eIDAS Deep Dive: The Evolution of Digital Identity in Europe

Discover how the EU's eIDAS2 regulation mandates decentralized identity and digital wallets, enhancing data control, security, and privacy for individuals and businesses. Learn how this will revolutionize digital interactions and reduce fraud.
Written by
Tom Sargent
Published on
June 7, 2024

The internet was not originally designed to have an identity layer built-in. Consequently, individuals have very little control over their personal data and there is an uneven distribution of power to the large online platforms. Moreover, identity theft and fraud have become even more prevalent with the rise of AI. Decentralized identity seeks to correct these problems and the European Union with its new eID law or “eIDAS2” regulation is spearheading this change. The new law will effectively require the adoption of decentralized identity and identity wallets throughout Europe, which is one of the biggest trading blocks in the world.

In this post, we’ll take a broad view of eIDAS2 and what it means for governments and enterprises in various industries. Let’s dive in.

The History of eID Law

eIDAS (electronic Identification, Authentication and Trust Services) law is the EU legal framework adopted to establish a secure and uniform system of electronic transactions and interactions between public and private sector entities across European member states. eIDAS was implemented in July 2016 and guarantees the lawful binding and reliability of electronic identification (eID) and electronic signatures to be recognized across borders. It supports trusted digital identities and electronic signatures and seeks to establish a secure digital domain for enterprises, citizens and public administrations within the EU, as well as enable cross-border online services and e-commerce.

What Was Missing from eIDAS

The original eIDAS law faces three main shortfalls:

  1. National Discrepancies: Implementations of eIDAS led to different interpretations and resulted in fragmentation when it came to applying the law. Cross-industry, cross-organizational and cross-border adoption and utilization proved complex and difficult, according to the EU eIDAS Revision Impact Study.
  2. Narrow in Scope: eIDAS was primarily centered around electronic signatures and a select number of trust services. It lacked a broader decentralized digital identity framework that covered sectors such as education, employment, finance, insurance and healthcare, among others. Its utility was essentially limited to citizen-to-government and electronic document signing applications.
  3. Physical Presence Required: under eIDAS, individuals were required to be present in person to have their identity verified, which has been problematic during the COVID-19 pandemic. Due to this requirement, EU member states interpreted and applied the law in different ways which has prevented the harmonization of identity and trust services, which are fundamental to eIDAS.

Why eIDAS2 matters?

For the first time ever, a global regulation will mandate digital identity wallets for citizens and organisations, empowering them with exclusive control of their personal data. This game-changing regulation will revolutionise the digital world and is already impacting similar global initiatives, which means it directly affects even non-European organisations.

The main goals are to ensure that citizens and organisations have secure, private and citizen-controlled digital identities, minimizing fraudulent activities and allowing frictionless digital cross-border transactions between public and business sectors. eIDAS2 will:

  • Provide citizens with digital identity wallets to control and share data with third parties (e.g. government agencies, businesses).
  • Oblige governments to issue digital identity wallets and credentials to citizens (e.g. passport, driver’s license, proof of living) based on standards such as ISO 18013 and W3C VC.
  • Oblige businesses to use digital identity credentials for user authentication and verification (e.g. user on-boarding, check-out).
  • Achieve outstanding levels of security and privacy, with compulsory external evaluation.

Why does eIDAS2 matter? The European Parliament approved eIDAS2 on February 29, 2024. Since then, governments and most businesses have been planning and taking actions to adapt to the new regulation.

eIDAS2 and Decentralized Identity

Both eIDAS2 and decentralized identity use identity wallets, empowering users to take control of their data and centralizing their digital relationships.

From an economical point of view, eIDAS2 will jumpstart the decentralized identity market by forcing member states to offer digital identity credentials and wallets to all citizens and to force the private sector to consume these credentials. This regulation will solve the “cold start problem” for the industry. By creating a framework and legal predictability for massive adoption, identity wallet and credential verification solutions will find a home in the EU and beyond.

Technically, eIDAS2 integrates the same concepts, technologies and standards (e.g. W3C Verifiable Credentials, IETF SD-JWTs, ISO mobile driver’s license, OpenID Connect) used by the decentralized identity industry. In fact, eIDAS2 will force the adoption of mobile digital identity in accordance with global and industry standards.

Stay tuned for part two of our blog post, delving into the effects of eIDAS2 on individuals, businesses and governments.

Weekly newsletter
No spam. Just the latest releases, interesting articles, and exclusive developments in the world of Digital Identity delivered to your inbox.

Want to learn more?
Download our guide:

Dashboard mockup