Insights EU Digital Identity: European Parliament formally adopts proposed Regulation

Contact

In 2021, the European Commission published a proposal for a Regulation to create a framework for a harmonised European electronic digital identity by which users would be identified and authenticated when accessing public and private sector services without having to rely on commercial identification providers. These “European digital identity wallets” would be recognised throughout the EU and enable both individuals and businesses to prove their identity, such as when opening a bank account, and enable the selective sharing of other personal attributes such as qualifications or proof of age, or digital documents such as a medical prescription, professional certificate or ticket for travel. A summary of the key provisions of the Commission’s proposal were previously reported by Wiggin.

On 8 November, negotiators for the European Parliament and the Council of EU reached political agreement on the Regulation and, on 29 February, the Parliament formally adopted that text.

In summary, the agreed text provides that EU Member States must provide citizens and businesses with a European digital identity wallet that allows users to digitally identify themselves, to store and manage identity data and official documents in digital form, and to digitally sign documents, that can be used across the EU. The wallets can be provided either by the Member State itself or by a private sector provider, and must be certified by accredited public and private sector bodies designated by Member States. The wallet is not intended to replace existing national identification and authentication schemes, but to complement them. The wallet must be voluntary and free of charge for individuals, but Member States may decide to limit free use of the wallet to non-professional purposes. Very large online platforms (defined under the EU Digital Services Act as platforms with 45 million or more average monthly active users in the EU), and private service providers required to use strong user authentication (e.g. banks), will have to accept the wallet if the user (voluntarily) requests to use it. Whenever there is no legal requirement for users to have a legal identity for authentication, they will be able to use freely chosen pseudonyms.

Further, the wallet must contain a dashboard of all transactions of the user and offer the possibility to report alleged violations of data protection. Users can also request that their data be deleted. The wallet should ensure the highest level of data protection and implement advanced security features such as state-of-the-art encryption and storage methods. The wallet application software will be open source.

The legislation will now have to be formally adopted by the Council of the EU.  Member States will then have to provide the wallets within 24 months after the Commission’s adoption of the Implementing Acts (acts the Commission has the power to make under the Regulation to create uniform conditions for implementation) setting out standards, specifications and procedures for the wallet and the certification of wallet providers. It is worth noting that the Commission’s “2024 annual Union work programme for European standardisation” (15 February 2024) which identifies, as a priority, the standardisation work necessary to create the European Digital Identity framework, states that this work will include the development of new European standards for online age assurance/verification.

For more information, click here.