EUid: digital identity in an electronic wallet
The EU Commission is planning to introduce an electronic wallet for the European Digital Identity framework (EUid). The ID wallet enables users of mobile end devices, such as smartphones and tablets, to digitally identify themselves anywhere in Europe using their identity data. It means that the existing regulations regarding electronic identification, authentication and trust services (eIDAS) should be revised. Dr. Kim Nguyen, Managing Director of D-Trust, the trust services provider of the Bundesdruckerei Group, explains in this expert interview how important the Commission’s plans are and how citizens would benefit.
Making the digital single market reality with the EUid
Why is a European digital identity so important?
Fundamentally, digital identities on the Internet confirm that those involved in a transaction are indeed who they claim to be. They are the foundation of the vision of a European digital single market, in which trusted electronic transactions take place and that digital government services can be safely used. It is also vital that digital identities remain independent of economic interests and also within the control of EU citizens, which is a contribution to sustainably ensuring Europe’s digital sovereignty.
How are digital identities controlled at European level?
The eIDAS Regulation creates the legal and organisational framework for electronic identification. Previously, the focus lay on mutual recognition of various national systems used for electronic identity. However, the solutions did not reach the scope required in practice that would be important for establishing a digital single market. The EU Commission states various reasons in an evaluation report for this: no mandatory introduction of national means of identification, focusing digital identity on public administration as well as the lack of mobile applications. The EU Commission therefore decided to revise the eIDAS Regulation.
How will the Commission establish the EUid?
As a starting point, member states are obliged to provide their own identity systems. Digital wallets, known as ID wallets, are then superimposed on national identity-related solutions. These wallets are located on mobile end devices such as smartphones and tablets. These contain the core data regarding digital identity. European citizens should have simple access to a wide range of public and private services with these ID wallets. There will not be a uniform European digital wallet. Instead, the focus is on a technical framework for interoperability of the various national wallets.
Do ID wallets provide other practical benefits?
The concept of the ID wallet enables citizens to also store key personal attributes in the digital wallet along with their basic identity, such as a driving licence, references or health certificates. They should be able to decide by themselves what data is passed on to such online services.
The ID wallet will only prevail if corresponding options and services are available from both the public and private sectors. How does the eIDAS Regulation support this?
The digital wallets of individual EU countries must be recognised by the other member states. Furthermore, the authorities and individual industry sectors such as the financial industry are obliged to accept the ID wallet. This is the case for specific requirements in identity verification - such as in two-factor authentication. There is also a provision that Internet platforms must accept ID wallets with the proviso that they are used by at least 10% of the population. However, attractive application scenarios are paramount when it comes to extensive use across Europe.
For what can ID wallets be used?
There are a wide range of potential applications in the private sector. Companies no longer need to carry out prolonged identification processes as the ID wallet already contains verified identities. Applications include opening a bank account, credit applications, hiring a car, checking into hotels or even health services such as storing a doctor’s prescription. Public authorities can use ID wallets for university applications, moving to a new apartment or tax returns.
Services known as trust services are, alongside electronic identification, another important part of the eIDAS Regulation. How does the EU Commission assess the development of trust services, such as electronic signatures?
The introduction of the remote signature has breathed new life into the electronic signature. This process means documents can also be remotely signed and still be legally binding. An electronic signature is issued from the computer in a home office or on the move via a mobile phone and a tablet. As an example, companies and personnel service providers use remote signatures for employment contracts. According to the current Digital Office Index 2022 from Bitkom, the specialist IT association, 22% of companies surveyed use digital signature solutions whilst a further 20% plan to do so. This is an increase of almost 30% compared to 2020 in both cases.
Which trust services have not yet become established?
Qualified website authentication certificates (QWACs) have not been used much up until now. They help enhance web security by carefully checking the identity of website operators via trusted external organisations known as qualified trust service providers (qVDA). If the audit is passed then the website operator receives a qualified certificate for their website. The fundamental idea was that use of the certificate is clearly visible in the Internet browser bar. Displaying QWACs had been prevented up until now by major browser manufacturers. The EU Commission now aims to make it compulsory for browser manufacturers to recognise qualified website authentication certificates and to make this clear in the browser bar.