On 16th September 2020, in her “State of the Union” speech to the European Parliament, Commission President Ursula von der Leyen proclaimed that “the Commission will soon propose a secure European e-identity”. In another statement, it was made clear that EU leaders “will ask the Commission to put forward a proposal for a ‘European Digital Identification’ initiative by mid-2021”.
Electronic identity, eID, is core to the digitalization of Europe. There is a lack of deployment of eID in many EU Member States, and there is a need to make eID work cross-border in the EU. Likely, the EU eID initiative will address both these challenges.
Some information and directions are provided where the EU’s ambition is not for the development of a centrally issued eID, but rather a system where eIDs from several issuers can work in an interoperable way.
The timing for the Initiative is related to the revision of the eIDAS regulation (Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market). The eID part of eIDAS has not been that successful since it has been limited to public sector services and with very little practical use. A draft revised eIDAS regulation is expected to be published first quarter 2021. The rest of 2021 will be spent on consultations and revisions with a final version planned to be approved early 2022, hopefully regulating eID in a more comprehensive way than the current eIDAS regulation. A possible arrangement for an EU eID is that the role “qualified eID provider” is defined in the revised eIDAS regulation, with resulting mandatory acceptance of the related services all over the EU.
Until the proposal is published, we do not know with any certainty what the EU eID will look like. The information released so far indicate an eID scheme inspired by self-sovereign identity (SSI) with the user in control. Information will be fetched from trusted information sources in the individual Member States, and a project to map available sources is ongoing. The information also indicates a mobile-preferred solution using app technology.
Signicat supports regulating eID as a (qualified) trust service. Signicat’s recommendation is not to limit a qualified eID provider to follow the EU eID scheme but open this role also to actors following other identity schemes. Several countries have deployed eID solutions that in practice are society-critical infrastructures, and these should be allowed to become “qualified”. eID as a trust service should include an ecosystem approach where also “brokers”, using a broad interpretation of the term, can become qualified providers and get access to the identified information sources. The result will be a legal framework that opens up the market to enable competition, innovation and scale.
Read for more expert analysis by Jon Ølnes where he uncovers in more depth:
Signicat looks forward to further information on how the EU eID scheme will be specified and we are eager to actively contribute to making the initiative work in the best possible way.
Communications Manager at Signicat
February 22 2021