The main objective of the Regulation is to harmonise digital identification and thereby reduce the costs and risks of the current fragmentation caused by different national solutions. This initiative would also strengthen the Single Market by allowing citizens, other residents as defined by national law and businesses to identify and authenticate online and offline in a convenient and uniform way across the EU.
New proposals for the European Digital Identity Wallet (EDIW)
The report amends the definition of the EDIW and defines it as a product and service that operates according to electronic identification. It allows the user to store and manage identity-data credentials and attributes linked to their identity, provide them to other parties on request, create qualified electronic signatures and seals, and use them for identification and authentication, both online and offline, in accessing public and private services in accordance with the provisions of the regulation.
In the framework of the EDIW, there should be a function of transaction history, which allows the user to track all transactions executed through the wallet and the details of the transactions that should be stored even if the transactions were not concluded. According to the report, the transaction history should be non-repudiable for any legal purpose.
Application of the “once only” principle
Another aim of the new regulation is to support the spread of digitalisation in the public sector services of the member states and encourage the wide adoption of the European digital identity framework and European Digital Identity Wallets. This objective is also served by the introduction of the "once only" principle, which allows citizens and businesses to avoid supplying the same data to public authorities more than once. This principle is to reduce administrative burden and to support cross-border mobility of citizens and businesses. The report also states that the use of these data should be possible for the purposes of completing cross-border online procedures at the request of the user.
Cybersecurity and privacy
The report includes provisions to improve the protection of cybersecurity and privacy for the European digital identity. The EDIW must be issued under a notified electronic identification scheme of a 'high' level of assurance and ensure cybersecurity by design. Pursuant to the draft, the EDIW should also ensure the highest level of security for personal data used for identification and authentication, irrespective of whether this data is stored locally or on cloud-based solutions according to different levels of risk. In connection with this, the use of biometrics to identify and authenticate will not be a precondition for using the European Digital Identity Wallet, and biometric data should not be stored in the cloud. For additional information contained in the EDIW, storing the data in the cloud should be an optional feature only active after the user has given explicit consent. The new regulation also emphasises that its specific rules only complements the GDPR, but should not be regarded as lex specialis to the GDPR.
Zero-Knowledge Proof (ZKP)
The draft report introduces the term “Zero Knowledge Proof”, which allows the verification of a claim without revealing the data that proves it, based on cryptographic algorithms. According to the EP, the ZKP allows holders to demonstrate that they are adults and their location if such information is needed to access certain services. This initiative also fights against bots and disinformation attacks, since platforms can verify that an action on their platform is executed by a real person located in the EU while preserving the individual's right to anonymity.
European Digital Identity Board (EDIB)
To facilitate the implementation of the Regulation, the report also proposes the establishment of the European Digital Identity Board, which will be composed of national competent authorities and the Commission. The EDIB will be responsible for tasks, such as assisting the Commission in the preparation of legislative proposals and policy initiatives in the field of digital wallets, electronic identification means and trust services; or support the consistent application of the Regulation.
In the light of above, this proposal is another important step towards achieving a single digital identity in Europe, and we look forward to the next developments in the European legislature.
For more information on the draft report, contact your CMS client partner or CMS experts.
The article was co-authored by Daniella Huszár.