eIDAS 2: Transforming Electronic Identification with Digital Wallets

Governments have always issued some type of “traditional” identity document (e.g., passports, national IDs, driver’s licenses) that helped citizens identify themselves in the physical world. With the rising importance of online transactions for both public and private services, governments as well as private identity providers are creating electronic versions of these traditional documents, which are called “electronic IDs,” “eIDs” or “digital IDs.”

The goal is to enable individuals to use eIDs to securely access websites and online services. Instead of requiring different usernames and passwords for each of these sites, users will be able to use a single eID to access all services. For example, a citizen could use their eID to access tax, health, labor, regional and town websites and online services. Although usage of eID has been primarily focused on government services, they are now starting to be used in the private sector as well.

What is eIDAS?

eIDAS is the European Union’s legislation that oversees electronic identification, authentication and trust services for electronic transactions in the EU’s internal market. The purpose of these digital identity services is to enable secure and seamless electronic interactions between businesses, citizens and public authorities across the EU.

The eIDAS regulation:

  • ensures that people and businesses can use their own national eIDs to access public and private online services in other EU countries.
  • creates a European internal market for trust services such as electronic signatures, electronic seals, time stamps, electronic delivery services and website authentication by ensuring that they will work across borders and have the same legal status as their traditional paper-based equivalents. By providing certainty on the legal validity of all these services, businesses and citizens are encouraged to use digital interactions as their natural way of interaction.

Who Issues eIDs?

In the EU, the government of each country is ultimately responsible for issuing its own eIDs. In some cases the government issues the eID directly through its agencies (e.g., police departments, government offices). In other cases, the government subcontracts the issuing of its eIDs to a small set of private companies that have been selected and authorized directly by the government.

As of September 2021, 25 EU countries have pre-notified or notified eID schemes under eIDAS. You can see the current list on the eID User Community wiki, or use this interactive map.

New to eIDAS and electronic IDs?

A Primer on eIDs and eIDAS Regulation

Introducing Digital Wallets

In 2021, the European Commission proposed the addition of digital wallets for the next iteration of eIDAS, commonly known as eIDAS 2.0. Digital wallets are apps and services that allow you to manage and securely share your digital identity credentials, providing only the information needed for the transaction. eIDAS 2.0 requires every EU member state to make digital identity wallets available to their citizens by 2023.

Previously, you would submit your passport or driver’s license to prove your identity, which would give the business or agency access to all the data on that ID. A digital wallet allows you to control which data you share, which is critical for data privacy. For example, if you’re ordering alcohol for a corporate event, you need to share your age but should not have to share your home address, signature and driver’s license number.

Focus on Interoperability

eIDs are different in each of the member countries. Therefore, the eIDAS legislation’s main focus is to make sure governments recognize eIDs issued by each other. For example, German citizens working in Italy should be able to access Italian government services by using their original German eIDs – they should not need to get Italian eIDs as well.

An IT infrastructure of national government-based public servers, called eIDAS nodes, is currently being developed to support this intercountry/intergovernmental functionality. The communications between government networks happen in the background: messages between different government eIDAS servers make sure that eIDs are recognized and authenticated in real time when used. For a look at how this works behind the scenes, see this article.

Electronic IDs Around the World

In addition to Europe, governments on other continents are also moving toward the enablement and use of electronic IDs.

In the U.S., several states have started offering mobile versions of their driver’s licenses. In particular, Colorado has issued their digital ID in the MyColorado mobile app. The usage model is mostly focused on convenience for the user. The digital ID can be used to prove a customer’s age at liquor stores or bars. But when requested by police officers, the user has to show the traditional driver’s license document — the digital ID is not deemed valid yet for personal identity verification in these legal circumstances. Other U.S. states have also issued some form of digital ID, mostly to facilitate interaction with government services or agencies.

In Asia, Singapore has started a digital ID program called SingPass, which is designed to enable single access to government services through their mobile app, while other APAC countries are starting to evaluate similar programs.

In Latin America, Buenos Aires recently announced a new digital identity approach for Argentina. The trend toward issuing and even requiring digital identities is quickly growing around the world.

The Future of Digital Identity

Jumio has long been the leader in online identity verification and is well positioned to become the leader in digital identity as well. In addition to developing solutions to enable our customers to verify digital identities from trusted sources, including eIDAS digital wallets, we are helping to drive the conversation about policy and standards and are co-chairing a working group at the FIDO Alliance. We are also working with the Accountable Digital Identity Association, Decentralized Identity Foundation, Trust Over IP Foundation and more. Our vision is to promote interoperability to ensure users have a seamless experience and can use their digital identity everywhere.

For more information on Jumio’s identity verification solutions and the future of digital identity, contact us to schedule a call.

eIDAS compliance primer