In June 2021, the EU Commission unveiled the project of establishing a European Digital Wallet.
This new EU digital identification method was proposed to make up for the ineffectiveness of the eIDAS regulation and the lack of eIDs in many EU countries.
This article will tell you all about the EU Digital Wallet and the reason behind its proposal.
What is the EU Digital Wallet?
The EU Digital Wallet will be an app that will allow all EU citizens to store their official documents digitally and identify themselves online and offline.
According to EU Commissioner Margrethe Vestager, the app is intended to help citizens navigate the bureaucracy abroad and cut through cross-border red tape.
The app will also allow EU citizens to access public services and apply for all types of requests, from reporting a change of address to renting a car, enroll a university program abroad, open a bank account, or request a medical prescription.
However, the proposal aroused concerns from privacy activists who fear that storing all data in one repository could pose such information at risk of hacks and identity theft.
To reassure them, the EU Commission made it clear that appropriate safeguards will be put in place to ensure adequate protection of sensitive data.
As a first step, Member States are expected to prepare technical standards and best practices by September 2022 and then start launching pilot projects.
Why was the EU Digital Wallet initiative launched?
It’s been seven years since the publication of eIDAS - the EU Regulation which laid down rules for digital IDs in the EU Member States. However, the full potential of the eIDAS regulation has not yet been reached.
Not all EU countries have notified eID schemes, and the actual cross-border use of digital IDs is still minimal.
The EU Digital Wallet initiative was created to compensate for the slowness and inefficiency of European countries in implementing national digital IDs.
Why do many EU countries still lack digital IDs?
eIDAS did not have the desired impact and success. Several factors contributed to the ineffectiveness of this regulation. The following are perhaps the main pitfalls:
1. eIDAS enables the development and use of digital IDs but does not mandate them.
Member States can develop and notify their national eID schemes voluntarily. Therefore, even though the EU allows and encourages eID schemes, they are not mandatory for the Member States.
As a result, only some countries use digital IDs, limiting their coverage to about 59% of the European citizens - just over half of the EU population.
It follows that the current scope of eID schemes, and access to online public services, is too limited and inadequate.
2. eIDAS enables Member States to notify the EU commission of eID means developed nationally but does not require them to do so.
The notification process is necessary for national eIDs to be mutually recognized in all Member States. However, EU countries are responsible for the notification of their own national eID schemes.
In other words, the choice to notify the EU Commission of all, some, or none of the electronic identification schemes used at a national level is up to the Member States.
As a result, only a limited number of countries have notified their eIDs.
The fact that EU countries might or might not develop national eIDs - and might or might not notify the EU of their internal use - has significant consequences for the interoperability and cross-border use of these national eIDs.
3. eIDAS enables the mutual recognition of national eIDs but does not harmonize technical standards and audit procedures.
After an EU country notifies the EU Commission of a national eID scheme, this needs to go through a peer-review process. Only afterward is it officially added to the eIDAS Network and recognized in all Member States.
The regulation prohibits the Member States from refusing the eIDs of other Member States. Since September 2018, all organizations delivering public digital services in an EU member state must recognize electronic identification from all EU member states.
However, eIDAS did not establish any technical standards for the development of digital IDs nor specific rules for auditing trust service providers.
Consequently, the creation of eIDs and the audit process to be certified as qualified service providers are not consistent across EU countries.
The regulation was supposed to foster EU-wide consistency and transparency, but that doesn’t appear to be the case in the current status quo.
The acceptance of notified eIDs both at the level of the Member States and service providers is limited. The actual cross-border use of eIDs is minimal and rarely works at all.
4. eIDAS enables the notification of eID schemes by the Member States but does not allow private entities to access the notification process.
Limiting the competence to propose eIDs in the hands of state governments appears reductive considering that the private sector is able and willing to play a decisive role in building eID schemes. In fact, in many cases, these eID means are provided both by public and private entities.
In some countries, national eID schemes are actually being led by the private sector (e.g., itsme® in Belgium, SPID in Italy, etc.).
Currently, 16 EU States have a hybrid approach - meaning that some eID schemes are provided by the State and others by private service providers, with the State acting as an identity broker.
This usually takes shape in government-issued national IDs with integrated capabilities that enable private providers to develop other digital services such as mobile and bank IDs.
In 9 countries, however, the government is the primary identity provider responsible for creating, implementing, and maintaining the eID means.
Finland is the only country where private service providers operate the eID means while the State acts as a regulator and intermediary that connects Identity Providers with Service Providers in the public sector.
5. Member States show a poor digitalization strategy, low level of alignment, and very slow implementation.
A substantial number of countries do not have a specific eID strategy.
Some States have briefly mentioned eID within their national digitalization documents or dedicated a small section to the topic in their strategic papers.
So, what can be done about it?
In light of those gaps, the EU Commission launched a public consultation on the eIDAS Regulation in October 2020 to collect feedback from a broad range of stakeholders and citizens.
The objective was to identify weaknesses and evaluate elements in need of a possible revision. An equally important goal was to assess the potential impact of eIDAS amendments and realize which adjustments were required to reflect current market trends and prepare for future needs.
Here are a few changes suggested to improve eIDs popularity and eIDAS efficacy:
A shift from voluntary to mandatory notification of national eID schemes
Member States should be required to notify at least one eID scheme within a fixed deadline. Equipping each EU country with a national eID would mean total coverage of the European population and full implementation of the mutual recognition principle.
Guidelines should be adopted to improve legal coherence and consistency
Member States should remain free to establish internal rules. However, all EU countries would benefit from better alignment and some level of similarity among their solutions.
In particular, in terms of security requirements, level of assurance, and interoperability of eID schemes.
Extension of eIDAS scope to the private sector
Private trust service providers should be allowed to develop and notify privately issued eIDs and have them recognized officially across the public and private sectors in the EU.
Introducing an European Digital Identity scheme (EUid)
A super-national eID scheme would:
- ensure general availability and access to online public and private service
- move from the current widely different schemes toward one common standard
- increase the adoption in terms of ease of acceptance and usage
All EU member states agree that digital IDs are a crucial enabler of user-centric digital public services and a necessary step in the European Digital Strategy.
Therefore, an EU digital ID was one of the measures proposed through public consultation.
The EU digital ID would enable EU consumers to access cross-border services and help European companies grow and scale their digital operations.
However, we will have to wait at least a couple of years before seeing the first pilot projects in action. In the meantime, you can rely on Penneo to interact online using your national digital ID.
Penneo is built with eIDAS compliance in mind:
Penneo uniquely identifies signers via digital IDs issued by Trust Service Providers (TSPs) or Certificate Authorities (CAs) on the EU Trusted List.
Our digital signatures meet the eIDAS requirements for advanced e-signatures (art. 26). Therefore, they are just as legally valid and binding as handwritten signatures.
We use e-seals and timestamps provided by Intesi Group, an EU Qualified Trust Service Provider certified under eIDAS standards.
Our digital signatures are built on the ETSI PAdES standard (Advanced Electronic Signatures for PDF documents).
Our documents employ Long-Term Validation (LTV), so they never lose their legal reliability and trustworthiness.
We continuously monitor the legal landscape to maintain ongoing compliance and offer safe digital solutions to our customers. Learn more about our eIDAS-compliant digital signing & data collection solution.