Revised eIDAS Regulation and European Digital Identity Wallets
In the spring of 2024, the European Parliament and the Council adopted the revised eIDAS Regulation, which regulates cross-border electronic identification and trust services for electronic transactions. In future, the Regulation will also regulate European Digital Identity Wallets. The revised eIDAS Regulation enters/entered into force on 20 May 2024. The related technical implementing acts will be adopted over the following six months.
The goal of the revisions is to develop secure and reliable solutions for people to manage and use their information in the EU. It is more and more often becoming necessary to electronically provide proof of other personal information, such as degrees, professional competences or valid driving licences.
Key amendments
The main objective of revising the eIDAS Regulation is to ensure reliable and secure digital identity solutions in the EU. To achieve this, the Regulation will set a common legislative framework for European Digital Identity Wallets. These wallets will offer a means of electronic identification that will allow users to securely manage their personal data and electronic attribute certificates, and to use qualified electronic signatures and seals.
Key elements of the revised eIDAS Regulation include:
- Obligation of Member States to issue a wallet meeting the requirements of the Regulation and to provide certain other related services.
- Obligation of Member States to ensure that the identity of a natural person using electronic identification can be matched when using cross-border public services.
- Obligation of Member States to take measures to enable qualified trust service providers to verify the attributes listed in Annex VI to the revised eIDAS Regulation, such as age, nationality or professional qualifications, directly against the authentic source.
- Obligation of public and private electronic services to accept the wallet for user identification.
- Possibility to impose administrative fines on trust service providers if they fail to comply with the requirements of the Regulation.
- Setting requirements for several new trust services.
National implementation
Member States will need to provide at least one wallet that meets the requirements of the revised eIDAS Regulation. This must be done within 24 months after the Commission adopts the implementing acts that supplement the Regulation. The Commission will need to adopt the implementing acts within six months after the revised eIDAS Regulation has entered into force.
Although the revised eIDAS Regulation is directly applicable in the Member States, additional national regulation will be needed to ensure that each Member State can apply, and fulfil the obligations of, the revised Regulation. National implementation will also require new technical solutions, which will require now roles and responsibilities. On 26 April 2024, the Ministry of Finance set up a project for the national implementation of the revised eIDAS Regulation. Its objectives include ensuring that the obligations set out in the revised Regulation are fulfilled within the time limit.
Previous eIDAS Regulation
The original provisions of the eIDAS Regulation will remain largely in force, and the Regulation will continue to apply to electronic identification systems notified by Member States. National identification methods (provided by a public or private service) can be notified to the European Commission in accordance with the eIDAS Regulation. Notified identification methods can be used to deal with public administration in other Member States.
The eIDAS Regulation will also still apply to the requirements for several electronic trust services and to the obligations imposed on their providers. The purpose of trust services is to enable trust in electronic documents and processes. Electronic trust services include the eSignature certificate, eTimestamp and Qualified Web Authentication Certificate. The Regulation sets out harmonised rules and requirements for certain trust services. National supervisory authorities recognise and publish the trust services that have been qualified according to these requirements
Inquiries:
Laura Kolinen, Senior Specialist, tel. +358 295 530 403, laura.kolinen(at)gov.fi