Lukas Han
Jul 5, 2024
Introduction
On 20 May 2024, the European Union’s (EU) new comprehensive framework regulation for European digital identity, known as the eIDAS 2.0 Regulation (Regulation (EU) 1183/2024), will come into force in all EU Member States. This date marks the beginning of a phased implementation period in which Member States will have various deadlines to fully adopt and apply the updated digital identity standards.
eIDAS 2.0 replaces the Electronic Identification, Authentication, and Trust Services (eIDAS) Regulation, providing a more secure and unified framework for digital identity and trust services across the EU. eIDAS 2.0 aims to bolster trust in digital transactions and will facilitate smoother cross-border activities, enabling citizens and businesses alike to engage more confidently in the digital single market.
What is eIDAS?
Introduced in 2014, the original eIDAS regulation sought to standardize the way electronic identification and trust services are used across Member States. It paved the way for Member States to mutually recognize each other’s national electronic ID (eID) systems, making it easier for citizens and businesses to authenticate their digital identities across borders. It also introduced requirements for trust services, including digital signatures, electronic seals, time stamps, e-delivery services, and website authentication.
While eIDAS was groundbreaking in its efforts to enable cross-border identity authentication, the regulation only partially fulfilled the objectives that had been set out at its adoption in 2014. The Regulation had several shortcomings, notably in the area of diverging interpretations by national supervisory and conformity assessment bodies. This led to varying levels of security and trust and inconsistencies in the use of electronic identification and trust services across the EU. The Regulation was also hindered by technological developments leading to inadequate coverage of trust services.
What changes with eIDAS 2.0?
With eIDAS 2.0, the EU seeks to ensure that the Regulation is applied consistently across its Member States by providing more detailed technical and operational requirements and guidelines for trust service providers. The scope of the regulation is also extended to include additional trust services, such as electronic registered mail and electronic certificates for authentication. Previously, only areas such as electronic seals, electronic signatures, and electronic time stamps were covered.
Furthermore, eIDAS 2.0 aims to bolster data protection and provide users with more control over their personal identity data by aligning the Regulation with the data protection requirements of the General Data Protection Regulation (GDPR).
Digital Identity Wallet
The biggest innovation of eIDAS 2.0 is that it provides for the introduction of a European digital identity (EUDI) wallet to all EU citizens by Member States, free of charge.
The EUDI wallet, is a virtual wallet, in the form of an application on your smartphone or other personal device, where individuals and companies can store and manage their certificates and evidence relating to electronic identification and trust services centrally, in one place. The EUDI wallet is designed to support a wide range of identity verification processes and transactions, from signing documents digitally to accessing public and private services online. For instance, users will be able to use their EUDI wallet to open a bank account or to check-in to their flight at the airport.
Use of the EUDI Wallet remains voluntary, which means that users will still be able to access public and private services via existing identification means. Nevertheless, businesses that utilize identity verification and authentication processes and that have operations in the EU will be required, within a set timeline, to accept EUDI wallets as a valid method of identity verification.
eIDAS 2.0 requires that the EUDI wallet be operable across all Member States, ensuring that digital identities and credentials are recognized and accepted throughout the EU. This allows users to access services across borders seamlessly. Furthermore, to ensure trust and security, EUDI Wallets must be issued under a notified eID scheme, built on common technical standards, and follow compulsory certification by accredited public or private bodies designated by Member States.
eIDAS 2.0 Timeline
eIDAS 2.0 officially comes into force on 20 May 2024, although the full implementation across Member States will extend beyond this date to allow businesses and public authorities to make the required adjustments for compliance with the Regulation. The implementation period is characterized by the following deadlines below.
In November 2024 and May 2025, the EU Commission must issue, in two separate batches, the necessary regulations for the technical implementation of the regulation as part of the Regulation’s Implementing Acts. These will include technical and operational specifications and reference standards for EUDI Wallets as well as a list of standards for the certification of the EUDI Wallets.
By November 2026, trusted service providers must align with the updated eIDAS 2 requirements, while Member States are expected to deploy their EUDI wallets to their citizens.
By November 2027, businesses that utilize identification and authentication processes will be required to accept EUDI wallets as a valid method of identity verification.
What This Means For Your Business
The Regulation presents significant opportunities for businesses. The regulatory framework for digital identity will facilitate cross-border operations for businesses, opening up new avenues for growth. Furthermore, the enhanced security and trust provided by the Regulation will bolster confidence in digital transactions and mitigate trust issues with counterparties, fostering a more robust digital economy. For example, in international trade, it will prevent transactions from falling through due to mistrust, or requiring additional time and money to verify the reliability of the other party or put safeguards in place.
However, similar to the implementation of GDPR, businesses will need to adapt to the requirements of eIDAS 2.0. Companies must invest in updating their technology and processes to meet the new standards. Notably, they must update their existing infrastructure to ensure interoperability with the upcoming EUDI wallets. Ensuring compliance will be crucial for businesses to fully leverage the advantages offered by eIDAS 2.0 while maintaining operational integrity and security.
Hopae Provides Solutions
To reap the economic benefits that eIDAS 2.0 will bring, proactive adoption of wallet services is necessary. With Hopae's Wallet SDK, your organization will be eIDAS 2.0 compliant from day one. Our SDK leverages blockchain-based decentralized identity (DCI) technology which is lightweight, scalable, and capable of handling high traffic volumes while ensuring interoperability and data privacy.
Hopae is an identity verification solutions provider that leads the digital identity market. The team has already proven the potential of DCI technology through COOV, a COVID-19 vaccination certificate app with 43,000,000 monthly active users.
