAS 2.0 establishes standardized regulations for electronic identity (eID) and trust services in the internal market. These rules prioritize both preserving trust and emphasizing users’ control over their personal data. This represents a notable progress in privacy, security, and user autonomy, marking a significant leap forward in protecting privacy rights and enhancing overall user control.
Solutions Compliant with eIDAS
At SIGNIUS, we understand the importance of staying current with eIDAS. We offer various solutions to help organizations comply with eIDAS, including qualified electronic signatures and qualified seals, authentication, and timestamping.
Contact us to explore how we can support your business in adhering to eIDAS regulations.