PURPOSE: to adopt a new legal framework for a European digital identity (eID) to ensure a secure and trustworthy digital wallet for all Europeans.
LEGISLATIVE ACT: Regulation (EU) 2024/1183 of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework.
CONTENT: the revised Regulation aims to ensure universal access to secure and trustworthy electronic identification and authentication means across the Union.
For those purposes, this Regulation:
- lays down the conditions under which Member States are to recognise natural and legal persons electronic identification means falling under a notified electronic identification scheme of another Member State and provide and recognise European Digital Identity Wallets;
- lays down rules for trust services, in particular for electronic transactions;
- establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic registered delivery services, certificate services for website authentication, electronic archiving, electronic attestation of attributes, electronic signature creation devices, electronic seal creation devices, and electronic ledgers.;
European digital identity wallet
In order to guarantee all natural and legal persons in the EU secure, reliable and seamless cross-border access to public and private services, while exercising full control over their data, each Member State should make a digital identity wallet available to its citizens by 2026 and accept European digital identity wallets from other Member States in accordance with the revised Regulation.
European Digital Identity Wallets should enable the user, in a manner that is user-friendly, transparent, and traceable by the user, to:
- securely request, obtain, select, combine, store, delete, share and present, under the sole control of the user, person identification data and, where applicable, in combination with electronic attestations of attributes (e.g. driving licence, qualifications, bank account), to authenticate to relying parties online and, where appropriate, in offline mode, in order to access public and private services, while ensuring that selective disclosure of data is possible;
- generate pseudonyms and store them encrypted and locally within the European Digital Identity Wallet;
- securely authenticate another persons European Digital Identity Wallet, and receive and share person identification data and electronic attestations of attributes in a secured way between the two European Digital Identity Wallets;
- access a log of all transactions carried out through the European Digital Identity Wallet via a common dashboard enabling the user to:
- sign by means of qualified electronic signatures or seal by means of qualified electronic seals;
- download, to the extent technically feasible, the users data, electronic attestation of attributes and configurations;
- exercise the users rights to data portability.
Source code
The source code of the application software components of European Digital Identity Wallets should be open-source licensed. Member States may provide that, for duly justified reasons, the source code of specific components other than those installed on user devices should not be disclosed.
Safeguards
Sufficient safeguards have been included to avoid discrimination against anyone choosing not to use the wallet, which will always remain voluntary.
The issuance, use and revocation of the European Digital Identity Wallets will be free of charge for all natural persons.
Member States are required to provide free of charge validation mechanisms only to verify the authenticity and validity of the wallet and of the relying parties identity.
Processing of data
The use, free of charge, of European Digital Identity Wallets should not result in the processing of data beyond data that is necessary for the provision of European Digital Identity Wallet services. This Regulation should not allow the processing of personal data stored in or resulting from the use of the European Digital Identity Wallet by the provider of the European Digital Identity Wallet for purposes other than the provision of European Digital Identity Wallet services.
The conformity of European Digital Identity Wallets and the electronic identification scheme under which they are provided with the requirements laid down in the Regulation should be certified by conformity assessment bodies designated by Member States.
Registration and monitoring
Strict rules are laid down for the registration and monitoring of the businesses concerned in order to ensure accountability and traceability. Where a relying party intends to rely upon European Digital Identity Wallets for the provision of public or private services by means of digital interaction, the relying party shall register in the Member State where it is established.
ENTRY INTO FORCE: 20.5.2024.