The Horizon of the European Digital Identity
On paper, the European digital identity is a step towards a more efficient and citizen-centric society, but what improvements can citizens and administrations expect, and how is this idea being put into practice?
In her September 2020 State of the Union address, the President of the European Commission, Ursula von der Leyen, emphasized the need for a secure European electronic identity that we can all trust and that any citizen can use anywhere in Europe. A digital identity that serves any operation, from paying taxes to renting a bicycle, is based on technology that allows citizens to have full control over the use of their data.
This cross-border and multi-purpose electronic identity is part of the priority projects identified for the period 2019 - 2024 and is within the goals of the European Digital Agenda 2030.
Significance and impact of European Digital Identity
Once fully deployed, it will not only bring improvements for citizens and administrations but also provide opportunities for businesses that have been promoting digital identity use and developing technologies that comply with regulations and meet user demands, adapting to changes.
The Commission's aim is that by 2030, 80% of the population within the Union will have this European digital or electronic identity (also known as eID) and will be able to use it for accessing both private and public services in any Member State.
Although the use of eID will be voluntary, it will be available to citizens, residents, and companies in the European Union who wish to have it.
In practice, the eID is based on the concept of a digital "wallet". This digital wallet will be built on trusted digital identities provided by the member states, which, in turn, will be based on the existing eIDAS regulation, as recommended by the Commission's study.
The intended purpose of this eID is not only related to identifying the holder (who I am). As we mentioned earlier, it will also allow storing additional information that citizens, companies, or entities consider relevant to include, enabling us to define "what we are." For example, citizens could include their marital status, academic qualifications, property titles, driver's licenses, and medical reports, among others.
All this information will be integrated into the "digital wallet" through trusted third parties responsible for ensuring the accuracy of such data.
Spanish case
In the case of Spain, the document that allows to identify citizens (DNI) is issued by the Ministry of the Interior through the Directorate-General of the Police. Additionally, various institutions provide information about what citizens are: the Civil Registry, under the Ministry of Justice, which can provide part of this information (marital status, number of children, etc.), and local municipalities, which provide data on residency, among others.
If they want to add more information to the wallet, such as academic degrees or medical data, for example, it will be the responsibility of the corresponding public institutions or ministries (Education, Universities, etc.) to provide it. If the information is private (e.g., MBA obtained from business schools or certifications from manufacturers about products), the respective entities will be responsible for providing this information. For driving licenses, it would be the responsibility of the Directorate-General of Traffic. The same goes for any other relevant or necessary information we may want to keep in this digital wallet.
Prerequisites for a successful digital wallet
However, to move from theory to practice and make the use of eID a reality, achieving the set objectives by the horizon of 2030, several issues must be resolved.
One of them is related to the interoperability of the different platforms that each organization or trusted entity responsible for issuing this information considers using to connect with the digital wallet. This interoperability issue is not just internal; it is also cross-border since the intention is for this eID to be usable in any Member State.
In this regard, the Commission published the architecture and reference framework for the digital wallet (ARF) on February 10th, and previously, in the last quarter of 2022, launched four large-scale pilots (LSP): EUDI Wallet, NOBID, POTENTIAL, and DC4EU, which will demonstrate its usability in different scenarios.
Additionally, questions regarding the process of the first issuance of this digital identity and when is the right time to obtain it should be addressed: in Spain, for example, the age at which a National Identity Document is mandatory is 14 years, but one might wonder, is this age appropriate for having a digital identity as well?
The last significant issue to consider is how this eID will be provided to interested parties using existing physical official identity documents and, above all, mechanisms that do not require the physical presence of the involved actors. In other words, this procedure should be completely remote for everyone.
For this remote process, the eIDAS regulation establishes that the applicable rules from different standardization bodies (ISO, ETSI, ITU, CEN, etc.) must be followed. For example, the ETSI TS 119 461 standard (which sets out the requirements and security policies that trust service solutions must comply with to ensure identity verification) is considered the reference framework that technical solutions must meet for carrying out this process with a minimum of guarantees. Specifically, section 8 concerning "Identity proofing service requirements" outlines the requirements that must be satisfied for conducting this verification remotely.
These issues, along with the inherent characteristics of the plan for developing and creating the digital identity, highlight the importance of collaborating with technology providers (such as Signicat) that can guarantee compliance with the regulatory requirements and the needs of a project like creating a functional, useful, and cross-border digital identity and digital wallet that benefits all European actors who use it.