On Thursday 29 June, after 9 hours of interinstitutional negotiations (‘trilogues’), the Council of the EU and the European Parliament reached an agreement on the key elements of the future European Digital Identity Wallet (‘eID’) (see EUROPE 13210/17).
“We have political agreement on the key elements of the proposal. The European Digital Identity framework is a game-changing piece of legislation that will drive the digitalisation of the public sector and society as a whole”, said Romana Jerković (S&D, Croatian), Parliament rapporteur on the dossier.
“More and more people are using their identity and credentials in their day-to-day contacts with public and private entities. A European digital identity wallet is therefore essential”, added the Swedish Minister for Public Administration, Erik Slottner.
The text, which should result in 80% of the EU’s population being able to use the digital identity wallet by 2030, was initially aligned, as Parliament wished, with the existing provisions under the cybersecurity legislation (CSA) concerning certification of the conformity of the wallets. Certification systems will be introduced as and when they become available and for the scope they are able to cover. “Once these systems are available, they will be referenced in the implementing acts and will therefore become mandatory for wallet certification”, stated a previous working document from the Swedish Presidency of the Council of the EU.
The cybersecurity legislation also requires Member States to designate accredited public and private bodies to certify wallets.
Parliament also wanted wallet certification to be linked to the requirements of the General Data Protection Regulation (GDPR). A balance has finally been struck on this issue and the provisional political agreement stipulates that this will be done on a voluntary basis. A ‘privacy dashboard’ will also be set up. In this way, users will be able to request the deletion of their data, in accordance with the GDPR.
Use is voluntary and free of charge
The provisional political agreement retains the approach whereby use of the EU wallet will be voluntary and each Member State will have to notify at least one wallet as part of a national electronic identification system. This should be interoperable at EU level.
In addition, the agreement confirms that European digital identity wallets will be issued, used for authentication purposes and revoked free of charge for individuals. The text also confirms the approach based on the fact that wallets should meet a ‘high’ level of insurance.
In addition, the agreement reached by the co-legislators also provides for the current list of trusted service providers to be extended to include new qualified providers, in particular those responsible for supplying electronic registers and managing devices for creating remote electronic signatures and seals.
A common technical architecture and a reference framework will have to be developed with the Member States by suppliers of digital identity solutions, along with common standards.
The Council of the EU and Parliament will still have to hold discussions to reach a final agreement on less important elements of the text. “There is still work to be done, but we are very close to a final agreement on the whole package. I am very pleased with the results of the trilogue, during which all the institutions reaffirmed their political commitment to the need to guarantee high levels of data protection and privacy”, concluded Mrs Jerković. (Original version in French by Thomas Mangin)