EU Commission Seeks to Defragment Digital Identity Wallet Solutions

It was announced by the EU Commission on the 3rd of June 2021 that a framework would be developed to fulfil a European Digital Identity covering all EU citizens, residents, and businesses. The end goal of the proposal is to deploy a digital wallet solution, a concept that has gained considerable traction in the Government ID market, which may be provided by private organizations, public authorities, or an EU member country, and which will connect a citizen’s national digital ID to other identity formats such as a driving license or bank account. The objective is to connect citizens and businesses to online services without the necessity of utilizing private identification methods or unnecessarily sharing/storing personal information. The user will be able to select a wallet app to their smartphone device to store and selectively share electronic documents required for a specific identity verification, such as opening a bank account. E-signatures are also planned to be incorporated in these solutions.

The announcement comes as an extension of the 2014 legislation regarding electronic authentication systems (eIDAS) by addressing some of its limitations and pain-points, such as a low rate of adoption and limited mobile support.

The biggest question that will be raised, as it inevitably is with a digital identity solution, is how exactly the proposed digital identity wallets would secure the citizens private data. As of yet, this is a question still to be determined at this preliminary stage but will have to be addressed before a solution can be provided.

With a number of member states working on a deadline of September 2022 for developing sandbox environments for the purpose of stress-testing and developing innovative identity solutions in a controlled environment, the EU Commission will have its work cut out streamlining and defragmenting such a wide range of approaches to the proposal. What is clear at the present stage is that realization of the Commission’s vision of a unilateral European e-ID lies behind a complex mass of stringent necessities required to provide a secure and trusted European digital ID that simultaneously achieves strong adoption rates and widespread support:

1. Management and Use of Data – The Digital ID Wallets are required to enable the user to securely request, obtain, store, select, combine, and share the necessary data for the purpose of both online and offline authentication in order to access public and private services. Similarly, the citizen must be able to sign by means of qualified e-signatures.
2. Data Control in the Hands of the User – In line with previous legislation regarding GDPR, the user will be put in full control over how their personal data is used. Digital ID Wallets will not compile information about the use of the wallet that is not required for the provision of ID wallet services or combine personal information with personal data from any other services offered by the issuer or from third-party services unless the user has consented to it.
3. Tackling Data Breaches – In the event that the Digital ID Wallet falls victim to a breach or malicious activity in a detrimental manner to their reliability, the country of issuance must suspend and revoke the wallet validity. If this is not achieved within three months, the wallet must be fully withdrawn from circulation.
4. Certification and Publication – The uniformity of the Digital ID Wallets with the EU Commission’s requirements will be certified by accredited public or private bodies designated by member countries. These countries must communicate to the EU Commission the names and addresses of these public or private bodies, who in turn will publish and maintain a list of these agencies.
5. Cross-Border Acceptance – Where the mutual recognition of digital identification for access to an online service provided by a public sector body was already regulated under eIDAS, the proposal now extends this to the private sector as well.

Big data and Tech firms such as Facebook, Google and Twitter are also being targeted, as the proposal extends the principle of pan-European acceptance to platforms that provide their services to over 45 million average monthly active recipients.

The primary goal of these Identity Wallets is to end the solution fragmentation which currently exists under the present eIDAS Regulation. A single pan-European cross-border framework would provide citizens and private firms the means to identify themselves efficiently and securely in a cross-border context and exchange personal identity attributes and credentials in a highly secure, trusted, and regulatory compliant manner. There can be no doubt that the proposal of the EU Commission is a lofty one, and it remains to be seen how and to what extent the upcoming negotiations with member countries will reshape and guide the framework moving forward.