Looking to determine if Criipto is the right match for your team? Contact sales →
Live status
Log in
Test for free Contact us
Test for free Contact us
Live status

Table of contents

Author
Natalia Moskaleva 15 December 2024

eIDAS 2.0: Shaping the Future of Digital Identity in Europe

eIDAS 2.0, or Electronic Identification, Authentication, and Trust Services 2.0, is an updated version of the original eIDAS regulation.

The original regulation established the first unified legal framework for a cross-border digital identity system in Europe. eIDAS 2.0 builds on this foundation to create a unified approach to electronic identification that works across every Member State. 

A key feature of eIDAS 2.0 is the European Digital Identity Wallet (EUDI Wallet), which lets EU citizens and residents securely store, manage, and selectively share their personal information with authorized public and private entities.

Timeline

  • 2014: The eIDAS regulation allowed notified national electronic identification schemes (eIDs) to be used to access public services online across borders. 
  • 2021: The European Commission proposed a revision to the original regulation, based on the principle that individuals should have full control over their digital identity.
  • 2024: eIDAS 2.0 entered into force. 
  • 2026: eIDAS 2.0 is expected to fully roll out by the end of the year when Member States will be obliged to offer the first EUDI wallets to their citizens.

The two focus areas of eIDAS

eIDAS (in both its original and updated versions) focuses on two main areas:

  1. Electronic Identification: eIDAS sets standards for eID systems, enabling secure access to digital services across the EU with varying security levels (aka “levels of assurance”). These systems let individuals easily access government portals and other online services.
  2. Trust Services: eIDAS covers services like electronic seals, timestamps, and website authentication certificates, which are indispensable for ensuring the authenticity, trustworthiness, and security of electronic transactions.

Why eIDAS needed an update

The original eIDAS regulation intended to give European citizens access to public services across the EU using electronic identities issued in their home country and recognized by other Member States. While eIDAS paved the way for cross-border electronic transactions and mutually recognizable eIDs, it had several limitations:

  1. Challenges implementing notified eID schemes
    The formal approval of an eID scheme is known as “notification”. While the concept of notified eID schemes was central to eIDAS, it did not fully work in practice. Its success relied on Member States voluntarily notifying their eID schemes to the European Commission. Because participation wasn’t mandatory, many countries opted not to develop or seek recognition for their eIDs. By 2021, only 14 Member States had notified 19 eID schemes, covering approximately 59% of EU citizens.

  2. Focus on public services
    eIDAS primarily targeted public sector services, despite most digital identity use cases being in the private sector, such as banking and e-commerce.

  3. Lack of incentives
    Private service providers and Member States didn’t receive sufficient incentives to join the initiative. This led to uneven adoption and few cross-border use cases.

  4. Fragmented standards
    Divergent national approaches in certain areas, such as biometric verification, resulted in inconsistencies and hindered interoperability.

  5. Legal obstacles
    Some countries’ national legislation imposed requirements—such as face-to-face interaction—that conflicted with eIDAS’s digital-first approach.

  6. Lack of awareness among EU citizens
    Many citizens were unaware of eIDAS and its potential benefits, limiting its application and adoption.

In addition to the structural shortcomings listed above, the world has changed dramatically since the launch of the first eIDAS. The COVID-19 pandemic emphasized the need for accessible digital identities, as the demand for secure online services soared. Technological developments brought new possibilities in the digital identity space. User expectations have also changed, with smartphones providing a smoother online experience. Finally, the EU legislation evolved with the General Data Protection Regulation (GDPR) entering into force in 2018.

The European Commission recognized these changes and proposed an update to the original eIDAS.

What’s new in eIDAS 2.0?

eIDAS 2.0 brings two major changes:

1. Trust Services: eIDAS 2.0 refines the rules for Qualified Trust Service Providers (QTSPs) to focus on better identity verification for individuals and businesses who use qualified certificates. This harmonizes regulations across the EU. Additionally, it introduces new qualified trust services, such as digital archiving, electronic ledgers, and remote electronic signature device management.

2. EUDI Wallet: The EUDI Wallet lets users manage and share digital credentials with government agencies and private companies for identity verification or electronic signatures. It can be used both online and offline.

Other important areas in the updated regulation include:

Reusable digital identities
Users can create a single digital identity to access various services, eliminating the need for multiple logins. Because such identities are stored in EUDI Wallets, users retain control over where and how they share personal information.

Interoperability across Member States
eIDAS 2.0 requires digital identities and trust services to be recognized across all EU Member States, which lets citizens conduct seamless, secure interactions anywhere in the EU.

Objectives of eIDAS 2.0

eIDAS 2.0 aims to:

  • Deliver highly secure, cross-border digital identities that meet the demands of both private and public sectors.
  • Provide citizens with secure access to digital services while letting them maintain control over their personal data.
  • Create a level playing field for businesses and governments offering and using digital trust services across the EU.

Benefits of eIDAS 2.0

The updated regulation offers benefits to all parties:

  • Citizens: eIDAS 2.0 simplifies digital access while giving users greater control over their information.
  • Businesses: Companies can more easily verify customer identities across borders, which lowers administrative costs and enables seamless expansion into new markets.
  • Governments: eIDAS 2.0 can make public services more efficient, reduce bureaucracy, and improve cooperation between EU countries.

Challenges to implementation

eIDAS 2.0 offers major benefits, but its implementation will be complex. Integrating new systems with existing infrastructure, addressing varying levels of digital maturity across the EU, and raising public awareness will require substantial effort and investment.

The future of eIDAS 2.0

eIDAS 2.0 represents a big step towards creating a secure and interoperable digital identity ecosystem across Europe, which may serve as a model for other regions. As part of the EU's Digital Decade objectives, eIDAS 2.0 will serve to address the increasing demand for secure and seamless online services in a digital-first world.

Author
Natalia Moskaleva 15 December 2024
Our blog

Latest blog posts

The latest industry news, interviews, technologies, and resources.

View all posts
A Brief History of Privacy

Over the past two decades, the rapid growth of personal data collection has dramatically changed how individuals, organizations, and governments view...

Why Is Everybody Talking About Age Verification for Social Media?

Should social media platforms restrict minors from certain content? Can they do it?

Multi-Factor Authentication: Definition, Use Cases, and Benefits

Traditional single-factor authentication methods, such as usernames and passwords, are increasingly vulnerable to cyberattacks. Multi-Factor...

View all posts

Sign up for our blog

Stay up to date on industry news and insights