The European Digital Identity Regulation, EDI Regulation, EDIR

Highlights

The use of the European Digital Identity Wallet (EDIW) is to be voluntary and available to every citizen of an EU country.

The digital identity wallet will enable identity proofing and the storage and exchange of electronic documents.

The legislation is intended to give users full control over data sharing.

Time order

03.06.2021 – announcement of the draft regulation
29.02.2024 – adoption of the regulation by the Parliament
26.03.2024 – adoption of the regulation by the Council
30.04.2024 – publication in the Official Journal of the European Union
20.05.2024 – entry into force
21.11.2024 – publication of implementing acts in the Official Journal of the European Union
2026 – obligation for each Member State to provide at least one European digital identity wallet

Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards the establishment of a European Digital Identity Framework (the ‘Regulation’) amends the Regulation of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (the ‘eIDAS Regulation’). The primary objective of the amendment is the implementation of European Digital Identity Wallets (EDIW), aimed to ensure the right to securely participate in the digital society by enabling digital access to public and private services within the country of origin and when travelling and residing in other EU Member States. Thus, the Regulation aims to establish a common and European-wide system for the use and recognition of electronic identification means for citizens of EU Member States for the purpose of verifying identity or confirming certain personal information.

Changes in definitions

A number of definitions in Article 3 of the eIDAS Regulation have changed. One of them is the concept of ‘electronic identification’, which adds that the process of using data identifying a person also applies to a natural person representing another natural person, and not only representing a legal person, as it was previously the case. The definition of ‘electronic identification means’ has also changed, which previously meant a tangible or intangible entity containing data identifying a person, used for authentication purposes only for an online service. The current provision additionally states that means may also be used for authentication purposes for offline services as well. New definitions have also been added to the regulation such as. ‘strong user authentication’, also included in the regulation for the provision of payment services.

Digital identity wallet

European Digital Identity Wallet (EDIW) means an electronic identification means that allows a user to securely store and validate personal identification data and electronic attribute credentials. An attribute within the meaning of the Regulation will mean a characteristic, characteristic or right or authorisation. The electronic attestation is therefore intended to enable the authentication of the said attributes. Such wallets will thus be able to combine national identity documents with other documents such as driving licences or proof of professional qualifications. Union citizens will thus be able to prove their identity and share electronic documents with the EDIW via a mobile app. At the same time, digital identity wallets are to securely manage data and credentials for sharing with relying parties and other users of European digital identity wallets. In addition, EDMIs are also to enable qualified electronic signatures or qualified electronic seals. Each Member State shall provide at least one European Digital Identity Wallet within 24 months of the entry into force of the implementing acts issued by the European Commission.

Voluntary

The legislation makes it clear that the use of wallets will be voluntary. This means that natural and legal persons who do not use European Digital Identity Wallets must not have their access to public and private services restricted or impeded in any way. This also applies to access to the labour market and the freedom to do business. There must still be other means of identification and authentication to access such services.

Open source

The source code of the EDIW application software components must be covered by an open source licence. However, Member States may provide that, for duly justified reasons, the source code of individual components, other than those installed on user devices, shall not be disclosed. This means that the wallet is to be open source and thus allow users full control over the technical aspects of data sharing. In addition, the Regulation explicitly indicates the right to use pseudonyms of the user’s choice.

Acceptance of european digital identity wallets

Member States should accept European Digital Identity Wallets where they require electronic identification and authentication to access an online service provided by a public sector body. When using EDIW, strong user authentication will be required, which under the Regulation is based on the use of at least two authentication components belonging to different categories, such as knowledge (something only the user knows), possession (something only the user possesses) or user attribute (something the user is). These categories are independent in that the breach of one, does not compromise the reliability of the others. Where private relying parties that provide services (with the exception of micro and small enterprises) are obliged by contract, Union law or national law to use the SCA for electronic identification purposes, they are obliged, no later than 36 months after the entry into force of the relevant implementing acts, to accept European digital identity wallets, but only at the voluntary request of the user.

DLK information

If you want to stay abreast of regulatory affairs, register and receive information about important regulatory and industry events, and DLK Legal activities: Register for notifications.