EU Digital Wallet – Digital Identity as a Framework for a Partner Ecosystem

The European Union (EU) is set to launch a digital identity wallet as part of its efforts to enhance digital services and improve security for its citizens.

The EU writes that a personal digital wallet for EU citizens will make it easier for people to access public services and make online transactions.

They provide this short intro, highlighting the benefits for SMEs through more secure and streamlined online commerce functions.

eIDAS

The proposed new framework amends the 2014 regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS regulation), which laid the foundations for safely accessing public services and carrying out transactions online and across borders in the EU.

A digital identity wallet offers numerous benefits for both individuals and service providers, including users managing their digital identity from a single platform, and security: The wallet employs advanced encryption and authentication mechanisms, reducing the risk of identity theft and fraud. Users have control over their personal data and can choose what information to share with service providers.

The EUDI wallet will revolutionise how citizens and businesses can digitally identify themselves when accessing public and private services throughout Europe, using their smartphone in a secure and convenient manner. It will allow citizens to control their personal data stored within the wallet. The wallet will also be equipped with mechanisms to minimise the data shared for accessing services.

The EUDI wallet will make easier for EU citizens to travel and move to a new country. It will include digital travel credentials, and will simplify the processes of opening a bank account, registering for a SIM card, proving educational and professional qualifications, and claiming social benefits through the European Health Insurance Card.

Identity-Enabled Digital Ecosystem

What is notable about this is not so much the digital identity technologies, which are of course important, but rather how it also defines a model for a partner ecosystem.

This initiative aims to provide individuals with a secure and convenient way to prove their identity online, while also creating new market opportunities for vendors and entrepreneurs. The digital identity wallet will be compatible with various online services, enabling seamless integration across different platforms.

The technical documentation is published here, which highlights that rather than this initiative being about a single, standalone technology, it defines an overall inter-operating digital ecosystem, featuring:

• End Users of EUDI Wallets – End users are defined as natural or legal persons that will be using the wallets to send, receive, store and share attestations and personal attributes about themselves which would be used to prove identity. End users will be able to produce qualified electronic signatures and seals (QES) using an EUDI Wallet.
• EUDI Wallet Providers – They are Member States or organizations mandated or recognized by Member States that make the EUDI Wallet available to End Users. The terms and conditions of the mandate or recognition would be determined by each Member State. EUDI Wallet Providers are responsible for ensuring compliance with the requirements.
• Person Identification Data Providers (PID) – PID providers are trusted entities and are responsible for verifying the identity of the EUDI Wallet user, maintaining an interface to securely provide PID to the EUDI Wallet, and making information available for Relying Parties to verify the validity of the PID, without receiving any information about the PID’s use.
• Qualified Electronic Attestation of Attributes (QEAA) Providers – Qualified EAA are provided by QTSPs. QEAA providers maintain an interface for requesting and providing QEAAs, including a mutual authentication interface with EUDI Wallets and potentially an interface towards Authentic Sources to verify attributes.
• Non-Qualified Electronic Attestation of Attributes (EAA) Providers – Non-qualified EAA can be provided by any Trust Service Provider. While they are supervised under eIDAS, it can be assumed that other legal or contractual frameworks than eIDAS mostly govern the rules for provision, use and recognition of EAA.
• Qualified and Non-Qualified Certificate for Electronic Signature/Seal Providers – The EUDI Wallet enables the user to create qualified electronic signatures or seals.
• Providers of other Trust Services – Providers of other qualified or non-qualified Trust Services such as timestamps may be further expanded in future versions of the ARF.
• Authentic Sources – Authentic Sources are the public or private repositories or systems recognized or required by law containing attributes about a natural or legal persons. Authentic sources are sources for attributes on address, age, gender, civil status, family composition, nationality, education and training qualifications titles and licenses, professional qualifications titles and licenses, public permits and licenses, financial and company data.
• Relying Parties – Relying Parties are natural or legal persons that rely upon an electronic identification or a Trust Service. Relying Parties need to maintain an interface with the EUDI Wallet to request the necessary attributes within the PID dataset with mutual authentication. Relying parties are responsible for carrying out the procedure for authenticating PID and (Q)EAA.
• Conformity Assessment Bodies (CAB) – The EUDI Wallets must be certified by accredited public or private bodies designated by Member States. QTSPs need to be audited regularly by Conformity Assessment Bodies (CABs).
• Supervisory Bodies – The supervisory bodies are notified to the Commission by the Member States, which supervise QTSPs and take action, if necessary, in relation to non-qualified Trust Service Providers.
• Device Manufacturers and Related Entities – EUDI Wallets will have a number of interfaces with the devices they are based on, which may be for purposes such as local storage, online Internet access, sensors such as smartphone cameras, IR sensors, microphones, etc, offline communication channels such as Bluetooth Low Energy (BLE), WIFI Aware, Near Field Communication (NFC) as well as emitters such as screens, flashlights, speakers etc, and smart cards and secure elements.
• Qualified and Non-Qualified Electronic Attestation of Attributes Schema Providers – (Q)EAA Schema Providers publish schemas and vocabularies describing (Q)EAA structure and semantics. It may enable other entities such as Relying Parties to discover and validate (Q)EAA. Common schemas, including by sector-specific organizations are critical for widespread adoption of (Q)EAAs.
• National Accreditation Bodies – National Accreditation Bodies (NAB) under Regulation (EC) No 765/2008 are the bodies in Member States that perform accreditation with authority derived from the Member State.

Pilot Projects

As they write here the EU are investing €46 million from the Digital Europe Programme into piloting and enhancing the European digital identity (EUDI) wallet, for travel, health, banking, education and more.

This investment is supporting 4 pan-European pilot projects that will develop and test the usage of the EUDI wallet for individuals and businesses around a diverse range of everyday use-cases. These use-cases cover both public and private services with national and cross-border interactions.

The 4 pilot projects involve more than 250 private and public organisations across almost every Member State, as well as Norway, Iceland, and Ukraine, and will run for at least 2 years. They represent a combined investment of over €90 million in the EU digital identity ecosystem, co-financed by the Commission at 50%.

They will work on 11 priority use cases to improve citizens’ access to highly trusted and secure electronic identity means. The pilot projects will test the whole eco-system, from issuing the wallet to the user, to incorporating personal identity information, adding additional documents, and presenting this information to service providers.

• POTENTIAL – Pilots for European Digital Identity Wallet Consortium. The project will apply the EUDI wallet to 6 use-cases: Access to government services, Opening of a bank account, Registration for a SIM card, Mobile driving licence, eSignatures and ePrescriptions.
• EWC – EU Digital Identity Wallet Consortium. The project will test 3 use-cases: The storage and display of digital travel credentials, the organisation of digital wallets and the organisation of payments.
• NOBID – Nordic-Baltic eID Wallet Consortium. The project will focus on a single use-case: the use of the EUDI wallet for the authorisation of payments for products and services by the wallet user. It will address the issuance of wallets, the provision of payment means by financial institutions, and the acceptance of payment in a retail context.
• DC4EU – Digital Credentials for Europe Consortium. The project will test the use of the EUDI wallet in the educational sector and the social security domain. The pilot project will align with the European Social Security Pass and the European Learning Model. It will use the European Blockchain Services Infrastructure (EBSI) in the context of the EUDI wallet.

Market Opportunity for Vendors and Entrepreneurs

The launch of the EU’s digital identity wallet presents a significant market opportunity for vendors and entrepreneurs in several areas:

• Development of Wallet Applications: Vendors can create innovative applications that leverage the digital identity wallet’s capabilities. These applications can range from secure login solutions for websites and mobile apps to identity verification services for online transactions.
• Integration Services: Entrepreneurs can offer integration services to businesses that want to incorporate the digital identity wallet into their existing systems. This includes developing APIs and software modules that enable seamless integration with different platforms and applications.
• Consulting and Advisory Services: As the adoption of digital identity wallets grows, there will be a need for consulting and advisory services to help businesses navigate the implementation process. Entrepreneurs can provide expertise in areas such as data protection, user experience, and compliance with regulatory requirements.
• Security Solutions: With the increasing importance of digital identity security, vendors can develop and offer advanced security solutions that complement the digital identity wallet. These solutions may include biometric authentication technologies, fraud detection systems, and encryption tools.

Conclusion

The EU’s plans to launch a digital identity wallet present an exciting market opportunity for vendors and entrepreneurs. The wallet’s convenience, security, and privacy features make it an attractive solution for individuals and service providers alike. By capitalizing on this opportunity, vendors and entrepreneurs can contribute to the growth of the digital identity ecosystem while offering innovative solutions to meet the evolving needs of the market.