On 23 July 2014, the European Parliament and the Council of the European Union approved the entry into force of the eIDAS regulation on electronic identification and trust services for electronic transactions in Europe.
eIDAS established a necessary framework to enable mutually recognised electronic identification and signature services in the different Member states from September 2018, the year in which the obligation of mutual recognition of electronic identities among the countries of the European Union (EU) came into force.
In recent years, this regulation has allowed different online public bodies and services in the EU to use electronic identification. It is because eIDAS provides legal coverage to provide trust services, implement identification services, digital certificates, and electronic signatures, and enable remote identification by video to solve the problem of face-to-face identity verification
Sin embargo, pese al incontestable avance que ha supuesto la implantación de este Reglamento para particulares y empresas, tan solo 14 Estados miembros han notificado al menos un sistema de identidad electrónica y sólo un 59 % de los residentes en la UE tienen acceso a sistemas transfronterizos de identidad electrónica fiables y seguros, lo que implica un acceso transfronterizo de las distintas identidades electrónicas limitado y una escasa implantación en el sector público, donde no se ha conseguido implementar un sistema de identificación electrónica transfronterizo único.
Nevertheless, despite the undeniable progress that the implementation of this regulation has meant for individuals and businesses, only 14 Member states have notified at least one electronic identity system, and only 59% of EU residents have access to reliable and secure cross-border electronic identity systems, implies limited cross-border access of the different electronic identities and limited implementation in the public sector, where it has not been possible to implement a single cross-border electronic identity system.
What does eIDAS2 entail?
eIDAS2 (electronic IDentification, Authentication and trust Services 2) is a new proposal published on 3 June 2021 that arises from a study by the European Commission to evolve eIDAS and respond to the shortcomings of the current regulation as well as its low implementation in the public sector.
To this end, it is proposed to create a framework based on updating and revising the current regulation to offer a single European Digital Identity. It will be adopted by a large majority of citizens and enable us to carry out any procedure, both at a public and private level, with greater security and control of the information by citizens.
eIDAS2 has set the objective of increasing the current adoption rate by citizens from 59% to 80% by the year 2030, and we all have a new European Digital Identity that will allow us to perform procedures and processes between companies and with the public administration with greater security and simplicity.
What are the main differences or changes between eIDAS and eIDAS2?
In addition to defining the different types of electronic signatures, eIDAS also regulates the services of:
- Trust services such as time stamping.
- Certified email services.
- The creation, verification, and validation of certificates for website authentication.
- Electronic documents.
- Identification and authentication mechanisms, their levels, and their interoperability between Member states.
But eIDAS does not cover the provision of electronic attributes, such as medical certificates or professional qualifications, making the legal recognition of these electronic credentials complicated at the European level. Furthermore, it does not enable user control of the data exchanged in the verification process.
European Digital Identity. EUid or e-ID
eIDAS2 goes one step further by proposing the creation of a European digital identity controlled by citizens through a European Digital Identity Wallet (EDIW) that can be read by public bodies, companies, and institutions to verify the identity of citizens.
Providing this European digital identity will require very high levels of security in all aspects, and the necessary infrastructure to collect, store, and exchange digital identity data.
More security with eIDAS2
Security is a core aspect that is strengthened by the new eIDAS2 proposal, both from the perspective of citizens doing online transactions and businesses offering their services online, as they can rely on any citizen’s European digital identity.
The proposal also affects issuers of European digital identity solutions by providing a unified technical architecture, reference framework, and standards to be developed in cooperation with Member states, which aim to avoid fragmentation. Users can use a reinforced ecosystem of digital identity and trust services recognised and accepted throughout the EU.
eIDAS2 proposes to enforce browsers to accept Qualified Website Authentication Certificates (QWAC), ensuring that users can identify who is behind a given website.
eIDAS2, in turn, extends the currently existing list of trust services to include the provision of electronic archiving services, electronic ledgers, the management of remote electronic signature devices, and the creation of electronic stamps.
eIDAS2 main goals
The eIDAS2 main goal is to ensure the correct European market running by providing an accurate level of security of electronic identification means and trust services
Here are other objectives:
- Increasing citizens’ trust in qualified website authentication certificates and benefiting from the secure and reliable information they provide about who is behind a given web page would reduce fraud.
- Providing access to reliable and secure digital identity solutions that can be used across borders, meeting user expectations and market demand.
- Ensuring that public and private services can rely on trusted and secure digital identity solutions across borders.
- Providing citizens with complete data control and ensuring their security when using digital identity solutions.
- Ensuring the same conditions for providing qualified trust services in the EU and their acceptance.
When does eIDAS2 enter into force? Roadmap
Although eIDAS2 does not yet have an expected date of approval, it will likely be approved in 2023, as it is still been debated and studied by the Commission to incorporate possible modifications and improvements.
eIDAS2 use cases and applications in public and private sectors
eIDAS enables European citizens to be identified remotely in online purchasing or contracting processes through digital onboarding solutions. eIDAS 2 would make the implementation of verification processes in any industry easier by simply relying on the technology that reads the e-ID of citizens through their wallets.
These eWallets will allow their holders to identify themselves with their mobile phones, not only for online processes but also for face-to-face (offline) processes for accessing public and private services.
In addition, it will be possible to access administrative information and citizen data held by councils, consult records, health profiles, and tax, banking, or university information.
Some examples of processes that could be performed under the wallet holder’s control within the private industry at the European level include:
- Open a bank account in any EU Member state with the wallet issued in my country.
- In the case of healthcare needs in another European country, the healthcare profile could be accessed via the European digital identity. It could also integrate information such as Digital Covid Certificate.
- Rent a car using the e-ID of a different Member state than the rental company.
- Share financial data between banks located in different Member states (income, credit rating, etc.).
How can Mobbeel help you?
eIDAS2 offers a future full of possibilities enabling citizens to operate on the internet with increased reliability by having a more robust digital identity.
How a digital identity is associated with a real one or what happens if a user loses or is robbed of the mobile phone where their electronic wallet is installed are questions that technologies such as those offered by Mobbeel can answer.
Suppose your issues with verifying the identity of your customers are already a reality today. In that case, we have the technology necessary to register a new customer with full guarantees, sign any contractual document through our biometric signature solution, or even authenticate them whenever necessary with fingerprint, voice, signature or facial recognition.
Do you want to find out how we can help you identify your customers when they register on your platform or every time they access it? Feel free to contact us; we will tell you in detail.
I am a Computer Engineer who loves Marketing, Communication and companies’ internationalization, tasks I’m developing as CMO at Mobbeel. I am loads of things, some good, many bad… I’m perfectly imperfect.