eIDAS 2.0 Guide: The Essentials

Europe is on the brink of a new era of digital identification with the rollout of eIDAS 2.0 pending. This will inevitably have significant effects on the ways that citizens, businesses, and governments digitally interact. The eIDAS 2.O framework aims to introduce interoperable and secure digital identities across the EU, providing users with more control over their personal data.

As such, this guide has been built to break down the components of eIDAS 2.0, offering a comprehensive overview of what this regulatory framework will mean for citizens, public administrations, and private companies. The guide will also unpack the regulatory and social significance of eIDAS 2.0, looking into its potential impacts in the coming years.

What is eIDAS 2.0?

Regulation (EU) 2024/1183 was published on the 30th of April 2024, entering into force on the 20th of May. This means that EU member states will be required to provide EU Digital Identity Wallets to citizens shortly after the Implementing Acts have been adopted, with execution expected by 2026. The Implementing Acts will offer specifications, procedures, and standards for ensuring uniform implementation of the European Digital Identity Wallet. eIDAS 2.0 is an acronym for Electronic Identification, Authentication, and Trust Services 2.0. This update aims to offer a standardized framework for digital identities and trust services in order to lay the foundation for more streamlines and secure cross-border transactions.

Regulation (EU) 2024/1183 amends Regulation (EU) No 910/2014 "on electronic identification and trust services for electronic transactions in the internal market" (the “eIDAS Regulation”). The amendment pertains to expanding the scope of the original eIDAS Regulation to include a framework for the European Digital Identity Wallet, focusing on two key aspects: trust and interoperability. This amendment aims to introduce a secure, user-controlled digital identity wallet that citizens, residents, and businesses can use to access both public and private digital services across the EU by 2026. We will break down the some of the key facets of eIDAS 2.0 in subsequent sections:

eIDAS 2.0 For Citizens

eIDAS 2.0 is expected to bring a plethora of benefits for citizens, listed below.

1. Access to Public and Private Services

Opening a new bank account or submitting a job application can involve lengthy and complex processes. The EU Digital Identity Wallet aims to simplify access to public and private services, reducing the time and administrative effort needed. With a single click, users will be able to securely verify their identity or share important documents, such as a university diploma, making interactions more efficient and straightforward.

2. Person Data Protection

You remain in control of your data, with the ability to decide what to share and limit it to only what is necessary. For instance, you can share your age without disclosing your full date of birth, or confirm your driver’s license validity without revealing your address.

This approach, known as selective disclosure of attributes, helps minimize the risk of your data being used for profiling. In certain cases, you will have the option to verify your identity completely anonymously, providing an additional layer of privacy and security.

eIDAS 2.0 For Public Administrations

eIDAS 2.0 aims to bring several benefits for public administrations, broken down subsequently.

1. Enhanced Security

EU Digital Identity Wallets will offer public authorities cybersecurity-certified solutions, rigorously tested across Europe, to ensure safety and privacy in all transactions. These wallets are supported by robust technical standards, providing a high level of trust and security in every exchange.

2. Expanding Digital Public Services

The EU Digital Identity Wallets will expand the availability of digital public services, as all citizens will have access to electronic identification upon their launch and adoption. Their broad range of private sector applications will further encourage widespread use, creating a large user base that may drive greater engagement with digital public service offerings.

3. Strengthened Fraud Prevention

The adoption of EU Digital Identity Wallets will strengthen fraud prevention efforts. With every citizen and resident having access to a secure and private form of digital identification, identity fraud and impersonation will become significantly more challenging.

eIDAS 2.0 For Private Companies

Lastly, eIDAS 2.0 will bring advantages to private companies in a myriad of ways. Here’s how:

1. Authentication Cost Reduction

Verifying customer identities can be expensive, but EU Digital Identity Wallets will offer a secure and reliable way to authenticate users across the entire EU. This will enable businesses to conduct a wider range of online transactions more efficiently, potentially increasing sales whilst lowering the cost of each verification.

2. Cybersecurity Compliance

With EU Digital Identity Wallets being secure and compliant with cybersecurity standards, businesses will be able to handle more sensitive customer transactions entirely online. This opens up new opportunities for digital services and expands the scope of secure business operations.

3. Neutral EU Digital Identity Wallet

EU Digital Identity Wallets will serve as a neutral public sector authentication solution, removing the need to rely on private third-party providers. This reduces the risk of user data being used for profiling or other commercial purposes by external entities.

Trust & Interoperability

At the core of eIDAS 2.0 is interoperability, enabling qualified trust service providers (QTSP) and digital identities to be recognized and used across EU member states. Interoperability involves several components in the context of eIDAS 2.0.

Cross-Border Interoperability

Arguably, the cornerstone of eDIAS 2.0 is ensuring that eID systems from each EU member state are recognized and trusted by other member states. This also applies to accessing both public and private services across borders, meaning you can use your national eID anywhere in the EU.

Technical Interoperability

Interoperability isn’t limited to eIDs functioning across borders, it also includes guaranteeing that all national systems, platforms, and interfaces can effectively communicate with each other and exchange information through trustworthy means. This inevitably includes setting common technical standards, procedures, and formats (which will be outlined in the Implementing Acts).

Legal Interoperability

Tying together cross-border and technical interoperability, legal interoperability refers to the building of a framework that legally recognizes digital identities and trust services across borders – entailing that once a digital identity or trust service is accepted in one member state, it must be recognized and accepted in all other without the need for further validation.

The list goes on, but these three points were mentioned simply to elucidate the significant changes made to eIDAS 2.0.

Use Case: Payments & Banking

eIDAS 2.0, particularly through the European Digital Identity Wallet, will significantly streamline processes in the banking and payments sector – two use cases are elaborated on below to give an idea of what this might practically entail.

Making online transactions easier

eIDAS 2.0 will simplify online transactions by empowering users to authenticate their identity and authorize payments directly within the wallet. This will hopefully not only simplify online transactions, but also make them more secure, as users are able to control which personal details are shared.

Online identity verification when opening a new bank account

When opening a new bank account, users will be able to verify their identity via the European Digital Identity (EUDI) Wallet. This removes the need to physically visit a bank or handle multiple documents simultaneously, as the wallet is able to store verified personal identity information and electronic attestations of attributes.

Why is Everyone Talking about eIDAS 2.0 Right Now?

Many experts are arguing that the rollout of eIDAS 2.0 is helping with the democratization of credentials, adding measures of privacy that you wouldn’t otherwise have access to. Combined with the focus on interoperability, this makes the new eIDAS 2.0 framework a strong tool in securing cross-border digital trust. Some also argue that, when it comes to the conduct of business, eIDAS 2.0 brings the focus back into Europe, and away from larger U.S. organizations that typically tend to dominate, signaling more independence.

eIDAS 2.0 also signifies efforts being made to enhance the accessibility of digital credentials, with each EU member state mandated to provide at least one eID solution for its citizens. This development can be seen as influenced by the concept of self-sovereign identity, whereby users have full control over their personal data and credentials. Whilst eIDAS 2.0 may not fully realize this vision, it marks a clear shift towards greater user control compared to existing eID solutions, emphasizing the principle of user empowerment and sovereignty in digital identity frameworks.

Potential Impacts and Challenges

eIDAS 2.0 will facilitate smoother cross-border digital business operations, allowing companies to easily verify identities and provide services across EU markets. However, businesses need reliable, scalable solutions to manage this increased interoperability effectively.

For companies in sectors such as banking, insurance, and telecom, the requirement to adopt digital wallets will create immediate pressure to ensure systems are compliant. However, this mandated change also presents a strategic opportunity to enhance customer engagement, reduce friction in identity verification processes, and offer more seamless, secure transactions.

Under eIDAS 2.0, certain companies, particularly those in highly regulated sectors like finance, telecommunications, and healthcare, will be required to implement the EUDI Wallets. This will pose both a challenge and an opportunity – businesses will need to ensure they meet compliance requirements, while also leveraging these wallets to streamline customer interactions, improve security, and offer more personalized services.

The new framework encourages the use of digital identity solutions that reduce manual identity checks and streamline KYC (Know Your Customer) processes. Businesses investing in compliant, automated digital identity systems can lower operational costs while increasing speed and accuracy in user verification.

As eIDAS 2.0 boosts trust in online transactions, companies that adopt advanced digital identity solutions will unlock new growth opportunities. By leveraging a secure digital identity ecosystem, businesses can expand their reach, attract new customers, and operate confidently in a digitally secure environment.

For businesses that integrate these new digital wallets, there’s potential to turn compliance into a value-added service. Companies that successfully integrate the EUDI Wallets can enhance customer experiences by offering secure, one-click access to services across borders, ensuring convenience while protecting user data.

eIDAS 2.0 enhances security, the complexity of integrating high-level identity verification with existing infrastructures may challenge businesses. Those that invest in adaptable, future-proof identity solutions will be better equipped to prevent fraud and ensure ongoing compliance as the digital landscape evolves.

While some businesses will be required to implement digital wallets, the challenge lies in managing this transition efficiently. Companies will need flexible, scalable solutions that not only comply with eIDAS 2.0 but also integrate smoothly with existing systems, minimizing disruption while maximizing customer satisfaction.

You x spektr: Future-Proofing Your Business

As eIDAS 2.0 unfolds, compliance professionals need to start preparing their organizations for the adoption of the new European Digital Identity Wallet and the integration of trust service providers. That’s where spektr steps in.

spektr is committed to being at the forefront of eIDAS 2.0 compliance by fully integrating the necessary solutions for onboarding directly into our platform. We help organizations future-proof their approach by ensuring that the moment eIDAS 2.0 goes live, businesses can immediately utilize these solutions.

Our platform already supports a wide range of eID integrations, e.g. MitID and BankID, allowing businesses to decrease risk and increase onboarding conversion rates. As eIDAS 2.0 progresses, we will continue to integrate local digital identity services into onboarding flows, giving our clients immediate access to these tools as they become available.

Interested in learning more about how spektr can help future-proof your organization in preparation for eIDAS 2.0? Set up a chat with one of our pros. If you’re also just interested in learning more about how your business might be affected by eIDAS 2.0, our in-house legal team can keep you updated on the latest regulatory developments.

Glossary

Advanced Electronic Signature (AdES)

A type of electronic signature that is uniquely linked to the signer, capable of identifying the signer, and is created using data that the signer has under their sole control. It provides a higher level of security and assurance than a basic electronic signature.

Digital Identity Verification

The process of electronically confirming a person’s identity using digital technologies. This can include biometric data, government-issued electronic IDs, or other trusted methods. Digital identity verification is a key component of secure online transactions under eIDAS.

eIDAS

An EU regulation that provides a legal framework for electronic identification and trust services for secure electronic transactions across member states. It aims to ensure the mutual recognition and acceptance of digital signatures, e-identities, and trust services across the EU.

eIDAS 2.0

An update to the original eIDAS regulation, designed to improve the security, interoperability, and usability of electronic identification across the EU. eIDAS 2.0 introduces the EU Digital Identity Wallet, making it easier for citizens and businesses to use digital identities in cross-border transactions.

Electronic Identification

A process that allows users to prove their identity in an online environment, often using a government-issued digital ID or similar method. Under eIDAS, electronic identification must be recognized across EU borders for public and private services.

Electronic Registered Delivery Service (ERDS)

A trust service that ensures the secure and traceable transmission of electronic documents and data between parties. It guarantees proof of sending and receiving, as well as the integrity of the content during transmission.

Electronic Seal

Similar to an electronic signature but used by legal entities (e.g., companies) rather than individuals. It guarantees the origin and integrity of a document or transaction.

Electronic Signature

A digital method of signing documents or transactions, which is legally recognized under eIDAS. It ensures that the signature is authentic, secure, and can be legally binding depending on its level of assurance (e.g., advanced or qualified).

Electronic Timestamp

A trust service under eIDAS that certifies the date and time of a document or transaction, ensuring it has not been altered after that point in time.

EU Digital Identity Wallet

A secure, interoperable digital tool that will allow EU citizens and residents to store and manage their personal identification information. Under eIDAS 2.0, this wallet will enable access to public and private services across the EU, ensuring cross-border recognition of electronic identities.

Interoperability

In the context of eIDAS, interoperability ensures that electronic identification and trust services are recognized and can be used across all EU member states.

Know Your Customer (KYC)

A regulatory process by which financial institutions verify the identity of their clients. KYC is essential for preventing money laundering, fraud, and terrorism financing, and it aligns with eIDAS requirements for digital identity verification.

Qualified Trust Service Provider (QTSP)

An entity that provides trust services, such as electronic signatures and timestamps, with a certified level of compliance, security, and data protection under eIDAS. QTSPs are audited and approved by national supervisory bodies to ensure they meet the requirements set out by the regulation.