EDIR – impact and requirements

1. EDIR is an amendment to the 2014 e-IDAS Regulation. e-IDAS created the EU legal framework for electronic identification schemes (under which electronic identification means are issued) as well as trust services (e.g. related to qualified electronic signatures).

2. Under EDIR, each EU country will be required to notify at least one electronic identification scheme (so far only 14 Member States have done so).

3. EDIR will also provide the legal framework for a new means of electronic identification, the European Digital Identity Wallet (EDI wallet). EDI wallet will be a comprehensive solution enabling the user to:

• store identity data, credentials and attributes (diplomas, licenses, birth certificates, etc.) associated with his or her identity,
• pass on the data to service providers (trusting parties) upon request and use them for online and offline authentication in connection with the services,
• create qualified electronic signatures and seals.

4. EDIR will make it mandatory for certain entities to accept EDI wallet:

• providers who use strong user authentication for identification purposes in online services due to a legal or contractual obligation (applies in particular to financial market players),
• very large online platforms as defined by the Digital Services Act.

Other entities will also be able to accept EDI wallet. Any entity accepting EDI wallet will be required to inform the competent authority in the country of its registered office about its intention to accept this solution.

5. EDIR will introduce a more harmonized approach to digital identification within the EU to ensure that service providers may fully rely on and accept digital identity solutions regardless of which EU Member States they are issued in:

• Member States are required to accept EDI wallets issued in other Member States when they require electronic identification using an electronic identification means and authentication to access an online service provided by a public sector body,
• also private entities are required to accept EDI wallets regardless of which Member States they were issued in,
• a mechanism for mutual recognition of other means of electronic identification will also be introduced,
• the European Commission will be required to support and facilitate the development of self-regulatory codes of conduct at the level of the European Union.

6. The existing eIDAS provisions on supervision and requirements for qualified trust service providers will be adapted (e.g. the scope of audit will be extended to include compliance with the requirements of the NIS 2 Directive).

7. New qualified trust services will also be introduced – electronic archiving, electronic records service, and management of remote electronic signature (seal) devices. The electronic register is the solution that combines the effect of time-stamping data with certainty about the creator of the data (an example application might be the ability to verify the origin of goods in cross-border trade). In addition, the qualified trust service for the creation, verification, and validation of electronic signatures, electronic seals, or electronic time stamps and recorded electronic delivery services will be complemented with an additional category: electronic attestation of attributes. The entity certifying attributes will certify such attributes as: diplomas, licenses, birth certificates.

8. Web browser vendors will be required to display qualified certificates for website authentication in a user-friendly manner.