Overview of EU eIDAS 2.0 Regulation

,

eIDAS 2.0 represents a significant upgrade to the European Union’s electronic Identification, Authentication, and Trust Services (eIDAS) regulation. This enhancement aims to refine and expand cross-border digital identity solutions and trust services, thereby allowing citizens and businesses to securely access a wide range of public and private services across the EU.

By enhancing trust services and website authentication, eIDAS 2.0 ensures that transactions conducted across European Union Member States are secure and legally recognized, promoting greater trust, interoperability and reliability in digital interactions. 

The three pillars of the regulation:

  1. eID Schemas. Allows individuals to prove their identity digitally when accessing services. These schemes are established by each EU member state and can vary in terms of implementation but must comply with eIDAS standards for cross-border recognition. The eIDAS framework defines three levels of assurance for eID schemes:
    • Low: Suitable for low-risk transactions, offering basic security.
    • Substantial: Provides a higher level of security and is suitable for moderately sensitive transactions.
    • High: Offers the highest level of assurance, for high-risk or sensitive transactions, such as financial services.
  2. EUDI Wallet. Secure, Digital Identity Wallet solution enabling citizens and businesses to store and manage their personal information, credentials, and electronic documents (e.g., ID, driver’s license, banking details) in one place. It allows users to authenticate themselves and access online (trust) services across the EU, including cross-border services, without needing multiple logins or paper documents.
  3. Trust Services. The legal framework built upon acceptance, mutual recognition and equal conditions. Digital services that ensure the security, authenticity, and legal validity of electronic transactions.

In summary key components include trust frameworks, legal recognition, common set of rules and eIDAS cross border standards, and legal recognition across Member States.

Categories of qualified trust services

  • Electronic (Digital) Signatures. An electronic way for a person to agree to a document or data. Qualified Electronic Signatures hold the same legal weight as handwritten ones.
  • Electronic Seals. Like a traditional business stamp, it can be used on electronic documents to ensure their origin and integrity.
  • Timestamps. Connects an electronic document, like a purchase order, to a specific time, proving the document existed then.
  • Electronic Certificates. Electronic certificates that show your customers that your website is safe and reliable. They confirm the website is connected to the certificate holder and help prevent data phishing.
  • Electronic Registered Delivery Services. Enables users to send data electronically. Offers proof of sending and delivery, safeguarding companies from loss, theft, damage, or unauthorized changes.

Technical infrastructure

Figure.  Vedler, R. Simplified visual of processes.  

European Blockchain Services Infrastructure and Blockchain NoDes

European Blockchain Services Infrastructure (EBSI) complements eIDAS 2.0 by enabling trusted, blockchain-based digital transactions, while EUDI ensures seamless identity verification. Together, they enhance secure cross-border digital interactions.

The EBSI consists of a peer-to-peer network of interconnected nodes running a blockchain-based services infrastructure. Each member of the European Blockchain Partnership (EBP) – the 27 EU countries, Norway, Liechtenstein and the European Commission – will run at least one node.

The infrastructure is made up of different layers including:

  • a base layer containing the basic infrastructure, connectivity, the blockchain and necessary storage;
  • a core services layer that will enable all EBSI-based use cases and applications;
  • additional layers dedicated to use cases and specific applications.
Verifiable Credentials Data Exchange Model 2.0 and EBSI

This model developed by the W3C promotes trust data exchange (for B2C, B2B, B2G, and C2G), privacy, and data sovereignty, ensuring compliance with GDPR, Interoperable Europe Act and other regulatory frameworks. By EBSI supported verification service based on ‘Zero Trust Architecture.’

Implementation indicative timeline

eIDAS 2.0 was adopted by the European Parliament on February, 2024 and is already published in the Official Journal of the EU, entering into force on the 20 May, 2024.

  • Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework
    https://eur-lex.europa.eu/eli/reg/2024/1183/oj
Photo. Lalic, V. This historic vote brings us a step closer to a universal digital identity for all European citizens, valid and recognized across Europe.

EU Member States must implement trust services within 24 months after the implementing legislation is adopted.

Related Acts (EUDI Wallet)

Status: The public feedback period has ended (09 September 2024). After approval by the European Parliament, they will be published in the Official Journal of the European Union.

  1. Trust framework [link]
    It aims to ensure that the electronic notification system established by the European Commission acts as a secure and transparent communication channel for exchanging information between the Commission and the Member States.
  2. Protocols and interfaces to be supported [link]
    It aims to ensure the proper implementation of protocols and interfaces crucial for the effective operation of the wallets.
    By supporting common protocols and interfaces, the wallets can guarantee:
    • successful issuance and presentation of identification data and electronic attestations;
    • successful data sharing between wallet units; and
    • efficient communication with relevant parties.
  3. Integrity and core functionalities [link]
    It aims to lay down rules to ensure that Member States provide wallets that are interoperable and can be used for all their intended purposes. For example, the wallets should enable:
    • secure online cross-border identification for a wide range of public and private services;
    • sharing of electronic attestations; and
    • issuance of electronic signatures.
  4. Person identification data and electronic attestations of attributes [link]
    It aims to ensure the smooth lifecycle management of both personal identification data and electronic attestations, covering issuance, verification, revocation and suspension. This guarantees that users’ personal identification data and electronic attestations are issued to the wallet and can be disclosed to relevant parties.
  5. Certification [link]
    This initiative aims to lay down the requirements for certification of the conformity of European Digital Identity Wallets. Where Member States cannot use European cybersecurity certification schemes based on Regulation (EU) 2019/881 or if such schemes are not sufficient, they must establish national certification schemes to supplement them. These schemes must, for instance, specify the competence requirements and an evaluation process.
Related Acts (Trust services)

Status: To be published 1 quarter 2025 to public feedback.

  1. Cross-border identity matching [link]
  2. Security breaches [link]
  3. Registration of relying parties [link]
  4. Verification of electronic attestation of attributes [link]
  5. List of certified wallets [link]

Possible services to be developed

Generic relevant regulatory areasSector specific relevant regulatory areasDLT specific
regulations
• AI
• Environmental,
Social & Governance
(ESG)
• Commercial registers
• Cyber security
• Consumer protection
• Competition law
• Customs
• Data protection and
data regulation
• Digital Identity
• Batteries / Digital
• Product Passports
• Trade finance *		• Automotive
• Crypto assets
• Energy & Utilities
• Education
• Financial markets
• Government
• Health
• Media
• Retail
• Trade & logistics		MiCA Regulation
European
Digital Identity
Regulation
DLT pilot
Regulation
Regulation on information accompanying transfers of funds and certain cryptoassets
Certain provisions in the Data Act
Regulation on payment services *

Source: European Blockchain Sandbox – Best Practicies Report 2023
* updates added by DigitalTrade4.EU.

Some examples
  • Logistics, trade and trade finance. eIDAS 2.0 with trust services (electronic signature, eSeal, etc.) enables seamless cross-border transactions by verifying identities, signing documents electronically, and securing data exchanges. This fosters smoother supply chain operations, efficient customs processing, and more secure trade finance, driving increased trust and transparency across these sectors.
  • Financial Services. Speed up account opening by reusing existing verified identities. Improve KYC and fraud protection through richer identities.
  • Licenses. Digital documents, such as identity and health documents, driving licenses, vehicle registration and voter cards, are always kept and carried in the safest and most convenient place possible.
  • eGovernment. Increases efficiency and reduces manual processes by reducing in-person appointments. Automate data exchange between government agencies.
  • Travel & Hospitality. Digitalize customer check-in and registration. Speed up processes and reduce manual labor through increased automation.
  • Mobility. Automate customer onboarding and speed up driver license verification. Benefit of a European standard that works for various markets.
  • Telecommunication. Speed up registration for prepaid cards by using existing verified identities. Improve fraud detection through richer identities.
  • eHealth. Store health information and access other relevant information. Increase efficiency and effectiveness through reduced data handling and GDPR compliance.
Related videos

Summary by Riho Vedler (DigitalTrade4.EU), Machiel Tesser (Blockchainvoorlean)

, , ,

admin