Imagine you’ve just arrived at your vacation destination. You have to pick up the rental car at the office and from there head to the hotel to check in. Maybe you go to the pharmacy first, because you have a bit of an allergy and it’s better to anticipate buying your medication. You reach into your bag and… disaster: you’ve forgotten your wallet containing your driver’s license, identity card and health card.
But if there is one thing that most of us always have with us today, it is our mobile phone — even if we do not always protect it, nor the information contained in it, as we should. The European digital identity project is creating a secure wallet interoperable between the countries of the European Union. An app on the mobile phone will only share the necessary information to each agent who requests it and that, they hope, will be safer than leaving your (physical) wallet lying around when you are just going on vacation.
[ Beware of the 4 key problems with digital identity and learn about the concept of decentralized identity ]
A regulation to unify all standards
This initiative is included in Regulation (EU) 2024/1183 of the European Parliament and of the Council, commonly known as eIDAS2, as it amends the 2014 regulation, which established the European digital identity framework. eIDAS2 arises within the framework of a greater digitalisation of citizens, which forces us to rethink current online identification systems to shield them, make them simpler and, above all, unify them.
The text of eIDAS2, in force since May of this year, specifies this in the European Digital Identity Wallet, “a harmonised means of electronic identification that allows you to authenticate and share data related to your identity”. The purpose, it is explained, is “to move from the exclusive use of national digital identity solutions to the provision of electronic declarations of attributes that are valid and legally recognised throughout the Union”.
The European Commission has until November 21, 2024, to establish a list of reference standards, specifications, and procedures needed to make the wallet a reality.
Along with this, the regulations introduce a series of changes. The main ones are the expansion of the catalogue of services that can be provided by trusted providers, as well as the expansion of the scope of digital identity to the field of health, mobility, education and the financial sector. The entry into force of the regulation opens a period of just over two years, until the end of 2026, for its full implementation: by then, states must have digital wallets ready for their citizens. “An essential deadline given the complexity of creating a system that is secure, interoperable and accessible throughout the European Union,” explains María González, Director of Public Policy and Regulation at Adigital.
The approval of eIDAS2 has set the clock in motion. In August, the European Commission began consultations on five regulations that will be crucial in the implementation phase, related to aspects such as interfaces, interoperability or cybersecurity requirements, González recapitulates. Collaboration with bodies such as the European Telecommunications Standards Institute (ETSI) and the European Committee for Standardisation (CEN) in the development of standards will also be key. And, of course, the work in each country. “Now the ball is in the courts of all the governments in Europe, which have to put this into practice,” says Paula Lamo, director of UNIR’s Master’s Degree in Internet of Things.
It is not only the administrations that must prepare: the private sector can also move pieces so that the advent of the European digital wallet does not catch them half-hearted. “Companies have to be oriented towards this digitalization, adapting their production processes for this situation, which may be a competitive advantage,” says Lamo. Beyond this differential value in the business strategy, there may be other benefits. “They will be impacted by this simplification of administrative procedures by eliminating one of the great challenges they currently face, such as bureaucracy and the excessive time they dedicate to it,” says González. In addition to the reinforcement in security and data protection, it adds as an advantage its transnational nature, which “multiplies its opportunities and helps to promote the single market”.
Challenges to be solved on the path to European digital identity
With much of the practical work still to be done, it is clear that there is still a long way to go. González summarizes the main challenges: “Guaranteeing the security and privacy of data. On a more technical level, managing interoperability between the systems of the different Member States also entails its complexity. Finally, there is the challenge of getting citizens and companies to adopt the system, which will depend on the confidence they generate in terms of its security and ease of use.”
Lamo delves into this last topic. “I am convinced that there will be some more reticent, more denialist sector that is going to say: ‘This is to keep an eye on us.’ The objective is not that, or at least the original idea is not to control the citizen, but to try to improve your life with technology.” To face this line of thought, his recipe involves “a lot, a lot of pedagogy, explaining very well what this is for and the advantages it has”. Showing off this advice, he reiterates them: “Make your transactions simpler, make your life less complicated, be more digitalized. Moving towards the future and also in a very secure way, guaranteeing that in this way you are not going to share unnecessary data”. González points out: “Citizens will be able to prove their identity, share documents and access digital services in a simple, secure and recognised way throughout the EU, from their mobile phone. For example, accessing public services (such as applying for a birth certificate), opening a bank account or applying for a place at a university in any Member State”.
Pedagogy will also be necessary to overcome the reluctance of the population when it comes to sharing their personal information, no longer because of a matter of control, but because of a greater sensitivity to data theft. “It is about centralizing in a secure way and guaranteeing the citizen that at all times they will only give the necessary data,” says Lamo. “We have to give confidence,” he reiterates, “explain that this digital identity is not mandatory, of course, but each person, if they want it, can use it; that it will be to make their lives easier and that it is not a carte blanche to give the data to everyone”.
This is not mandatory and includes another of the social sectors that the digital portfolio can reach: those groups that do not have the technological skills or sufficient means to use it. The regulations do not establish that the use of the digital wallet is mandatory; Moreover, it is explicitly contemplated, in certain contexts of use, that the population should not have “any obligation to use a European Digital Identity Wallet to access private services and their access to services should not be restricted or hindered by not using a European Digital Identity Wallet”. Respect for this non-digital alternative can also help to alleviate the reservations of the groups most reluctant to share their data. There is still time for this scenario: at least two years in which the pedagogy that Lamo demands must be applied to promote an initiative that, well directed, has great potential.