Close

elDAS 2 and European digital identity: what changes

What is the EUDI wallet and its impact on European digital identities and their interoperability between EU countries
Reading time: 4 minutes

Content index

European wallet and new services in the regulation that came into force on 20 May

Digital Identity, EUDIW, eIDAS

On 20 May 2024, the eIDAS 2 (electronic IDentification, Authentication and trust Services) regulation came into force, bringing major changes to digital identity management and trust services across the European Union.

But let us go step by step: although terms such as Digital Identity, EUDI and eIDAS have now entered everyday language, they can often cause some confusion. Let us start, then, by asking what digital identity is, what European digital identity consists of, what is the role of eIDAS 2 in this context, and what new features are in the pipeline?

Digital identity and European digital identity

Digital identity is the set of data and information that provide a virtual representation of a subject’s real identity. It is, in practice, a unique key that allows access to all public administration services and those of many private companies that use this recognition system.

The European digital identity is a type of identity that all EU citizens, but also EU companies, can use. In addition to this, it is a totally online system, which serves not only to identify an individual, but also to confirm certain data. In other words, it is a digital identity recognised everywhere in the EU.

The main points of the eIDAS Regulation

In 2014, Europe enacted the eIDAS Regulation (EU Regulation 910/2014), which regulates electronic identification and trust services for EU Member States.

In particular, the regulation:

  • sets the conditions under which Member States shall recognise electronic identification means of natural and legal persons covered by an electronic identification scheme notified to the EU by another Member State;
  • establishes rules for trust services, in particular for electronic transactions;
  • establishes a legal framework for electronic signatures, electronic seals, electronic time stamps, electronic documents, electronic certified delivery services and website authentication certificate services.

Some 10 years after its entry into force, the eIDAS Regulation has failed to fully achieve its objectives: in many EU countries, there has not been adequate deployment of digital identity, certified delivery or electronic signatures.

eIDAS 2: the evolution of eIDAS

The eIDAS 2 Regulation (European Regulation 2024/1183) is a major step forward in the creation of a secure and reliable digital identity for all European citizens, and aims to standardise the digital identity landscape in the various Member States in terms of both dissemination and security, but also to ensure that citizens have full control over their personal data, as required by the GDPR.

One of the main innovations of the new regulation is the European Digital Identity Wallet (EUDI wallet or EDIW), i.e. a digital identity wallet valid throughout Europe, which will contain identity documents and may include other information about the citizen (called attributes) such as marital status, household composition, nationality or citizenship, educational qualifications and licences, and others.

The rules of operation of the EUDI wallet will have to be the same in all 27 EU Member States, and in all other countries that will freely adopt similar measures. Member States will have to:

  • mandatorily recognise the identity wallet of other EU states;
  • use common technologies and standards.
  • In this way, interoperability of systems can be achieved.

The final version of the digital wallet is expected in 2026, while its mandatory use should come the following year.

eIDAS 2: the main novelties

While the digital identity portfolio is the central novelty of the eIDAS 2 regulation, it is joined by others, notably the presence of new trust services and a new approach for those already provided for in eIDAS 1.

The new trust services are:

  • electronic attestation of attributes. Attributes issued by an authentic public sector source, i.e. a repository or system, held under the responsibility of a public sector body or a private entity, which contains and provides attributes relating to a natural or legal person and which is considered a primary source of such information or whose authenticity is recognised in accordance with Union or national law, including administrative practice, must have the same effect as legally issued paper-based attestations. Attributes thus issued are valid in all Member States. In practice, having qualified attributes will allow a citizen, for instance, to use a driving licence with transnational legal value;
  • the management of qualified devices for the creation of an electronic signature or a remote electronic seal. The provisions contained in the eIDAS 2 Regulation refer to the use and lifecycle of such devices, if their qualification is required. The new rules apply to HSMs (Hardware Security Modules) and stipulate that companies using such devices must adapt by 21 May 2026;
  • electronic archiving, i.e. a service that ensures the receipt, storage, retrieval and deletion of computer data and documents in order to guarantee their durability and readability as well as to preserve their integrity, confidentiality and proof of origin throughout the storage period. The legal effects and admissibility as evidence in court of electronic documents stored by means of an electronic archiving service are recognised, even in the case of analogue documents transformed into digital by scanning;
  • electronic records, in other words a sequence of electronic data records that guarantees their integrity and chronological order.

Among the services already present in the previous eIDAS regulation is the authentication of a website, which has been modified to improve its cyber security.

Namirial and eIDAS trust services

Namirial, a QTSP that meets the requirements of eIDAS, is among the world’s leading trust service providers.
Find out how you can gain competitive advantages from Namirial’s eIDAS 2 compliant trust services:

TAG