European Digital Identity Regulation (eIDAS2)

The Spanish presidency secures an agreement on the regulation to create a single, secure European digital identity

News - 2023.11.8

The Acting First Vice-President of the Government of Spain and Minister for the Economy and Digital Transformation, Nadia Calviño, chaired the fourth and final trilogue in Brussels to close this ambitious regulation, without any opposition from the other member states, the Commission or the Parliament.

"With the adoption of the European Digital Identity Regulation, we are taking a fundamental step towards providing citizens with a single and secure European digital identity. This is a key step forwards for the European Union to be a benchmark in the digital field, protecting our rights and democratic values", said Vice-president Nadia Calviño.

The trilogue was also attended by the European Commissioner for the Internal Market, Thierry Breton, and the co-legislators of this regulation, MEPs Cristian-Silviu Buşoi and Romana Jerković.

Regulation (EU) No 910/2014, known as the eIDAS regulation, is the current legal framework in Europe for electronic identification and trust services in electronic transactions. In September 2020, the European Commission proposed updating this regulation (colloquially called "eIDAS2").

During these two years, work has been carried out in the European Parliament, the Council of the EU and the European Commission to reach - following 19 technical meetings under the Spanish presidency of the Council of the EU - an agreement on a final text that will be binding on all member states of the European Union.

Secure EU-wide digital identification

The eIDAS2 Regulation aims to provide individuals and businesses universal access to secure and reliable electronic identification and authentication.

To this end, it foresees that member states will be obliged to issue at least one European Digital Identity Wallet within 24 months after entry into force, which will be voluntary for citizens and businesses in the form of mobile applications.

These digital wallets will allow citizens to digitally identify themselves, store and share a myriad of identification data, credentials and identity attributes, such as driving licences, academic qualifications, bank accounts or medical prescriptions. It will also allow digital signatures and control with whom and under what conditions such personal information is shared with third parties.

All this will be in a common and harmonised way across the European Union, which is a major step towards territorial cohesion and the single market, as these digital wallets can also be used in the private sector.

Avoid unnecessary sharing of personal data

In addition, it will avoid using private identification methods or sharing personal data unnecessarily. User control will ensure that only information that needs to be shared is shared.

Among the various other agreements reached and set out in the final text - with a harmonised approach to cybersecurity - are the requirement for high levels of trust and the free-of-charge nature of these digital wallets, which will be developed under an open source model that allows for greater scrutiny and security of these applications.

It also provides for the extension of trust services to electronic ledgers and the management of remote electronic signatures and seal creation devices, as well as the electronic issuance of identity attributes by qualified providers.

Intense negotiation process under the Spanish presidency

The text was in the inter-institutional negotiation phase, commonly known as trilogues, because three EU institutions - the EU Council, the European Parliament and the European Commission - are involved in these discussions.

Thanks to the intense work carried out under the Spanish presidency of the Council of the EU, the fourth and final trilogue is the culmination of a great negotiating effort that has resulted in 19 technical meetings since Spain received this dossier from the previous Swedish presidency. At the last technical meeting held on 11 October 2023, all outstanding negotiating articles were finalised in a text agreed by all parties.

Following the consensus reached today, technical work will continue in order to complete the legal text in accordance with the provisional agreement. Once finalised, the text will be submitted to the Committee of Permanent Representatives (Coreper) of the member states for approval.

The revised agreement will have to be formally adopted by the Parliament and the Council before it can be published in the EU's Official Journal and enter into force.

Other key digital dossiers for the Spanish presidency

The Spanish presidency continues to work to close other key dossiers in the digital field before the end of its mandate on 31 December.

Among them, the Artificial Intelligence Regulation stands out, making the European Union the first jurisdiction in the world with a legal regime on artificial intelligence, ensuring that this new technology complies with European fundamental rights. Work is progressing in the trilogues held so far, with the aim of closing the negotiation before the end of the year.

Progress is also being made with the Cyber Resilience Regulation, to increase the cybersecurity of hardware and software products. The aim is to protect citizens by providing them with guarantees of security and quality for all products incorporating digital elements.

Another dossier under negotiation is the Gigabit Infrastructure Regulation (GIA). The aim is to have secure high-speed infrastructures throughout Europe by 2030 in order to roll out all electronic communications networks and reduce roll out costs, while providing legal certainty and transparency for economic operators. The Spanish presidency's objective is to obtain the European Council's mandate during this six-month period and then begin negotiations with the European Parliament.

Non official translation

More Info