Industry

eIDAS: A guide to electronic identification in the EU

In 2021, the EU set an ambitious goal of equipping 80% of its citizens with digital identification. eIDAS 2.0 is the most recent step towards that goal. Here's what it means for you.

Last updated:
9/24/2024
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • eIDAS 2.0 was enacted in May 2024. Under eIDAS 2.0, digital IDs will be acceptable for confirming name, address, age, gender, nationality, and marital status, among other information.
  • For businesses in the financial industry, eIDAS should be especially beneficial, though it will make processes easier for most businesses.
  • For individuals, eIDAS 2.0 should lead to a greater ease in conducting routine matters such as opening bank accounts, enrolling in university, or securing a job.

The creation of the European Union was meant to erase boundaries, resulting in a single political unit with shared currency and passport-free travel.

With a recent update to the EU’s 2014 identification law, another wall is being toppled.This update is commonly known as eIDAS 2.0. Its goal is to make cross-border banking, education, and employment easier, by leveraging a technology that will likely soon become mainstream for the rest of the world. 

What is eIDAS?

The electronic Identification, Authentication and Trust Services (eIDAS) regulation is the rule, passed in 2014 by the European Commission, that allows qualified electronic signatures (QES), documentation, and authentication to apply in and across all EU member states. The original eIDAS regulation was important because it granted electronic signatures the same legal weight as physical signatures, provided they were issued by qualified trust service providers.

Its successor, eIDAS 2.0 was enacted in May 2024. It standardizes the acceptance of digital IDs as legitimate forms of ID across all EU member states. Under eIDAS 2.0, digital IDs will be acceptable for confirming name, address, age, gender, nationality, and marital status, among other information.

What is the EUDI Wallet?

Most notably, the updated law rolls out the red carpet for the European Digital Identity Wallet (EUDI Wallet), a secure and shareable digital signature app. EUDI Wallet can now be used for legal signatory purposes, and can be a secure storage medium for documents including, but not limited to, birth certificates, professional certifications, diplomas, licenses, tax and banking information.

For individuals, this means a greater ease in conducting routine matters such as opening bank accounts, enrolling in university, or securing a job. For businesses, this will mean greater ease of cross-border commerce with an increased overall customer reach across the EU.

Member states — or their designated service providers — will be required to offer at least one version of the EUDI Wallet by 2026 to all citizens and residents. This affords them a grace period to select a wallet or app type, build legal and regulatory infrastructure, and communicate the rollout of anticipated changes. 

Why was eIDAS enacted?

With the January 2000 adoption of the EU Electronic Signatures Directive, handwritten signatures were no longer the only option for legal, government, and commercial documents. This new technology (eSignatures) created a cottage industry in Europe for Trust Service Providers (TSPs), entities and individuals who could verify identities, sign and seal electronic documents, and ensure the privacy and security of the information in these documents. 

eIDAS was created to help regulate the digital signature industry, and to introduce  standards for both qualified TSPs and a host of other security protocols, including secure email, website encryption, user authentication, and VPN access.

Why was eIDAS updated?

In 2021, the EU set an ambitious goal of equipping 80% of its citizens with digital identification by 2030. Despite the forward-thinking proclamation, at that time, only 14 member states had implemented electronic national IDs. This prompted the EU to seek out a new actionable solution that could shepherd the entirety of Europe past the digital divide.  

The new EUDI Wallets are expected to house all the information needed for successful identity verification, both in-person and online just like a physical ID. Users can store, share and manage ID access via the mobile app once their information is separately verified. Apps will be subject to EU cybersecurity regulations and certification. Consistent with EU’s strict privacy laws, including the General Data Protection Regulations (GDPR), users will be fully informed and empowered to control their personally identifiable information (PII).

UK eIDAS regulations

Following the start of Brexit in January 2021, the UK adopted its own set of eIDAS regulations based heavily on the EU version but tailored for UK specifics. The EU will recognize EU qualified TSPs, but no reciprocal agreement currently exists in which the EU recognizes UK qualified trust services. Notably the UK does not allow electronic identification as of 2024. The UK Information Commissioner’s Office, which serves as the country’s supervisory body for eIDAS, continues to consult with equivalent authorities in the EU. 

What else is covered by eIDAS 2.0?

In addition to the digital identification, the new legislation establishes greater standards for a number of trust services, including: 

  • Qualified digital signatures consenting to agreement or approval will have equal weight as electronic and physical wet-ink signatures
  • Digital seals, like physical stamps or affixed seals, guarantee the origin and integrity of a document
  • Digital timestamps, which often accompany signatures, further evidence the existence of a document and/or an individual’s approval at a specific date and time
  • Digital documents, such as documents also obtained digitally, can be certified for their existence and format as well as retrieval at a specific date and time
  • Digital registered delivery services can show proof of digital delivery and receipt or retrieval at a specific date and time
  • Website authentication certificates (WACs) can be digitally authenticated for proof of soundness as well as evidence of individual issuance or responsibility

Benefits of eIDAS 2.0

The consumer and commercial benefits of the updated regulation are expected to be vast, making once-onerous tasks simple:

  • Better security over personal information: Individuals will have full control to share information when and how they wish.
  • Uniform practices across Europe: Local practices will no longer dictate what is required when it comes to identification requirements.
  • Cost savings:  According to the European Commission, businesses could save more than €11 billion in EU operational costs as a result of eIDAS 2.0.
  • Greater empowerment for users: Digital commerce will be level access to goods and services for all.
  • New opportunities: Technologists and businesses that can navigate digital identification requirements will be able to innovate across Europe.

eIDAS 2.0 and the financial industry

Many banks and financial institutions continue to rely on manual identity verification processes to address the legal and regulatory requirements of Know Your Customer (KYC) and Know Your Business (KYB). Requirements can also differ between EU nations. The expanded digital identification option should greatly simplify requirements. With more finance and finance-adjacent industries requiring KYC practices, there is a greater chance of EU-standardized requirements becoming the norm for member states.

Other use cases of eIDAS 2.0 in finance: 

  • Simplified verification of a customer’s identity make it easier for financial institutions to onboard cross-border accounts. This should increase conversion for customers who might otherwise have opted out of onboarding because the process was too burdensome.  
  • Multinational corporations with EU footprints can open multiple accounts across countries using the same identification and documentation.
  • Most companies can institute a single electronic verification process, which should save costs by simplifying the technology, logistics, and staffing involved.
  • Digital signatures and digital documentation can decrease the time spent chasing down final approvals for agreements and other legal paperwork.

eIDAS 2.0 and other use cases

Digital identity wallets have practical use cases that will bring conformity and access to critical and commercial services across the EU:

  • Standardized identification verification will make purchasing restricted goods such as alcohol or prescription medications much easier for customers.
  • Retailers selling high-dollar goods online or via blind auction, such as artwork or jewelry, will gain greater assurance that buyers are who they say they are, reducing the likelihood of identity fraud.
  • Citizens of one member state will face fewer hurdles when verifying their right to live, work, or study in another member state.
  • This opens the door for governments to simplify related processes to better align with other EU nations.

How Persona can help

The introduction of a standardized digital ID doesn’t negate the need to validate and verify. Identity verification will remain an important component of doing business in the EU, especially given that an estimated 20% of the population will still utilize traditional methods, making it “business as usual” for fraudsters. Businesses should start adjusting their European compliance practices for eIDAS 2.0 now and making plans for a variety of digital wallet applications to be rolled out.

One way to start is by identifying which of your identity tools were compliant with eIDAS originally. Then you should ensure that you and your third-party partners are positioned to adapt to the new requirements, and likely additional regulations, around digital ID technology. Do your providers have capabilities for mobile driver’s licenses (mDLs), near-field communication (NFCs), and other emerging verification methods? Consider, too, how their platforms optimize artificial intelligence, optical character (OCR) recognition and automation

Want to learn more about how Persona can enhance your identification verification efforts across the globe? Contact us to learn more or get started for free.

Published on:
9/17/2024

Frequently asked questions

No items found.

Continue reading

Continue reading

Top GDPR statistics businesses must know
Industry

Top GDPR statistics businesses must know

GDPR is one of the most extensive regulations governing data collection. Learn who it affects, the types of data it covers, and more.

What to know about the 6 EU Anti-Money Laundering Directives (AMLDs)
Industry

What to know about the 6 EU Anti-Money Laundering Directives (AMLDs)

Explore the key components of AMLD and discover how it helps combat money laundering and terrorist financing activities in the EU.

Why you need a digital verification system for your business
Industry

Why you need a digital verification system for your business

Here’s what businesses need to know about the evolution, operation, and impact of digital verification.

Ready to get started?

Get in touch or start exploring Persona today.