Digital identity has been at the forefront of discussions on technological change and is a crucial part of the digital world. It aims to create a secure framework which underpins online transactions and interactions, essential for the functioning of a digital ecosystem which is safe, trusted, and usable.
With this in mind, the EU implemented the eIDAS (electronic identification, authentication, and signatures) regulation in 2014 to ensure that electronic identification and authentication followed several security standards and mitigate the risks of transaction and identity fraud.
This paper will discuss the original goals of the eIDAS regulation and the new framework proposed by the EU Commission in June 2021.
The Purpose of eIDAS
The eIDAS regulation is centred on two topics:
1. Nationally based electronic identification
2. Private-sector trust services
On the first topic, the regulation defines basic requirements for nationally based electronic identities and cross-border interoperability. However, the regulation proved ineffective from a pan-European perspective, as it allowed widely differing national approaches to identification. Nineteen national identity schemes were defined across 14 EU member states, and there has been little cross-Europe traffic.
The second topic centres on the provision of “qualified” trust services which meet specific regulatory requirements and are supervised by the national authority. It defines the requirements for supporting electronic signatures (created by individual people), electronic seals (created by legal entities), timestamping, website authentication, and electronic registered delivery.
New Regulation
In June 2021, recognising the fragmented approach to electronic identities, the EU Commission published a proposed regulatory framework for a European Digital Identity. It replaces the current provisions for electronic identities with a new approach based around “wallets”, with additional new trust services, including one to support the attestation of identity-related attributes.
The commission established a group of national experts to agree on a common “toolbox” of specifications to coordinate the national approaches to digital identities. This expert group has delayed producing its first deliverable, an outline technical architecture, due in December 2021. Recently, it published the first of a series of documents providing an overview of the “European Digital Identity Architecture and Reference Framework”. It aims to agree on the entire set of common framework documents by the end of this year.
