Czech Presidency zooms in on working methods of European digital identity

The Council is now focusing on the questions surrounding the exact working methods of the EU digital identity wallet.  [Prostock-studio/Shutterstock]

The Czech Presidency of the EU Council has circulated a fourth compromise text on the European Digital Identity (eIDs), which EURACTIV has seen, ahead of Wednesday’s (28 September) Telecom Working Party Meeting. 

The Council is now focusing on the questions surrounding the exact working methods of the EU digital identity wallet. 

The text stems from additional comments and suggestions received from delegations in September, following the Council’s third compromise’s presentation and discussion on 5 and 8 September. 

The Commission adopted the proposal for this regulation on 3 June 2021, amending the eIDAS Regulation from 2014, an enabler for secure cross-border transactions. Due to its technical complexities, the file has seen only limited progress so far.

“Aspects such as costs, but also offline use and the interplay with further regulations urgently need to be clarified,” Rebekka Weiß, head of trust and security at the German digital association Bitkom, told EURACTIV.

Offline use 

The latest compromise changed the definitions of ‘offline use of European Digital Identity Wallets’ and ‘fully offline use of European Digital Identity Wallets’ to ‘hybrid use of European Digital Identity Wallets’ and ‘offline use of European Digital Identity Wallets’ respectively. 

The hybrid use means an interaction between a user and a relying party at a physical location, whereby the Wallet is not required to access remote systems via electronic communication networks for the purpose of the interaction. 

On the other hand, offline use means an interaction between a user and a relying party at a physical location, whereby neither the Wallet nor the relying party is required to access remote systems. 

The Czech Presidency maintained the exemption for organisations that use the wallet to register, considering it a lower-risk application. However, the organisation would still have to maintain a minimum of information via automated or semi-automated means.

Czech EU presidency seeks way out of deadlock on European digital identity

The Czech presidency of the EU Council circulated last week a new compromise text on the European Digital Identity (eIDs) proposal, a file that has so far seen limited progress due to its technical complexity.

Certification and use cases

According to Weiß, it is positive that the standardisation and certification aspect is also included in the development of the wallet and corresponding use cases.

“For end users, certification and equal requirements within the European market create the necessary trust, which will help to ensure that the Identity Wallet is widely used,” said Weiß. 

The compromise text clarified that compliance with the requirements regarding assurance levels of electronic identity schemes might be certified, for instance, through a relevant cybersecurity certification scheme, as currently being advanced by the EU Cybersecurity Agency ENISA. 

The fourth compromise gave use cases greater focus and reference. “This makes it clear once again that the development of digital identities and the wallet is not an end in itself,” says Weiß. 

For instance, examples of the use of electronic ledgers in public digital services and an explanation of the relationship with the Transfer of Funds Regulation were provided.  

After all, the focus must always be on what potential there is and what simplifications the wallet will bring for citizens and companies, as well as for (digital) administration, she added. 

Data protection

Following several requests from member states, the Czech Presidency clarified that at least two different authentication factors be used for solid user identification, either from the categories of users’ knowledge, possession, or inherence. 

These factors shall be independent, in case one is breached, and designed to protect the confidentiality of the authentication data, according to the compromise text. 

Further, the proposal intended for Wednesday’s discussion is the suggestion of some member states to reflect that qualified trust service providers issuing qualified certificates should support state-of-the-art cryptographic algorithms. 

The concept of selective disclosure of data, which should contribute to protecting personal data by data minimisation, has been elaborated. “Selective disclosure is a concept empowering the owner of data to disclose only certain parts of a larger data set, in order for the receiving entity to obtain only information that is required,” the text reads. 

[Edited by Luca Bertuzzi/Nathalie Weatherald]

Read more with Euractiv

Subscribe to our newsletters

Subscribe