The European eIDAS regulation, short for the Electronic IDentification, Authentication and Trust Services Regulation, was created in 2014 to ensure common rules and standards for trust services related to electronic identification across the European internal market. Its main goal is to facilitate easier access to digital services and simplify online interactions among citizens and businesses.
The regulation seeks to enable a greater degree of trust between entities in different Member States when transacting electronically, by standardizing mechanisms for authentication and identification. This is aimed at enabling better cooperation within the EU and allowing users to prove their identity through electronic means.
The introduction of such security measures helps people develop trust in the authenticity of electronic transactions conducted over the internet. It also ensures that global standards are met for reliable transactions across borders, paving the way for a more secure e-commerce environment. Mutual recognition between countries can be achieved, while businesses can offer products or services with full compliance with regulations throughout Europe without having separate processes involved.
In June 2021, the European Commission published a Proposal for a new and updated eIDAS regulation, dubbed eIDAS 2.0. This new version effectively replaces the old 2014 regulation and brings with it a range of important changes.
eIDAS 2.0 will expand the scope of eIDAS beyond just identification and authentication to include additional cross-border digital services such as device identification. The initiative also strives toward increasing security levels and privacy safeguards with regards to electronically stored identities, as well as creating the European digital identity framework for simpler and harmonized creation and use of digital identities. Furthermore, eIDAS 2.0 aims to facilitate public procurement processes and improve interoperability between different national systems. These advancements promise to bring more efficiency and reliability into online services provided by public bodies or businesses operating in multiple countries.
A central part of eIDAS 2.0 is indeed the European Digital Identity (EUDI) Wallet, a mobile app that each member state must offer to their citizens by 2024. This wallet enables users to securely store and use their digital identities throughout Europe, with full and sole control over their data. This will alllow users to access services from any Member State’s public institutions without the need for additional physical documentation. The EUDI wallet would also cover attestations of attributes such as ePassports, driver’s licenses, university diplomas, and personal information like medical records or banking details. The wallet should also allow users to access a variety of online private and public services and sign documents with qualified electronic signatures and seals (QES).
The eIDAS 2.0 proposal also includes Qualified Trust Service Providers (QTSPs) which will be responsible for ensuring that the digital identities they issue comply with the new regulations. As specialized service providers with the purpose of ensuring secure electronic transactions, such as electronic signatures, digital certificates, or timestamping services, QTSPs must adhere to a set of security requirements such as strong cryptographic algorithms and authentication protocols, as well as an audit trail for each transaction and a secure system architecture. Furthermore, they need to provide users with detailed information about their data-processing activities, rights of access and withdrawal of consent,
The new eIDAS 2.0 regulation will also ensure simplified processes for businesses to offer their products or services across borders within the EU. It will bring more uniformity in terms of legal requirements, allowing businesses to offer services with the same level of trust and security regardless of the country in which their customers are located. Furthermore, it will enable companies to access new markets without worrying about the complexities of local regulations and avoid the need for setting up separate entities in each Member State.
It is anticipated that eIDAS 2.0 regulation will be approved and become legally binding in the second half of 2023.