Czech Presidency tackles the issue of European digital identity

Ahead of the telecoms working group meeting on Wednesday (28 September), the Czech Presidency of the Council of the EU circulated a fourth compromise text on the European digital identity (eID), which EURACTIV seen.

The Council is now focusing on questions relating to the exact working methods of the European digital identity portfolio.

The text stems from comments and suggestions received from delegations in September, following the presentation and discussion of the third Council compromise on 5 and 8 September.

The Commission adopted the proposal for this regulation on June 3, 2021, amending the eIDAS regulation of 2014, which made it possible to secure cross-border transactions. Due to its technical complexities, the dossier has made only modest progress so far.

Some aspects urgently need to be clarified, such as costs, but also offline use and interaction with other regulationsRebekka Weiß, head of trust and safety at German digital association Bitkom, told EURACTIV.

Offline use

The last compromise changed the definitions of “offline use of European digital identity wallets” and D'”completely offline use of European digital identity wallets” in “hybrid use of European digital identity wallets” and “offline use of European digital identity wallets“, respectively.

Hybrid Use means an interaction between a User and a Relying Party in a physical location, where the Wallet does not require access to remote systems via electronic communication networks for the purpose of the interaction.

On the other hand, offline usage refers to an interaction between a user and a relying party in a physical location, where neither the wallet nor the relying party needs to access remote systems.

The Czech Presidency has maintained the derogation for organizations that use the wallet for their registration, considering it to be a lower risk application. However, the organization will still need to maintain a minimum of information by automated or semi-automated means.

Certification and use cases

According to Ms. Weiß, it is positive that the aspect of standardization and certification is also included in the development of the portfolio and the corresponding use cases.

For end users, certification and equality of requirements within the European market create the confidence necessary for the identity wallet to be widely usedsaid Rebeka Weiss.

The compromise text clarifies that compliance with the requirements for assurance levels of electronic identity systems could be certified, for example, by a relevant cybersecurity certification scheme, as the European Cybersecurity Agency ENISA currently does.

The fourth trade-off places more emphasis and reference to use cases. “This clearly shows, once again, that the development of digital identities and wallets is not an end in itself.says Mrs. Weiß.

Thus, the text provides examples of the use of electronic ledgers in public digital services and an explanation of the relationship with the funds transfer regulation.

Priority should always be given to the existing potential and the simplifications that the wallet will bring to citizens and businesses, as well as to (digital) administration, she added.

Data protection

Following several requests from Member States, the Czech Presidency has clarified that at least two different authentication factors must be used for a solid identification of the user, whether knowledge, possession or user inherence.

According to the compromise text, these factors must be independent, in case one of them is violated, and designed to protect the confidentiality of the authentication data.

In addition, the proposal to be discussed on Wednesday is the suggestion of some member states to ensure that qualified trust service providers issuing qualified certificates support state-of-the-art cryptographic algorithms.

The concept of selective data disclosure, which should contribute to the protection of personal data through data minimization, has been developed. “Selective disclosure is a concept that allows the data owner to disclose only certain parts of a larger data set, so that the receiving entity obtains only the necessary information“says the text.

We would love to say thanks to the author of this post for this amazing web content

Czech Presidency tackles the issue of European digital identity

Discover our social media accounts as well as other related pages