News

Understanding the implications of the European Digital Identity Framework

15 July 2024


The European Commission proposed a “Unified Framework for the European Digital Identity” in June 2021, aiming to establish a secure sovereign digital identity (eID) across Europe. Revised and adopted in 2024 (eIDAS V2), this regulation seeks to create a “European Digital Identity Wallet”. This framework is crucial for the digital transformation of states, citizens, and businesses. It is essential to understand its implications to prepare for the technological and social changes it will bring in Europe and internationally.

Digital Identity: A Priority for Europe

The European identity framework is key to meeting the needs of our increasingly remote societies (e.g. remote work, account opening). Increased mobility and globalization have advanced digital interactions, consequently increasing the need for identifying legal and physical persons. The 2020 global pandemic significantly accelerated the shift towards digital and the use of digital identity. This shift has made digital identity not just practical but necessary for governments.

To ensure the harmonious development of digital services, it is necessary to develop reliable digital identities within a trust framework that meets essential security requirements. In today’s constantly evolving technological, social and geopolitical landscape, digital identity is indispensable for ensuring efficient and continuous private and public services for citizens.

The shift from physical to digital identity titles is a fundamental challenge for all European actors. With the massive use of the internet on mobile devices, these devices are now preferred for new digital identity titles. However, it is unrealistic to believe that a simple photocopy of an official physical title can guarantee its integrity and authenticity. Europe’s shift leads us to adopt new certified digital formats such as mobile driver’s licenses (mDL) and mobile passports (DTC). These new digital formats are secured for online or offline verification procedures (NFC). New standards are being developed to finalize the conditions for international recognition of these official digital documents.

Verifiable Credentials: A Major Advance for Digital Interactions

Identity is often used to structure and organize contextual and personal data, establishing a relationship of trust. This data, called “attributes,” is linked to a specific identity and can be professional or status-related, payment-related, administrative rights, personal data, etc. Attribute verification is a more dynamic concept than the secure and official digital title, which is more static in content. Verification involves using pieces of this data, linking them with an identity (with the holder’s consent) and providing additional trust guarantees when necessary. These guarantees can be either validation of this data through external sources or certification of the attribute verification by a qualified trusted operator.

European Citizens’ Expectations for Ergonomic and Trustworthy Tools

Meeting citizens’ expectations is crucial in the new European framework. Studies show three main citizen priorities: ergonomic simplicity, integrated identity lifecycle management and data protection.

  • Ergonomic Simplicity: Citizens must be able to use their digital identity easily in various everyday situations, both in-person and remotely for major public and private services. Mobile interface design and user experience (UX) must be simple to understand, use and integrate into daily life.
  • Integrated Identity Lifecycle Management: This involves three types of processes: enrollment (identification), recognition (authentication) and authorization (electronic signatures and rights verification). For example, a payment operation requires strong customer authentication (SCA). Digital identity is truly useful when it integrates these necessary processes for significant digital services. Developing a quality digital identity means enabling smooth and secure end-to-end management of all steps, allowing access to a given service.
  • Data Protection: Citizens’ ability to control their data and interact in a secure environment is a strong trust guarantee. The European Digital Identity Wallet (EUDI Wallet) sets a unique privacy framework, allowing citizens to manage their data sharing transparently and with consent. It also allows sharing only the minimum necessary data for a particular use case, known as “selective disclosure.”

The Key Role of Mobile Support

Mobile phones are becoming the preferred support in the new European digital identity framework. The publication of a “toolbox” for the digital identity wallet and the launch of large-scale intersectoral pilots aim to position these devices as the top digital identity supports. This transformation requires that mobile phones move from supporting “derived physical titles” to being the preferred or even native support for digital identity. This transition, planned over several years, also involves changes in the application environment, the integration of new standardized architectures and renewed management of infrastructures and platforms.

The Cloud-Mobile axis is fundamental for the digital identity ecosystem. It must enable instant and ubiquitous access to multi-use contextual data (e.g., banking, health, administration). Mastering mobile technologies, interoperability standards and security conditions are essential for building context-adjustable, secure, and privacy-respecting identities. In this Cloud-Mobile duo, the Cloud provides intelligence and volume, while the mobile promotes application simplicity, contextual dynamism and is always within reach of the user. Mastering mobile technologies, interoperability standards and security conditions are essential for building context-adjustable, secure and privacy-respecting identities.

It is also important to remember that the development of a European framework for the entire digital sphere, with the latest negotiated, revised and/or adopted texts (Digital Market Act, Digital Services Act, Data Governance Act, Data Act, AI Act, and Cyber Resilience Act), aims to enable interoperability, a cornerstone of innovation in the digital domain and particularly relevant in the field of digital identity.


Conclusion

The ambitions of the European digital identity wallet are high and strategically important for service distribution within and outside Europe. The European Commission aims to convince at least four out of five Europeans to use digital identity by 2030. Transport, health, administration, payments, digital currency and regulated services: our identity attributes can be used for a multitude of trusted uses.

These ambitions can be realized, provided that data orchestration is mastered with the appropriate technological and security requirements, while respecting users. In Europe, as elsewhere, it is time to fulfill the promises made regarding the digital identity wallet, so that delivering a new generation of innovative digital services for citizens, businesses and States finally becomes a reality.

Sources:

  1. https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-wallet-architecture-and-reference-framework
  2. https://digital-strategy.ec.europa.eu/en/policies/eudi-wallet-implementation
  3. https://ec.europa.eu/info/strategy/priorities-2019-2024/europe-fit-digital-age/europes-digital-decade-digital-targets-2030_en