eIDAS 2.0 – taking the future of digital identity in Europe to the next level

In an increasingly digitized world, digital identity is steadily gaining in importance. It enables us to act securely and conveniently online, be it for online banking, shopping on the Internet or interacting with government authorities.However, traditional identity establishment methods based on ID documents are reaching their limits when it comes to balancing security and user-friendliness. Technological innovations, however, have opened the door to new and improved approaches to user identification. This also means that the associated rules, laws and regulations in the EU and across Germany are evolving and need to be adapted to current conditions.

In order to adapt to these developments and facilitate the cross-border use of digital services, the eIDAS (Electronic Identification, Authentication, and Trust Services) regulation was launched back in 2016.

Now, the next stage is imminent – eIDAS 2.0. In this blog post, we take a closer look at the evolution of the eIDAS system and its potential impact on the future of digital identity in Europe. We clarify what eIDAS 2.0 is all about, what the changes are and what it means for you as a company.

What does the eIDAS directive regulate?

eIDAS is a regulation issued by the European Union (EU) that creates an EU-wide framework for electronic identification and trust services. However, by doing so, it not only achieves a legally secure space for electronic identification and trust services, but also ensures that these services are recognized and accepted in all EU countries.

The goal is to create a seamless digital environment that enables individuals and businesses to confidently communicate with each other, sign documents, and conduct transactions electronically.

Why is eIDAS 2.0 necessary and what is changing?

Faced with rapid technological development, the EU recognized the need for an updated version of eIDAS to reflect the changing digital landscape – thus eIDAS 2.0 was born.

The main goal of eIDAS 2.0, besides a few optimizations, is to better grasp the reality of AutoIdent and bring a new process to life.

In the following, we will first briefly highlight the improvements and then go into more detail and critically examine the idea of an ID wallet.

Essentially, eIDAS 2.0 differs in three points:

• Correction of vulnerabilities
• Extension of the scope of application
• Introduction of an ID wallet

1. Correction of vulnerabilities
   A key objective pursued in the development of the eIDAS 2.0 draft was to make the use of electronic trust services in Europe even more coherent and to ensure uniform implementation of the regulation in all EU member countries. Although transnational standards and requirements already exist, there are nevertheless differences in implementation at the national level between individual countries, which has led to inconsistencies and difficulties in the use of electronic identification and trust services.These inconsistencies are now to be harmonized by eIDAS 2.0, which introduces more detailed requirements and guidelines for the implementation of the regulation. For this purpose, both technical and operational requirements for trust service providers and guidelines for monitoring and enforcing the standards have been established. The introduction of these detailed and coherent policies through eIDAS 2.0 aims to ensure that the Regulation is applied consistently across all EU Member Countries.

   The aim of these improvements is to make electronic interactions more secure, easier and more user-friendly, and also to prevent fraud and identity theft.

2. Extension of the scope of application
   With eIDAS 2.0, the scope of the regulation is extended to additional trust services. Previously, only areas such as electronic seals, electronic signatures, and electronic time stamps were covered. In the revised version, these are supplemented by additional trust services such as electronic registered mail as well as electronic certificates for authentication. This expanded coverage ensures a comprehensive framework for secure, electronic interactions. Another innovation is the concept of Qualified Trust Service Providers (QTSP). Trust service providers that meet the strict security standards can be certified as QTSPs.
3. Introduction of an ID wallet
   The main innovation in the context of eIDAS 2.0 is the planned introduction of a digital wallet, also known as ID wallet or EUid wallet. This is software that both private individuals and companies can download onto their smartphones, where they can store and manage their certificates and evidence relating to electronic identification and trust services centrally, in one place. This means that fewer documents have to be stored in different places. At the same time, users will have a better overview of their digital identity data and can access it at any time.After considering the possible positive aspects of an ID wallet, some parallels can be drawn to the eID. Contrary to the expectations of the providers and the federal government, the eID has not caught on. The reasons behind this are made up of different causes:
   • Fragmentation: There is a multitude of national eID systems in the European Union, which are often not interoperable. Each country has its own standards, technologies and security requirements. Also with regard to the ID wallet, it is currently difficult to imagine that all nationalities will be transferred to one wallet. If only German passports and ID cards are supported, this will not be enough, because even here in Germany there are several million people with foreign citizenship. The BDR commented on this as follows “In the end, there will probably be 26 more European ID wallets,” except that the states outside the EU will be completely left out.
   • Lack of acceptance: Despite government promotion of the eID and information in citizens’ offices, this procedure has not gained acceptance. In surveys on who knows their PIN for the ID card, hardly any hands go up. With regard to the ID wallet, it is still unclear to what extent support is taking place here. “An ID just for e-government is hardly going to excite people in this country,” BDR said about the ID wallet.
   • Technical challenges: The introduction of eID requires the integration of technologies into various services and applications. In the case of the ID wallet, the main technical challenge is its dependence on the end-user device. There are a variety of different types of mobile devices and operating system versions. Becoming master of the situation here is an immense challenge and already involves excluding users on the basis of technical circumstances.

When will eIDAS 2.0 become effective?

The adoption of the new eIDAS 2.0 Regulation is planned before the end of 2023. This will be followed by the EU Commission’s implementing regulations and, depending on the implementation period, the obligation of the member countries to implement eIDAS 2.0 will then follow.

Following the adoption of the new regulation, EU member countries are required to provide a digital identity wallet (DIW) for all EU citizens, residents and businesses. The goal is to ensure that at least 80% of EU citizens have the ability to have a digital identification system by the end of 2023. With this system, they can easily communicate and interact digitally with authorities, administrations, institutions and companies. Whether these goals will actually be achieved, however, is currently questionable, as can also be read in the previous section.

Online identity verification with the cidaas ID validator and how it relates to the eIDAS regulation?

The cidaas ID validator offers a highly secure and efficient online identity verification with the use of artificial intelligence and machine learning. Hereby, using an AutoIdent procedure, a fully automated video-based legitimation, without interaction with another person, takes place.

The connection between eIDAS and the cidaas ID validator is therefore clear. The eIDAS regulation creates a legal framework and standards for digital identities, while the cidaas ID validator provides the technical implementation for identity verification within the framework of these standards, because it not only convinces with highest security, but is also eIDAS compliant.

eIDAS 2.0 revolutionizes Digital Identity in Europe

As digital transformation continues, the need for robust and secure digital identity solutions is becoming increasingly important. eIDAS 2.0 is an important step in the right direction, improving the existing framework and making it more user-friendly and secure for both individuals and businesses.

Overall, the eIDAS 2.0 Regulation is a significant step towards promoting digitization in the EU and creating a trustworthy and secure environment for electronic identification and transactions. Businesses and individuals can benefit by being able to use simpler and more secure digital services. The increased focus on data protection in the updated regulation can also ensure that user trust is strengthened and the acceptance of digital services is further expanded.

Also read our other interesting blogs on current topics:

• Digital identity verification – anywhere, anytime 
• Digital Markets Act – DMA for Transparency & Fairness!
• An AutoIdent in the SCHUFA MyConnect Hub – The role of the cidaas ID validator!