The EU Digital Identity Wallet aims to provide citizens with a secure, interoperable digital ID. A recent conference by the Swedish Agency for Digital Government (DIGG) explored its current status and future prospects. This article examines the roles of member states, key functional requirements, technological challenges, and upcoming pilot tests, highlighting the project's complexities and potential impact.
TL;DR
- Current Status: EU Digital Identity Wallet discussed at DIGG conference; stakeholders negotiating goals.
- Member States' Responsibilities: EU mandates access to interoperable digital ID wallets; states can develop via various approaches.
- Key Functional Requirements:
- User control and data sharing
- Privacy safeguards against data combination and behavior tracking without consent
- Support for personal ID data and credentials, interoperability, high assurance
- Certification, free basic ID, access for private services, QES support, online/offline usability
- Privacy Concerns: Balancing stringent privacy requirements with data transparency for AML and crime prevention remains challenging.
- Technology Development: Blockchain and decentralized identity expected; uncertainty remains on implementation.
- Pilot Testing: Large Scale Pilots start spring 2023 to test technology and infrastructure.
- Regulatory Outlook: Final eIDAS2 regulation expected post-pilot testing, possibly by 2025, with anticipated coordination challenges and potential delays.
The EU Digital Identity Wallet: Current Status and Future Prospects
At a recent conference by the Swedish Agency for Digital Government (DIGG), various presentations outlined the current status and potential future of the EU Digital Identity Wallet. Different stakeholders are negotiating goals, and many questions remain, including the balance between technology and functionality.
Member States' Responsibilities
EU Member States are required to ensure citizens have access to interoperable digital ID wallets. Each state can develop the wallet in various ways, including state-led projects, procurement processes, or allowing private companies to create competing wallets.
For example, Sweden prefers multiple private companies to develop digital identity wallets while maintaining state oversight for high-assurance digital identity documents.
Key Functional Requirements
Likely functional requirements for the EU Digital Identity Wallet include:
- User control over digital identity and data sharing.
- Prevention of data combination from different sessions without user consent.
- Prohibition of user behavior data collection without consent.
- Support for adding various personal identification data and credentials.
- Interoperability within a common framework.
- High Identity Assurance Level with unified interfaces.
- Certification under a shared framework.
- Free electronic identification for individuals, with potential charges for additional attributes.
- Access for private services to the EUDIW framework.
- Support for remote Qualified Electronic Signature (QES).
- Usability for both online and offline scenarios.
The EU Digital ID Wallet is Not only About Identity Verification
The requirements in the Architecture Reference Framework have a very clear focus on user integrity, anonymity and privacy. However, other EU initiatives in Anti Money Laundering (AML) and crime prevention point towards the need for more, not less access to data on sensitive transactions, e.g. money transfers to and from the bank account of the user.
How to balance the stringent privacy requirements with these data transparency and monitoring requirements is still an open question. It is not unlikely that services engaging with EUDIW holders will be required to store and share sensitive data with authorities, even though the purpose of the EUDIW is to make this monitoring impossible.
The Technology for the Digital Wallet is Yet to be Developed
Based on the presentation and following discussion by DIGG, it is likely that blockchain technology will become an important part of the EUDIW framework, and that ideas within Decentralized Identity and Self-sovereign Identity will have a significant impact on the EUDIW. However, since there are still many aspects of these technologies that are yet to be developed, it is clear that uncertainty will remain for technology providers as to how viable the requirements are in practice.
Next Step - Pilot Testing of the EU Digital Identity Framework
The update of the European digital identity framework will now be followed by four Large Scale Pilots running over two years, with an estimated beginning spring 2023. These will test key aspects of the planned technology and infrastructure for the European digital wallet in different use cases and EU member states, including cross border testing. Given that they are public-private partnerships with stakeholders in several countries, it is not unlikely that there will be coordination challenges.
Still Many Uncertainties
DIGG expects the final eIDAS2 regulation and framework to come into law some time after the completion of the Large Scale Pilots, which would point towards a date in 2025 at the earliest. There is a very high interest on EU level, both from member states and the EU Commission, to develop the EUDIW.
However, the coordination and stakeholder management process challenges are considerable, and it is probably more likely than not that there will be further delays. Also, the technical risk remains high, given that technology that is yet to be developed will be part of the requirements.
Build Compliant European Digital Identity Wallets
The EUDIW project is very ambitious and has the potential to create clear value, both in terms of integrity and efficiency. For Truid, the overall objective is exactly the right one. The main risk is likely political and technical, but the timeline makes it possible for private companies to learn and stay ahead of the official regulatory developments to make sure that it is possible to deliver a product compatible with the EUDIW certification if and when it comes.