EU Czech Presidency suggests new European digital ID guidelines

The Czech Presidency of the European Union Council revealed a new compromise text last week to address issues blocking the European digital identity project.

The questions emerged at a debate at the ambassadors’ level, according to Euractiv, and are now addressed in the compromise, which is being discussed at the Telecom Working Party today.

In terms of use cases, the Czech Presidency left the registration process to the discretion of national authorities, building on suggestions from France that organizations intending to use the digital ID wallet (relying parties) would have to inform the national authorities of the use case, each of which come with certain limitations on the type of information an organization can request.

Further, the new compromise specifies that the wallet should be subject to certification schemes with a high assurance level under the Cybersecurity Act.

Regarding interoperability, the EU scrapped plans for a unique identifier because having a single number to track a person would be a constitutional problem in Germany. Instead, the Czech Presidency is now introducing the possibility of sector-specific identifiers. The new text also requires major tech firms (designated gatekeepers under the Digital Markets Act) to ensure the interoperability of digital wallets with their operating systems for free.

From a technical standpoint, the compromise clarified that electronic digital identities will be issued by qualified trust service firms that are regularly audited. And the supervisory body will be able to participate in the audits as an observer. These services will also have to “ensure the technical security and reliability of the processes supported by them, including using suitable cryptographic algorithms, key lengths and hash functions in the systems.”

Finally, the compromise states that issuance, use for authentication and revocation of wallets should all be free for individuals and that existing services have two years to comply with the trust services’ requirements.

A deadline has also been added for private organizations under EU or national law, who will be required to use online authentication measures and accept the wallet within six months of their initial insurance.

Article Topics

biometrics  |  cybersecurity  |  digital identity  |  digital wallets  |  EU  |  interoperability  |  regulation