A host of organisations that represent the trust services sector have rallied together to express concerns about proposed changes to the eIDAS 2 Regulation which could impact consumer trust when the redrafted legislation and cross-border e-ID comes into play next year.
eIDAS 2 is the regulation to support the EU initiative to introduce a digital identity for every citizen that wants one by 2024. Every EU member state is obliged under EU policy to create its own European Digital Identity (or e-ID) Wallet, which is interoperable with other countries over privacy considerations and technical specifications.
The Cloud Signature Consortium, which has members that are industry and academic organisations, issued a formal letter resisting the regulation changes for the EU digital identity, as a key player in building data standards for cloud-based digital signatures.
The final version of the eIDAS 2 regulation’s general approach omits language describing current eID schemes as having a ‘substantial’ or ‘high’ level of assurance, while the open letter warns of the consequences on consumers when many national eID schemes within Europe are in fact user-friendly and popular verification methods for citizens.
Noting that European eIDs tend to have a high level of assurance that supports adoption growth, the letter gave some examples e.g. the SPID identification iniatitve in Italy, Danish NemID and MitID and the Swedish BankID.
Citizens have accustomed to fully digital, reliable and secure e-ID schemes which many european states have begun rolling out to coincide with the implementation of the EU wallet, however, usability could unlock more citizens to use qualified signatures and access public services.
Amended eIDAS 2 Regulation: the lack of e-ID schemes
https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:52021PC0281&from=EN
In the European Commission’s proposal, failures of the regulation are exposed as “falling short of addressing these new market demands, mostly due to its inherent limitations to the public sector, the limited possibilities and the complexity for online private providers to connect to the system, its insufficient availability of notified eID solutions in all Member States and its lack of flexibility to support a variety of cross- border use cases”.
Identity solutions outside the parameters of eIDAS, for example utilised by social media networks and financial service providers, raise privacy and data protection concerns, according to the proposal.
Since embarking on broadening EU digital identity as part of the Regulation in September 2018, only 14 member states have created one national eID scheme, slowing down progress to ensuring 80% of citizens have access to a digital ID solution to unlock public services by 2030.
Currently, only 59% of EU nationals have a cross-border eID scheme.
The Cloud Signature Consortium will be speaking on our agenda at Identity Week Europe, 13-14 June 2023 at the RAI, Amsterdam.
