Making the European Union Digital Identity Wallet a Reality
As the European Commission and its eIDAS expert group drive new regulation on European Digital Identity (EUDI) wallets, the requirement to have one common, secure, interoperable and standardized solution for all EU citizens is now a key priority. However, there are still difficulties for the 27 EU member states to overcome and considerations to make if their digital identity schemes are to be accepted and implemented throughout Europe, as Jean-Daniel Aussel, Chair of the GlobalPlatform eID Wallet Task Force, explains…
The roll out of digital identity solutions have been taking place for some time across the globe. From the U.S. to the Dominican Republic, and Singapore to China, many citizens have downloaded their country’s intuitive mobile apps and adapted to having their critical information stored securely all in one place.
Now, with the focus on Europe, the European Commission is supporting large-scale pilot projects requiring all 27 EU member states to develop their own interoperable and trusted schemes, signalling a new era for the continent’s role in digital evolution.
However, before delving into the ‘where we are now’ landscape, here is a brief overview of Europe’s backstory in relation to digital identity and the developments that have followed.
The EUDI background
In June 2021, the European Commission adopted a new proposal to further digitize the economy. Introducing a regulation on European Digital Identity called eIDAS 2.0, this proposed framework laid down the necessary foundations to provide citizens with universally secure and convenient ways to provide and share identity information recognized throughout the EU via a digital identity wallet.
As part of this work, the Commission mandated the eIDAS group to develop a ‘Toolbox’ including an Architecture Reference Framework (ARF) to define the wallet’s common standards and specifications. Among other things, the ARF identifies the roles, actors and interfaces of the wallet, as well as underlying data models.
These developments are working to enable the creation of the EUDI wallet solutions – digital electronic identification (eID) apps suitable for mobile devices and cloud services. These will be used in a wide range of online and offline services and transactions – from enabling users to conveniently check in at the airport to safely opening a bank account. In time, they may also replace physical identification documents that have a secure element, such as driving licences and ID cards.
With the regulation now officially in place and EUDI wallet deployments expected in early 2025 after a phase of large-scale pilots, it is the responsibility of each of the 27 member states to develop and issue a digital identity wallet with a scheme that is recognized and accepted by all other member states.
Digital identity opportunities and challenges
The planned benefits of the EUDI wallet are plentiful. Users will have access to an enhanced user experience, inclusion and participation in cross-border recognition, user privacy, advanced cybersecurity and multi-usage.
However, for the solution to be successful and breed confidence, the apps must be built on common technical standards that ensure security, interoperability and trust. And while EUDI wallets offer many opportunities, there is no question that having critical and private information on a mobile device presents security challenges. With cyber-crime set to cost the world $10.5 trillion by 2025 as malicious threats become more pervasive and sophisticated, the opportunities for attackers to strike are lucrative. In addition, there are now more than 5.3 billion mobile users worldwide, so preventing phishing and smishing attacks, data leaks, identity theft and more puts cybersecurity top of the priority list for developers and schemes.
Therefore, it is vital that each member states’ EUDI wallet has been thoroughly tested and found to be secure and reliable. The solution must offer significant protection and be interoperable, secure and reliable for member states to accept them. Additionally, member states must also decide:
- Which wallet to endorse and adopt
- How to perform Personal Identification Data (PID) provisioning (PID refers to an identifier typically delivered by a government after verification of the identity of the citizen)
- The appropriate balance of security vs convenience and reach for the different use cases
If timelines remain on-track, it is anticipated that early EUDI wallet app pilots are to be deployed in 2024. And if roll outs are successful, it could mean that 80% of EU citizens will be equipped with an eID solution by 2030 – a milestone moment in the evolution of digital identity.
How GlobalPlatform can support the successful implementation of EUDI
Having successfully developed several interoperable and reliable technologies for trustworthy devices and digital services, our organization is in a strong position to provide the foundations for fostering trust in the EUDI wallet, regardless of the underlying wallet attributes or data model.
Our compliance program ensures the interoperability of GlobalPlatform secure components, which are deployed on a range of form factors that can fit different needs of EUDI wallet implementations.
As such, our GlobalPlatform technology will enable EUDI wallet implementations to support the highest assurance security requirements when the ENISA certification scheme for the EUDI wallet is defined. We are committed to helping to successfully implement and deploy the EUDI wallet as well as participate in defining security requirements and architecture, alongside developing technical and interoperability specifications for a better standardization of the wallet.
To further demonstrate our expertise in high security for eID schemes and future-proofing eID wallet deployments, we have established a GlobalPlatform eID Wallet Task Force. The Group’s mission is to analyze, identify and address digital identity wallet use cases, as well as propose secure and frictionless deployment models and provide input into the organization’s Technical Committee.