Providing a secure and interoperable framework for electronic identification and trust services.
The European Union’s journey toward a unified digital identity framework began with the establishment of the Electronic Identification, Authentication, and Trust Services (eIDAS) regulation. Since its inception, eIDAS has aimed to provide a secure and interoperable framework for electronic identification and trust services across the EU. This blog explores the evolution of eIDAS from its initial 1.0 version to the forthcoming eIDAS 2.0, highlighting the successes, challenges, and future improvements.
Fig. 1: Mobile identity use case.
eIDAS 1.0, formally known as Regulation (EU) No 910/2014, was set into force on July 1, 2016. Its goal was to ‘ensure the security and interoperability of electronic identification and trust services within the EU’, providing a legal framework for the creation, verification, and validation of electronic identities and trust services like electronic signatures, seals, and timestamps.
The regulation aimed to facilitate secure electronic interactions between citizens, businesses, and public authorities, with a vision of mutual recognition of electronic identification across EU member states. However, the ambitious objectives of eIDAS 1.0 were only partially achieved. While it laid a solid foundation, several challenges hampered its full potential.
In September 2020, Commission President Ursula von der Leyen called for easier access to digital services across Europe, emphasizing greater control over users’ data. This led to the proposal for eIDAS 2.0, aimed at addressing the weaknesses of its predecessor and expanding its scope to include new trust services and a digital identity wallet.
The amendment to eIDAS 1.0, known as eIDAS 2.0 (EU) No 2024/1183, was released in April 2024. This revised regulation aims to align with modern identification practices and promote intra-community integration of trust services, enabling a more consistent implementation across the EU.
Implementing acts is crucial for the uniform application of eIDAS. The first batch, which was adopted on November 28th, 2024, covers protocol and interfaces, integrity and core functionalities, trust framework, and certification. Subsequent batches will address topics like identity matching, security breaches, and interoperability.
The member states of the European Union bear the primary responsibility for implementing EU laws and regulations. However, where uniform conditions for implementation are necessary, the Commission adopts implementing acts. The review of the first batch of implementing acts has already taken place, with further reviews and potential new acts expected in 2025 and 2026.
The European Union Digital Identity Wallet (EUDIW) will enable a range of use cases, including authentication, storage, sharing, and signing of documents.
Fig. 2: Broad range of use cases for EU digital identity wallets (eIDAS 2.0).
Attributes such as personal identification data, digital university diplomas, driver’s licenses, and age verification will allow citizens and enterprises to access various governmental and private services securely.
Current pilot projects are test-driving these use cases, involving over 350 private companies and public authorities. These initiatives target the EUDIW to meet high security standards, is user-friendly, and is interoperable across all EU member states.
The eIDAS regulation has undergone significant evolution since its inception. While eIDAS 1.0 laid a strong foundation for secured electronic identification and trust services, its limitations highlighted the need for improvement. eIDAS 2.0 addresses these challenges by introducing a digital identity wallet, expanding trust services, and enabling greater interoperability and security.
As the EU continues to refine and implement eIDAS 2.0, the aim is to create a more cohesive and effective framework that meets the evolving needs of citizens, businesses, and public authorities. By 2030, the vision is for a significant portion of the EU population to have access to a secure and interoperable digital identity, fostering greater trust and convenience in digital interactions across Europe.
Leave a Reply