EU Digital proof of identity to be rolled out across the EU

Digital proof of identity to be rolled out across the EU​

29.06.2023 at 12:17
By 2030, at least 80 percent of the EU population should have a digital wallet for their ID cards. This is already the case in Austria.

In the future, citizens will be able to identify themselves digitally throughout the EU. Representatives of EU states and the European Parliament agreed on rules for a digital wallet for smartphones in Brussels on Thursday night. This could be used, for example, when dealing with authorities or for registering with digital services. A free electronic signature should also be possible, according to a statement from the EU states.

Parliament and EU countries still have to formally confirm the agreement. By 2030, at least 80 percent of the EU population should be able to use a digital proof of identity for important public services, according to a communication from the Council of Member States.

In Austria, a digital ID card has already been available since this year as part of a state smartphone app, specifically the digital driver's license. However, in the absence of a corresponding European legal framework, this is only valid in Austria.

The EU Commission had proposed the legal framework for digital proof of identity in June 2021 at the request of the heads of state and government. According to the authority, only 14 member states allowed people to use their national electronic proof of identity across countries last year. (APA)

S | A​

---

eIDAS 2.0 - Introduction to The European Digital Identity Wallet & The Evolution of Self-Sovereign Identity​

In June 2021, the European Commission proposed an update to its pan-European digital identity framework. It will enable every European to have a set of digital identity credentials that are recognized all across the EU – otherwise known as European Digital Identity (EUDI) Wallets. These ‘wallets’ are mobile applications or cloud services that collect and store digital credentials and allow them to be used secretly and securely for numerous government and non-government use cases.

At the heart of this initiative is eIDAS 2.0.
​

A background on the European eID Framework​

Until now, the eIDAS regulation has only focused on online identification. However, the new proposal – eIDAS 2.0 – aims to extend identity to the world of physical services which can be accessed from anywhere around the globe. This leads to a requirement for a secure, trusted and efficient identification process that provides customers with a seamless experience when enrolling or using services, or buying products.

An electronic identity (eID) is a means for individuals to prove their identity electronically in order to gain access to services. In the European Union, a central authority – the government – securely stores personal identifying data in order to issue physical ID documents. This is nothing new as we have been accessing documents such as passports, European identity cards and so on, for many years.

These services have become embedded, expected and relied upon in our ‘day-to-day’ lives. Individuals trust their IDs and extend this trust into the digital world, where they use this information to gain access to a variety of services that require proof of identity, such as opening an online bank account, applying for various types of insurance or ‘patient access’ apps that connect the individual to healthcare services, appointments and data, when required.

The updated eIDAS 2.0 initiative is carried out by the European Commission. This new eID strategy is built on the existing cross-border legal framework for trusted digital identities, the European electronic identification and trust services initiative (eIDAS Regulation), which was adopted in 2014. The eIDAS Regulation establishes the framework for cross-border electronic identification, authentication and website certification within the European Union.

By September 2023, all EU member states must ensure that a Digital Identity Wallet (DIW) is available to all EU citizens, residents and businesses in the EU and usable not only for identity documents but for all attestations, including those with sensitive personal data, such as health-related data and documents.
​

The Evolving Framework - eIDAS 2.0​

The revised proposal will focus on some of the most significant issues that affected the earlier framework. For instance, the eIDAS 2.0 framework will be able to use a self-sovereign identity (SSI) that places complete control of all identifying information in the hands of the end-users that it applies to, in both public and private partnership frameworks, as opposed to enforcing a single, rigid ID that openly reveals everything about an individual indefinitely.
​

Here is an example of some of the use cases:​

For citizens - secure and trusted identification to access online services:​

• Public services such as requesting birth certificates, medical certificates, reporting a change of address​
• Payment authentication with a high degree of security and access to various financial services​
• Filing tax returns​
• Travel credentials such as travel passes and digital COVID certificates and also biometric verification​
• Checking in to a hotel​
• Providing documents for qualification recognition when applying for education, at home or in another Member State​
• Access to a personal patient summary or ePrescription​
• Electronic signature creation and acceptance​
• Renting a car using a fully digital driving license​

For businesses:​

• Organizational digital identity that will allow a national company registry to issue company related attributes and legal entity identifiers as electronic attestation of attributes (EEAs)​
• Digitalization of services translates to streamlined services, cost savings, and flexibility and convenience for customers​
• Business continuity - trusted digital identity has become paramount as ’in-person’ contact becomes less and less​
• Customer onboarding for banks - due diligence checks that will rely on the wallet to undertake AML and KYC processes​
• Forms can be prefilled with certified attributes shared by the wallet​

All of these use cases require strong user authentication and our earlier article provides details on the required Digital Identity Trust criteria.

Furthermore, in response to market dynamics and technological developments, eIDAS 2.0 adds three new qualified trust services to the current eIDAS list:
​

• Electronic archiving services,​
• Electronic ledgers,​
• The management of remote electronic signature and seal creation devices.​

Some of the Key Benefits of eIDAS 2.0​

1. eIDAS 2.0 will be available to anyone - Any EU citizen, resident, and business in the Union who would like to make use of the European Digital Identity will be able to do so.

2. eIDAS 2.0 is compliant with the General Data Protection Regulation (GDPR).

3. eIDAS 1.0 was too ‘rigid’ and not at all flexible. The eIDAS 2.0 SSI structure will put the end-user in control of all identifying information.

4. The emphasis of ‘sole control’ is extremely welcome. This allows all EU citizens to exercise their rights to a digital identity that remains completely under their control.

5. Giving users complete control over all identifying information will encourage further adoption and increase user trust.

6. eIDAS 1.0 wasn’t particularly well designed for the private sector. However, with eIDAS 2.0, every industry will be able to benefit from certain aspects of the identification system.

7. eIDAS 2.0 will facilitate the digital transformation of all sectors.

8.These SSIs can provide the capability to validate only selected, vital aspects of an individual required for a particular transaction, without revealing all of their information. This is achieved by leveraging the usage of cryptographic proofs. This concept will deliver a high degree of authenticity while also respecting customer privacy,​

• When combined with the decentralized ethos of blockchain, eIDAS 2.0 represents the ultimate of consumer privacy and security.​

9. The wallet will allow users to create and use Qualified Electronic Signatures (QES), which are accepted across the EU.

10. eIDAS 2.0 will enable strong security features when storing and applying for services.

To learn about the eIDAS 2.0 roadmap & toolbox and the European Digital Identity Architecture and Reference Framework, read our next article.
​

S | A

 

[Rommelbutt]

For citizens - secure and trusted identification to access online services:​

• Public services such as requesting birth certificates, medical certificates, reporting a change of address​
• Payment authentication with a high degree of security and access to various financial services​
• Filing tax returns​
• Travel credentials such as travel passes and digital COVID certificates and also biometric verification​
• Checking in to a hotel​
• Providing documents for qualification recognition when applying for education, at home or in another Member State​
• Access to a personal patient summary or ePrescription​
• Electronic signature creation and acceptance​
• Renting a car using a fully digital driving license​

secure by becoming easier to control by the government. Yes. Sure.

 

[Dammit Mandrake!]

This is what Real ID becomes, Americans. Pay attention.

 

[LurkTrawl]

An electronic identity (eID) is a means for individuals to prove their identity electronically in order to gain access to services. In the European Union, a central authority – the government – securely stores personal identifying data in order to issue physical ID documents. This is nothing new as we have been accessing documents such as passports, European identity cards and so on, for many years.

These services have become embedded, expected and relied upon in our ‘day-to-day’ lives. Individuals trust their IDs and extend this trust into the digital world, where they use this information to gain access to a variety of services that require proof of identity, such as opening an online bank account, applying for various types of insurance or ‘patient access’ apps that connect the individual to healthcare services, appointments and data, when required.

The updated eIDAS 2.0 initiative is carried out by the European Commission. This new eID strategy is built on the existing cross-border legal framework for trusted digital identities, the European electronic identification and trust services initiative (eIDAS Regulation), which was adopted in 2014. The eIDAS Regulation establishes the framework for cross-border electronic identification, authentication and website certification within the European Union.

So this isn't Online ID, as in, requiring you to be tied to your actual identity wherever you go online, but it looks to be the precursor to implementing such a system.

One of the big headscratchers surrounding an online ID program was how the hell do you digitize a license or other form of I.D. if someone has a physical copy? Well I guess they figured out that if you just make the DMV or whatever the Euro equivalent is, upload it to their system rather than printing it out photo and all, you can sell it as being easier and cheaper than having a physical card.

So this isn't "the big one". It's the platform on which "the big one" will be launched. I know next to nothing about computers and even less about this, but, how the hell does putting all of this info up on a "secure" service online make any sense if there's been so much talk about quantum computer development and being able to just hack anything with it?

 

[Metatron]

I hate the antichrist.

 

[Kuritan Deplorable]

I know next to nothing about computers and even less about this, but, how the hell does putting all of this info up on a "secure" service online make any sense if there's been so much talk about quantum computer development and being able to just hack anything with it?

From a security perspective, it simply doesn't, regardless of any possibility to breach the system. The idea that a digital system is more secure than an alternative is a myth - A manual system has far more frequent failures, all of then individual and isolated. All a digital system does is reduce the frequency of fuckups, and increase the magnitude of them immensely. Instead of one or two card numbers being stolen a day, a hundred thousand are stolen every few years in a big bang.

From a process and systems perpsective, its a massive boon as you replace having to train thousands of people or more on all the minutia of all that shit with a single entry point and single access point that has its internal validation. The non-dystopian idea is that you replace the opportunity for people to misread, misplace, or otherwise mishandle their ID with a centralized system that's accessible by anyone who 'should' have access, IE any service that needs ID. Of course the dystopian version is when you have no recourse as your ID gets 'shadowbanned' and stops being accepted anywhere, and the government agency just keeps saying "Nope looks fine to me". Don't kid yourself that this isn't "The big thing" because any system that allows remotely invalidating your identity is "The Big Thing" because any 'accidents' will be used as excuses to roll out more, and newer, systems to 'fix' it.

 

[LurkTrawl]

Don't kid yourself that this isn't "The big thing" because any system that allows remotely invalidating your identity is "The Big Thing" because any 'accidents' will be used as excuses to roll out more, and newer, systems to 'fix' it.

I should've been more specific when saying that. I meant it as the online ID rollout to eliminate anonymity, or rather, that it isn't that.

I get that there's more to worry about with this.

 

[Rei is Shit.]

Shit like this makes hacking phones even more enticing, which surely can't lead to any issues in the future.

 

[General Emílio Médici]

This is a classic case of "sounds good; doesn't work" like other fun little solutions people end up getting to every time to solve eternal problems like gun control to stop violence and mass surveillance to stop crime. It reeks of "you have nothing to fear if you have nothing to hide good citizen".

 

[The Feline Solution]

Looks like i'm going to enjoy prison after all, child.

 

[Male Idiot]

Wait they want this implemented across the EU in two months?

Even if China's factories go overdrive into making the tech for it, that is... that is one hell of a time limit.

I was worried about tyranny first, but damn this is just going to crash and burn.

 

[Super-Chevy454]

secure by becoming easier to control by the government. Yes. Sure.

And don't forget that would make more easy for identity thief.