Vulcan Insight

EU makes progress on establishing an EU-wide Digital Identity scheme

24 March 2023

The EU continues to make significant progress in the establishment of the European Digital Identity (eID). The eID will provide the legal framework to establish national digital wallets that will be interoperable across the EU. Important documentation like travel documents and personal certificates will be made available in an electronic wallet, to allow more convenient navigation for business and citizens across EU borders. 

On 16 March, the European Parliament adopted its position on the file, allowing inter-institutional negotiations to commence. Last week’s vote in the European Parliament was just a formality as the framework had already been adopted with a broad majority at committee stage in February. Welcoming the result of the vote on 16 March, lead negotiator in the Parliament, MEP Romana Jerkovic, said the EU is now “one step closer to a trusted digital identity framework that gives users of the Digital Wallet full control over their own data. The measure of trust in the new system by our citizens will be the ultimate measure of its success, and we will continue to work hard to earn that trust”. The Council, on the other hand, previously adopted its negotiating position in December. 

Once agreed and implemented, the eID will be available for all EU citizens, businesses, and residents who wish to identify themselves or provide confirmation of certain information for both online and offline public and private services. The Digital Wallet will be interoperable between all EU Member States and compete with the likes of Google and Microsoft’s identification systems. 

The success of the eID and the digitalization of citizens’ private documents will rely on two factors: privacy and trust. This technology takes an in-depth look at people’s private lives, from their education level to health status. The level of personal data used in their creation will require citizens to trust the eID and its regulators to make sure it does not divulge potentially harmful details to organizations or other individuals. 

The European Parliament is adamant on implementing certain privacy safeguards, such as a ban on recording user behavior across multiple environments. This technology was also used for the Covid-19 Certificate. Another privacy issue is the use of a personal identifier for the eID. The idea of a unique identification number was initially floated before being rejected in favor of an information-matching system. This means personal identifiers are compared to confirm a users’ identity, similar to a dual-authentication method. These cases are also limited to specific situations. For example, when a legal requirement makes them reveal their identity. The eID’s comply with the GDPR and users may use an alternative name to hide their information unless in these specific situations listed above.

Furthermore, the issue of governance is likely to be a point of contention throughout the inter-institutional negotiations, with the Council and Parliament upholding different stances on this point. The European Parliament is proposing the establishment of a European Digital Identity Framework Board that would play a coordination role that could, for instance, share best practices on dealing with cyber threats or peer reviewing ID schemes. MEPs are also pushing for the Board to be given the capacity to revoke the authorisation to a relying party making illegal or fraudulent use of the eID, overruling a national regulator that did not take appropriate actions. 

The inter-institutional negotiations on the file began this week and are likely to continue for several weeks.