Ten years after the eIDAS Regulation [1], the new European Digital Identity Regulation has been adopted [2]. Since 20 May this year, its general legal framework has been binding within the European Union, even though it will be further detailed by secondary legislation, standards and developments in technical infrastructures. What will its future impact be on access to digital services, data management and electronic transactions? The European Commission is aiming for nearly 80% of citizens to be using their official digital identities by 2030 , largely using the digital wallet proposed by the new regulation. So they have high ambitions.
TRUSTECH conference room on Identification with Guy DE FELCOURT speaking in front of a panel of speakers and attendees

A broader identification framework and new trust services

On the face of it, the new regulation promises to be much broader and more open in its application than the previous text, which was restricted to the public sector. Article 1 of the new regulation states that one of its aims is “access to online public and private services throughout the Union”. In fact, all private services (excluding SMEs and very small businesses) that are regulated and/or require strong authentication of the user as part of a contractual obligation will also have to be able to accept the use of European digital wallets. The regulation specifically mentions the transport, energy, banking, financial services, social security, health, drinking water, postal services, education, telecommunications and digital infrastructure sectors. As we know, this obligation also applies to the major digital platforms covered by the legislation [3] on digital services.

There is, therefore, a significant opportunity for private sector companies providing services to the general public or services to businesses to be able to use this European digital wallet, in principle, from 2026. This can be done by using it as a convenient means of customer identification and enrolment, as a fluid means of authentication for transactions, or by offering formal but fluid contracting services through digital signature processes that allow proof of consent to be captured.

The new regulation also extends and modernises the trust services that existed under the previous regulation. As well as enabling remote signatures to be carried out with a higher degree of confidence, it also enables electronic registers to be used to keep track of events and archiving services to be used to preserve digital documents and certify their validity over time. Attestation or verification of attributes has also been included in the new regulation as a trusted service. The word “attribute” appears more than 140 times, indicating the importance of this data presentation service, which refers to the ability to attest or certify data linked to an identity.

 

The digital wallet at the heart of the regulation

The flagship measure in the new regulation is known as the “European digital identity wallet”, which makes it possible to use all available forms of trust granularity on a mobile phone: documents or credentials, certified data or authentication and signature processes through a common interface.

Users will be able to obtain and present electronic documents, credentials and digital attestations using their digital wallet. Diplomas, driving licences or medical prescriptions, for example. The wallet can also be used to transmit personal identification data during authentication or identification processes, or data subject to verification or attestation processes.

The regulation sets out requirements to ensure a high level of interoperability, security and data protection. Interoperability between Member States will be defined by secondary legislation, standards and a technical architecture [4]. Security and privacy requirements are specified at the design stage of wallet implementation and through other mechanisms, including selective disclosure of attributes and requirements for separation and non-traceability in data processing.

illustration article walletIllustration: Architecture of the European wallet version 1.4 [5]

An expected global impact and movement towards convergence

As the first major continental/regional legislation on the introduction of digital wallets, the new European regulation will have a wider direct impact and is part of a global movement towards convergence in the digitisation of digital transactions and services.

It is a sign of a more structured digital space. By offering users versatile, ergonomic and appropriately secure tools like the digital wallet, it aims to advance the practical aspects of the digital economy in three different ways. The first is the management and protection of sensitive data, in particular regarding identification; the second is the ability to carry out private, public and cross-border electronic transactions more conveniently; and the third is access to digital services that are more customisable according to the attributes exchanged.

The new regulation is also part of a worldwide convergence between identity management, payment management and data management in general. This movement has been known under the generic term “Digital Public Infrastructure” since the G20 summit last year. We will have a chance to talk more about this in an upcoming article ahead of the Trustech meeting from 3 to 5 December. The European digital wallet provides a multi-dimensional tool for managing identities, data and digital trust. It also contributes to the gradual convergence of identity and payment in the management of transactions and the distribution of digital services. 

 

Join us in a few months’ time at TRUSTECH 2024 for a discussion on the latest developments in digital services, legislation and global practices around digital identity and payments.

 

Written by Guy DE FELCOURT, Public Affairs Consultant Digital Society & Identity focus - Author and University Lecturer.

 

[1] EU Regulation No 910/2014 of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

[2] EU Regulation No 2024/1183 of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework

[3] EU Regulation 2022-2065 of 19 October 2022 on a single market for digital services.

[4]The Architecture and Reference Framework (ARF): https://digital-strategy.ec.europa.eu/fr/library/european-digital-identity-wallet-architecture-and-reference-framework

[5] The European Digital Identity Wallet Architecture and Reference Framework © 2023 by European Commission is licensed under Attribution 4.0 International. To view a copy of this license, visit: http://creativecommons.org/licenses/by/4.0/