8 November 2023
With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached today a provisional agreement on a new framework for a European digital identity (eID).
With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity. This is a key advance for the European Union to be a global reference in the digital field, protecting our democratic rights and values.
Nadia Calviño, acting Spanish first vice-president and minister for economy and digitalisation
The European digital identity wallet
The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication.
Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone.
The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared.
Concluding the initial provisional agreement
Since the initial provisional agreement on some of the main elements of the legislative proposal at the end of June this year, a thorough series of technical meetings followed in order to complete a text that allowed the finalisation of the file in full. Some relevant aspects agreed by the co-legislators today ar
- the e-signatures: the wallet will be free to use for natural persons by default, but member states may provide for measures to ensure that the free-of-charge use is limited to non-professional purposes
- the wallet’s business model: the issuance, use and revocation will be free of charge for all natural persons
- the validation of electronic attestation of attributes: member states shall provide free-of-charge validation mechanisms only to verify the authenticity and validity of the wallet and of the relying parties’ identity
- the code for the wallets: the application software components will be open source, but member states are granted necessary leeway so that, for justified reasons, specific components other than those installed on user devices may not be disclosed
- consistency between the wallet as an eID means and the underpinning scheme under which it is issued has been ensured.
Finally, the revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
Next steps
Technical work will continue to complete the legal text in accordance with the provisional agreement. When finalised, the text will be submitted to the member states’ representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EU’s Official Journal and enter into force.
Background
In June 2021, the Commission proposed a framework for a European digital identity that would be available to all EU citizens, residents, and businesses, via a European digital identity wallet.
The proposed new framework amends the 2014 regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS regulation), which laid the foundations for safely accessing public services and carrying out transactions online and across borders in the EU.
The proposal requires member states to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification. To set up the necessary technical architecture, speed up the implementation of the revised regulation, provide guidelines to member states and avoid fragmentation, the proposal was accompanied by a recommendation for the development of a Union toolbox defining the technical specifications of the wallet.
Following interinstitutional negotiations (‘trilogues’), the two co-legislators managed to reach an initial provisional agreement on the key elements of the file on 29 June 2023 subject to further technical adjustments on the draft legislative text of the revised regulation.
- Council and Parliament strike a deal on a European digital identity (eID) (press release, 29 June 2023)
- eIDAS regulation, Council general approach, 6 December 2022
- Revised eIDAS regulation, Commission proposal, 3 June 2021
- A digital future for Europe (background information)
- Europe fit for digital age, Commission information
- A secure digital identity for everyone (feature story)
EU Parliament on digital wallet deal with EU Council
- An EU wallet to authenticate and access public and private services, store, share and e-sign documents
- A wallet to be used on a strictly voluntary basis
- Privacy dashboard to give users full control over their data
Parliament and Council negotiators reached a provisional agreement on Wednesday on the creation of a pan-European digital identity framework.
According to the agreed text, this new Digital Identity Wallet will allow citizens to identify and authenticate themselves online without having to resort to commercial providers – a practice that raises trust, security and privacy concerns.
The EU wallet will be used on a voluntary basis. During negotiations, MEPs secured provisions to safeguard citizens’ rights and foster an inclusive digital system by avoiding discrimination against those opting not to use the digital wallet.
The agreement provides for free “qualified electronic signatures” for EU wallet users, which are the most trusted, and have the same legal standing as a handwritten signature, as well as wallet-to-wallet interactions, to improve the fluidity of digital exchanges. MEPs have also mandated the wallet’s open-source nature to encourage transparency, innovation and to enhance security. Moreover, they set stringent rules for the registration and oversight of companies involved to ensure accountability and traceability.
Data protection and privacy
Via the so-called privacy dashboard, users will be able to have full control of their data and request that their data be deleted, as provided for under the General Data Protection Regulation (GDPR). Additionally, the right to use a pseudonym is enshrined in the legislation.
The legislation clarifies the scope of Qualified Website Authentication Certificates, which ensures that users can verify who is standing behind a website, while preserving the current well established industry security rules and standards.
Quote
Rapporteur Romana Jerković (S&D, HR) said: “The European Digital Identity Framework is game-changing legislation that will propel the digitalisation of the public sector and society as a whole. At its core, the primary objective of this legislation is to improve the everyday lives of EU citizens by facilitating access to public and private services, not only within their own countries but also during travels and stays in other EU member states. It aims to empower them by putting them in full control over the use and sharing of their data. Digital identity has evolved from being a mere convenience to becoming a catalyst for civic involvement, social empowerment, and a means to foster inclusivity in the digital age”, she added.
Next steps
The legislation will now have to be endorsed by both Parliament and Council before it becomes law. The Industry, Research and Energy Committee will hold a vote on the file on 28 November.
Background
A study from the European Parliament research service highlights that since the pandemic, the provision of public and private services has become increasingly digital. At the same time, entities such as banks, electronic communication service providers and utility companies, some of which are required to collect identity attributes, are acting as verified identity providers.
Existing digital wallet solutions allow users to store and link data in a single, seamless environment on their mobile phones. However, according to the Commission, this convenience comes at the cost of loss of control over personal data, while these solutions are disconnected from a verified physical identity, which makes fraud and cybersecurity threats more difficult to mitigate.