eIDAS 2.0 and its impact on digital transactions and identity verification

Nina Vesalainen
Written by Nina Vesalainen, Senior Legal Counsel at Penneo
Publishing date: 30 April 2024

3 years since its initial proposal in June 2021, eIDAS 2.0 (Regulation (EU) 2024/1183) has now been finalised and published in the Official Journal of the European Union. This amending regulation enters into force 20 days after this publication, on May 20th 2024 and marks a significant evolution in the EU’s digital framework. Let’s explore what eIDAS 2.0 entails and its implications for digital transactions and identity verification.

Understanding eIDAS: The foundation of trust

The original eIDAS (Electronic Identification, Authentication, and Trust Services) regulation, established in 2014, was adopted to create a secure and interoperable environment for electronic transactions across EU member states. It introduced standards for electronic identification and trust services, such as electronic signatures, electronic seals, time stamps and website authentication.

Read more about eIDAS 1.0 here

What’s new in eIDAS 2.0?

eIDAS 2.0 reflects the EU’s ambition to create a more integrated digital market, improve the security and privacy standards of digital services, and ensure that these services are accessible to all EU citizens. The highlights include:

Enhanced digital identities

eIDAS 2.0 introduces the idea of a common EU digital identity wallet (EUDIW), enabling EU citizens to securely store and manage their data and official documents (such as identity cards, driver’s licence, diplomas, banking details, travel cards etc.) and facilitate online interactions with authorities, businesses and citizens across EU member states. The EUDIW is still being tested through 4 large-scale pilot projects (POTENTIAL Consortium, EU Digital Wallet Consortium, Digital Credentials for Europe, NOBID Consortium), each project focusing on different aspects of the use of digital identities.

Increased security and standardisation

The amending regulation emphasises enhanced interoperability of digital identification systems among member states and introduces stricter security measures and more rigorous standards across member states. By introducing stricter authentication methods and enhanced security standards to follow, eIDAS 2.0 aims to increase trust in digital transactions and promote a more secure digital market in the EU.

Impact on digital signatures and identity

As eIDAS 2.0 is designed to harmonise and strengthen the framework for electronic identification and trust services across the EU, making sure that all member states adhere to the same standards. Member states will have to provide technical and organisational measures to ensure a high level of protection of personal data used for identity matching across member states. Additionally, eIDAS 2.0 introduces new trust services such as the electronic attestation of attributes, the electronic archiving, or the recording of electronic ledgers. The Commission will establish a list of standards to be used by the end of 2024.

As a Penneo Sign user, eIDAS 2.0 will not have any direct impact on how you use the tool.

Transforming KYC: A digital leap forward

The integration of digital identities in KYC (Know Your Customer) processes in remote onboarding cases in the 5th AML Directive was significant advancement. Aligned with the European Banking Authority (EBA)’s guidelines, eIDAS 2.0 enables financial institutions to leverage secure, verified digital identities. The changes introduced to the AML/CFT framework in the AML package will work together with the changes introduced within eIDAS 2.0 to ensure a secure way of identifying customers online, across borders, in a trusted and secure remote environment.

Read more about the AML Package here

What’s next?

The adoption of eIDAS 2.0 will lead to the implementation of a comprehensive set of acts detailing technical standards and security protocols. These standards are essential for ensuring interoperability and security of digital identities and trust services. By 2026, each member state must make a digital identity wallet available to its citizens and accept EUDIWs from other member states according to the amended regulation.

Conclusion

The amending eIDAS 2.0 regulation represents a significant leap forward in the EU’s digital agenda, aiming to enhance the security, privacy, and convenience of online services. As we anticipate its implementation, it’s clear that eIDAS 2.0 will not only reshape the landscape of digital interactions within the EU but could also serve as a model for other regions looking to improve their digital infrastructure.

As a Penneo customer, you can rest assured that Penneo Sign and KYC, are designed to align with and leverage these legal advancements, ensuring that your digital transactions remain secure, compliant, and efficient in this new regulatory environment.

Explore more resources

Security and trust: How Penneo ensures compliance and protects data

Security and trust: How we ensure compliance and protect data 

READ MORE

Building trust in the age of AI: Reflections on competitiveness, democracy, and digital transformation

Building trust in the age of AI: Reflections on competitiveness, democracy, and digital transformation

READ MORE

Kickstart your company’s digital transformation

READ MORE