Revision of the eIDAS Regulation – European Digital Identity (EUid)
In “A Europe Fit for the Digital Age”
The current rules on electronic identification and trust services for electronic transactions in the internal market (i.e. the eIDAS Regulation) dating from 2014 aim at making national eID schemes interoperable across Europe in order to facilitate access to online services. In the EU digital Strategy 'Shaping Europe’s Digital Future´, the Commission announced that it will review the eIDAS Regulation to improve its effectiveness, extend its application to the private sector and promote it. The initiative is building on the results of the ongoing review of the eIDAS Regulation, which is linked to the regulatory obligation for review included in article 49 of the regulation.
On 3 June 2021 the Commission published its proposal. With the proposal, the Commission hopes to meet the objectives of its digital compass, which says that by 2030 all key public services are to be available online, all citizens are to have access to their digital medical records, and 80 % of citizens should be using a digital ID. Furthermore, the Commission expects that the security and control offered by the updated European digital identity framework will offer everyone the means to control who has access to their digital ID and to which data exactly. With the proposal, the Commission aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules, and public administrations should be able to rely on electronic documents in a given format.
At the Parliament the file was assigned to the Industry, Research and Energy Committee (ITRE). Rapporteur is Romana Jerković (S&D, Croatia). She published her draft report on 31 May 2022, in which she proposed a number of changes in the structure, cybersecurity and privacy of the European digital identity wallet. She also proposed a new chapter on governance to facilitate cross-border coordination and the establishment of a harmonised framework for digital identity
The ITRE committee adopted its position on 9 February 2023, which was then confirmed in plenary on 16 March 2023 (418 votes in favour, 103 against, 24 abstentions). The main changes proposed in the report are the following:
- Structure of the European digital identity wallet: the report would expand the use of the wallet, by enabling citizens not only to prove their identity and share documents but also to verify companies and other citizens' identities and documents. It also emphasises that the wallet should remain voluntary, free-of-charge for individuals as well as businesses and users should be able to keep track of all transactions executed through the wallet. Member States would have 18 months (Commission proposed 12 months) after the entry into force of the eIDAS Regulation to issue the wallet.
- Privacy and security: both cybersecurity and privacy of the wallet is reinforced, by explicitly asking that the design of the wallet ensures cybersecurity and privacy by design.
- 'Once only principle': citizens and businesses should not have to provide the same data to public authorities more than once.
- Cross-border user identification: instead of 'unique identification' (as proposed by the Commission), the report proposes the wording 'cross-border user identification' and proposes that Member States that have at least one unique identifier would issue unique and persistent identifiers only for cross-border use.
- Governance: a new chapter on governance is added to facilitate cross-border coordination and the establishment of a harmonised framework for digital identity. The report proposes to establish a European Digital Identity Framework Board (EDIFB), composed of national competent authorities and the Commission.
- Qualified certificates for website authentication: the report adds that web browsers would not be prevented from taking necessary and proportionate measures to address substantiated risks of breaches of security, user's privacy and loss of integrity of certificates.
In the Council, the working party on telecommunications and information society started examining the file in June 2021. On 6 December 2022, the Council adopted its common position (general approach) on the file. Member States made some amendments in how the wallet functions, to ensure that the person claiming an identity is actually the holder. It also made sure that the text is in line with other EU laws, such as the cyber security legislation. According to the Council text, Member States would have 24 months after the entry into force of the implementing acts to provide the wallet. Finally, Council thinks that the wallet should not cost anything for individuals, but businesses may incur cost for authentication with the wallet.
The co-legislators started trilogue negotiations on the file on 21 March 2023. The negotiations have progressed well. In June 2023, a provisional agreement was reached on some of the key elements of the wallet. According to this agreement, the wallet would remain voluntary and free of charge for individuals. Each Member State would have to notify at least one wallet as part of a national electronic identification system (see further details in the article of Agence Europe of 30 June 2023).
References:
- EP Legislative Observatory, European Digital Identity framework, 2021/0136(COD)
- European Commission, Proposal for a Regulation amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, COM(2021)281
- European Commission, Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
- European Committee of the Regions, Opinion on European Digital Identity, CDR 3686/2021
- European Economic and Social Committee, Opinion on European Digital Identity, EESC 2021/02756
- European Parliament, Committee on Industry, Research and Energy draft report on a framework for a European Digital Identity, 2021/0136(COD)
- Council, General approach on a proposal for a Regulation amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, 14959/22
- European Parliament, Parliament ready to negotiate with Council for an EU-wide digital wallet, Press release, 16 March 2023
- Agence Europe, Provisional EU Council/European Parliament political agreement on key elements of European Digital Identity Wallet, 30 June 2023
Further reading:
- European Parliament, EPRS, Updating the European digital identity framework, legislative briefing, May 2023
- European Parliament, EPRS, Revision of the eIDAS Regulation: Findings on its implementation and application, briefing, March 2022
- European Parliament, EPRS, Electronic signatures, at the glance, December 2022
- European Parliament, EPRS, Qualified certificates for website authentication, January 2023
Author: Maria Niestadt, Members' Research Service, legislative-train@europarl.europa.eu