The most important thing one can do to get ready for eIDAS2 implementation is to get a grasp of the regulation and its impact. eIDAS is the legal and regulatory framework for digital identity and trust services in the EU. This regulation, together with the European norms and standards, ensures trust and consistency across borders and legal recognition of trust services throughout the member states.
First things first: go through the documentation published by the European Commission which provides guidance on the building blocks of electronic identity and electronic signature defined in eIDAS. If you wish to dig deeper, go through this inventory of relevant legal and standardization documents here. Also, seek help from subject matter experts. Their knowledge of the field will guide you through the intricate legal and regulatory implementation. This will facilitate a seamless and hassle-free eIDAS2-related implementation that adheres to all regulatory requirements.
Begin with outlining the business opportunities and objectives that eIDAS2 can support. Look at specific business and operational areas where digital identity and trust services can bring value or enhance efficiency. In parallel, try to identify the potential compliance risks pertaining to eIDAS2. This will allow you to plan for mitigation measures and ensure overall compliance to the new regulatory framework.
Building upon the opportunities and risks identified in the previous step, enumerate all the relevant use cases for your organization. These include user on-boarding, authentication processes, digital signatures, data sharing mechanisms, etc. Prioritize the use cases based on their potential impact on your organization and ease of implementation.
A 2x2 matrix is a good starting point for prioritization. It basically evaluates use cases on two parameters - return on investment and resources needed for implementation. Depending on the positioning in the matrix, decisions can be made on which use cases to implement first. This will ensure highest impact with least implementation complexity is achieved.
Once you’ve identified your use cases, you need to define the requirements for each one. These will differ depending on if your organization is an issuer, wallet provider, verifier or all three. Clearly identify the business and technical capabilities needed to support the chosen use cases.
Think about the user journeys and stories that will drive the development and deployment of these use cases. This includes detailing the interactions between users and the digital identity system to ensure the user experience is simple and intuitive.
Choose to either build your own decentralized identity solution or buy one or more existing solutions. This depends on the resources and timeline your organization has available, as well as its technical capacity. Building your own solution means having a deep understanding of the emerging regulations, complicated technologies, and evolving standards, as well as a strong technical development team to carry it out.
Buying a existing solution allows you to hit the ground running and get to market faster. Open source solutions are an inexpensive way to experiment and build on existing frameworks, minimizing the development overhead. Many organizations choose a combination approach, where they leverage open source infrastructure and build applications to suit their specific requirements.
Start with the low hanging fruit, the use cases that are high impact but relatively low effort to implement. Choose a pilot project to test the waters and collect feedback. Progress from pilot to production by deploying one product, feature, or use case at a time, in priority order based on business need and customer impact.
This iterative approach allows for course correction and improvement as you learn from real world usage and feedback. As you gain experience and build up operational capacity, you can gradually take on more ambitious and high impact projects. This helps ensure your organization will be able to adapt and respond to the changing digital identity landscape as it unfolds.