In June 2021, the European Commission proposed an update to its pan-European digital identity framework, which will give every European a set of digital identity credentials that will be recognized anywhere in the EU. The heart of this initiative is a digital identity wallet, which allows a user to keep their digital identity private.
This blog explores the EU Digital Identity Wallet and how it functions, and the key risks and benefits regarding data protection.

What Is eIDAS 1.0?

The Regulation on electronic identification and trust services, the so-called eIDAS Regulation, became effective on July 1st, 2016. The original regulation had two major parts to it:

  • Trust Services
  • Electronic Identification schemes

Trust Services primarily deals with electronic signatures between entities, authentication, and open standards related to access to EU Trusted lists.

Electronic identification scheme talks about no central EU ID but allowing for a network of recognized EU national eID schemes. The focus is primarily around public sector services rather than commercial. In addition, it describes different Levels of Assurance (LOA) such as:

  • Low: for instance, enrollment is performed by self-registration on a web page, without any identity verification;
  • Substantial: for instance, enrollment is performed by providing and verifying identity information, and authentication by using a user name and a password and a one-time password sent to your mobile phone;
  • High: for instance, enrollment is performed by registering in person in an office and authentication by using a smartcard, like a National ID Card.

The outcome was that eIDAS 1.0 was not widely adopted. Only 14 member states notified that they have an eID Scheme. The attributes provided were limited, and there was limited to negligible use of identity across borders, which is extremely important in digital identity.

eIDAS 2.0

Keeping the drawbacks of eIDAS 1.0 in mind, a new revision was drafted. The revision aims to align and harmonize the implementation of the Regulation across all member states – both public and private – and introduces the concept of a European Digital Identity wallet.

Using the European Digital Identity wallet, individuals can store virtual identity cards (including but not limited to national ID cards) electronically to choose which identity information to share with a service. Unlike the earlier regulation, the user is the center of the universe and will have more control over what information can be shared with a service requesting users’ identity attributes.

The proposed Digital Identity wallet is very similar to the self-sovereign identity concept (SSI) that has been a guideline for some time.

The European Commission aims to create a wallet (s) that will be available to all EU Citizens and be open to being used to identify a person and utilized for attestations for any sensitive data. Some of the everyday use cases envisioned are:

  • Digital user identification as part of the registration or sign up
  • Seamless authentication to service
  • Payments and access to financial services
  • Attest and present sensitive attributes like age, employment, education
  • Electronic signature creation and acceptance

Opinion

The eIDAS 2.0 is a step in the right direction. Consumer acceptance of the convenience of mobile devices is both broad and deep. An app that allows people to sign up securely to services with a click, anywhere in the E.U., with total control of their data would probably be an instant hit. From the service providers’ view, the ability for consumers to quickly sign up would contribute to gaining more customers and providing a better user experience. Additional benefits include:

  • More manageable and less costly compliance
  • Improved security and simplified engagement
  • Leveraging trusted relationships to offer additional services
  • Better enable cross-border opportunities to take advantage of the entire E.U. market

But along with these benefits, there may be some problems as well.

  • Unique identifier – Each identity wallet is required to have a unique identifier. Any identifier means that it can be tracked and profiled. A big no-no, especially if the idea is to adopt SSI principles.
  • Deletion – Ability for a wallet provider to delete your identity. Again this opens up for many other nefarious uses and brings in the concept of big data companies making and managing the wallets.
  • Private sector – For all the new guidelines introduced, the one area that has not been highlighted is adoption. If this is restricted to only public services, the implementation will be limited to eIDAS 1.0. The private sector needs to be encouraged to adopt the wallet. Any barriers for private sectors to use the wallet should be eliminated.

Considering an Identity Wallet?

BlockID is an enterprise-grade, digital identity verification, and passwordless authentication solution. Our platform is certified to the NIST 800-63-3 guideline and supports remote self-service enrollment to Identity Assurance Level 2 (IAL2) automatically or higher with agent assistance.

Once enrolled, the customer can use their identity for passwordless access for account login and transaction approval. FIDO2 biometric authentication and storage of customer information in a distributed ledger to W3C DID standards ensures the highest level of privacy. For more information, click here.

Overcoming Resistance to Change on the Journey to Passwordless MFA
Read More
Meet the Author

Huzefa Olia

Chief Operating Officer

Huzefa Olia, Chief Operating Officer for 1Kosmos is a recognized expert in Identity & Access Management. He previously held senior management roles at global identity management services provider Simeio, cyber risk management vendor Brinqa and identity compliance management vendor Vaau (acquired by Sun).