The Eidas2 Already in 2014, digital identity was regulated at the European level, by the hand of the eiDAS Regulation, however, this regulation has presented certain limitations, mainly as regards the cross-border use of electronic identification means. Being the European Digital Identity one of the priorities in the Digital Strategy of the European Commission, the proposed Regulation eiDAS2 was published on June 3, 2021, as a Framework for a European Digital Identity, to guarantee the proper functioning of the internal market and provide an adequate level of security for electronic identification means and trust services.
The scope of this Regulation is center on the electronic identification systems notified by the Member States, the trust service providers established in the Union, and the European digital identity wallets, although the attention is largely focused on the latter term.
Table of Contents
But What Is Meant By A European Digital Identity Wallet?
It is a product and a service that allows the user to store identity data, credentials and other attributes linked to their person, to use it for authentication purposes, whether online or offline and also to create qualified electronic signatures and seals. In short, almost a digital equivalent to the physical wallet in which we carry our ID, driver’s license, bank cards, health cards, etc.
How Does It Work And What Other Innovations Will Eidas2 Bring?
The new eiDAS2 regulation, unlike its prototype, makes it mandatory for the Member States to issue a European digital wallet. eiDAS2 proposes the deployment of a network, Adidas, compose of nodes, eIDAS-Nodes, for each of the EU Member States. Which may be used both as Services Provider (SP) or Identity Provider (IdP) in the authentication processes for all types of public or private services.
When a service provider (SP) detects the access request of a user from another Member State. It will issue an authentication request that will be route by the eiDAS protocol to the node of the country that will act as the identity provider (IdP).
The use of the eiDAS2 protocol offers secure and cross-border communication between the nodes that make up the MIDAS network, allowing the Member States to be free in choosing the internal authentication protocols used at the national level, thus not implying any change in the current national infrastructure.
- Digital wallets must guarantee the highest level of security for personal data used for authentication purposes. Regardless of whether said data is store locally or using cloud solutions, taking into account the different levels of risk. Always complying with the RGPD or current regulations.
- It will be issue by each of the Member States, following common guidelines and standards. Among which are cybersecurity requirements.
- The issuers of the wallets may not collect any information about their use. With the sole exception of that which is necessary to provide the identification service.
The portfolio must withdrawn. In any case, this management must be carry out without prejudice to the existing notification obligations in regulations such as the RGPD. Concerning personal data security violations.
How Does The Use Of The European Digital Identity Wallet Benefit Us As Citizens?
- Standardization of a verified digital identity for public and private services.
- It will be available free of charge to anyone who wishes to use it, EU citizens, residents and/or businesses.
- Users will be able to identify themselves with this instrument in both public and private services. Even the big online platforms should also offer this possibility to those who want it. Some examples for which it could be use. As state by the European Commission itself, are opening a bank account, applying for a loan or registering at a hotel.
- The European digital identity wallet intends to give consumers more control over their data by allowing them to pick which portions of their identity and credentials to share with third parties while also maintaining or accessing their history.
And How Can Companies Benefit?
As the European Commission maintains. These legislative developments will be a boost to innovation and the digitization of business procedures. Also seeking confidence in cross-border transactions. On the other hand, consumers will be able to continue to increase their trust in digital services.
Finally. The use of these types of identities will also help in the fight against fraud and cybersecurity threats such phishing.
Next Steps
The text is still in the consultation and first reading phase, therefore, it will still have to go through the procedures of the European legislative procedure. And it will not see the light of day for the time being.
In short, and in line with what we mentioned in the first lines of this article. The European Commission continues to work on its digital strategy. Seeking a true transformation in this regard. Opening up new opportunities for our companies and promoting the development of trusted technologies.
However. Active work is also being to find a balance between the above. With the rights and freedoms of European citizens. Their trust in digital services and the ethics and protection in the use of their data.
At KPMG we continue to prepare ourselves for all these legislative. And technological developments by adapting and generating new methodologies and working documents. To help our clients with the new obligations and opportunities that digital change will offer.