On 3 June 2021 the European Commission put forward a proposal for a regulation updating the European digital identity framework. The regulation's main innovation is the introduction of the European digital identity wallet. The Commission's initiative builds on the 2024 Regulation on European electronic identification and trust services.

Updating the European digital identity framework helps to meet the objectives of the EU's digital compass, which says that by 2030 all key public services are to be available online and all citizens are to have access to their digital medical records and to a digital ID. Furthermore, the Commission expects that the security and control offered by the updated European digital identity framework will offer everyone the means to control who has access to their digital ID and to which data exactly. In addition, the Commission aims to achieve a shift from the reliance on national digital identity solutions only, to the provision of electronic attestations of attributes valid at European level. Providers of electronic attestations of attributes should benefit from a clear and uniform set of rules, and public administrations should be able to rely on electronic documents in a given format.

At the Parliament the file was assigned to the Industry, Research and Energy Committee (ITRE). Rapporteur is Romana Jerković (S&D, Croatia). She published her draft report on 31 May 2022, in which she proposed a number of changes in the structure, cybersecurity and privacy of the European digital identity wallet. She also proposed a new chapter on governance to facilitate cross-border coordination and the establishment of a harmonised framework for digital identity.

The ITRE committee adopted its position on 9 February 2023, which was then confirmed in plenary on 16 March 2023 (418 votes in favour, 103 against, 24 abstentions). The Parliament proposed a number of changes in the structure of the European digital identity wallet. In particular, Members wanted to expand the use of the wallet, by enabling citizens not only to prove their identity and share documents but also to verify companies' and other citizens' identities and documents. They also emphasised that the wallet should remain voluntary, free of charge for individuals as well as businesses, and that users should be able to keep track of all transactions executed through the wallet. The Parliament suggested that Member States issue the wallet already 18 months (and not 12 months as proposed by the Commission) after the amended eIDAS Regulation's entry into force. The Parliament also made amendments to reinforce cybersecurity and privacy of the wallet, by asking explicitly that the wallet ensure cybersecurity and privacy by design. The Parliament suggested that a new chapter on governance would be added to facilitate cross-border coordination and the establishment of a harmonised framework for digital identity. Member also modified provisions regarding qualified certificates for website authentication (QWACs).

In the Council, the working party on telecommunications and information society started examining the file in June 2021. On 6 December 2022, the Council adopted its common position (general approach) on the file. Member States made some amendments in how the wallet functions, to ensure that the person claiming an identity is actually the holder. It made sure that the text is in line with other EU laws, such as the cyber security legislation. According to the Council text, Member States would have 24 months after the entry into force of the implementing acts to provide the wallet.  The Council believed that the wallet should not cost anything for individuals, but businesses may incur cost for authentication with the wallet.

The co-legislators reached a provisional agreement on this file on 8 November 2023. They agreed to provide citizens and other residents with a harmonised European digital identity means based on the concept of a European digital identity wallet. The text of the provisional agreement further develops the concept of this wallet.  Namely, the co-legislators agreed that the wallet would remain voluntary and free of charge for individuals. The latter would be able to use the wallet also for e-signatures free-of-charge. The wallet would contain a dashboard of all transactions, and offer the possibility to report alleged violations of data protection. Each EU country would have to notify at least one wallet as part of a national electronic identification system. The regulation also clarifies the scope of number of other notions such as the qualified website authentication certificates (used to verify the identity of persons or legal entities behind a website). This identity data has to be displayed in a user-friendly manner. In case of substantiated security concerns, web browsers are allowed to take precautionary measures related to these certificates

The text was endorsed by the ITRE committee on 7 December 2023 and by the Committee of Permanent Representatives of EU Member States (Coreper) on 6 December 2023. The Parliament as a whole adopted it on 29 February 2024 (335 in favour, 190 against and 31 abstentions) and the Council on 26 March 2024. The final act was signed on 11 April 2024 and published in the EU’s Official Journal on 30 April 2024. It entered into force on 20 May 2024. 

Member States and the Commission have various deadlines to apply the new measures. The Commission has to adopt implementing acts for technical specifications and procedures of the European digital identity wallet by 21 November 2024 and of the qualified certificates for website authentication by 21 May 2025. Member States have to provide at least one European digital identity wallet within 24 months of the date of entry into force of the implementing acts. 

References:

• EP Legislative Observatory, European Digital Identity framework, 2021/0136(COD)
• European Commission, Proposal for a Regulation amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, COM(2021)281
• European Committee of the Regions, Opinion on European Digital Identity, COR 3686/2021
• European Economic and Social Committee, Opinion on European Digital Identity, EESC 2021/02756 
• European Parliament, Committee on Industry, Research and Energy draft report on a framework for a European Digital Identity, 2021/0136(COD)
• Council, General approach on a proposal for a Regulation amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, 14959/22
• European Parliament, Parliament ready to negotiate with Council for an EU-wide digital wallet, Press release, 16 March 2023
• European Parliament, EU-wide digital wallet: MEPs reach deal with Council, Press release, 8 November 2023
• European Parliament, MEPs back plans for an EU-wide digital wallet, Press release, 29 February 2024
• Regulation 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework

Further reading:

• European Parliament, EPRS, Updating the European digital identity framework, Legislative briefing, June 2024
• European Parliament, EPRS, Revision of the eIDAS Regulation: Findings on its implementation and application, Briefing, March 2022
• European Parliament, EPRS, Electronic signatures, At the glance, December 2022
• European Parliament, EPRS, Qualified certificates for website authentication, At the glance, January 2023

Author: Maria Niestadt, Members' Research Service, legislative-train@europarl.europa.eu