Revision of the eIDAS Regulation – European Digital Identity (EUid)

In “A Europe Fit for the Digital Age”

PDF version

The current rules on electronic identification and trust services for electronic transactions in the internal market (i.e. the eIDAS Regulation) dating from 2014 aim at making national eID schemes interoperable across Europe in order to facilitate access to online services. In the EU digital Strategy 'Shaping Europe’s Digital Future´, the Commission announced that it will review the eIDAS Regulation to improve its effectiveness, extend its application to the private sector and promote it. The initiative is building on the results of the ongoing review of the eIDAS Regulation, which is linked to the regulatory obligation for review included in article 49 of the regulation.

As part of the review, the Commission published an inception impact assessment, which concluded that the potential of electronic identification and authentication under eIDAS remains underexploited.

The Commission launched a related public consultation on the revision of the eIDAS Regulation from 24 July to 2 October 2020.

In its conclusions 1-2 October 2020, the European Council asked the Commission to introduce the EU-wide digital ID system by 2021, to secure the identification for the use of public and private online services.

Thus on 19 October 2020, the EUid initiative was included in the Commission Work Programme 2021 and it was foreseen for the second quarter of 2021. 

On 3 June 2021 the Commission published its proposal. With the proposal, the Commission hopes to meet the objectives of its digital compass, which says that by 2030 all key public services are to be available online, all citizens are to have access to their digital medical records, and 80 % of citizens should be using a digital ID. Furthermore, the Commission expects that the security and control offered by the updated European digital identity framework will offer everyone the means to control who has access to their digital ID and to which data exactly. With the proposal, the Commission aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules, and public administrations should be able to rely on electronic documents in a given format.

At the Parliament the file has been assigned to the Industry, Research and Energy Committee (ITRE). Rapporteur is Romana Jerković (S&D, Croatia).

On 17 June 2021, the European Commission presented the legislative proposal to Parliament's lead committee ITRE. MEPs welcomed the proposal while raising some concerns on the digital divide and inclusion for those citizens less digitally literate and the need to guarantee security and data protection in the solutions.

At the ITRE committee meeting on 30 November 2021 ITRE Members held an exchange of views with the European Commission and on 3 February 2022, ITRE held a public hearing on the European digital identity wallet and trust services. Stakeholders pointed out in particular the issues of personal data protection and security. Several speakers expressed concerns about the implementation of the future regulation.

ITRE committee draft report, published on 31 May 2022, focuses on four areas: cybersecurity, governance, data protection and digitalisation of public services. It amends the definition of European digital identity wallet and modifies its structure. The wallet could be issued not only by Member States or under a mandate of Member States but also by organisations established in the EU. The draft report expands the use of the wallet, by enabling citizens not only to prove their identity and share documents but also to verify companies and other citizens' identities and documents. The draft report also includes an explicit requirement for the design of the wallet to ensure cybersecurity and privacy by design. Furthermore, the draft report includes a new chapter on an European Digital Identity Board that would have advisory and coordination tasks as well as a role in supporting the application of the regulation. Finally, the draft report encourages the 'once only principle' (i.e. not having to provide the same data to public authorities more than once).

During the discussion on the draft report in ITRE committee on 14 June 2022, Members generally welcomed the draft report. Some Members stressed that the digital wallet should be technological neutral and some aspects related to data protection further developed. Members asked questions also about the newly introduced chapter on governance and entities that should be authorised to issue and recognise the digital wallet.

The amendments tabled in ITRE committee in July 2022 would modify certain key points of the draft report. For example, amendments 338 and 340 suggest that European digital identity wallet could be provided by qualified trust service providers established in the EU. This replaces the part in the draft report that says that the wallet could be issued by organisations established in the EU. 

In the Council, the working party on telecommunications and information society started examining the file in June 2021. In the progress report, published on 17 May 2022, the French Presidency of the Council reported that Member States remain divided on questions such as the identification function of the wallet. Member States have different views also on the level of security to be put in place and on the issue of the unique identifier. Transport, Telecommunications and Energy Council took stock of the progress and approved the progress report on 3 June 2022. One of the main changes, that most countries seem to agree with, is adding the European digital identity wallet as one of the electronic identification means. 

 

 

References:

Further reading:

Author: Maria Niestadt, Members' Research Service, legislative-train@europarl.europa.eu 

As of 20/10/2022.