Council adopts legal framework on a secure and trustworthy digital wallet

To ensure a trusted and secure digital identity for all Europeans, the Council adopted a new framework for a European digital identity (eID).

The adoption of the European digital identity regulation is a milestone in our society’s digital transformation. Enabling citizens to have a unique and secure European digital wallet while remaining in full control of their personal data is a key step forward for the EU, which will set a global benchmark in the digital field and enhance security when engaging with online services. Moreover, by putting citizens at the centre, the European digital identity regulation contributes to significantly improving and simplifying access to public services online. Citizens should not have to bear the burden of administrative and institutional complexity.

Mathieu Michel, Belgian Secretary of State for digitisation, administrative simplification, privacy protection and the building regulation

The European digital identity wallet

The revised regulation constitutes a clear paradigm shift for digital identity in Europe. It aims to ensure that people and businesses across Europe have universal access to secure and trustworthy electronic identification and authentication.

Under the new law, member states will offer citizens and businesses digital wallets that will be able to link their national digital identities with proof of other personal attributes (e.g., driving licence, qualifications, bank account). Citizens will be able to prove their identity and share electronic documents from their digital wallets simply, using their mobile phones.

The new European digital identity wallets (EDIWs) will enable all citizens to access online services with their national digital identification, which will be recognised throughout the EU, without having to use private identification methods or unnecessarily share personal data. User control ensures that only information that needs to be shared will be shared.

Main elements of the revised regulation

 

The co-legislators maintained the general thrust of the Commission proposal for an upgraded framework that will improve the effectiveness and extend the benefits of secure and convenient digital identity to the private sector and for mobile use. Interinstitutional discussions strengthened the legislation in several areas that are important for citizens. The wallet will contain a dashboard of all transactions accessible to its holder both online and offline, offer the possibility to report possible violations of data protection, and allow interaction between wallets. Moreover, citizens will be able to onboard the wallet with existing national eID schemes and benefit from free e-signatures for non-professional use. The main elements of the revised law can be summarised as follows:

  • by 2026, each member state must make a digital identity wallet available to its citizens and accept EDIWs from other member states according to the revised regulation
  • sufficient safeguards have been included to avoid discrimination against anyone choosing not to use the wallet, which will always remain voluntary
  • the wallet’s business model: issuance, use and revocation will be free of charge for all natural persons
  • the validation of electronic attestation of attributes: member states are required to provide free-of-charge validation mechanisms only to verify the authenticity and validity of the wallet and of the relying parties’ identity
  • the code for the wallets: the application software components will be open source, but member states are granted leeway so that, for justified reasons, specific components other than those installed on user devices need not be disclosed
  • consistency has been ensured between the wallet as a form of eID and the scheme under which it is issued.

Finally, the revised law clarifies the scope of the qualified website authentication certificates (QWACs), which ensures that users can verify who is behind a website, while preserving the current well-established industry security rules and standards.

Next steps

The revised regulation will be published in the EU’s Official Journal in the coming weeks and will enter into force 20 days after its publication. The regulation will be fully implemented by 2026.

Background

In June 2021, the Commission proposed a framework for a European digital identity that would be available to all EU citizens, residents, and businesses, via a European digital identity wallet. The new framework amends the 2014 regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS regulation), which laid the foundations for safely accessing public services and carrying out transactions online and across borders in the EU.

The regulation requires member states to issue a digital wallet under a notified eID scheme, built on common technical standards, following compulsory certification. To set up the necessary technical architecture, speed up the implementation of the revised regulation, provide guidelines to member states and avoid fragmentation, the proposal was accompanied by a recommendation for the development of a Union toolbox defining the technical specifications of the wallet. Following interinstitutional negotiations (‘trilogues’), the two co-legislators managed to reach an initial provisional agreement on the key elements of the file on 29 June 2023, which was finalised on 8 November 2023. Romana Jerković (S&D, HR) was the European Parliament’s rapporteur for this file.