This content was created by the Data Sharing Coalition, one of the founding partners of the CoE-DSC.
To regulate and further facilitate electronic transactions within Europe, the EU introduced Electronic Identities And Trust Services (eIDAS). With eIDAS, the European member states agreed to use the same concepts, reliability levels and mutual digital infrastructure. Part of the eIDAS regulation is the cross-border use of login means recognised by the EU. During our hybrid Community Meeting on November 24th, Vincent Jansen, Partner at INNOPAY, will facilitate an informed discussion to elaborate on the eiDAS regulation and its possible implications for businesses. We spoke with Vincent in advance.
“The current eiDAS regulation enables citizens to log in to systems of other governments in Europe with their national digital identity,” Vincent says. “As a Dutch citizen you can also log in to the system of the Spanish government with your DigiD, for example when you have to pay a traffic violation. The issue is that this does not apply to all European governments: not every member state provides its citizens with a digital identity. The eiDAS regulation will change that. Member states are obliged to offer a digital identity to all citizens that wish to have one, enabled by a so-called ‘European Digital Identity Wallet’, expected as early as 2025. This wallet will not be limited to identity data (as is the case with DigiD), but can also contain credentials, such as a university degree.”
Mandatory acceptance of the wallet extends beyond the government domain
According to Vincent, European member states will be given the freedom to develop their own wallet. “There will not be one single European wallet. Europe is currently establishing the standards that a wallet must meet, including the highest level of reliability within the eIDAS regulation. Expert groups are currently working on a reference implementation that will be tested, followed by a final design. Subsequently, each member state must realise a solution that meets these requirements. As a result, the Dutch government could either upgrade the existing DigiD or create an accreditation scheme in which market parties can be accredited to bring their own solutions that comply with the regulation. The Dutch government is now exploring how to approach this.”
What is special about the wallet is that the mandatory acceptance extends beyond the government domain. Vincent: “By introducing this wallet, Europe is committed to creating a widely adopted solution for digital identification. Not only the public sector, but also the private sector will therefore have access to the wallet. In fact, to boost adoption, the EU has designated various sectors that will be obliged to use the wallet. These include the banking and financial sector, healthcare, education and utilities. Also large ‘Big Tech’ platforms, such as Amazon, Google and Facebook, must implement the wallet. With the latter, Europe wants to put a halt to identification by means of a ‘social login’, such as a Facebook ID. This is still a frequently used identification option, in which existing information from a social networking service is used to sign into a third-party website. A wallet by design identifies a person as it contains legitimate identity information provided by the government. For example by obtaining an ID through registering at a physical office. However, social logins cannot match this level of assurance as it is uncertain whether the ‘claimed identity’ is actually the ‘true identity’. By obliging the introduction of the wallet to Big Tech platforms, social logins are no longer possible. As a result, login procedures on these third party websites will become much more reliable. Moreover, the power of Big Tech is limited.”
User-friendly, high quality digital identity helps to speed up processes
The impact of this new eIDAS regulation is significant, but according to Vincent it also offers benefits and opportunities for the market. “A bank or insurer that wants to prepare for this wallet will have to perform an impact analysis to discover what this wallet will apply to. Take for example the customer onboarding or login process, for which new plug-ins must be implemented. It is advised that sectors that will be obliged to use the wallet start looking for service providers who communicate about the upcoming wallet and promise to offer a solution for this in their offering. While it is already very common to work with payment service providers, this will also be the case for digital identity service providers in the future. Although it takes effort to change existing processes, the end result is that the processes will be accelerated thanks to the high quality identity that the wallet – effectively a European digital passport – offers. For example, an onboarding process at a bank or the process of providing a mortgage will become easier because different documents for identification no longer have to be scanned or supplied separately because they are already included in the wallet.”
According to Vincent, the success of the European wallet depends on user adoption. “The mandatory adoption for various sectors will contribute to this. In addition, the European design and the resulting solutions need to be user-friendly, so that the end user (who is not obliged to use the wallet) is encouraged to start using the wallet in practice. The greater the user-friendliness, the greater the chance of accelerated adoption.