Technology | eIDAS in the Changing Digital Landscape: Advancements and Implications
What is the eIDAS?
The eIDAS entered into force in 2014 and was the first digital identity legislation in the EU to provide the basis for cross-border electronic identification (“eID”) throughout the EU. The regulation defines the types of electronic signatures and regulates the different types of trust services such as:
- Time stamping
- Certified email services
- The creation, verification, and validation of certificates for website authentication
- Electronic documents
- Identification and authentication mechanisms, their levels and their interoperability between member states
In 2021 the European Commission (“Commission”) proposed several changes to the eIDAS due to the challenges raised by its structural shortcomings, limited implementation and the technological developments since its adoption in 2014. The proposed changes also aim to create a European digital identity framework that enables the creation and establishment of a trusted and secure way to authenticate and share qualified data attributes online through a “digital wallet” ensured by member states and allowing transactions across the EU.
The proposal has been well received, both in terms of objectives and scope. It would also execute the European Council’s vision and explicit request for an EU-wide secure public eID, which would include interoperable digital signatures and give EU citizens control over their online identity and related data. However, there are concerns regarding the roles and liabilities for various public and private actors, ensuring adequate data protection, and ensuring widespread use in the EU.
There are several proposed changes to the eIDAS outlined in the proposal documents approved by the European Council. These changes cover areas such as assurance levels, notification, certification, the implementation period, access to hardware and software features, issuance of electronic attestation of attributes by public sector bodies and record matching.
One of the key amendments in the proposal is making it mandatory for each EU member state to provide EU digital identity wallets to all citizens free of charge, as opposed to the current situation in which eID schemes are voluntary. Furthermore, if member states require electronic identification and authentication through national law or administrative practice when accessing online services provided by a public sector body, they must also accept the European digital identity wallets issued in accordance with the eIDAS. Similarly, this also applies to private parties who are obligated by national or Union law or by contractual obligation to use strong user authentication for online identification, including in areas such as:
- Banking and financial services
- Social security
- Digital infrastructure
The next step to the adoption of the proposed eIDAS is for the European Parliament to finish negotiating the proposal with the European Council on the final form and wording of the legislation. Although the new eIDAS does not yet have an expected date of approval, it will likely be approved in 2023, since the EU has stated that it plans for the wallet to be released in 2024. The proposal is currently being assessed in the EEA/EFTA countries.
The forthcoming implementation of the new eIDAS regulation is poised to bring about a substantial transformation for public bodies, private businesses, and citizens across the European Union. The envisaged European digital identity wallet has the potential to facilitate faster, safer, and more efficient interactions for all stakeholders. In anticipation of the regulation’s rollout, a growing number of businesses are actively developing digital wallets and related products and services to position themselves advantageously for the opportunity to serve the European market. As a result, the introduction of eIDAS is expected to create a considerable push for innovation and competition among providers of digital wallet solutions, generating benefits for consumers and businesses alike.