EUDI Wallet sees more tensions, new criticisms and some wins
Discussions on the technical specifications of the European digital identity project are seeing more confrontation which could potentially lead to delays in launching the EU Digital Identity (EUDI) Wallet, according to reports.
In August, the European Commission published drafts of the implementing acts, opening them for public feedback. The acts outline technical specifications and certifications to ensure uniform implementation of digital ID wallets across Europe.
However, four major EU members, including Germany, France, the Netherlands, and Spain, have proposed an alternative draft of the implementing acts that emphasizes privacy, interoperability, and harmonizing standards, alongside explicit references to mandatory standards and certification schemes. Germany also wants European ID providers to ensure interoperability with secure hardware devices such as chips, which are integrated into the country’s physical ID cards.
The move has ignited concern that the rollout of EU digital wallets could also be postponed. The implementing acts for the EUDI Wallet will require the approval of a qualified majority which will not be achieved if the four member states refuse the draft of the implementing acts proposed by the Commission, MLex reports.
Other EU member states believe that the new draft introduces improvements, according to the report. The implementation of the EUDI Wallet, however, still has many other points of contention to solve.
Among the points of contention are the right to use a pseudonym, handling cross-border data erasure requests, limitations in using the wallet based on a public registry and mandatory attributes to identify a person. The latter has been interpreted by some stakeholders as an attempt to introduce a “unique persistent identifier,” which could lead to users being tracked in all of their interactions. Using digital IDs to verify children’s age online has been another controversial topic.
Member states are expected to offer at least one EUDI Wallet to all citizens, and residents by 2026.
EU regulators are ignoring phishing: Criipto CEO
The security of digital identity wallets is another popular topic in Europe.
European regulators are concerned with preventing criminals from breaking into data centers connected to digital identities. And while data centers need to be secured from hacks, a more pressing danger to users may be cheating them out of their money through phishing, says Niels Flensted-Jensen, CEO and co-founder of digital ID firm Criipto.
“Of course, we need all that data center security, but without it, or even if we have that, they can still fish you,” Flensted-Jensen said at FIDO’s Authenticate conference this week.
Romanian cybercriminal gangs have been targeting Norwegians by sending out fake SMS messages that appear to be from the country’s Department of Motor Vehicles. The phishing scam has resulted in users handing over their digital ID credentials which can be used to access bank accounts, according to the financial and cyber-crime units of the Norwegian police.
The rise in crime is driven by the popularity of electronic identity in Scandinavia, including Norway’s largest digital identity BankID, says the Criipto CEO. The company was recently acquired by BankID operator operator BankAxept AS.
Flensted-Jensen also said that eIDAS, the rulebook that regulates digital identities in Europe, has also made the use of passkeys more difficult.
Germany, Italy continue work on EUDI wallets
Germany’s competition to design prototypes for the EUDI Wallet is showing first results.
Lissi, which was spun off from banking institution Commerzbank AG, has announced it has completed the first phase of the competition organized by the German Federal Agency for Disruptive Innovation (SPRIND) and will enter the second phase. This includes testing use cases as part of the Potential consortium, one of the large-scale pilots designed within the EUDI Wallet project.
Lissi joined SPRIND’s 13-month prototype competition for digital ID prototype competition in the non-funding track in June. The company focuses on onboarding bank clients, payment authentication and Know-Your-Customer (KYC) processes for financial institutions.
Italy is also preparing for the full rollout of the IT Wallet, which allows users to store digital documents and certificates. The smartphone app should become available to all Italians from December 4th, 2024, while the first digital services will be available from 2025.
The IT Wallet, which is integrated into the public services app Io, started its first tests with a limited number of users this summer. The first credentials it will offer are driver’s licenses, health cards and the European disability card. In the future, the wallet should also contain identity documents, birth, marriage and residency certificates, school qualifications, public transport passes and more, according to La Stampa.
Implementing the EUDI Wallet as an exercise in governance
As technology experts debate technical standards and security issues of implementing the EUDI Wallet, policy scholars are examining how states should approach this complex task from a governance perspective.
“Governments must create a trustworthy collaborative partnership between public, private, and civic actors to gain legitimacy and achieve effective ecosystem orchestration that creates an equal level playing field,” says the paper, which was published in Springer by researchers from the Institute of Technology and Management in Berlin.
Europe is seeing two approaches to orchestrating the introduction of digital IDs, with states leaning towards one or the other or combining them into their own unique approach.
The first approach is the Government ID-Infrastructure Wallet model: The government or a community actor builds a core ID wallet and issues public personal identity data. Third parties use this infrastructure to introduce functionalities and build added-value services on top of it.
“This model has a fixed scope and aims to ensure high data protection and security,” the researchers note.
The second approach is the Trust ID Wallet Federation and it describes multiple ID wallet providers competing within defined guidelines. The government’s task is to certify non-government ID wallet providers and develop public ID wallet offerings.
“In contrast, the second model […] promotes a competitive environment with multiple public and private ID wallet providers competing under equal regulatory conditions, allowing a more dynamic and user-centered ecosystem development,” says the paper.
The research analyzes these approaches considering monetization, operating models and issues governments can expect with orchestration. Its goal is to help policymakers choose orchestration strategies that align with the government’s capabilities and market conditions.
Article Topics
Criipto | digital ID | digital identity | digital wallets | eIDAS | EU | EU Digital Identity Wallet | FIDO Alliance | interoperability | Lissi | regulation | SPRIND | standards
Comments