Change is coming. The second iteration of the European Union’s regulation on electronic identification and trust services for electronic transactions – better known as eIDAS 2.0 – is edging closer to coming into force.
The update is expected to come into effect by the end of summer 2024. It drastically changes the original eIDAS regulation. The world’s digital landscape has significantly transformed since the first iteration of regulation was passed in 2014. The forthcoming revision aims to enable all EU citizens to use secure digital identities and protect them online.
As a digital trust and security leader, Ascertia recorded one of its primary #AscertiaOn episodes dedicated solely to eIDAS 2.0. Recorded in November 2023, the episode provides expert insights and opinions on:
- Upcoming changes
- The EU’s strategy over the last five years
- How eIDAS 2.0 may impact digital business within and outside the European Union
What exactly is changing with eIDAS’ evolution? This blog delves into the coming changes and explains what you should expect.
Changes delivered by eIDAS 2.0
As the world evolves around digitalisation, artificial intelligence (AI) and rising cyber threats, regulations must keep pace. The original eIDAS regulation laid a solid foundation, but it’s time to upgrade.
eIDAS 2.0 is a revamped version addressing the needs of today’s digital landscape. Let’s dive into the key changes 2.0 brings, making it a game-changer for secure digital interactions across the EU.
- Security and privacy: Strengthens the security and privacy of electronic identities and trust services
- Digital identities: Establishes a framework for the creation and use of digital identities (EU Digital Wallet or EDIW)
- Interoperability: Increases compatibility across national systems
- Qualified Trust Services: Adds four new qualified trust services
- User control: Emphasises ‘sole control’, allowing EU citizens to exercise their rights to a digital identity entirely under their control
- Industry application: Benefits every industry, whereas 1.0 wasn’t ideal for the private sector
- GDPR compliance: Complies with the General Data Protection Regulation (GDPR)
- Availability: Available to any EU citizen, resident or business
- Scope of regulation: Expands the regulation to include additional cross-border digital services like:
- Authentication
- Identification
These are significant changes to the regulation. They aim to match the pace of digital transformations across the Union. Watch the short video below for more information on the legal implications of 2.0’s impending arrival.
New features coming with eIDAS 2.0
The EU is taking a big leap forward in digital identity with eIDAS 2.0. This isn’t simply an update to the existing eIDAS regulation; it’s a significant transformation that will empower citizens and businesses with greater control and security in the online world.
While eIDAS 1.0 laid the groundwork for secure digital interactions, 2.0 goes a step further. It recognises the digital world’s volatility and the growing importance of user sovereignty. Here's a key aspect that sets 2.0 apart:
- Empowering individuals with a new framework for digital identity: eIDAS 2.0 introduces a comprehensive framework that enables individuals and organisations to establish and use digital identities without relying on government verification. This aligns with the EU’s vision of putting users in the driver’s seat – you control your digital identity, not a central authority.
This shift towards user control is a major innovation. It allows individuals to decide what information they share, with whom they share it and for what purposes. This not only enhances security but also fosters greater trust and transparency in online interactions.
New qualified trust services
eIDAS 2.0 goes beyond streamlining existing digital identity and trust services. It introduces a brand-new suite of qualified trust services, significantly expanding the toolbox available to EU member states. These innovative services cater to doing business in a rapidly changing digital world and offer exciting possibilities:
- Qualified Electronic Archiving – This new service provides a secure, reliable way to store and manage electronic records. With qualified electronic archiving, you can be confident that your data is protected and readily accessible when needed.
- Management of Remote Electronic Signature and Seal Creation Devices – Physical tokens to sign documents will be a thing of the past. This service allows for the secure creation and management of electronic signatures and seals using remote devices. It makes the signing process more convenient and flexible than ever before.
- Qualified Electronic Attestation of Attributes verified against authentic services – This service lets you obtain tamper-proof digital attestation that verifies your attributes against trusted sources. It will streamline processes like onboarding for new clients or accessing online services.
- Qualified Electronic Ledgers – Secure, tamper-proof record-keeping system for everything from transactions to supply chains – this is the potential of qualified electronic ledgers. This service leverages blockchain technology to create a shared, distributed ledger that ensures data integrity and auditability.
These new qualified trust services are just a glimpse into the future of secure digital interactions. eIDAS 2.0 empowers people and organisations with a wider range of tools to confidently navigate the online world.
European Digital Identity Wallet
eIDAS 2.0 ensures the availability of all EU citizens and businesses who want to utilise the European Digital Identity. The EU Digital Identity will allow people and businesses to identify themselves or provide confirmation of personal information, both online and offline, via a digital wallet. It will also allow an EU citizen to strongly authenticate with the wallet, to a system and even to remotely authorise a Qualified Signature and TimeStamp.
On the need for a secure digital identity system, Ursula von der Leyen, President of the European Commission, said:
“Every time an App or website asks us to create a new digital identity or to easily log on via a big platform, we have no idea what happens to our data in reality. That is why the Commission will propose a secure European e-identity. One that we trust, and that any citizen can use anywhere in Europe…”
This system aims to foster safety and security for EU citizens and organisations, even when sharing sensitive information. It prioritises compliance with GDPR and provides ‘sole control’ of an individual’s details.
Have questions about eIDAS 2.0 and its impact on digital trust? Contact our expert team today. You can also download our free eBook for an in-depth analysis of the evolution of the eIDAS regulation.
