To ensure a “trusted” and secure digital identity for all Europeans, the European Council adopted a new framework for a European digital identity (eID).
Mathieu Michel, Belgian Secretary of State for digitization, administrative simplification, privacy protection and the building regulation:
The adoption of the European digital identity regulation “is a milestone in our society’s digital transformation. Enabling citizens to have a unique and secure European digital wallet while remaining in full control of their personal data is a key step forward for the EU, which will set a global benchmark in the digital field and enhance security when engaging with online services.”
Moreover, by putting citizens “at the center, the European digital identity regulation contributes to significantly improving and simplifying access to public services online. Citizens should not have to bear the burden of administrative and institutional complexity.”
The revised regulation constitutes a clear paradigm shift “for digital identity in Europe. It aims to ensure that people and businesses across Europe have universal access to secure and trustworthy electronic identification and authentication.”
Under the new law, member states will “offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, qualifications, bank account).”
Citizens will be able to “prove their identity and share electronic documents from their digital wallets simply, using their mobile phones.”
The new European digital identity wallets (EDIWs) will “enable all citizens to access online services with their national digital identification, which will be recognized throughout the EU, without having to use private identification methods or unnecessarily share personal data.”
User control ensures that “only information that needs to be shared will be shared.”
Main elements of the revised regulation:
The co-legislators maintained the general thrust of the Commission proposal for an upgraded framework that will improve the effectiveness and “extend the benefits of secure and convenient digital identity to the private sector and for mobile use.”
Interinstitutional discussions strengthened the legislation “in several areas that are important for citizens.”
The wallet will contain “a dashboard of all transactions accessible to its holder both online and offline, offer the possibility to report possible violations of data protection, and allow interaction between wallets. Moreover, citizens will be able to onboard the wallet with existing national eID schemes and benefit from free e-signatures for non-professional use.”
The main elements of the revised law can be summarized as follows:
- by 2026, each member state must make a digital identity wallet available to its citizens and accept EDIWs from other member states according to the revised regulation
sufficient safeguards have been included to avoid discrimination against anyone choosing not to use the wallet, which will always remain voluntary - the wallet’s business model: issuance, use and revocation will be free of charge for all natural persons
- the validation of electronic attestation of attributes: member states are required to provide free-of-charge validation mechanisms only to verify the authenticity and validity of the wallet and of the relying parties’ identity
- the code for the wallets: the application software components will be open source, but member states are granted leeway so that, for justified reasons, specific components other than those installed on user devices need not be disclosed
consistency has been ensured between the wallet as a form of eID and the scheme under which it is issued.
Finally, the revised law clarifies the scope of “the qualified website authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.”
The revised regulation will be published in “the EU’s Official Journal in the coming weeks and will enter into force 20 days after its publication.”
The regulation will be “fully implemented by 2026.”