Central to all our interactions in today’s digital world, be it with people, governments, or private entities, is the use of digital identities. But how many means and methods to prove one’s identity does a person really need? To simplify this whole identification process, the European Commission (EC) has introduced a legislative proposal for a European Digital Identity Wallet (DIW). Let’s see what this novelty is all about!
How many online services do you use regularly, on a daily basis even? The list, if not endless, is certainly difficult to keep track of. Now think about the last time you had to prove your identity online with your ID card, passport, or diploma, and were left with no other choice but to send over a copy of these personal and valuable documents. Rather annoying and definitely inefficient, right?
In the online realm, it’s easy to feel overwhelmed by the mounting number of requests to prove your identity, a trend that is inevitably caused by the increasing risk of identity theft and privacy breaches. Although in the past couple of decades we have seen a surge in the adoption of digital services, figuring out who is who online remains a complex, time-consuming process.
The (ongoing) evolution of digital identities
The very first model for storing identities online was a centralised one, allowing each person to have a single user account. It required maintaining one common database that an administrator would manually add files to. However, manually maintaining this database became ever more difficult and troublesome, so people quickly turned to alternative models. In an effort to scale up, as more computers entered the network, users were able to hold multiple accounts and have partial control over their personal data.
When companies like Sopra Steria entered this market, they revolutionised the way federated identities and identity providers work. With a single sign-on (SSO), you could now enter multiple online spaces, minimising the possibility of a compromised link and avoiding the duplication of identities. While the federated identity solution is undeniably convenient, it nevertheless bares its own criticisms and clearly leaves room for improvement.
The future is now
Do you ever wish you could prove your identity and share information just with the click of a button? To accommodate that wish, the European Commission in June of last year introduced a legislative proposal for a European Digital Identity Wallet (DIW). The new proposal is part of the revision to the electronic Identification, Authentication and Trust Services (eIDAS) Regulation, known as eIDAS 2. The EC aims to create a digital wallet which will be available to all EU citizens, residents, and businesses in the EU and usable not only for identity documents, but for all attestations, including those with sensitive personal data, such as health data-related documents.
Earlier, to promote cross-border and cross-sector interoperability, the European Commission had already created one single framework for electronic identification (eID) and trust services, making it more straightforward to deliver digital services across the European Union. This eIDAS framework ensured that electronic interactions between businesses were safer, faster and more efficient, no matter the European country they took place in. This was achieved by the mutual recognition of electronic identification schemes across the 27 EU Member States. Needless to say, the creation of that eIDAS framework constitutes a key milestone for the regulation of electronic transactions.
One digital identity for all Europeans
Meanwhile, the rapid development and quick uptake of digital wallets introduced by Apple, Google and, most recently, Samsung further fueled the discussions around the implementation of eIDAS, as did the appearance of Web3 economic models based on tokens and cryptocurrencies emitted by non-Member State actors. More recently, the COVID-19 pandemic impact on European business activities accelerated the digitalisation of European cross-border remote business activities.
Upon consultations on the 3rd of June 2021, the EC submitted with urgency to both the EU Council and the European Parliament a new legislative proposal for the implementation of eIDAS 2. This new eIDAS proposal requires all Member States to issue electronic identities and digital wallets to all their citizens in order to facilitate a more efficient interaction with digital services across EU borders. It also federates Member States around the notion of self-sovereign identities and privacy-preserving wallets. Last but not least, it acts as an enabler for privacy-preserving technologies, GDPR and Ethical AI across all European sectors and institutions that are - and will be - undergoing the accelerated digitalisation of their services.
Digital twin or metaverse?
Citizens could be easily misled to believe that the EC’s mission is to create a metaverse. This is far from the truth. Instead, the main goal of eIDAS is to create a so-called digital twin of each citizen as a means to provide an identity in the digital world that is unmistakably related to the physical one. This will be done in a strongly secure manner similar to biometric authentication.
In that sense, the EU Digital Identity Wallet (DIW) will allow users to store several pieces of information and selectively share their personal data via an app. These could include, to give just a few examples, the electronic identity of the user as issued by a Member State, other types of digital identities issued by the private sector, different attributes of the user, as well as the user’s driving license, health insurance certificate or green pass. The use of the wallet is not limited to daily activities of citizens but also intended for legal persons.
Some ifs and buts
Across the world, businesses are forced to think about a digital-first customer journey, making the shift towards recognising their customers in a predominantly digital way as well. However, the creation and introduction of an EU Digital Identity Wallet come with many challenges.
To maintain the trust of both our citizens and our customers, it is important to acknowledge their privacy preferences. Several important elements need to be put into place first to be able to continue on the path forward: transparency around the use of data; confidentiality of information; compliance and audit support; solution design and integration. The forthcoming European Regulation on Privacy and Electronic Communications, as explained in our white paper, is raising various privacy-related topics, mostly connected to electronic communications. At the same time, in order to manage citizens’ expectations, it is crucial to make use of their data by following the principle of security by design, fostering a holistic approach to security in general and to data security in particular. For example, users should be alerted every time their digital identity is used.
Sopra Steria: enabler of trust in the digital economy
Sopra Steria has a long history of setting trends in the digital world. Committed to supporting business, IT and security leaders, Sopra Steria specialises in enabling digital business via its teams of expert cybersecurity consultants. Our work with major EU Institutions and public administrations is paving the way for the creation of a new architectural framework to better define the interactions between citizens, government and businesses.
Want to find out exactly what we can do for you? Contact me at k.kyriakopoulou2@soprasteria.com.
Interested in learning more about eIDAS? Visit the eIDAS knowledge and learning programme.
Keen to discuss issues relating to eIDAS? Join the eIDAS Observatory.