The European Parliament adopted by 335 votes to 190, with 31 abstentions, a legislative resolution on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity.
This proposed Regulation establishes a European digital identity framework allowing Union citizens and residents in the Union to access public and private online and offline services throughout the Union.
The European Parliament's position adopted at first reading under the ordinary legislative procedure amends the Commission's proposal as follows:
European Digital Identity Wallets
European Digital Identity Wallets should enable the user, in a manner that is user-friendly, transparent, and traceable by the user, to:
- securely request, obtain, select, combine, store, delete, share and present, under the sole control of the user, person identification data and, where applicable, in combination with electronic attestations of attributes, to authenticate to relying parties online and, where appropriate, in offline mode, in order to access public and private services, while ensuring that selective disclosure of data is possible;
- generate pseudonyms and store them encrypted and locally within the European Digital Identity Wallet;
- securely authenticate another person’s European Digital Identity Wallet, and receive and share person identification data and electronic attestations of attributes in a secured way between the two European Digital Identity Wallets;
- access a log of all transactions carried out through the European Digital Identity Wallet via a common dashboard enabling the user to: (i) view an up-to-date list of relying parties with which the user has established a connection; (ii) easily request the erasure by a relying party of personal data; (iii) easily report a relying party to the competent national data protection authority, where an allegedly unlawful or suspicious request for data is received; (iv) sign by means of qualified electronic signatures or seal by means of qualified electronic seals.
The source code of the application software components of European Digital Identity Wallets should be open-source licensed to encourage transparency, innovation and to enhance security. The issuance, use and revocation of the European Digital Identity Wallets should be free of charge to all natural persons. Users should have full control of the use of and of the data in their European Digital Identity Wallet.
The use of European Digital Identity Wallets shall be voluntary. Access to public and private services, access to the labour market and freedom to conduct business should not in any way be restricted or made disadvantageous to natural or legal persons that do not use European Digital Identity Wallets. It shall remain possible to access public and private services by other existing identification and authentication means.
Any processing of personal data carried out by the Member States or on their behalf by bodies or parties responsible for the provision of European Digital Identity Wallets as electronic identification means shall be carried out in accordance with appropriate and effective data protection measures.
The conformity of European Digital Identity Wallets and the electronic identification scheme under which they are provided with the requirements laid down in the Regulation should be certified by conformity assessment bodies designated by Member States.
Registering and monitoring
Where a relying party intends to rely upon European Digital Identity Wallets for the provision of public or private services by means of digital interaction, the relying party should register in the Member State where it is established.
The registration process should be cost-effective and proportionate-to-risk. The relying party should provide at least: (i) the information necessary to authenticate to European Digital Identity Wallets, which as a minimum includes: (i) the contact details of the relying party; (ii) the intended use of European Digital Identity Wallets, including an indication of the data to be requested by the relying party from users.
Member States should designate one or more supervisory bodies established in their territory. These bodies should be given the necessary powers and adequate resources for the exercise of their tasks in an effective, efficient and independent manner. The role of the supervisory bodies designated should be to:
- supervise providers of European Digital Identity Wallets established in the designating Member State and to ensure, by means of ex ante and ex post supervisory activities, that those providers and European Digital Identity Wallets they provide meet the requirements laid down in this Regulation;
- take action, if necessary, in relation to providers of European Digital Identity Wallets established in the territory of the designating Member State, by means of ex post supervisory activities, when informed that providers or European Digital Identity Wallets that they provide infringe this Regulation.
Qualified electronic signatures
The Regulation provides for free qualified electronic signatures for EU wallet users, which are the most trusted, and have the same legal standing as a handwritten signature, as well as wallet-to-wallet interactions, to improve the fluidity of digital exchanges.
An attestation of attributes issued by or on behalf of a public sector body responsible for an authentic source in one Member State should be recognised as an attestation of attributes issued by or on behalf of a public sector body responsible for an authentic source in all Member States.