3 years since its initial proposal in June 2021, eIDAS 2.0 (Regulation (EU) 2024/1183) has now been finalised and published in the Official Journal of the European Union. This amending regulation enters into force 20 days after this publication, on May 20th 2024 and marks a significant evolution in the EU’s digital framework. Let’s explore what eIDAS 2.0 entails and its implications for digital transactions and identity verification.
Understanding eIDAS: The foundation of trust
The original eIDAS (Electronic Identification, Authentication, and Trust Services) regulation, established in 2014, was adopted to create a secure and interoperable environment for electronic transactions across EU member states. It introduced standards for electronic identification and trust services, such as electronic signatures, electronic seals, time stamps and website authentication.
Read more about eIDAS 1.0 here
What’s new in eIDAS 2.0?
eIDAS 2.0 reflects the EU’s ambition to create a more integrated digital market, improve the security and privacy standards of digital services, and ensure that these services are accessible to all EU citizens. The highlights include:
Enhanced digital identities
eIDAS 2.0 introduces the idea of a common EU digital identity wallet (EUDIW), enabling EU citizens to securely store and manage their data and official documents (such as identity cards, driver’s licence, diplomas, banking details, travel cards etc.) and facilitate online interactions with authorities, businesses and citizens across EU member states. The EUDIW is still being tested through 4 large-scale pilot projects (POTENTIAL Consortium, EU Digital Wallet Consortium, Digital Credentials for Europe, NOBID Consortium), each project focusing on different aspects of the use of digital identities.
Increased security and standardisation
The amending regulation emphasises enhanced interoperability of digital identification systems among member states and introduces stricter security measures and more rigorous standards across member states. By introducing stricter authentication methods and enhanced security standards to follow, eIDAS 2.0 aims to increase trust in digital transactions and promote a more secure digital market in the EU.
Impact on digital signatures and identity
As eIDAS 2.0 is designed to harmonise and strengthen the framework for electronic identification and trust services across the EU, making sure that all member states adhere to the same standards. Member states will have to provide technical and organisational measures to ensure a high level of protection of personal data used for identity matching across member states. Additionally, eIDAS 2.0 introduces new trust services such as the electronic attestation of attributes, the electronic archiving, or the recording of electronic ledgers. The Commission will establish a list of standards to be used by the end of 2024.
As a Penneo Sign user, eIDAS 2.0 will not have any direct impact on how you use the tool.
Transforming KYC: A digital leap forward
The integration of digital identities in KYC (Know Your Customer) processes in remote onboarding cases in the 5th AML Directive was significant advancement. Aligned with the European Banking Authority (EBA)’s guidelines, eIDAS 2.0 enables financial institutions to leverage secure, verified digital identities. The changes introduced to the AML/CFT framework in the AML package will work together with the changes introduced within eIDAS 2.0 to ensure a secure way of identifying customers online, across borders, in a trusted and secure remote environment.
Read more about the AML Package here
What’s next?
The adoption of eIDAS 2.0 will lead to the implementation of a comprehensive set of acts detailing technical standards and security protocols. These standards are essential for ensuring interoperability and security of digital identities and trust services. By 2026, each member state must make a digital identity wallet available to its citizens and accept EUDIWs from other member states according to the amended regulation.
Conclusion
The amending eIDAS 2.0 regulation represents a significant leap forward in the EU’s digital agenda, aiming to enhance the security, privacy, and convenience of online services. As we anticipate its implementation, it’s clear that eIDAS 2.0 will not only reshape the landscape of digital interactions within the EU but could also serve as a model for other regions looking to improve their digital infrastructure.
As a Penneo customer, you can rest assured that Penneo Sign and KYC, are designed to align with and leverage these legal advancements, ensuring that your digital transactions remain secure, compliant, and efficient in this new regulatory environment.