PURPOSE: to amend Regulation (EU) No 910/2014 as regards establishing a framework for a European digital identity.
PROPOSED ACT: Regulation of the European Parliament and of the Council.
ROLE OF THE EUROPEAN PARLIAMENT: the European Parliament decides in accordance with the ordinary legislative procedure and on an equal footing with the Council.
BACKGROUND: the electronic identification and trust services for electronic transactions in the internal market Regulation (Regulation 910/2014) (eIDAS) is the only cross-border framework for trusted electronic identification (eID) of natural and legal persons, and trust services. eIDAS, adopted in 2014, is based on national eID systems following diverse standards and focuses on a relatively small segment of the electronic identifications needs of citizens and businesses: secure cross-border access to public services. Since then, digitalisation of all functions of society has increased dramatically with the COVID-19 pandemic having a very strong effect on the speed of digitalisation. As a consequence, the demand for means to identify and authenticate online, as well as to digitally exchange information related to our identity, attributes or qualifications (identity, addresses, age, but also professional qualifications, driving licences and other permits and payment systems), securely and with a high level of data protection, has increased radically.
Currently, there is no requirement for Member States to develop a national digital ID and to make it interoperable with the ones of other Member States, which leads to high discrepancies between countries. The current proposal will address these shortcomings by improving the effectiveness of the framework and extending its benefits to the private sector and to mobile use.
CONTENT: the proposed framework for a European Digital Identity aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules and public administrations should be able to rely on electronic documents in a given format.
More specifically, the proposed Regulation seeks to amend Regulation (EU) No 910/2014 to require Member States to issue a European Digital Identity Wallet under a notified eID scheme. It includes provisions to ensure that natural and legal persons will have the possibility to securely request and obtain, store, combine and use person identification data and electronic attestations of attributes to authenticate online and offline and to allow access to goods and online public and private services under the user’s control.
Main objectives
The general objective of this initiative is to ensure the proper functioning of the internal market, particularly in relation to the provision and use of cross-border and cross-sector public and private services relying on the availability and use of highly secure and trustworthy electronic identity solutions.
The specific objectives seek to:
- provide access to trusted and secure digital identity solutions that can be used across borders, meeting user expectations and market demand;
- ensure that public and private services can rely on trusted and secure digital identity solutions across borders;
- provide citizens full control of their personal data and assure their security when using digital identity solutions;
- ensure equal conditions for the provision of qualified trust services in the EU and their acceptance.
European Digital Identity Wallet
Under the new proposed Regulation, Member States will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g. driving licence, diplomas, bank account). These wallets may be provided by public authorities or by private entities, provided they are recognised by a Member State.
Trust service
In order to achieve a high level of security and trustworthiness, this Regulation establishes the requirements for European Digital Identity Wallets. The conformity of European Digital Identity Wallets with those requirements should be certified by accredited public or private sector bodies designated by Member States. Relying on a certification scheme based on the availability of commonly agreed standards with Member States should ensure a high level of trust and interoperability.
Moreover, in order to ensure that users can identify who is behind a website, the proposal makes an amendment which would require providers of web browsers to facilitate the use of qualified certificates for website authentication.
Personal data security
It is proposed that European Digital Identity Wallets should ensure the highest level of security for the personal data used for authentication irrespective of whether such data is stored locally or on cloud-based solutions, taking into account the different levels of risk. Any personal data would be shared online only if the citizen chooses to share that information.
Budgetary implications
The total financial resources necessary for the implementation of the proposal in the 2022-2027 period will be up to EUR 30.825 million, including EUR 8.825 million of administrative costs and up to EUR 22 million in operational spending covered by the Digital Europe Programme (pending agreement). The financing will support costs linked to maintaining, developing, hosting, operating and supporting the eID and trust services’ building blocks. It may also support grants for connecting services to the European Digital Identity Wallet ecosystem, the development of standards and technical specifications.