The introduction and adoption of the eIDAS (electronic IDentification, Authentication, and Trust Services) regulation in 2014 was a significant step towards securing and enabling trustworthy transactions between citizens, businesses, and public authorities across the EU. Last week, on February 29th, the European Parliament made a major step by voting on the framework of eIDAS 2.0 legislation.

The key goals of eIDAS 2.0 are to:

• Make national electronic identification schemes interoperable across the EU.
• Enable citizens to securely access public and private services online using their ID wallets.
• Facilitate cross-border authentication and transactions for businesses and individuals.
• Strengthen security and privacy protections for digital identity solutions.
• Empower users with more control over their digital identities and data sharing.

eIDAS 2.0 seeks to accelerate the digital transformation across the EU and uphold citizens’ rights in an increasingly digital world by enhancing trust in online transactions and interactions. The updated rules also aim to future-proof the regulation by establishing clear technical and security criteria for digital identity frameworks.

Key features of eIDAS 2.0

The changes made in eIDAS 2.0 directly respond to the changing needs of the digital landscape. 

• Wider Scope: eIDAS 2.0 expands the regulation’s applicability to the private sector. This allows businesses and individuals to leverage the standardized electronic identification system across industries for services that require identity verification. The wider scope recognizes the rising complexity of digital interactions and the increase in services moving online that need identity authentication.

• Enhanced security: eIDAS 2.0 addresses expanding cyber risks by implementing strengthened security measures like encryption, multi-factor authentication, biometrics, and other protocols that protect sensitive identity data. These upgrades aim to mitigate threats like identity theft and fraud.

• User control & privacy: eIDAS 2.0 gives individuals and businesses more control over their digital identities. This self-sovereign approach lets users manage their identity data, promoting user adoption and trust. This regulation also focuses on security of personal data and ensures individuals have sole control over what information is shared and how it is used to protect privacy.

Benefits of eIDAS 2.0

The introduction of eIDAS 2.0 extends its access to all EU citizens, residents, and businesses seeking to utilize the European Digital Identity. 

• Compliance

Acceptance with the General Data Protection Regulation is a fundamental aspect of eIDAS 2.0. The regulation ensures that users’ personal data is protected according to GDPR standards.

• Self-Sovereign Identities

Self-Sovereign Identity (SSI) is a digital identity model where individuals have sole ownership and control over their personal data and digital identities. With SSI, users generate and manage their digital identities independently without relying on any centralized authority. 

SSIs allow users to selectively disclose only essential identity data in a transaction rather than their full identity. For example, if you want to prove you are over 18 to enter a website, an SSI will only validate your age rather than revealing your full identity details to the website. The website can verify that you are over 18 without viewing any other personal data. 

This approach gives users full autonomy over their digital identities and enables transactions to be authenticated based on need-to-know access rather than full disclosure.

• End-user control

The SSI structure in eIDAS 2.0 empowers end users, placing them in control of their identity data. It allows EU citizens full control over their digital identity while fostering trust and adoption.

• Qualified Electronic Signatures

One of the key features of eIDAS 2.0 is the integration of qualified electronic signatures (QES) and other electronic signatures into the new digital ID wallet. With this wallet, users can generate and utilize QES that will be valid and legally recognized across the entire European Union.

The eIDAS wallet allows people to create electronic signatures that meet the regulation’s standards to be considered ‘qualified.’ This means they provide the highest level of legal assurance about the signatory’s identity and the integrity of the signed document.

QES created through the wallet relies on a digital certificate issued by a qualified trust service provider. This certificate unequivocally links the electronic signature to the person signing. 

The validity of QES across the EU is a significant benefit, as it enables fully digital transactions and workflows between parties in different member states. This facilitates digital transformation and integration across Europe.

Documents or transactions signed with a QES from the ID wallet will have the same legal validity as handwritten signatures. This assures people and businesses that contracts, approvals, and other agreements concluded electronically will stand up in court and meet regulatory requirements.

• ID wallets

A primary innovation within the framework of eIDAS 2.0 involves the anticipated rollout of a digital wallet, alternatively referred to as an ID wallet or EUDI wallet. ID wallets will be downloadable on individuals and businesses smartphones.

The ID wallet will enable users to access online services and digitally sign documents and transactions securely. It aims to provide a user-centric approach that puts citizens in control of their digital identity. The wallet will be a one-stop shop for managing identity data, electronic documents, and electronic signatures.

Key features of the ID wallet include:

• Storage of identity data like name, date of birth, address, ID number, etc.
• Integration with national electronic identification schemes.
• Access to authenticated online services across the EU.  
• Signing electronic documents and transactions using qualified electronic signatures.
• Full user control over data sharing through consent mechanisms.
• Robust security and privacy protections.

• Reduced private sector difficulties

A major focus of eIDAS 2.0 is to facilitate the adoption of digital identity and trust services in the private sector. The new technical upgrades aim to simplify integration for businesses. The ID wallet’s centralized identity source will allow companies to easily onboard users, while standardized protocols will streamline identity verification and authentication.

Find other benefits of eIDAS regulation for companies and citizens here.

ID wallets in Croatia

Croatia is one of the EU member states that should actively start working on implementing the eIDAS framework and roll out digital ID wallets for its citizens. A major development in this space is the creation of Croatia’s first digital ID wallet – Identyum ID Wallet. 

The Identyum ID Wallet is Croatia’s first SSI-based digital ID solution designed to be compliant with eIDAS 2.0 specifications. Users can selectively share identity claims to access online services, digitally sign official documents, and control how their personal data is used. 

The Wallet uses advanced encryption and biometrics to protect users’ sensitive identity data. By storing identity data directly on users’ devices rather than centralized servers, Identyum’s decentralized approach ensures Croatia’s citizens have sovereignty over their digital identities.

As Croatia works to roll out eIDAS-aligned digital ID systems, Identyum is leading the way in empowering users with self-sovereign identity management. Our innovative ID wallet provides capabilities at the forefront of user-centric identity and aligns with Croatia’s vision for secure and seamless digital services.