Digital identity - the eIDAS 2.0 amendment

Created by Mag. Sylvia Unger |
Payment Law , Civil Law , Business Law

1. Introduction

The eIDAS 2.0 amendment (link) was published in the Official Journal of the EU at the end of April 2024 and has been in force since 20 May 2024. "eIDAS" stands for "electronic identification, authentication and trust services" and regulates the Europe-wide requirements for digital identity. The first version of this regulation has been in force since 2016. The amendment is intended to eliminate inconsistencies and provide a boost in the area of digital identity. 

The aims of the amendment include

  • harmonisation throughout Europe 

  • creating security and trust 

  • demonstrable legitimacy

  • efficiency 

  • containment of bureaucracy.

 

2. What is new?

The goals are to be achieved primarily by implementing the following aspects:

2.1 ID wallets 

Art 5a of the eIDAS Regulation regulates the "European Digital Identity Wallet". This is not a new concept, but a renewal - the ID wallet app further develops the eID approach of the first version of eIDAS. The so-called "ID wallet" is a virtual wallet. It can be used to store and manage electronic proof of identification or certificates. The first version of the eID was only moderately successful. In particular, the lack of interoperability and the lack of cross-border applicability were criticised and led to discrepancies between the member states. 

2.2 Data protection

In order to achieve the goals of "security and trust", it is important that the processing of identities is in compliance with data protection regulations. This is to be ensured by harmonised quality standards throughout Europe. The personal data of a user should be constantly encrypted. According to Art 1 (3), the eIDAS Regulation applies without prejudice to the General Data Protection Regulation (GDPR). In addition, the eIDAS also contains data protection provisions.

2.3 Extended area of application

The so-called "qualified attestation of electronic attributes" (QEAA) is new in the extended scope of the regulation (Art 45b-h). This concerns the proof of certain authorisations or characteristics of a person (e.g. professional qualification, driving licence), which are often the decisive part of a check. A qualified trust service provider can check and validate such data and store it in the ID wallet.

 

3. Implementation

The amendment was published on 30.04.2024 and entered into force on 20.05.2024. 24 months after its entry into force, in May 2026, the deadline for Member States to provide an ID wallet that meets the requirements ends. This is intended to accelerate developments and achieve widespread use of digital services by 2030.