By Luca Bertuzzi | Euractiv.com Est. 5min 24-10-2022 (updated: 25-10-2022 ) The Czech Presidency of the EU Council aims to achieve a general approach on the European digital identity by December, but differences with major member states remain. [panuwat phimpha/Shutterstock] Euractiv is part of the Trust Project >>> Languages: Français | DeutschPrint Email Facebook X LinkedIn WhatsApp Telegram The Czech Presidency of the EU Council presented a new compromise last week based on a debate at the ambassadors’ level on addressing the most sensitive questions blocking the European digital identity. The fifth compromise, seen by EURACTIV, is set to be discussed at the Telecom Working Party on Tuesday (25 October). The document results from the meeting of the Committee of Permanent Representatives on 14 October, intended to give political impulse to the file. The Czechs tried to find common ground on the most politically sensitive topics, like the use cases, level of assurance and trusted providers. Tuesday’s meeting might determine if the Czech Presidency is to achieve a general approach at the Telecom Council on 6 December, as the positions of France and Germany remain difficult. Use cases The wallet will be an identification and authentication tool for people and organisations before public authorities and private entities. However, as it will contain sensitive information, there is also potential for abuse in the form of fraud or identity theft. Therefore, the French Presidency introduced the principle that organisations that intend to use the wallet, the so-called relying parties, would have to inform the national authorities of the use cases. The use case would then limit the type of information an organisation can request. For instance, if a relying party is only entitled to check whether the person at hand is a minor, it should not be able to extract other sensitive information like the home address. In turn, the Czech Presidency left the registration process at the discretion of the national authorities, which might decide not to check, in what they call a ‘lightweight notification procedure’. Czech EU presidency seeks way out of deadlock on European digital identity The Czech presidency of the EU Council circulated last week a new compromise text on the European Digital Identity (eIDs) proposal, a file that has so far seen limited progress due to its technical complexity. Level of assurance The new text clarifies that the wallet should be subject to a specific certification scheme with a high assurance level under the Cybersecurity Act. The level of assurance is a sensitive issue for certain member states like France and Germany that called for more flexibility. In this regard, the document states that technical “shortcomings might make achieving LoA [level of assurance] ‘high’ for European Digital Identity Wallets difficult, therefore the Presidency is actively seeking ways to address the issue directly in the Regulation.” For instance, the Presidency is exploring the possibility of explicitly allowing the use of external tokens as a temporary solution until a permanent solution is found. Record-matching A significant hurdle the EU Council has had to deal with on this file is the issue of cross-border interoperability of the wallet. The initial idea was to have a unique identifier allowing the same person to be recognised abroad. However, having a single number that can be used to track a person poses a constitutional problem in Germany. The solution found was record-matching, which consists of cross-referencing different information pieces, such as date of birth and place of residence, to identify the person. In the previous compromise, the Czechs proposed leaving the possibility open for unique identifiers if allowed under national law and a somewhat undefined administrative practice. This exception was removed in the new text. However, the possibility of sector-specific identifiers was introduced. Commission says single identifier in eIDAS reform ‘not necessary’ In its proposal for the amending regulation to establish a framework for a European Digital Identity, the Commission proposed a much-debated “unique and persistent electronic identifier”, from which it is now shying away. Interoperability The compromise indicates that Big Tech companies like Google and Apple, which will be designated gatekeepers under the Digital Markets Act, will have to ensure interoperability of the digital wallets with their operating systems free of charge. While the text gives the EU countries the flexibility to include in the wallets additional functionalities, it also specifies that these features will not enjoy cross-border recognition. The member states are also to encourage the interoperability for the providers of electronic registered delivery services, which enable the transfers of data and protect them against the risk of loss, theft or damage. Trusted providers The electronic digital identity will be issued by qualified trust service providers to be regularly audited. However, the Presidency noted ‘divergent views’ on whether the supervisory authority should participate or not in such planned audits. Therefore, the compromise entails that the trusted providers should inform the supervisory body well in advance, allowing the supervisory body to participate in the audits as an observer. Moreover, the wording has been added stating that these services have to “ensure the technical security and reliability of the processes supported by them, including using suitable cryptographic algorithms, key lengths and hash functions in the systems.” Website security Previous versions of the text mandate the use of Qualified Website Authentication Certificates from trusted service providers in web browsers, an approach that spurred opposition as it would give countries power over the service to establish if a website is safe. While the concerns are recognised in the text, there are still no safeguards in place to prevent the blocking of traffic toward specific websites by public authorities. European Commission proposes 'digital identity wallet' The European Commission has introduced a legislative proposal for an EU “digital identity wallet” that would allow numerous services like opening a bank account or filing tax returns to be done purely digitally. Fees The text clarifies that the issuance, use for authentication and revocation of wallets should all be free for individuals. Transitional measures Two years have been provided for existing services to comply with the trust services’ requirements. Furthermore, private organisations under EU or national law are required to use online authentication measures and will have to accept the wallet within six months from when the wallet is made available. [Edited by Nathalie Weatherald] Read more with Euractiv Expectations high over delayed EU proposal on short-term rentalsThe European Commission's proposal to regulate the short-term rental market, dominated by travel platforms like Booking and Airbnb, has seen repeated delays and is subject to a number of hurdles EU policymakers will have to solve.
