Council and Parliament reach a provisional agreement on eID
With a view to ensuring a trusted and secure digital identity for all Europeans, the Council presidency and European Parliament representatives reached a provisional agreement on a new framework for a European digital identity (eID).
With the approval of the European digital identity regulation, we are taking a fundamental step so that citizens can have a unique and secure European digital identity. This is a key advance for the European Union to be a global reference in the digital field, protecting our democratic rights and values.
Nadia Calviño, acting Spanish first vice-president and minister for economy and digitalisation
The European digital identity wallet
The revised regulation constitutes a clear paradigm shift for digital identity in Europe aiming to ensure universal access for people and businesses to secure and trustworthy electronic identification and authentication.
Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, diplomas, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets with a click of a button on their mobile phone.
The new European digital identity wallets will enable all Europeans to access online services with their national digital identification, which will be recognised throughout Europe, without having to use private identification methods or unnecessarily sharing personal data. User control ensures that only information that needs to be shared will be shared.
Concluding the initial provisional agreement
Since the initial provisional agreement on some of the main elements of the legislative proposal at the end of June this year, a thorough series of technical meetings followed in order to complete a text that allowed the finalisation of the file in full. Some relevant aspects agreed by the co-legislators today ar
- the e-signatures: the wallet will be free to use for natural persons by default, but member states may provide for measures to ensure that the free-of-charge use is limited to non-professional purposes
- the wallet’s business model: the issuance, use and revocation will be free of charge for all natural persons
- the validation of electronic attestation of attributes: member states shall provide free-of-charge validation mechanisms only to verify the authenticity and validity of the wallet and of the relying parties’ identity
- the code for the wallets: the application software components will be open source, but member states are granted necessary leeway so that, for justified reasons, specific components other than those installed on user devices may not be disclosed
- consistency between the wallet as an eID means and the underpinning scheme under which it is issued has been ensured.
Finally, the revised law clarifies the scope of the qualified web authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.
Next steps
Technical work will continue to complete the legal text in accordance with the provisional agreement. When finalised, the text will be submitted to the member states’ representatives (Coreper) for endorsement. Subject to a legal/linguistic review, the revised regulation will then need to be formally adopted by the Parliament and the Council before it can be published in the EU’s Official Journal and enter into force.
Background
In June 2021, the Commission proposed a framework for a European digital identity that would be available to all EU citizens, residents, and businesses, via a European digital identity wallet.
The proposed new framework amends the 2014 regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS regulation), which laid the foundations for safely accessing public services and carrying out transactions online and across borders in the EU.
The proposal requires member states to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification. To set up the necessary technical architecture, speed up the implementation of the revised regulation, provide guidelines to member states and avoid fragmentation, the proposal was accompanied by a recommendation for the development of a Union toolbox defining the technical specifications of the wallet.
Following interinstitutional negotiations (‘trilogues’), the two co-legislators managed to reach an initial provisional agreement on the key elements of the file on 29 June 2023 subject to further technical adjustments on the draft legislative text of the revised regulation.