In this opinion piece, Victoria Hernández, CISO and Head of eiDAS Trust Services & Cybersecurity at Víntegris, analyzes the aspects of the new European Digital Identity and the evolution of eIDAS 2.0 to make it possible.
We’ve been hearing and reading about the future European digital identity (eIDAS) for months. The European Union has even set a date and a milestone for its implementation and scope: the goal is that by 2030, 80% of citizens will have this digital identity, which will allow us to carry out procedures and processes with both companies and public administrations more securely and easily.
While it is true that technological advances that facilitate daily life are transmitted at a pace that is difficult to predict, the challenge of orchestrating that 8 out of 10 Europeans can carry an application on their phones capable of generating their digital identity with total security within a period of 6 years is no small matter.
But what exactly does this new digital identity consist of?
As its name suggests, it is about transferring to the digital world that which defines our identity and recognizes us as individuals.
Until now, when we have to prove our identity to carry out any kind of procedure, whether it’s renting a car or checking into a hotel, we have had to present our physical documents: ID card, driver’s license, passport, etc. With the digital identity or wallet that the EU is proposing, and which will most likely be implemented by 2024, citizens will have a mobile application that will allow us to leave our physical wallet at home, even outside our country of origin. In it, we can store all our personal documents, academic degrees, certifications, or other items that we have and need to identify ourselves and carry out our transactions.
In addition to being able to manage everything using only your mobile phone, another advantage of the new digital wallet is that you won’t need to display any information other than what’s strictly necessary to complete the transaction. The digital wallet will allow you to display a QR code containing only the information required for each transaction, thus protecting your privacy and safeguarding your other data from prying eyes and potential theft or identity theft.
nebulaSUITE, the ALL-IN-ONE Solution for the Secure Management of your Digital Identity (eIDAS Compliance)
What does the European eIDAS regulation consist of?
Undoubtedly, data security is a deterrent for many people when it comes to accessing the digital world. There is still considerable reluctance to install mobile payment, banking, or similar applications on their phones due to fear of constant cyberattacks, identity theft, and their rapid evolution.
In this respect, the future European digital identity is already well-prepared, as it is based on the eIDAS Regulation (Electronic Identification, Authentication and Trust Services). The eIDAS Regulation established in 2014 the first framework necessary to enable mutually recognized electronic identification and signature services across Member States.
Over the years, eIDAS has enabled various online public bodies and services in the EU to make use of electronic identification by providing legal cover for providing trust services , implementing identification services, digital certificates and electronic signatures, as well as enabling remote video identification to solve the problem of face-to-face identity verification.
After several years in development, but with limited implementation by the Member States, the European Commission decided to further expand the scope of the regulation with new functionalities, which has become known as eIDAS2 or eIDAS 2.0.
“Goodbye to physical documents, all our IDs are on our mobile phones”
eIDAS2 Objectives
This renewal aims to broaden the scope of the regulation with several objectives:
- To enable access to highly reliable and secure digital identity solutions .
- That public and private services can rely on trustworthy and secure digital identity solutions .
- eIDAS 2.0 will comply with the General Data Protection Regulation (GDPR).
- To empower individuals and legal entities to use digital identity solutions.
- Such solutions are linked to a variety of attributes and allow the specific exchange of identity data , always limited to the specific needs of the requested service.
- eIDAS 2.0 will transfer control of identity and personal information to the end user, emphasizing the principle of exclusive control. This means it allows all EU citizens to exercise their rights to a digital identity that remains exclusively under their control (self-sovereignty).
The Future of European Digital Identity
Beyond the technicalities, the future European digital identity that will be built on the basis of the eIDAS2 regulation will provide citizens of the European Union with a new way to carry out procedures with both administrations and companies in member countries based on a secure and reliable exchange of their data, while leaving their physical wallet at home.