European digital identity: where do we stand?
The European digital identity, which has been talked about for some time now, has taken a big step forward during the year 2022. Indeed, this project dedicated to facilitate and secure the daily acts of many European people and companies is becoming more and more concrete. To deploy this European digital identity by 2025! At the moment, the European Commission and the 27 Member States are developing the technical toolbox and the regulatory framework of the project. What are the regulatory and technical characteristics known for the moment?
What is the European digital identity?
The European Digital Identity is a project proposed by the European Commission. It aims to offer EU citizens a secure and interoperable digital identity throughout the EU to facilitate transactions, but also and above all to protect data. It will allow everyone to authenticate themselves in a secure and reliable way without having to provide personal data each time. The information will be stored on secure servers that will respect European data protection standards.
Authentication can be done in two steps using a smartphone and another device to confirm identity in order to access the most sensitive services such as banking or health services for example. This solution is aimed at both citizens and companies and also aims to give everyone control over their personal data. It will be possible to choose whether or not to disclose certain personal information and thus to preserve one's data if desired.
The goal of this project is to standardize practices, since there are currently secure identification systems, but they are specific to each platform or organization that offers them. With the European digital identity, it is now possible to have a unique means of identification not only in France, but also throughout the European Union. This should greatly simplify the uses for individuals and companies who wish to have a secure and trusted authentication method.
To date, the European Digital Identity project is still under development. The goal of the European Commission is to be able to offer this solution in a few years.
To support a project as important as European digital identity, it is essential to create a reliable and consistent regulatory base. Therefore, the idea is to make the eIDAS regulation evolve towards a new version, an eIDAS V2, to allow a harmonization of the regulation at the European level.
The eIDAS regulation is a regulation on electronic identification services. This regulation introduced the first common standards on electronic identity in Europe. However, its application highlights real differences between countries. It is therefore necessary to modify the eIDAS regulation to make it suitable and adaptable to all countries of the European Union.
A revision was presented in June 2021 to the European Commission. Its goal is to give at least 80% of citizens the possibility to use a digital identity to access public and private services in the EU countries by 2030. The changes that have been proposed are significant and therefore require various adjustments by the Member States.
While the eIDAS regulation is of paramount importance in framing the project across the European Union, it is also linked to legislation on digital services and markets, as well as cybersecurity, as the regulation will also be used to build a secure and level playing field for businesses to use digital identity. Companies will be able to offer access through the European digital identity from smartphones and applications.
We recently co-hosted a webinar with TNP Consultants that discusses the evolutions of eIDAS 2 and its projected timeline. Do not hesitate to watch it to learn more about the use cases you will have to anticipate for your activity.
The technical characteristics
Also under study is the creation of a technical toolbox that will enable the deployment of the solution at the European level, with the objective of relying on a system that will better protect personal data, create interoperable solutions according to international standards, and provide access to a European digital identity for all citizens.
The technical characteristics of the European digital identity are therefore being built step by step. Since September 2021, the European Commission has been coordinating the definition of the technical framework Architecture and Reference Framework (ARF) with the expertise and support of several organizations. At the beginning of 2022, the general architecture, the European digital identity standards and the security requirements were defined, and a call for projects was launched in April 2022 to create a reference implementation that will serve as the technical basis. In mid-2022, the finalization of the specifications, standards and guides took place to create a toolkit and a complete development framework by the end of 2022.
Since then, each Member State has been free to develop projects using the framework defined by the ARF and eIDAS 2. Definitions of the implementing acts and delegated acts of eIDAS 2 have begun and will make it possible to define the regulatory and technical characteristics according to different sectoral specificities (health, transport, driving licenses, means of payment, etc.).
Although the project has made good progress, it is still far from being able to be offered to the public, as there are still a lot of elements to be finalized in order to achieve a finished product that complies with the various European regulations and can be used by everyone. In the meantime, the French have a very brief glimpse of what this solution could look like through the use of France Connect. Nevertheless, France Connect is still far from what will be the European digital identity, which will allow a much wider and more personalized management of one's data, all within the European Union.