The Committee on Industry, Research and Energy adopted the report by Romana JERKOVIĆ (S&D, HR) on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity.
The new European Digital Identity would allow citizen to safely participate in the digital society and facilitate unrestricted access to online public services throughout the Union for any natural or legal person.
The committee responsible recommended that the European Parliament's position adopted at first reading under the ordinary legislative procedure should amend the proposal as follows:
European Digital Identity Wallet
Members clarified the definition of ‘European Digital Identity Wallet’ to mean an electronic identification means which securely stores, manages and validates identity data and electronic attestations of attributes, to provide them to relying parties and other users of European Digital Identity Wallets on request, and which enables the creation of qualified electronic signatures and seals.
To ensure that all natural and legal persons in the Union have secure, reliable, trusted and seamless access to cross-border public and private services, while having full control over their data, each Member State should issue at least one European Digital Identity Wallet by 18 months after the date of entry into force of this amending Regulation.
European Digital Identity Wallets should:
- be issued and managed in any of the following ways: (i) directly by a Member State; (ii) under a mandate from a Member State; (iii) independently from a Member State but recognised by that Member State;
- be voluntary;
- provide common protocols and interfaces: (i) to establish unique, private and secure peer-to peer connections between two European Digital Identity Wallets or between an European Digital Identity Wallet and a relying party; (ii) for users of European Digital Identity Wallets and relying parties to request, receive, select, send, authenticate and validate electronic attestations of attributes, person identification data, the identification of relying parties, electronic signatures and electronic seals;
- provide the necessary state-of-the-art security functionalities, such us mechanisms to encrypt and store data in a way that is only accessible to and decryptable by the user and establish end-to-end encrypted exchanges with relying parties and other European Digital Identity Wallets;
- be free of charge to all natural and legal persons.
National competent authorities and single point of contact
The report stressed that each Member State should establish one or more new national competent authorities to carry out the tasks assigned to them. Member States should designate one national single point of contact on European digital identity framework (single point of contact). The national competent authorities should, inter alia: (i) monitor and enforce the application of this Regulation; (ii) supervise issuers of European Digital Identity Wallets; (iii) supervise allegedly unlawful or inappropriate behaviours; (iv) supervise qualified trust service providers.
The European Digital Identity Framework Board
Members also proposed the establishment of the European Digital Identity Framework Board (EDIFB) composed of representatives of national competent authorities and the Commission. The EDIFB should assist the Commission in: (i) the preparation of legislative proposals and policy initiatives in the field of digital wallets, electronic identification means and trust services; (ii) exchanging good practices and information regarding the application of the provisions of this Regulation; (iii) carrying out coordinated security risk assessments in cooperation with ENISA.