A new European model of digital identity
The concept of wallet owes its origin to cryptocurrencies. Unlike common wallets, the cryptocurrency wallet stores cryptographic keys instead of money.
Today, the wallet concept has been extended to the field of digital identity. As part of the revision of the Electronic Identification, Authentication and Trust Services (eIDAS) Regulation, known as eIDAS 2, the European Union Digital Identity (EUDI Wallet) is a project of the European Commission led by its President, Ursula von der Leyen, with the aim of creating a single digital identification system in Europe.
The original eIDAS regulation, from 2014, establishes a single European digital identity market, creating a federation of trust and interoperability between the different countries. As a result, digital identities issued in each country that must be accepted in the rest. These identities are called notified.
Unfortunately, the adoption of eIDAS is not desirable, with 41% of the population outside of it (their state has not notified a national digital identity). In addition, the integration of authentication systems into web services is complex, and authentic interoperability between notified schemes has not been achieved.
One of the objectives of the eIDAS 2 revision is to improve this interoperability and transaction by introducing the European Digital Identity Wallet (EDIW), which will allow its users to access online services, share electronic documents and identify themselves throughout Europe. All this, with full control over the data shared.
Therefore, we can, for example, apply to a European university, open a bank account, rent a car and many other procedures that require identity verification in the 27 EU member countries.
Roles and functions of the European Digital Identity Wallet
One possible EDIW scheme is a traditional Self-Sovereign Identity (SSI) approach. In this scheme, in general, the user controls his identity and the attributes corresponding to it (age, date of birth, education, among others). On the one hand, there are entities that issue these attributes (Police, University, etc.) and on the other hand, there are entities that consume these attributes (Bank, City Hall, Company).
Then in my wallet I will have a collection of identity attributes, or credentials, that I will choose with whom to share them on an individual and highly segregated basis, with no obligation to give up my entire identity with all its attributes, but only those relevant to the specific transaction.
In the previous scheme, we have that the entities that issue credentials are the Issuer, and those that consume them are the Verifier.
Attention because the same entity can be Issuer of some credentials, and Verifier of others. For example, our City Council can be the Verifier of our identity, and, with it validated, issue us a registration credential.
Citizens or companies, as users, assume the role of Holder, supported by the EDIW, which will manage the interaction with all the systems, isolating us from the underlying complexity.
Reflecting on what we have seen so far, we can conclude that the Issuer's role is critical within an SSI scheme, and the management of its own identity and the means it uses to generate credentials is very delicate.
Issuing highly trusted identities and taking care of the means to use them is what a Qualified Trust Service Provider like Uanataca does best. This makes its role in this SSI scheme crucial as a trusted figure.
The new eIDAS 2 regulation will regulate EDIWs, which must provide secure, cross-border access to public and private services and must be accepted by all member states. In practice, they will implement an SSI mechanism and the possibility of electrónica qualified signatures.
EDIWs must undergo a certification process to ensure that they comply with cybersecurity regulations and the GDPR. They will be considered a valid means of authentication, obliging all public entities to accept them, as well as certain private sectors where authentication or identity validation is mandatory (transport, energy, banking and financial services, social security, health, water supply, postal services, digital infrastructure, education or telecommunications) and large online platforms such as Facebook or Instagram.
Practical examples of the use of the European digital identity
As citizens, and as we have mentioned, we may have different attributes (credentials) associated with our identity, such as, for example:
- Our age
- Our level of studies
- Our driver's license
- Our vaccination information
These cases would allow us for example the following use scenarios:
- Renting a car: we could prove to a car rental service that we are of legal age, and that we have a valid and current license that allows us to drive it, without having to disclose other personal data that are irrelevant to the transaction.
- Buying a bottle of wine in an e-commerce or in person: analogous to the previous example, through our EDIW, we could present a credential that proves we are of legal age in a wine store, without the need to disclose other personal information such as our name, date of birth or address.
- Create an account on a social network: we could use our EDIW data, such as our email address, to create an account on a social network. We could also ensure that our account belongs to an adult, without revealing our date of birth and without sharing any other personal data.
- Carry out a procedure with our city council: as with other online services, we could make a request for a building permit to our city council with our credentials, in this case in a simple way, even signing the request with our EDIW as today we could do with our electronic ID or digital certificate.
In conclusion, the digital revolution requires cyber rights and the European Union understood it: according to digital strategists, by 2030, more than 80% of European citizens must have digital solutions to this response.
This makes the eIDAS 2 a step towards the urgency of establishing digital rights for the protection of users' identity on the Internet.
The European Union had already expressed in the past its concern about the abuses and invasion of privacy of digital platforms, as well as the regulation of cryptocurrencies in wallets. Because of this, it is betting on its progressive and essential digital transformation in EU policies as it represents important opportunities to prevent technologies decrease.
With the strength of these mandates under discussion as a first draft and adding the beginning of digital identity through wallet we could say that we are at the beginning of a new digital era that undoubtedly comes to test all companies related or not to the sector.