Proposal for an EU Regulation eIDAS 2.0 amending the existing eIDAS Regulation ((EU) No 910/2014)
Status: In draft
- Commission’s proposal published 3 June 2021
- Council adopted its position on 6 December 2022
- Parliament has adopted its position on 3 March 2023
- Parliament and Council reached a political agreement on the final text on 8 November 2023. The agreement was adopted by Members of the European Parliament on 29 February 2024. It will need to be formally adopted by the Council which is expected on 26 March 2024
- Member States to provide EU Digital identity Wallets to their citizens 24 months after adoption of the implementing acts setting out the technical specifications for the EU Digital Identity Wallet and the technical specifications for certification. Considering that these implementing acts are expected to be adopted between 6 – 12 months after the final adoption, we shall expect EU citizens to use the EU Digital Identity Wallets by H2 2026/H1 2027
Summary
Proposal for an EU Regulation eIDAS 2.0 amending the existing eIDAS Regulation to promote trusted digital identities to all Europeans by introducing
- a Digital ID-Wallet which can be used to centrally store and manage digital documents such das ID cards
- rules to enable the evidential admissibility of electronic ledgers such as blockchains
Scope
Applies to natural and legal persons who seek to authenticate individuals accessing public and private services both offline and online, and to those using electronic ledgers like blockchains.
Key elements
- Requirement for Member States to issue a European digital ID-wallet within 12 months after entry into force of eIDAS 2.0
- Digital ID-wallet will enable users to centrally store and manage digital documents such das ID cards
- Expansion of the list of eIDAS trust services including 'electronic archiving services', 'electronic ledgers' such as blockchains and the management of remote electronic signature and seal creation devices
- New rules on legal effectiveness and admissibility of 'electronic ledgers' and introduction of the concept of qualified trust service providers
Challenges
- Unclear language that leaves room for interpretation
- Mandatory acceptance approach framework which involves public and private sector solutions limiting data collection to a minimum
- Alignment and consistency with the broader regulatory landscape, especially with DMA, PSD2 review, NIS and cybersecurity legislation
- Safeguarding security, privacy and interoperability of web browsers
- Interplay of existing international standards with potential new standards to be developed
Key Freshfields contact(s):
-
Dr. Theresa Ehlen Partner
Düsseldorf, Frankfurt am Main
-
Julia Utzerath Senior Knowledge Lawyer - Rechtsanwältin
Düsseldorf