The proposal comes after a consultation that collected views from stakeholders on planned revisions to the eIDAS regulation, which includes extending it to the private sector (see IDN August 2020). The eIDAS regulation came into force in 2018 and was aimed at promoting and improving trust, security and convenience online through a single set of rules on electronic identification and trust services, including electronic signatures, seals, time stamping, delivery services and website authentication.
The European Digital Identity will enable EU individuals and businesses to access online services with their national digital identification, which will be recognised throughout the EU. It will make it possible for individuals to verify their identity from their European Digital Identity wallets via their mobile phones, both online and offline, for instance, to request public services, open a bank account, fill in tax returns, check in to a hotel, rent a car or for proof of age. The use of the European Digital Identity wallet will always be voluntary.
According to international law firm Allen & Overy, the main features of the European Digital Identity include:
- Member states will be required to issue a European Digital Identity Wallet under a notified eID scheme to common technical standards, following compulsory compliance assessment and voluntary certification within the European cybersecurity certification framework.
- Natural and legal persons will be able securely to request and obtain, store, combine and use person identification data and electronic attestations of attributes to authenticate online and offline and to allow access to goods and online public and private services under the user’s control.
- Personal data processing operations relating to the wallet will be certified in accordance with Articles 42 and 43 of the GDPR. Personal data processing operations relating to the wallet will be certified in accordance with Articles 42 and 43 of the GDPR.
- Specific requirements are included to ensure the authentication of personal identification data and electronic attestations of attributes originating from the European Digital Identity Wallet and to prevent fraud.
- Provisions on cross-border aspects and mutual recognition of eID schemes and requirements to trust service providers are expanded, including establishment of a new qualified service for the management of remote electronic signature creation devices.
- A framework for trust services in regard to the creation and maintenance of electronic ledgers and qualified electronic ledgers that will enable multi-party cooperation.
- Very large online platforms (as defined in the proposed Digital Services Act) will be required to authenticate access to online services using the European Digital Identity Wallets upon request.
The European Commission stated that, in parallel to the legislative process, it will work with the private sector and member states on the technical aspects of implementing the proposal.
Alongside the proposal, the European Commission has published a recommendation on a common ‘Union Toolbox’ for a coordinated approach towards a European Digital Identity Framework. The recommendation invites member states to establish a common toolbox by September 2022 and to start the necessary preparatory work in parallel.
The toolbox should lead to a technical architecture and reference framework, a set of common standards and technical references as well as best practices and guidelines. The European Commission intends to publish the toolbox on 30 October 2022.