Partner Content : Opening a bank account, making or receiving a payment, instructing an accountant or booking a doctor’s appointment. These everyday tasks depend on identity, either proving who you are or verifying who you’re dealing with.
The trouble is that while we think of the world as a digital one, digital identity is a problem yet to be solved. Some EU member states have come close within their own national borders, as we’ll discuss in this article. But for the most part, the caption to the 1993 cartoon still holds true: on the internet, nobody knows you’re a dog.
EU regulators and legislators have been grappling with the problem of digital identity for years. It’s a key enabler in delivering other policy objectives, such as removing barriers to cross-border trade, boosting confidence in electronic transactions and accelerating the growth of the digital economy.
The first step towards defining and regulating electronic identification, authentication and trust services, known as eIDAS for short, came into force in 2014 in the EU. eIDAS 1.0 was successful in defining the levels of assurance for identification and digital signatures, plus regulating how trust services were provisioned. However, it didn’t manage to push EU member states into creating national electronic identities, also known as eIDs, or a cross-border digital market.
eIDAS 2 upgrades and reboots the existing regulation. Entering into force in May 2024, it requires all EU member states to deploy a national digital identity scheme and secure their acceptance by the public and private sectors. But also, to enhance usage of cross-border authentication and data sharing and to improve the user experience of eIDs and digital services.
As a blueprint for the national digital identity schemes, eIDAS 2.0 introduces the concept of the EU digital identity wallet (EUDI wallet). This will allow individuals and businesses to store and manage their electronic identification in a single, secure and convenient location and ensures that the national digital identity schemes are coherent and interoperable.
The EUDI wallet scheme expands the concept of digital identity to include electronic attestation of attributes attached to a person, such as address or age, or profession certificates and driving license, and medical prescriptions and travel documents and what not. The vision is that EU citizens will only need their EUDI wallet to access their electronic identification, signatures and certificates to conduct transactions, travel, study and work within the EU. EU Member States are required to start issuing EUDI wallets latest towards the end of 2026.
Digital identity in Europe: the state of the nation
The digital identity landscape in Europe is a fragmented patchwork of different national and pan-regional regulations. How different European countries ‘do’ identity has been shaped by various cultural, political, economic and technological factors. Traveling the length and breadth of Europe, the digital identity tourist will encounter innovators and early adopters through to laggards and everything in between. By way of example:
– Finland has various digital identity solutions, including Bank eIDs, Mobile ID and a government agency-issued FINeID. The landscape is highly regulated and established through national eID legislation, which ensures compliance audits and approval by a national supervisory authority. Service providers do not integrate directly with the eID providers but must use a licensed broker that aggregates access to the eIDs.
– Denmark is moving in the same direction. While both the current MitID national eID and its predecessor, NemID, are established based on a public procurement process, the transition from NemID to MitID represents a shift in digital identity governance, with a formalized and regulated broker role overseen by a government agency, as in Finland.
– Norway’s digital identity ecosystem is, in practice a monopoly, for BankID, owned by the major Norwegian banks. BankID is under supervision and adheres to the highest assurance level of eIDAS and is accepted for all services including government. There are additional niche players for professional eID and specific services.
– Spain employs different digital identity systems across government agencies and the private sector. Various providers allow public institutions and private companies to identify their users, but there is no harmonized eID integration.
– Germany currently has few digital identities with limited scope. The national identity card, which everyone has, includes a digital identity, but it is hardly used. The banks have made attempts at creating a unified identity scheme but not with great success. While the government is looking to expand the functionality of the identity card, it seems like Germany is now placing all bets on the success of a German EUDI wallet.
– The UK has no national digital identity and faces no immediate imperative to adopt one, given that it is not bound by eIDAS 2.0 regulation. While not a priority for UK businesses operating domestically, the development and use of electronic IDs do offer opportunities to interface with European digital identities and identity verification systems to attract more right-first-time customers from Europe and prevent fraud.
What does the future hold for digital identity in Europe?
Prediction is hazardous, so the Danish proverb goes, especially about the future. However, the fragmented digital identity landscape will likely take a while to come together. The EUDI wallet will likely co-exist with other eID systems, rather than becoming the winner-takes-all European wallet.
This means that public and private sector organisations cannot rely on the EUDI wallet being the only eID. They must be prepared for and support all the ways users may wish to access their services, so EUDI wallets and eIDs as well as remote identity proofing systems using identity documents for onboarding. This involves devising a strategy and working with partners to realize it.
Signicat is already developing integrated digital identity solutions that cover all of Europe and with a global reach in identity proofing (KYC/KYB), trust orchestration, authentication, and digital signatures. One early example is Signicat Mint, a drag-and-drop solution for building secure business flows.
To test out the EUDI wallet and its different use cases, the EU Commission has initiated four large-scale pilots, funds development of an EUDI wallet reference implementation, and has announced yet one more call for pilots starting early 2025. In total, around €100 million of EU funding is granted, in addition to funding from the organisations and companies participating in the pilots and from governments. Signicat is a prominent participant in two of the four large-scale pilots – the EU Digital Wallet Consortium (EWC) and the NOBID consortium, as well as in the development of European standards for identity and trust services.
Some organisations may play a waiting game to see how the future pans out. But eIDs already offer so much today: secure onboarding, authentication and signing. The EUDI wallet will have all this and the ability to store and share attributes, such as diplomas and driving license data.
Maybe the best way to predict the future is to invent it. Or help shape it at the very least. So, organisations are advised to partner smart with providers, like Signicat, who can support their present and future needs. And to think big, start small but start now.
Contributed by Signicat.