The Evolution Of eIDAS: Past, Present, And Future

Providing a secure and interoperable framework for electronic identification and trust services.

popularity

The European Union’s journey toward a unified digital identity framework began with the establishment of the Electronic Identification, Authentication, and Trust Services (eIDAS) regulation. Since its inception, eIDAS has aimed to provide a secure and interoperable framework for electronic identification and trust services across the EU. This blog explores the evolution of eIDAS from its initial 1.0 version to the forthcoming eIDAS 2.0, highlighting the successes, challenges, and future improvements.

Fig. 1: Mobile identity use case.

eIDAS 1.0: A groundbreaking start

eIDAS 1.0, formally known as Regulation (EU) No 910/2014, was set into force on July 1, 2016. Its goal was to ‘ensure the security and interoperability of electronic identification and trust services within the EU’, providing a legal framework for the creation, verification, and validation of electronic identities and trust services like electronic signatures, seals, and timestamps.

The regulation aimed to facilitate secure electronic interactions between citizens, businesses, and public authorities, with a vision of mutual recognition of electronic identification across EU member states. However, the ambitious objectives of eIDAS 1.0 were only partially achieved. While it laid a solid foundation, several challenges hampered its full potential.

Challenges of eIDAS 1.0

  1. Effectiveness: Not all member states notified an electronic ID (eID) or established the necessary eIDAS nodes, which are vital for cross-border interoperability. This lack of uniform implementation hindered the seamless cross-border authentication that eIDAS intended to provide. Additionally, varying national interpretations of trust services created inconsistencies, further complicating adoption.
  2. Efficiency: The quantifiable costs of implementing eIDAS 1.0 often outweighed the benefits, primarily due to the low uptake of notified schemes and unclear practical advantages. This inefficiency was a significant barrier to widespread acceptance.
  3. Relevance: While the eIDAS legal framework was relevant, it didn’t fully address the needs of the private sector or specific fields such as education and travel. The regulation’s scope was too narrow to cater to these broader applications.
  4. Coherence: eIDAS promoted mutual recognition of national eID schemes but failed to clearly define the levels of assurance (LoA) required. This ambiguity led to varied interpretations and inconsistent implementation across member states.
  5. EU Added Value: Despite its shortcomings, eIDAS established a harmonized legal framework that motivated member states to develop eID solutions and fostered interoperability. However, its full potential remained unrealized.

eIDAS 2.0: Addressing the gaps

In September 2020, Commission President Ursula von der Leyen called for easier access to digital services across Europe, emphasizing greater control over users’ data. This led to the proposal for eIDAS 2.0, aimed at addressing the weaknesses of its predecessor and expanding its scope to include new trust services and a digital identity wallet.

The amendment to eIDAS 1.0, known as eIDAS 2.0 (EU) No 2024/1183, was released in April 2024. This revised regulation aims to align with modern identification practices and promote intra-community integration of trust services, enabling a more consistent implementation across the EU.

Key features of eIDAS 2.0

  1. Digital Identity Wallet: Member states are required to provide a digital identity wallet to citizens and enterprises by 2030. This mobile app will enable users to identify themselves to online services across Europe, store and share digital documents, and electronically sign or seal documents. The target is for 80% of citizens to have access to a digital identity wallet by 2030, though its use will remain optional.
  2. Expanded Trust Services: eIDAS 2.0 introduces additional trust services, such as electronically qualified web pages, electronic certificates for authentication, and electronic attestation of attributes. This expansion addresses the needs of various sectors and enhances the regulation’s relevance.
  3. Interoperability and Security: The digital identity wallet will support both online and offline functions, enabling the highest levels of security. It will be based on a single set of open specifications and an open-source reference implementation, promoting interoperability across the EU.

Implementing acts and future steps

Implementing acts is crucial for the uniform application of eIDAS. The first batch, which was adopted on November 28th, 2024, covers protocol and interfaces, integrity and core functionalities, trust framework, and certification. Subsequent batches will address topics like identity matching, security breaches, and interoperability.

The member states of the European Union bear the primary responsibility for implementing EU laws and regulations. However, where uniform conditions for implementation are necessary, the Commission adopts implementing acts. The review of the first batch of implementing acts has already taken place, with further reviews and potential new acts expected in 2025 and 2026.

Use cases for eIDAS 2.0

The European Union Digital Identity Wallet (EUDIW) will enable a range of use cases, including authentication, storage, sharing, and signing of documents.

Fig. 2: Broad range of use cases for EU digital identity wallets (eIDAS 2.0).

Attributes such as personal identification data, digital university diplomas, driver’s licenses, and age verification will allow citizens and enterprises to access various governmental and private services securely.

Current pilot projects are test-driving these use cases, involving over 350 private companies and public authorities. These initiatives target the EUDIW to meet high security standards, is user-friendly, and is interoperable across all EU member states.

Conclusion

The eIDAS regulation has undergone significant evolution since its inception. While eIDAS 1.0 laid a strong foundation for secured electronic identification and trust services, its limitations highlighted the need for improvement. eIDAS 2.0 addresses these challenges by introducing a digital identity wallet, expanding trust services, and enabling greater interoperability and security.

As the EU continues to refine and implement eIDAS 2.0, the aim is to create a more cohesive and effective framework that meets the evolving needs of citizens, businesses, and public authorities. By 2030, the vision is for a significant portion of the EU population to have access to a secure and interoperable digital identity, fostering greater trust and convenience in digital interactions across Europe.

References

  • European Commission. (2019). Evaluation study of the Regulation no.910/2014 (eIDAS Regulation) SMART 2019/0046. Brussels: European Commission.
  • European Commission. (2021). Report from the Commission to the European Parliament and the Council on the evaluation of Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS). Brussels: European Commission.
  • European Parliament. (2022). europarl.europa.eu. Retrieved from Revision of the eIDAS Regulation – Findings on its implementation and application: https://www.europarl.europa.eu/RegData/etudes/BRIE/2022/699491/EPRS_BRI(2022)699491_EN.pdf
  • European Parliament. (2024, Oct. 11). eur-lex.europa.eu. Retrieved from Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework: https://eur-lex.europa.eu/eli/reg/2024/1183/oj


Leave a Reply


(Note: This name will be displayed publicly)