Presentation given at the Service Design and Delivery in a Digital Age - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Topic 2: Digital transformation.
2. The EU Digital Identity Framework
➢ eID
➢ Trust services
Current legal framework
eIDAS
3. The EU Digital Identity Framework
• Electronic identification
• Process of using person identification data in electronic form uniquely representing
either a natural or legal person, or a natural person representing a legal person.
• Trust services
• Electronic services that consist of:
• the creation, verification, and validation of electronic signatures, electronic seals or electronic time
stamps, electronic registered delivery services and certificates related to those services, or
• the creation, verification and validation of certificates for website authentication; or
• the preservation of electronic signatures, seals or certificates related to those services.
4. The EU Digital Identity Framework
• Why is it important?
• Building trust in the online environment is key to economic and
social development.
• Aims to provide a secure electronic interaction between citizens,
business and public authorities.
• Contributes to the creation of a digital single market.
5. 5
International cooperation and eIDAS
• The possibilities for cooperation are limited by the regulation itself:
• Mutual recognition of Qualified Trust Services is possible under article 14 of eIDAS
• Mutual recognition of electronic identities is not considered in eIDAS (although, being
an exclusive competence of the EU could be the object of international agreements
under art. 218 TFEU)
• Mutual recognition of QTS under article 14 of eIDAS has never been
implemented, the process is complex.
• The proposal for a new eIDAS regulation modifies article 14 in order to
make the process more straightforward (adding the possibility of achieving
the same goal via implementing acts)
6. 6
Recognition of TC electronic signatures
Only QES have the equivalent legal effect of handwritten signature in the EU,
but…
…legal effects of electronic
signatures cannot be denied
solely on the grounds that they
are in electronic form or that they
are not qualified.
Advanced
electronic
signatures
Uniquely linked to
the signatory
Capable of
identifying the
signatory
Created by means
that the signatory
can have under
exclusive control
with a high level of
confidence
Linked to the data
in a way that
changes can be
detected
7. 7
Recognition of TC electronic signatures
• Set of tools that facilitate compliance with eIDAS
• Imposes no obligations to member states beyond what was already established in
eIDAS (undeniability, in principle, of legal effects of electronic signatures)
• Formal checks are performed by the COM on TC’s electronic signatures that offer a
sufficient level of trust based on the approximation to EU regulation and standards
8. 8
Inclusion in the TC AdES LOTL
• No need for an international agreement as it is not mutual recognition of qualified
electronic signatures
• Formal request by the TC to DG CNECT
• Technical assessment of the legal and technical aspects of TC electronic signatures
(they must be equivalent/similar to EU QES under the TC’s regulations).
• Technical works addressed to include the pointers to TC LOTL in the EU TC AdES
LOTL.
9. 9
Effects
• Validation of TC’s electronic signatures equivalent to EU QES becomes an easy task
• Although they cannot be considered as EU QES, the EU TC AdES LOTL offers the
added value of the technical assessment by the COM of the electronic signatures
generated in the TC
• First step towards future mutual recognition of qualified trust services
10. New EU Regulation on cross-
border use of national eIDs
• Coverage • Acceptance • Usage • User friendliness
• Not all MS have notified
eID schemes and only
a minor part of them
are mobile.
• Only a limited number of
public services offer eIDAS
authentication
• Between 100 and 30
000 successful cross-
border authentications
a year compared to
millions at domestic
level
• No common user
interface, redirections
in the authentication
process and denial of
service
• Four factors hindering cross-border authentication under the eIDAS Regulation
11. Universally Available
Offered to all EU citizens and
businesses in 2025
Universally Useable
Identification (platforms,
banks ..)
Sharing attributes (mobile
driving licence, ePrescription,
diploma, ESSPASS ..)
Protecting Personal Data
Users fully control their
identity and their personal
data
eIDAS 2.0: European Digital Identity
12. The three pillars of a European
Digital Identity
• Strengthen the national
eIDs system under eIDAS
• Improve effectiveness and
efficiency of mutual recognition of
national eID schemes and make
their notification mandatory for
Member States
• Private sector as Provider
of identity-linked services
• Private providers to offer digital
identity-linked services by
following the (improved) rules
applicable for qualified trust
services (anchored in national
eIDs).
• User Controlled Digital
Identity – Personal Wallet
• European secure “digital wallet”
trusted app on mobile/smartphone
allowing the storage and use,
under the sole control of the user,
of identity data and various
attributes/credentials, based on
common standards
13. The European Digital Identity
Wallet
2
Credentials such as driving license, university diploma, professional accreditations can be linked to the user
identity.
Users are able to manage both their identity credentials and legal eID together
Improved user experience and use cases
Linking Identity and Credentials
1
User control
The provision of a personal wallet:
- Improves user-choice,
- Improves user-experience (including mobile
experiences),
- Supports data control
- No tracking
- Supports portability
3
Possible Use cases
- Opening a bank account
- Filing tax returns
- Providing your age
- Renting a car
- Numerous digital public services
- …
14. The European Digital Identity
Wallet
✓ Shall be issued by Member States (under a notified scheme)
✓ Harmonization based on standards and common technical
framework, certification and conformity assessment
✓ High level of security
✓ Certified against functional, operational, procedural,
interoperability, privacy, cybersecurity requirements by accredited
public or private bodies designated by MS
✓ Allow users to sign by means of qualified electronic
signatures/seals
✓ Free of charge
Main requirements
15. Legislative Process
Co-legislators negotiations starting
Expert Group
First version of wallet specifications
published
Wallet prototype
Development started
Preparations for roll-out of the wallet
Large scale pilots launch
Status
21 March
9 February
1 March
1 April
16. EUDI Wallet roadmap
Above roadmap is accompanied by regular EUDI Stakeholders alignment and Governance sessions.
17. • Prove who they are when using Digital
Public Services or opening an Bank account
• Avoid sharing unnecessary data when
Logging into Social Media
• Present
• Loyalty cards
• Membership cards
• Tickets
• Prove they possess a Driving Licence
• Obtain and present Medical Prescriptions
• Demonstrate their Social Security Status
• Sign contracts and other Declaration
of intent or consent
• Authorise payments
Use Cases
The wallet will allow users to
18. DC4EU
Four Large Scale Pilots
8 countries
6 private and 15 private entities
Use cases:
payments use-cases at both a cross-
country and cross-sector level with
partners coming from both private and
public sector
20 countries
56 public and 80+ private entities
Use cases:
Electronic Government services, Bank
Account opening, SIM registration,
mobile driving licence, Remote Qualified
Electronic Signature and ePrescription.
23 countries
36 public and 40+ private entities
Use cases:
Educational credentials and professional
qualifications, Portable Document A1
(PDA1), European Health Insurance Card
(EHIC).
19 countries
18 public and 40+ private entities
Use cases:
Digital Travel Credentials, Payments,
Legal persons
DC4EU
Total budget: >90 Million (50% EU contribution), >250 Participants,
19. • Mobile Driving Licences (mDL) – Storage and
presentation of mDLs in both online and physical
interactions such as a driver providing their licence on
the roadside
• Opening a Bank Account – Wallet can be used to
verify a user's identity when opening a bank account
both cross-border and domestically. Reduces fraud &
KYC costs.
• SIM Registration – Wallet to prove their identity in
pre- and post-paid SIM card contract registration and
activation processes reducing fraud and costs for
mobile network operator
• eSignatures – EUDI Wallet can be used to provide
a secure digital signature when signing contracts
online, eliminating the need for paper documents
and physical signatures.
• Accessing government services – An EUDI
Wallet can be used to securely access government
services, such as applying for a passport or driver's
licence, filing taxes, or applying for supports
• ePrescription – Wallet can be be used to simplify the
process of identifying one-self and providing details of
prescription to a pharmacies in order to claim
medicine
Pilot Use-cases
20. • Payments – Wallet can be used to store payment
credentials and facilitate the approval of payments in
both account-to-account based transactions and card-
based transactions
• Travelling – Wallet can be used to store a user's
passport, visa, and other travel documents as a Digital
Travel Credential, allowing for quick and easy access
when going through airport security and customs
• Organisational Digital Identity – Wallet can be used
by legal persons for interactions between business-to-
government or business-to-business such as in the
context of taxes
• Freedom of Movement – Wallet facilitates an EU
citizen's movement around EU by storing and
presenting social security documents such as
European Health Insurance Card
• Education/Professional Qualification – Wallet can
be used to store and verify a user's educational
qualification or professional certification, such as
diplomas or degrees, making it easier to apply for jobs
or further education.
Pilot Use-cases