What is EUDI: EU digital identity wallet. In-depth review.

European regulators, led by the European Commission, are driving EUDI, the EU's digital identity wallet. Efforts are focused on defining the implementation of a single, sovereign digital identity that is projected to be a fundamental pillar in the continent's digital age. A major challenge has been set: that by 2030, at least 80% of the European population will be using this innovative tool.

In an increasingly digitized world, as ever the European Union is leading the way with the introduction of EUDI. This innovative initiative aims to revolutionize online and offline identity management for European citizens. 

In this article, we will explore in depth how EUDI works, the applications it can have and its impact on the European digital, social and economic landscape. We will start by defining what EUDI is, how it has been approached, implementation dates and its core role within the new eIDAS 2 standard.

What is EUDI?

EUDI is a digital wallet where the identity information of a European Union citizen is stored. It is a comprehensive system shared by all member countries that has been designed to provide EU citizens with a secure and efficient means to manage their identity online and also identify themselves face-to-face with digital tools (on an electronic device such as a cell phone, smartphone, etc). By using cutting-edge technologies such as cryptography (blockchain) and biometric authentication, EUDI ensures the security and privacy of user data while storing all kinds of information relevant to states, companies and the citizen himself.

Thanks to EUDI, users can access their information and share their digital credentials securely, allowing them to interact with a wide range of online and in-person digital services conveniently and securely. It is designed to be interoperable, meaning that users can use their digital credentials across a variety of platforms and services, without compromising security or privacy.

At all times, the citizen is the owner and sole manager of this European digital identity. It is he who decides what he manages, shares or shows or what he does not. Within the framework of the Digital Europe Program, the public initiative aims to boost public and private digital services throughout the region by giving citizens complete control over their personal data, at a click of a button.

The EUDI wallet is supported by more than 50 organizations fully involved in its development: governments and public administrations, mobility experts, payment services, trust service providers, software developers, related industry associations, etc. As part of the executive team of the different consortia, these agents work with the EEC to define all the technical characteristics and models of the EUDI wallet so that the European Union states can provide it to their citizens.

In short, EUDI is a mobile application where we can store official identity documentation issued by governments and accepted by EU and EFTA member states. In this electronic wallet or digital wallet, we can also carry all kinds of information, not only identity documents

What is the EU digital identity wallet for?

The usefulness of EUDI extends to a variety of practical applications in diverse sectors. From secure authentication in online services to the electronic signature of legal documents, EUDI provides European citizens with the tools they need to interact securely and efficiently in the digital world and identify themselves both remotely and in person. For example, in the field of healthcare, EUDI allows users to securely access their medical records and authorize the exchange of information with healthcare professionals when necessary.

Similarly, in the BFSI sector, EUDI simplifies the process of opening accounts and conducting financial transactions. In addition, EUDI also offers benefits in areas such as education, social security and transportation, improving efficiency and convenience for users in a variety of contexts.

The following is a list of the uses of EUDI:

• Display official identity documentation in digital format: including passports, government identity documents, driving licenses, residence permits and others. This allows identification and authentication to both public and private services online and in person through digital means. It will have a major impact on mobility, travel, public administration and all areas of the economy where identification of customers, users and citizens is required.
• Authorization of payments: While guaranteeing the security and integrity of the user's data. Together with standards such as PSD3, which incorporates great possibilities thanks to open banking, a new world of possibilities opens up for streamlining processes, saving costs and, above all, increasing security.
• Opening bank accounts: The EUDI wallet issued by a member state other than the one in which the bank in question is headquartered can be used. Similar to what is already done thanks to eIDAS but with greater ease, standardization and interoperability.

• Consultation and transmission of sensitive data: Access to health data, under the control of the holder, in the case of needing health care in a European state other than the state of residence, justifying health conditions (such as vaccination passport) or signing an informed consent. Regarding financial information, EUDI allows to have and share financial data (income, credit rating, etc.) by a simple click and with total security for the application of online bank loans and other financial services. It is also possible to show accreditations of educational and professional qualifications for selection processes or academic purposes.

• Electronic signature of documents: Just as digital certificates are currently used as one of the methods for making digital signatures, with this system EUDI digital identities may be used to make qualified electronic signatures (QES).
• Other use cases with companies: Renting a car through the EUDI wallet from a different member state than the rental company, requesting birth certificates or any other procedure with local and regional administrations, registering a SIM card (telephone line) in your name.

These are just a few examples of all the uses of EUDI, the European digital ID that will work in our devices as an electronic wallet. It is expected that as its adoption by citizens progresses, states will expand the functionalities of this system and collaborate with private companies to establish new possibilities within a framework of absolute data security and privacy.

European companies and organizations rely on the secure exchange of information through EUDI with customers, suppliers, partners, employees, other companies, administrations, organizations, etc. Likewise, to verify and authenticate the credible information and data included in the wallet, companies need to invest to work on adapting their onboarding processes or they can choose to rely on a RegTech partner to adapt easily and simply and get the most out of eIDAS 2 and EUDI.

How the new European Union wallet works

EUDI's functionality is based on the use of digital wallets, which act as secure containers for users' digital credentials. These wallets allow citizens to access and share their credentials securely, using advanced encryption technologies to protect sensitive information in a self-sovereign manner (controlled directly and unambiguously by the user owner). In addition, EUDI leverages internationally recognized digital identity standards to ensure interoperability and compatibility with other public and private systems.

Users can access their digital wallet through a variety of devices, including smartphones, tablets and computers, allowing them to manage their identity in a convenient and accessible way. In addition, EUDI uses additional security measures, such as multi-factor authentication and fraud detection systems, to further protect the privacy and security of user data.

As in its first version, the new eIDAS 2 regulation defines the regulatory framework for the digital identification of users through the EUDI, as well as digital documents, storage, digital accounting packages and electronic certificates inserted into the identity documentation (now 100% digitized within the EUDI wallet).

Regarding the technical aspects of EUDI, it is established as an obligation for the European Union countries to deliver an EUDI (European Union Digital Identity) application 12 months after the effective entry into force of eIDAS 2, distributed by.

• The state itself (through delegated public agencies).
• A state-mandated entity (which may be public or private).
• A trusted third party, recognized by the member state.

The EUDI digital wallet has the following features:

• It grants the highest level of authority and cryptographic (post-quantum blockchain) and includes a specific security certification according to the standards set by eIDAS 2 and by the country.
• It is capable of facilitating the exchange of identity credentials, citizen government information and other similar qualified or unqualified attributions.
• It allows signing documents through the Qualified Electronic Signature, whose means of creating qualified certificates is the EUDI wallet itself.
• It is fully liberalized in accordance with an implementing act to be published in the official gazette of each EU member state. 
• It implies a quantum leap in the standardization of ETSI and CEN standards.
• All agents and users of the EUDI wallet must be aware of the member state where the information is being transferred (e.g. between a bank or registered company and a user).

It is mandatory for member states and government authorities, together with private entities covering a wide range of sectors such as transport, energy, banking, social security, health, water, postal services, education and telecommunications, to comply with the acceptance of the European Union National Identity Card (EU-ID) within EUDI. This acceptance is done through a voluntary request by the citizen (who expresses in an information delivery procedure his/her intention to identify him/herself with this means), which guarantees an explicit consent approach to use his/her EUDI wallet. In addition, large online platforms are also obliged, which promotes greater cohesion and security in the use of digital identity across the European Union. However, the citizen is not obliged to use this means of identification, being able to use other means of identification.

eIDAS 2 and the EUDI Wallet

It is impossible to understand EUDI without eIDAS 2: currently only 60% of EU citizens have access to reliable identification systems, and this figure corresponds to the total number of users who have in one way or another used a method of identity verification recognized by the predecessor of eIDAS2 (digital certificate, Know Your Customer systems of trusted service providers, electronic signatures, etc.). Therefore, the current challenge to operate securely online is focused on the construction of a global tool that brings together all modes of online identification.

eIDAS 2 (or eIDAS 2.0) is the update of the eIDAS (electronic IDentification, Authentication and trust Services) regulation, which came to redefine the way in which Europeans conducted online transactions. Since its predecessor has failed to meet its objective effectively, the new standard proposes changes in three main areas:

1. Elimination of the weaknesses of the current version at the regulatory level.
2. The creation of new additional trust services: certified e-mail (this is already done by many certified players such as Tecalis, but it was not included in eIDAS as such), electronic authentication certificates (which will become the digital document within the EUDI wallet), etc.
3. EUDI Wallet: wallet for storing and using EU-wide digital identity proofs and documentations.

Thanks to the new standard we can count on the new EUDI wallet, fully integrated and in line with RGPD standards, PSD2/3, AML mandates (6AMLD) and cybersecurity laws.

The new proposal highlights that this digital document is "increasingly interpreted by the public and private sectors as the most functional tool to define users and allow them to choose when and with which private service provider they share numerous identity attributes, depending on their use case and risk needs."

The European Digital Identity Document (stored within EUDI) is an important and core part of eIDAS 2 as a further EU step towards full sovereignty of citizen data and information. By 2030, it is estimated according to the European Commission that 80% of citizens will use wallet-based identifiers. 

On the other hand, for companies, private organizations, economic agents and service providers of all kinds, the prospects are really good, as the market will continue to grow by approximately 19% between now and 2028, according to research and analysis by Marketsandmarkets.

It is important to highlight that eIDAS 2.0 establishes that member states are obliged to issue the EU Digital Identity Wallet (EUDI) within 12 months after the new regulation comes into force. In order to guarantee the interoperability and security of EUDI, collaborative projects such as DC4EU, EBSI-VECTOR and EBSI-NE have been developed, which have worked on the development of the infrastructure to make the shared wallet a reality.

In addition, all pilot projects have actions included in each consortium and will have to be implemented within a maximum period of 24 months from last year (2023), in order to be in time for the states to have this basis to develop their wallets in the 12 months mentioned above.

Digital identity pilot projects in Europe

In 2023, the European Commission took a crucial step towards digital interoperability with the investment of €46 million in four European Union Digital Identity (EUDI) pilot projects. These projects, with a duration of at least two years and a total investment of more than €90 million, involve more than 250 public and private entities.

The 11 priority use cases of the pilot projects cover the entire EUDI ecosystem, from issuance to the incorporation of personal information and additional documents. The results will be integrated into the EUDI technical specifications, driving its continued development.

Beyond the four main pilots, the European Commission is developing an open source prototype of the EUDI that will be the main base where the functionalities of the rest will be incorporated. This tool, available on Github as of September 2023, will provide valuable solutions and knowledge to the Member States and the four pilots:

• Potential: Offers access to government services, bank account opening, SIM card registration, mobile driving licenses, e-signatures and e-prescriptions. It is called Pilots for European Digital Identity Wallet.
• EWC: Focuses its functionalities on the storage and visualization of digital travel credentials, organization of digital wallets and payments. It is the most advanced and the most aligned with open source and the one chosen for the EUDI (EU Digital Identity Wallet) denomination.
• NOBID: Nordic-Baltic eID Wallet focuses on user authorization of payments for products and services, issuance of digital wallets, provision of payment means by financial institutions and acceptance of payments in a retail context.
• DC4EU: The closest to what we know as a qualified digital certificate, Digital Credentials for Europe, makes use of the EUDI Wallet in the education and social security sectors, using the European Blockchain Services Infrastructure (EBSI).

Also to be taken into account are projects such as EBSI-VECTOR (EBSI enabled Verifiable Credentials & Trusted Organisations Registries) and the EBSI-NE (EBSI Nodes Expansion) consortium Trusted Organisations Registries) and the EBSI-NE (EBSI Nodes Expansion) consortium, focused on the European expansion of the EBSI network, which work together to link the use of EBSI for the traceability of structured and unstructured documents and products (in relation to OCR and document recognition), functionalities framed within the TRACE4EU project (Traceability Reference Architecture Conformant EBSI for the European Union).

These projects provide valuable feedback on the performance and usability of the EUDI, allowing adjustments and improvements to be made prior to full-scale implementation. The EUDI is expected to evolve over time, incorporating new functionality and adapting to technological advances and changing user needs.

The role of trust services within EUDI

The introduction of the eIDAS 2 regulation has also opened up new avenues for trust service providers, who will play a crucial role in providing services related to digital identity and qualified electronic signatures alongside the EUDI Wallet. These providers will launch new trust services established in eIDAS 2 and ensure the security and integrity of electronic documents between citizen and businesses, providing complementary Know Your Business, due diligence and user experience enhancement services in digital onboarding processes that comply with the most rigorous standards.

The new regulation introduces the possibility of additional trust services, such as long-term legal custody. This implies a transition from the traditional physical preservation of paper documents to the digital preservation of documents with legal value over time. This regulated process guarantees the legal validity of documents through the application of time-stamping (with new and more developed blockchain techniques) and digital signatures. However, it is important to note that the provision of qualified archiving services for electronic documents is reserved only to Qualified Trusted Service Providers (QTSP), which must employ procedures and technologies that ensure the integrity and trust of the electronic document even beyond the established technological validity period.

In summary, EUDI represents an important milestone on the road to a more secure and efficient digital Europe. With its focus on security, privacy and interoperability, EUDI has the potential to transform the way citizens interact with online and offline services across the European Union alongside other standards such as NIS2. As the implementation of EUDI progresses, it is expected to continue to play a key role in promoting innovation and growth across the region.

Tags