eIDAS 2.0 - The redesign of digital identity and signature in Europe (March 2024)

The European Union's Electronic Identification and Trust Services Regulation, known as eIDAS, has recently undergone a significant update with the release of eIDAS 2.0. This update brings significant changes and improvements to the previous version, making it easier for businesses and individuals to use electronic identification and trust services across the EU.

In this article, we will explore the new features of eIDAS 2.0, share background knowledge and uncover how they will impact businesses and individuals in the EU.

What is the eIDAS Regulation?

The abbreviation eIDAS stands for "electronic IDentification, Authentication and Trust Services". It was introduced by the European Union in 2014 to create a uniform market for electronic identification and trust services within the EU. As an EU regulation, eIDAS applies directly in all 28 EU member states and in the European Economic Area. The eIDAS Regulation is a regulation on electronic identification and trust services for electronic transactions in the internal market. It replaces the previous directive on electronic signatures from 1999 and came into force on September 17, 2014. The aim of the eIDAS Regulation is to create trust in digital business and administrative processes and to establish a European digital trust space. The eIDAS Regulation defines requirements for secure identification and authentication on the internet and creates a Europe-wide framework for trust services to digitize analogue processes such as signatures, time stamps, documents and seals. Prior to the implementation of eIDAS, there were numerous national laws and standards for electronic signatures and identities in Europe, which led to fragmentation and uncertainty in the digital sector.

eIDAS 1.0 vs. eIDAS 2.0

The evolution of eIDAS to eIDAS 2.0, also known as the European Digital Identity Framework, represents a significant step forward in the development of digital identities within the European Union. With the historic agreement of the EU Trilogue on November 8, 2023, eIDAS 2.0 aims to increase the efficiency of digital services by closing existing gaps and strengthening the trust space in Europe without restricting the sovereignty of Member States.

An essential aspect of eIDAS 2.0 is the harmonization of the national signature laws of the EU member states in order to create a uniform and cross-border digital single market. By introducing a uniform international standard for electronic identification and trust services, eIDAS 2.0 eliminates fragmentation and enables seamless digital interaction across national borders. In Germany , this harmonization is supported by the Trust Services Act (VDG), which ensures the security and reliability of electronic transactions, while Austria pursues similar goals with its Signature and Trust Services Act . Both laws reflect the EU's commitment to a secure and efficient digital future and underline the central role of the eIDAS Regulation in Europe's digital landscape.

Objectives and innovations of eIDAS 2.0

What is new about eIDAS 2.0?

The introduction of eIDAS 2.0 introduces several significant changes:

1. Extension of scope: eIDAS 2.0 extends the scope to new types of trust services, including electronic delivery services, electronic documents and electronic seals. This extension is in response to the increasing use of electronic documents and seals in business transactions.

2. Improved cooperation: A key element of eIDAS is interoperability, which is further strengthened by the new regulation and simplifies the exchange of digital trust services across national borders. The introduction of Qualified Trust Service Providers (QTSPs) allows them to offer their services in any EU member state without having to meet additional national requirements.

3. Increased security: eIDAS 2.0 introduces stricter security and data protection requirements for trust service providers to ensure the confidentiality, integrity and availability of trust services as well as the protection of personal data in accordance with the EU General Data Protection Regulation (GDPR ).

4. New rules for electronic identification (eID): These rules are intended to make the use of eID more secure and user-friendly. In particular, the possibility of remote identification, e.g. through video identification, makes access to online services considerably easier. In addition, eIDAS 2.0 establishes so-called "trust levels" for eID methods, making it easier for users to choose the identification method that suits their requirements.

Introduction of the European Digital Identity Wallet (EUDIW)

With the update to eIDAS 2.0, the European Union is introducing the European Digital Identity Wallet (EUDIW), which is intended to simplify digital identification and authentication throughout Europe.

Integration of national eIDs into the EUDIWThe EUDIW seamlessly integrates national eIDs, such as the German eID or the Austrian ID Austria . This integration allows users to securely incorporate their national means of identification into the digital wallet, ensuring a high level of security and trust in the digital wallet. Personal data remains securely stored on the physical ID card or smartphone.

Expansion of trust servicesIn addition to the integration of national identities, eIDAS 2.0 expands the range of trust services within the EUDIW. New services such as electronic archiving and the management of remote signature and seal creation devices will be introduced. One particularly innovative feature is qualified attestation of electronic attributes (QEAA), which enables users to digitally verify certain personal attributes such as educational qualifications, driving licenses or marriage certificates and store them securely in their wallet.

Security and data protection in eIDAS 2.0The eIDAS 2.0 regulation strengthens digital security and data protection in accordance with the GDPR and the Cyber Security Act with the EUDIW wallet. This digital wallet secures personal data, such as the eID, directly on the smartphone and only allows data to be transferred with the user's consent. The EUDIW also supports data-saving transactions by only transmitting necessary information such as age without disclosing complete data.

How will eIDAS 2.0 affect businesses and individuals?

The new features of eIDAS 2.0 will have a significant impact on businesses and individuals in the EU. Here are some of the key benefits they can expect:

• Increased efficiency and cost savings: By simplifying electronic transactions, companies can work more efficiently and reduce costs. Expanding the scope and improving interoperability makes it easier to access electronic identification and trust services, saving time and money.

• More security and trust: eIDAS 2.0 raises security and data protection standards to a new level. Thanks to stringent measures, companies and individuals are better protected against cybercrime and fraud, boosting trust in digital services.

• Promoting cross-border trade and e-commerce: Improving interoperability facilitates cross-border trade and access to online services. This facilitates cross-border exchange and contributes to the growth of the digital economy in the EU.

eIDAS 2.0 thus represents a decisive step forward, paving the way for a more secure, efficient and connected digital future in Europe.

How can companies and citizens prepare for eIDAS 2.0?

With the new features of eIDAS 2.0, businesses and individuals should start preparing now to ensure a smooth transition. Here are some steps they can take:

• Stay informed: It's important to stay informed about the changes and updates to eIDAS 2.0. Keep an eye on official EU websites and publications for the latest information and updates.

• Review and update processes and systems: Organizations should review their processes and systems to ensure they meet the new requirements of eIDAS 2.0. This may include updating security measures, implementing new eID methods or working with a certified QTSP.

• Educate employees and customers: It is crucial to educate employees and customers about the changes and benefits of eIDAS 2.0. This will help them understand the new processes and requirements and make the transition smoother.

Timetable and realization of the eIDAS 2.0 implementation

FAQs: Your most important questions about digital identity and eIDAS

Question 1: What does the term "eID" mean and why can it be confusing?

The term "eID" is used ambiguously. On the one hand, it stands for "electronic identity", which means general digital identity. On the other hand, "eID" refers to the online function of an ID card, as is the case in Germany.

Question 2: What is a digital identity and how does it relate to eIDAS?

Digital identities are crucial in the online context and represent real persons in the virtual world. In the signature context, digital identity refers to digital certificates or signature certificates that serve as an "identity card" for issuing legally valid signatures. These certificates contain important information about the identity of a person, object or company and are essential for creating a qualified electronic signature , which according to the eIDAS Regulation is equivalent to a handwritten signature.

Question 3: What methods of digital identification are there?

There are many different methods of digital identification, ranging from video identification and Bankident to automated processes such as Autoident. In Germany, for example, the online ID function of the ID card enables simple and secure authentication for online services.

Question 4: What is the difference between identification and authentication?

While identification is the one-time establishment of the digital identity or eID, authentication refers to the repeated confirmation of this identity, often through two-factor authentication or similar procedures. This is a key aspect for secure transactions according to eIDAS 2.0.

Question 5: When does eIDAS 2.0 come into force and where can I find it?

The eIDAS 2.0 came into force on November 8, 2023. You can find the regulation on the official website of the European Union .

Question 6: Which countries and sectors will be affected by eIDAS 2.0?

eIDAS 2.0 affects all member states of the European Union and has an impact on a large number of sectors. Affected sectors include financial services, healthcare, e-commerce, government and administration, telecommunications, law and legal services, education, transportation and logistics. These industries use electronic identification and trust services for a variety of purposes, from secure transactions to the management of citizen services.

Question 7: Is the ID wallet mandatory?

The digital wallet (or ID wallet) is to be offered in the EU member states by fall 2026 and should be available to EU citizens on a voluntary basis. However, there are no plans to make it mandatory. Unique identification numbers will only be used when EU citizens make use of administrative services across borders.