Revision of the eIDAS Regulation – European Digital Identity (EUid)

In “A Europe Fit for the Digital Age”

PDF version

The current rules on electronic identification and trust services for electronic transactions in the internal market (i.e. the eIDAS Regulation) dating from 2014 aim at making national eID schemes interoperable across Europe in order to facilitate access to online services. In the EU digital Strategy 'Shaping Europe’s Digital Future´, the European Commission announced that it will review the eIDAS Regulation to improve its effectiveness, extend its application to the private sector and promote it. The initiative is building on the results of the ongoing review of the eIDAS Regulation, which is linked to the regulatory obligation for review included in article 49 of the regulation.

On 3 June 2021 the Commission published its proposal. With the proposal, the Commission hopes to meet the objectives of its digital compass, which says that by 2030 all key public services are to be available online and all citizens are to have access to their digital medical records and to a digital ID. Furthermore, the Commission expects that the security and control offered by the updated European digital identity framework will offer everyone the means to control who has access to their digital ID and to which data exactly. With the proposal, the Commission aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules, and public administrations should be able to rely on electronic documents in a given format.

At the Parliament the file was assigned to the Industry, Research and Energy Committee (ITRE). Rapporteur is Romana Jerković (S&D, Croatia). She published her draft report on 31 May 2022, in which she proposed a number of changes in the structure, cybersecurity and privacy of the European digital identity wallet. She also proposed a new chapter on governance to facilitate cross-border coordination and the establishment of a harmonised framework for digital identity.

The ITRE committee adopted its position on 9 February 2023, which was then confirmed in plenary on 16 March 2023 (418 votes in favour, 103 against, 24 abstentions). The Parliament proposed a number of changes in the structure of the European digital identity wallet. In particular, Members wanted to expand the use of the wallet, by enabling citizens not only to prove their identity and share documents but also to verify companies' and other citizens' identities and documents. They also emphasised that the wallet should remain voluntary, free of charge for individuals as well as businesses, and that users should be able to keep track of all transactions executed through the wallet. The Parliament suggested that Member States issue the wallet already 18 months (and not 12 months as proposed by the Commission) after the amended eIDAS Regulation's entry into force. The Parliament also made amendments to reinforce cybersecurity and privacy of the wallet, by asking explicitly that the wallet ensure cybersecurity and privacy by design. The Parliament also suggested that a new chapter on governance would be added to facilitate cross-border coordination and the establishment of a harmonised framework for digital identity. Member also modified provisions regarding qualified certificates for website authentication (QWACs).

In the Council, the working party on telecommunications and information society started examining the file in June 2021. On 6 December 2022, the Council adopted its common position (general approach) on the file. Member States made some amendments in how the wallet functions, to ensure that the person claiming an identity is actually the holder. It also made sure that the text is in line with other EU laws, such as the cyber security legislation. According to the Council text, Member States would have 24 months after the entry into force of the implementing acts to provide the wallet.  The Council believed that the wallet should not cost anything for individuals, but businesses may incur cost for authentication with the wallet.

The co-legislators reached a provisional agreement on this file on 8 November 2023. They agreed to provide citizens and other residents with a harmonised European digital identity means based on the concept of a European digital identity wallet. The text of the provisional agreement further develops the concept of this wallet.  Namely, the co-legislators agreed that the wallet would remain voluntary and free of charge for individuals. The latter would be able to use the wallet also for e-signatures free-of-charge. The wallet would contain a dashboard of all transactions, and offer the possibility to report alleged violations of data protection. Each EU country would have to notify at least one wallet as part of a national electronic identification system. The regulation also clarifies the scope of number of other notions such as the qualified website authentication certificates (used to verify the identity of persons or legal entities behind a website). This identity data has to be displayed in a user-friendly manner. In case of substantiated security concerns, web browsers are allowed to take precautionary measures related to these certificates

The text was endorsed by the ITRE committee on 7 December 2023 and by the Committee of Permanent Representatives of EU Member States (Coreper) on 6 December 2023. The Parliament as a whole adopted it on 29 February 2024 (335 in favour, 190 against and 31 abstentions) and the Council on 26 March 2024. The final act was signed on 11 April 2024. It still needs to be published in the EU’s Official Journal. It shall enter into force on the 20th day following that of its publication in the EU's Official Journal. 

References:

Further reading:

Author: Maria Niestadt, Members' Research Service, legislative-train@europarl.europa.eu 

As of 20/04/2024.