Forward-looking: Europe has finally reached an agreement on the next generation of its electronic identification and trust services (eIDAS) regulation. The amended regulation, which still needs some work before being finalized into law, aims to provide both security and control over data sharing for European citizens.
The European Council and Parliament have announced a provisional agreement on the new framework for a revised European digital identity (eID). The upcoming eID standard is designed to provide EU citizens with a "unique and secure" digital identity, valid throughout the entire continent, marking a significant advancement for Europe's goal to become a reference in the digital field.
In its official announcement about the agreement, the EU Council – a collegiate body part of the EU executive branch with the European Commission – welcomed the revised regulation as a "clear paradigm shift" for digital identity in Europe. With the new eID, electronic identification aims to become a trustworthy means of ensuring universal online access for both individuals and EU businesses.
The revised eID standard will rely on new digital wallets issued by EU member states, serving as a link to national digital identities with proof of other "personal attributes." A digital wallet would contain certifications for a citizen's driving license, school diploma, bank account, and more, according to the EU Council. Meanwhile, citizens would be able to prove their identity and share electronic documents from their digital wallets "with a click of a button" on their smartphone.
eID's digital wallet is being designed as an authentication system for online services available to EU citizens, according to the EU Council, where citizens will be able to control and limit the type of information they share. The EU-wide system aims to eliminate the need for "private" identification methods or unnecessary sharing of personal data.
The provisional agreement outlines key aspects of eID's digital wallet, including free e-signatures for "natural persons" and a business model that won't impose fees for issuing, using, or revoking such signatures. The new eID will also mandate EU member states to provide free-of-charge validation mechanisms, utilize open-source "application software components," and ensure consistency between the wallet as an eID means and the underlying scheme under which it is issued.
The revised eID, still requiring some technical work to complete the legal text, appears to rectify the scope of the much-debated qualified web authentication certificates (QWACs). The technology, initially criticized by the EFF as a step backward for modern internet security, has been revised to ensure the preservation of current, well-established industry security rules and standards in web security.