Unveiling eIDAS 2.0: The Dawn of the EUDI Wallet Era

A central part of eIDAS 2.0 is the European Digital Identity (EUDI) Wallet, a mobile app that has to be made available to all EU citizens around two years after the revision of the regulation has been ratified. The primary objective of the proposed EUDI Wallet is to guarantee access to trusted digital identities for all Europeans, allowing users to be in control of their own online interactions and presence. In other words, the EUDI Wallet enables users to securely store and use their digital identities throughout Europe, with full and sole control over their data.  Users will be then able to access  services from any Member State’s public institutions without the need for additional physical documentation. According to the eIDAS 2.0 proposal, authenticity and integrity of attributes will be confirmed by using electronic attestation of attributes. The EUDI Wallet will also cover attestations of credentials such as driver’s licences, university diplomas, and personal information like banking cards and services. The EUDI Wallet should also allow users to access a variety of online private and public services and sign documents with qualified electronic signatures and seals (QES).

The EUDI Wallet can be issued directly by a government department or a private-sector provider commissioned by the government. The pilot implementation suggests the coverage of various sectors, such as healthcare, financial services, education, and transport. Based on those prospects, the future users can expect the Digital Wallet service to be integrated by banks, telecoms, and utilities.

There are several issuers of identity information, as illustrated by the figure above. The EUDI Wallet has the functionality of receiving, storing, and presenting this data. Public institutions, their representatives, or commercial enterprises, such as banks or airlines, that are obligated by law to identify their clients may ask a citizen to provide such information.

In short summary, the EUDI wallet will enable:

• both identification and authentication
• the verification of third parties
• the storage and presentation of verifiable identity data
• the creation of qualified electronic signatures

With digital identity wallets being an integral part of the new eIDAS 2.0, it is clear that the regulation is moving from primarily focusing on G2B to include a stronger emphasis on the private sector. The refined objective is to provide an increased level of control over personal information and the data that can be shared with a service requesting the users’ identity attributes. Currently, the ambition set for EUDI is to attain the “high” level of assurance (LoA). The LoA indicates how much a provider of a credential is confident in that credential’s validity and reliability.

The latest eIDAS 2.0 draft was released on June 3, 2021, to address the former version’s deficiencies and implement a process that will make it much simpler to create a recognized digital identity. However, the implementation of the new regulation has yet to be carried out. It is expected to come into effect by the end of 2026, when all EU Member States will be directly bound by and must comply with the regulation to ensure that a Digital Identity Wallet is available to all EU citizens, residents, and businesses, there are several things to look out for already.

One of the main challenges faced by eIDAS 2.0 is the need to ensure that the regulation is implemented consistently across all EU member states. The original eIDAS implementation has varied across different member states, which has led to inconsistencies and difficulties in using electronic identification and trust services. When it comes to cross-border business opportunities, eIDAS 2.0 offers increased efficiency and security, alongside improved user experience. Given that the regulation promotes interoperability across the 27 EU Member States, the list of additional benefits that could be of interest for enterprises extend to the following groups:

• Reduced administrative burden is required when conducting business electronically with other companies, clients, and regulatory bodies.
• Business processes additionally become more efficient, resulting in significant cost savings and increased profits.
• Safer electronic transactions further enhance trust among consumers and expand the potential customer base.

Both large and small businesses can use eIDAS systems to facilitate business-to-business and business-to-consumer transactions. Enterprises have the chance to conduct more reliable documentation verification checks on clients and fellow companies thanks to the strengthened regulation.

This is especially beneficial when trading restricted goods, like alcohol, for high-value transactions, like the sale of artwork, and transfers of sizable sums of money. Additionally, it gives customers and businesses in other EU nations a reliable way to be identified, enabling firms to access new markets and increase the size of their customer base.

We have already laid out general benefits of introducing electronic identification and trust services into your business. Those come in the form of better user experience and consequent increase in customer loyalty, improved security and liability standards, topped off by greater efficiency gains through reduced process cycles and large-scale automation. The next question that is raised is which eID and trust service solutions best suit your business needs. For that purpose, below we have listed the core trust services covered by eIDAS 2.0 that might be useful for better interpretation of the framework:

• eID is used for a trusted verification of the identity of clients in order to establish a contractual relationship and comply with Know Your Customer requirements.
• eS (Electronic Signature) captures the signatory’s intent to be legally bound by the signed document.
• eT (Electronic Timestamp) helps bind other electronic data to a particular time, establishing evidence that the latter data existed at that time; both eSignature and eTimestamp allow lawyers to perform digital contractual agreements that are legally binding.
• eSe (Electronic Seal) is typically attached to or logically associated with other data in electronic form to ensure the latter’s origin and integrity
• ERDS (Electronic Registered Delivery Service) electronically transmits data between third parties, leaving traces of evidence regarding the handling of the said data; allows any professional to share important documents with minimised risk of loss, theft, damage, or alterations.
• QWAC (Qualified Web Authentication Certificate) comes in a form of attestation that allows for authentication of a website, linking it to the natural or legal person to whom the certificate has been issued; “qualified” in this context implies that the service meets the applicable requirements laid down in the eIDAS Regulation.

From electronic attribute attestations (EAAs) to versatile use cases, the EUDI Wallet is poised to transform the way businesses manage digital credentials and access management. To further dissect its key advantages and primary functions, we will be taking at a look at one such software tool that positions itself as a valuable addition to the digital toolkit of forward-thinking organisations.

Lissi provides software applications for companies and organisations to receive, organise and issue verifiable credentials. This includes applications for organisations and the Lissi Wallet for end-users.

Currently, the tool offers the issuance of electronic attribute attestations, also known as verifiable credentials. This aligns with the architecture reference framework established as the common EU Toolbox. By providing a trusted and standardized way to issue EAAs, Lissi Wallet ensures that your organisation can operate in compliance with regulatory requirements while fostering trust and reliability.

Additionally, to issuance, Lissi makes it possible to verify the authenticity and validity of EAAs, a crucial step for secure and efficient operations. The tool offers robust verification capabilities for various credentialing processes, including employee credentials, customer cards and access management.

The versatile deployment options of the Wallet make it so that a Software as a Service (SaaS) solution can be easily tested, allowing organisations to explore its capabilities without the need for extensive infrastructure investment. For productive use cases, Lissi can also run on-premise, catering to diverse operational requirements.

The software has already made significant strides with 35 successful pilots. In the near future, Lissi Wallet will offer productive software that aligns with the current eIDAS Architecture Reference Framework (ARF), scheduled for release in Q2 2024. With proven pilots and a commitment to compliance with the evolving eIDAS framework, companies can rely on Lissi as a trusted solution to drive efficiency, security, and innovation for businesses in the digital age.

If properly implemented, eIDAS 2.0 offers a wealth of potential for the use cases of digital wallets and electronic attribute attestations, which will further expand the architecture of digital trust. In this section, we discuss the affirmative outlook that might be eventually realized by the revised regulation:

• Revenue potential

While the EC regulations often tend to be regarded as intimidating, due to their costly and time-consuming nature. The case of eIDAS 2.0 does not necessarily have to follow that pattern. Businesses now have the chance to completely reinvent their online user interfaces and switch from multistep form filling to a single-step onboarding. In terms of benefits, that suggests that the number of abandoned checkouts will decline while the costs for onboarding will decrease. Fraud rates can be expected to fall as well. Additionally, user experience will be far more simplified. Naturally, businesses that implement these new capabilities will have a substantial advantage to outperform their competitors.

• Person-to-person verification 

There should be more to eIDAS 2.0 than just governmental and organisational applications — the regulation is ought to increase interpersonal trust as well. The technology and protocols that will enable eIDAS 2.0 can be used for person-to-person verification just as readily as they can be applied for person-to-organisation verification. The confidence between individuals could be fostered, as you would be able to verify the identity of the utility person when they knock on your door and while confirming that they are duly employed and trained. Similarly, you should be able to verify a photographer’s credentials and that they are authorised to work with minors when you engage them to document your kids’ birthday celebration. It is important to know, that as of the current status, there is no definite specification for the person-to-person use cases included in the eIDAS.

• Secure messaging 

The safe, mutually verified relationships that the technologies underlying digital credentials establish between two parties allow for much more than merely the exchange of information, which is a sometimes underappreciated feature of these technologies. Without a third party, like WhatsApp, Google, or Apple, in the middle, the respective parties can exchange messages via peer-to-peer encrypted connections. Additionally, one would have control over who may send them messages and be able to determine right away if there is a risk of falling victim to a scam scheme.

Observing the global consequences sprung by the introduction of the GDPR, it would appear that eIDAS trust framework is anticipated to have an even more significant impact on the daily lives of European citizens and beyond. Given that the publication of the toolbox has already laid out the key technical elements along with more thorough legal and business conditions, one thing is obvious: EUDI Wallets are the way of the future. Similar to how GDPR forced the internet to recognize the data protection rights of users, the eIDAS regulation will set the foundation for digital identity and identity wallets on a global scale.

While the majority of citizens in a few European Member States, including Sweden and Estonia, already employ an advanced framework for digital IDs, this doesn’t reflect the reality for the fellow EU members.  Thanks to the eIDAS 2.0, those that fall behind have the opportunity to catch up with the current structures. The digital markets act classifies a platform as such, once they reach 45 Million monthly active users in the European Union, which is equivalent to 10% of the European citizens. This resolves the fundamental challenge of a two-sided market in which both issuers and consumers seek the presence of the other party prior to entering. The phenomenon is knows as the network effects. In multi-sided platforms, it occurs when one side of the platform is hesitant to adopt or use the platform until there is a critical mass of users or participants on the other side. For instance, both Facebook and Google rely on network effects, where the more users they have, the more valuable they become to advertisers. As such, attracting and retaining users is crucial. If users leave due to a poor experience, it can lead to a cascading effect of advertisers reducing their investment. At the same time, unless both platforms manage to offer a substantial value to the users,  they are jeopardizing their business model that is primarily based on generating revenue through advertising.

As mandated by the revision of eIDAS regulation, the acceptance of EUDI Wallet will be tested in a number of Large Scale Pilots that cover all the major sectors, including healthcare, financial services, education, and transport.

Additionally, there is an immense potential for Europe as a whole to standardise user-centric identification and authentication procedures while upholding privacy and citizen control. This will make it easier for both the public and private sectors to capitalise on digital services. Public organisations and commercial market players will be able to better connect with customers as a result of the harmonisation of legislation and technology on a pan-European scale.

Through automation, verifiable data, adaptability, and the availability of a shared infrastructure, the legislation has the potential to greatly improve processes. Overall, the holistic solution provided by the European Commission to the eIDAS framework deems it a global vanguard in forging trustworthy interactions between all stakeholders while also preserving privacy, security, and transparency for its citizens.

Yet, despite the positive advancements brought by the revision of the eIDAS regulation, it is essential to acknowledge that some uncertainties still persist. While the regulation aims to enhance digital identity services across the European Union, certain restrictions and challenges need careful consideration. These include concerns about the potential for monopolistic practices by a Member State, which could stifle competition and innovation by not enabling private enterprises to offer EUDI Wallet services.

Additionally, there is a concern about the regulatory overhead for organizations seeking to participate in the ecosystem, especially as relying parties. The framework’s flexibility to adapt to rapidly changing market needs is another point of scrutiny.

Building and maintaining trust in the government and the eIDAS framework as a whole also remains a critical challenge, as public confidence is paramount for the successful adoption and utilization of these digital identity services. Addressing these issues will be crucial in ensuring that the eIDAS regulation achieves its intended benefits for both users and businesses across the EU.

Lastly, eIDAS 2.0 will face identical difficulties as its predecessor, if continuous obstacles are put in the way of the private sector’s use cases. The reality is that people rarely interact with the governing bodies.  And when they do, it’s typically for a reason they are not necessarily fond of, like paying taxes, penalties, or some other  administrative duty. Despite their undeniable significance, many government use cases don’t excite or intrigue individuals. That is why the European Commission is urged to include the private sector as another central actor in the eIDAS framework, providing advantage of this novel, extremely liberating prospective.  Something that will make it possible for people to operate digitally in both a safe and effective manner.

Would you like to find out more about eiDAS 2.0 and EUDI wallets? Then visit our portfolio company Lissi! Or take a look at our blog post “The impact of eIDAS 2.0: The potential of EUDI wallets and their role for digital identities”.