Awesome-Mirrors
/
decentralized-id.github.io
mirror of https://github.com/Decentralized-ID/decentralized-id.github.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

identosphere updates

This commit is contained in:
⧉ infominer 2023-06-08 10:08:47 +05:30
parent cca7435cc2
commit 0ee721274a
2 changed files with 153 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
_posts/government/europe/regulation/2019-03-01-gdpr.md
View File

@ -3,7 +3,7 @@ date: 2019-03-01
title: "General Data Protection Regulation (GDPR) of the European Union"
toc: false
categories: ["Government"]
tags: ["GDPR","Europe","eIDAS","CCPA"]
tags: ["GDPR","Europe","eIDAS","CCPA","eSSIF","eSSIF-Lab"]
redirect_from:
- public-sector/europe/GDPR/
- gdpr/
@ -12,25 +12,40 @@ header:
teaser: /images/gdpr-teaser.webp
permalink: government/europe/regulation/gdpr/
canonical_url: 'https://decentralized-id.com/government/europe/regulation/gdpr/'
last_modified_at: 2020-01-05
last_modified_at: 2023-06-08
---
The General Data Protection Regulation (GDPR) is a privacy regulation enacted May 2018, effecting anyone processing the data of EU residents.
> The General Data Protection Regulation (GDPR) is a privacy regulation enacted May 2018, effecting anyone processing the data of EU residents.
* [GDPR - A reflection on the 'self-sovereign identity' and the Blockchain](https://www.linkedin.com/pulse/gdpr-reflection-self-sovereign-identity-blockchain-nicolas-ameye/)
* [Blockchains and Data Protection in the European Union](https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3080322)
* [IBM — How blockchain could address five areas associated with GDPR compliance](https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=61014461USEN)
* [When GDPR Becomes Real, and Blockchain is no longer fairydust](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/gdpr.md)
### EU Blockchain Observatory and Forum Report
* [Blockchain and the GDPR](https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf)
* [Blockchain and Identity](https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf)
**Section 19: Decentralised identity and the European regulatory landscape**
* IDENTITY AND THE GDPR
> An identity framework will need to work within such GDPR principles as data minimisation, purpose limitation and storage limitation. It will also have to deal with many of the rights that data subjects have under the GDPR, among them the well-known right to erasure (right to be forgotten), right of access and rights related to the automated processing of data. The GDPR also lays down clear responsibilities for data controllers and processors that will certainly need to be taken into account as well.
* EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD
> Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.
* [About ESSIF framework](https://docs.essif.sk/en/about-essif-framework/) eSSIF Network
> **ESSIF aims to be GDPR compliant while aligning with eIDAS** to ensure that ESSIF can leverage existing legal frameworks, enabling ESSIF to provide digital evidence supporting legal enforceability. All this in line with the revision of eIDAS, which aims to “improve its effectiveness, extend its benefits to the private sector and promote trusted digital identities for all Europeans and create a secure and interoperable European digital identity that puts citizens in control.”
* [eSSIF-Lab Project](https://essif-lab.github.io/framework/docs/essifLab-project) eSSIF Lab
> The objectives of the eSSIF-Lab project itself include:
> - empower European and other citizens by providing them with new means that help them to electronically negotiate and conduct transactions. These new means will make electronic transactions fast and safe both in the Internet and in physical life, and eliminate logins.
> - empower European and other organizations and governments by providing new means to speed up, secure and automate transactions with citizens, customers, suppliers and partners, resulting in tens of billions of euros savings annually on administrative costs in Europe.
> - **ensure these new means support organizations and citizens to exercise their rights and fulfil their duties under the GDPR.**
> - stimulate these new means foster inclusiveness.
> - stimulate the pervasive use of new business ecosystem paradigms with thousands of new jobs, many new job categories and new business opportunities for existing and new European companies.
* [Why is Self-Sovereign Identity compliant with the [GDPR]?](https://en.archipels.io/post/pourquoi-le-self-sovereign-identity-est-compatible-avec-le-rgpd) 2022-02-16 Archpelis
> With the transition to the web 3.0 ecosystem, the development of distributed registries (blockchain technology) and the regulatory environment that is forcing digital players to favour privacy by design, the ISS approach will become the new standard, whether for entering into customer relations, managing digital identities or ensuring compliance of administrative processes in companies and institutions.
* [Can a Verifiable Credential-based SSI Implementation meet GDPR Compliance?](https://academy.affinidi.com/can-a-verifiable-credential-based-ssi-implementation-meet-gdpr-compliance-5039d0149ea4) 2021-05-14 Affinidi
> A common theme among all these provisions is to empower the data subject and put him or her in complete control over personal data including the way it is shared and used.
>
> Now, its time to see if Self-sovereign identity (SSI) addresses each of these provisions.
* [Giving people the privacy protection they need in the coming decade](https://sovrin.org/gdpr-paper/) 2020-01-08
> Sovrin Foundation makes the case that self-sovereign identity is the most flexible system for handling data privacy as regulations are adopted in different jurisdictions and evolve to meet changing local needs over the next decade. The paper examines how GDPR applies to participants in a blockchain network and addresses recent guidance from EU regulators and the Commission Nationale de lInformatique et des Libertés.
> * [Innovation Meets ComplianceData Privacy Regulation and Distributed Ledger Technology](https://sovrin.org/wp-content/uploads/GDPR-Paper_V1.pdf)
* [Blockchain and Identity](https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf) 2019-05-15
* IDENTITY AND THE GDPR
> An identity framework will need to work within such GDPR principles as data minimisation, purpose limitation and storage limitation. It will also have to deal with many of the rights that data subjects have under the GDPR, among them the well-known right to erasure (right to be forgotten), right of access and rights related to the automated processing of data. The GDPR also lays down clear responsibilities for data controllers and processors that will certainly need to be taken into account as well.
* EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD
> Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.
* [Blockchain and the GDPR](https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf) 2018-10-16 EU Blockchain Forum
> as this paper will explain, GDPR compliance is not about the technology, it is about how the technology is used. Just like there is no Gdpr-compliant Internet, or GDPR-compliant artificial intelligence algorithm, there is no such thing as a GDPR-compliant blockchain technology. There are only GDPR-compliant use cases and applications.
* [GDPR - A reflection on the 'self-sovereign identity' and the Blockchain](https://www.linkedin.com/pulse/gdpr-reflection-self-sovereign-identity-blockchain-nicolas-ameye/) 2018-02-11 Nicolas Ameye
> The GDPR, while being technology-neutral by nature, is articulated around the idea that personal data are being stewarded by centralized authorities.
* [When GDPR Becomes Real, and Blockchain is no longer fairydust](https://github.com/WebOfTrustInfo/rebooting-the-web-of-trust-fall2017/blob/master/final-documents/gdpr.md) by Marta Piekarska (Linux Foundation), Michael Lodder (Evernym), Zachary Larson (Economic Space Agency), Kaliya Young (Identity Woman)
> Following the implementation date of May 25, 2018, managing data will be both toxic and expensive. Many precious resources will be required for improving and maintaining the security, privacy, and governance of personal data. Methods for storing less personal data will ease the burden of GDPR compliance. This document describes the GDPR requirements and the different approaches to digital identity solutions and finally explains why distributed ledger technology may offer an opportunity for enterprises to simplify data management solutions that are GDPR compliant.
[![](https://i.imgur.com/HADdi6N.jpg)](https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf)
@ -38,8 +53,7 @@ The General Data Protection Regulation (GDPR) is a privacy regulation enacted Ma
Privacy by Design means that privacy should be considered from the very beginning, when designing a product. [Article 25](https://iapp.org/resources/article/the-eu-general-data-protection-regulation/#A25) of the GDPR requires “data protection by design; data controllers must put technical and organisational measures such as pseudonymisation in placeto minimise personal data processing.”
* [GDPR and Privacy by Design, What developers need to know](https://medium.com/@sphereidentity/gdpr-and-privacy-by-design-what-developers-need-to-know-fa5a936da65a)
* [Privacy by Design The 7 Foundational Principles](https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf)
* [Privacy by Design The 7 Foundational Principles](https://www.ipc.on.ca/wp-content/uploads/Resources/7foundationalprinciples.pdf) 2011-02-11
> 1. Proactive not Reactive; Preventative not Remedial
> 2. Privacy as the Default Setting
> 3. Privacy Embedded into Design
@ -47,23 +61,31 @@ Privacy by Design means that privacy should be considered from the very beginnin
> 5. End-to-End Security — Full Lifecycle Protection
> 6. Visibility and Transparency — Keep it Open
> 7. Respect for User Privacy — Keep it User-Centric
* [Self-Sovereign Privacy By Design](https://github.com/sovrin-foundation/protocol/blob/master/self_sovereign_privacy_by_design_v1.md)s
* [Self-Sovereign Privacy By Design](https://github.com/sovrin-foundation/protocol/blob/master/self_sovereign_privacy_by_design_v1.md) 2019-10-04
> This repo captures early models of what has now evolved into DID Communication -- conventions for secure, private interaction between parties based on DIDs. **All content here is archival; for the freshest thinking, please check out the [Hyperledger Aries RFCs](https://github.com/hyperledger/aries-rfc)**
* [GDPR and Privacy by Design, What developers need to know](https://medium.com/@sphereidentity/gdpr-and-privacy-by-design-what-developers-need-to-know-fa5a936da65a) 2018-01-24
> In short, Article 25 of the GDPR requires; “data protection by design; data controllers must put technical and organisational measures such as pseudonymisation in place — to minimise personal data processing”. Building compliant systems means that new functionality needs to be added, to deliver data pseudonymisation, encryption and other privacy enhancing measures.
### Privacy Impact Assesment
[Article 35](http://www.privacy-regulation.eu/en/article-35-data-protection-impact-assessment-GDPR.htm) describes “a process which assists organizations in identifying and minimizing the privacy risks of new projects or policies” called a [Privacy Impact Assessment](https://en.wikipedia.org/wiki/Privacy_Impact_Assessment) (PIA),
* [ISO/IEC 29134:2017 - Guidelines for privacy impact assessment](https://www.iso.org/standard/62289.html)
* [Open Source PIA Software](https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment) - cnil.fr
* [Open Source PIA Software](https://www.cnil.fr/en/open-source-pia-software-helps-carry-out-data-protection-impact-assesment) 2021-06-30 cnil.fr
> The PIA software aims to help data controllers build and demonstrate compliance to the GDPR. The tools is available in French and in English. It facilitates carrying out a data protection impact assessment, which will become mandatory for some processing operations as of 25 May 2018. This tool also intends to ease the use of the PIA guides published by the CNIL.
* [Sample DPIA Template](https://iapp.org/resources/article/sample-dpia-template/)
> This template, published by the U.K. Information Commissioner's Office, offers an example recording the process and outcomes of a DPIA. It is meant as a complement to the ICO's DPIA guidance and the Criteria for an acceptable DPIA set out in European guidelines on DPIAs.
* [Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01)](https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=611236)
* [Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01)](https://www.dataguidance.com/sites/default/files/wp29-gdpr-dpia-guidance_final.pdf) 2017-10-13
> A DPIA is a process designed to describe the processing, assess its necessity and proportionality and help manage the risks to the rights and freedoms of natural persons resulting from the processing of personal data by assessing them and determining the measures to address them. DPIAs are important tools for accountability, as they help controllers not only to comply with requirements of the GDPR, but also to demonstrate that appropriate measures have been taken to ensure compliance with the Regulation (see also article 24). In other words, a DPIA is a process for building and demonstrating compliance.
## Resources
### Checklists
* [GDPR Checklist for Websites & Mobile Applications](https://github.com/InspireNL/GDPR-Checklist-for-Websites-and-Apps)
* [History of the GDPR](https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en)
* [EU GDPR - TOC](http://www.privacy-regulation.eu/en/index.htm) - table of contents, cross-references, emphases, corrections and a dossier function.
* [IAB Europe Transparency and Consent Framework (TCF)](https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/) 2018-07-20
> technical specifications for the IAB Europe Transparency and Consent Framework (TCF) that will help the digital advertising industry interpret, and comply with EU rules on data protection and privacy - notably the General Data Protection Regulation (GDPR).
* [bakke92/awesome-gdpr](https://github.com/bakke92/awesome-gdpr) - Curated List of GDPR Information
* [erichard/awesome-gdpr](https://github.com/erichard/awesome-gdpr) - A curated list of GDPR-compliant tools for websites creators.
* [Awesome Data Privacy](https://github.com/yilmaztolga/awesome-data-privacy)
* [GDPR Checklist for Websites & Mobile Applications](https://github.com/InspireNL/GDPR-Checklist-for-Websites-and-Apps) 2018-04-16
* [GDPR Checklist](https://gdprchecklist.io)
* [GDPR Expert](https://www.gdpr-expert.com) - information on each article, for different countries in the EU.
> - the corresponding provision in the (former) Directive;
@ -73,33 +95,3 @@ Privacy by Design means that privacy should be considered from the very beginnin
> - an analysis of "Potential issues";
> - the first and second proposals of EU Regulation;
> - the relevant recital(s).
### Frameworks
* [Top 10 GDPR Frameworks](https://alpin.io/blog/top-10-gdpr-frameworks/)
* [IAB Europe Transparency and Consent Framework (TCF)](https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/Consent%20string%20and%20vendor%20list%20formats%20v1.1%20Final.md) - assisting the digital advertising industry to interpret and comply with data protection and privacy regulation - notably the General Data Protection Regulation (GDPR).
### Sovrin Foundation
[Digital Identity Management in the Context of GDPR & Sovrin](https://blog.tykn.tech/digital-identity-management-in-the-context-of-gdpr-sovrin-43028247378b)
[Sovrin Foundation announces 30-day public review for data protection regulation revisions to the Sovrin Governance Framework](https://sovrin.org/sovrin-foundation-announces-30-day-public-review-for-data-protection-regulation-revisions-to-the-sovrin-governance-framework/)
> The Sovrin Governance Framework Working Group (SGFWG) and Global Policy Working Group (GPWG) together with Sovrin Stewards and Sovrin Foundation counsel began the process of determining what further changes would be needed to enable compliance with data protection regulations such as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and the Province of British Columbia Freedom of Information and Protection of Privacy Act (FOIPPA).
[Giving people the privacy protection they need in the coming decade](https://sovrin.org/gdpr-paper/)
> Sovrin Foundation makes the case that self-sovereign identity is the most flexible system for handling data privacy as regulations are adopted in different jurisdictions and evolve to meet changing local needs over the next decade. The paper examines how GDPR applies to participants in a blockchain network and addresses recent guidance from EU regulators and the Commission Nationale de lInformatique et des Libertés.
> * [Innovation Meets ComplianceData Privacy Regulation and Distributed Ledger Technology](https://sovrin.org/wp-content/uploads/GDPR-Paper_V1.pdf)
## Resources
* [History of the GDPR](https://edps.europa.eu/data-protection/data-protection/legislation/history-general-data-protection-regulation_en)
* [EU GDPR - TOC](http://www.privacy-regulation.eu/en/index.htm) - table of contents, cross-references, emphases, corrections and a dossier function.
* [bakke92/awesome-gdpr](https://github.com/bakke92/awesome-gdpr) - Curated List of GDPR Information
* [erichard/awesome-gdpr](https://github.com/erichard/awesome-gdpr) - A curated list of GDPR-compliant tools for websites creators.
* [Awesome Data Privacy](https://github.com/yilmaztolga/awesome-data-privacy)
* [A curated list of EU GDPR resources](https://gdprindex.com) - An index of Companies, Consultants, Products, Services & Resources for GDPR compliance and market research]
* [Guide to GDPR Documentation](https://iapp.org/resources/article/guide-to-gdpr-documentation/)
The U.K. Information Commissioner's Office released this guide to GDPR Documentation. Included is information, checklists and templates to help organizations in their processing and documentation in relation to GDPR compliance efforts.

137
_posts/government/europe/regulation/2020-01-06-eIDAS.md
View File

@ -3,7 +3,7 @@ date: 2020-01-06
title: eIDAS - European Electronic Identification and Trust Services
excerpt: This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.
categories: ["Government"]
tags: ["eIDAS","Europe","Trust Framework"]
tags: ["eIDAS","Europe","Trust Framework","EUDI Wallet","EUDI Framework","eIDAS2","eIDAS Bridge"]
canonical_url: 'https://decentralized-id.com/government/europe/regulation/edias/'
permalink: /government/europe/regulation/eidas/
header:
@ -13,16 +13,16 @@ redirect_from:
- /regulation/eidas/
- /government/europe/regulation/edias/
- /public-sector/europe/edias/
last_modified_at: 2020-01-06
last_modified_at: 2023-06-08
---
## Main
* [EIDAS](https://www.eid.as/) - Regulation with linked TOC
* [Regulation (EU) No 910/2014 of the European Parliament](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG) and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
> (2) This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.
>
> (3) Directive 1999/93/EC of the European Parliament and of the Council (3), dealt with electronic signatures without delivering a comprehensive cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions. This Regulation enhances and expands the acquis of that Directive.
>
>
> (11) This Regulation should be applied in full compliance with the principles relating to the protection of personal data provided for in Directive 95/46/EC of the European Parliament and of the Council (7). In this respect, having regard to the principle of mutual recognition established by this Regulation, authentication for an online service should concern processing of only those identification data that are adequate, relevant and not excessive to grant access to that service online. Furthermore, requirements under Directive 95/46/EC concerning confidentiality and security of processing should be respected by trust service providers and supervisory bodies.
>
> (12) One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic identification means used in the Member States to authenticate, for at least public services. This Regulation does not aim to intervene with regard to electronic identity management systems and related infrastructures established in Member States. The aim of this Regulation is to ensure that for access to cross-border online services offered by Member States, secure electronic identification and authentication is possible.
@ -31,7 +31,101 @@ last_modified_at: 2020-01-06
* [Trust Services and Electronic identification (eID)](https://ec.europa.eu/digital-single-market/en/trust-services-and-eid)
> - ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU eID are available.
> - creates an European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional paper based processes. Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction.
* [EU BLOCKCHAIN OBSERVATORY AND FORUM](https://www.eublockchainforum.eu/sites/default/files/reports/workshop_5_report_-_e-identity.pdf) - e-Identity, Brussels, November 7, 2018
## About
* [Global Identity Networks: How to Leverage Them for Business Benefit](https://www.kuppingercole.com/events/eic2022/blog/global-identity-networks-to-leverage-business-benefit) 2022-03-02 Kuppinger Cole
> The uptake of eIDAS (facilitating cross-border acceptance of eIDs) is low relative to the technical capacity of states; [only 15 of the 27 Member States](https://op.europa.eu/en/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1) able to fulfil the regulations requirements of accepting the eIDs of other Member States for public services.
>
> The EU Commission did reflect on the effectiveness of the regulation in its [Impact Assessment](https://op.europa.eu/en/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1), and is developing a revision of it. There are multiple revision options being discussed, but thus far, the preferred option would establish a framework that provides citizens with optional use of a personal digital wallet
* [eIDAS and Self-Sovereign Identity](https://www.thedinglegroup.com/blog/2021/3/11/eidas-and-self-sovereign-identity) 2021-03-11 ([Video](https://vimeo.com/522501200) Dingle Group
> Why then is eIDAS v1 not seen as a success? There are many reasons; from parts of the regulation that focused or constrained its use into the public sphere only, to the lack of total coverage across all of the EU. Likely the key missing piece was that the cultural climate was not yet ripe and the state of digital identity was really not ready. Too many technical problems were yet to be solved. Without these elements the realized state of eIDAS should not be unexpected. All this said, eIDAS v1 laid very important groundwork and created an environment to gather important learnings to allow eIDAS v2 to realize the hoped for levels of success and adoption.
## eIDAS Bridge
* [About SSI eIDAS Bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge/about) 2022-02-22
> By sharing Verifiable Credentials, users can prove claims about themselves, but how can the credentials verifier trust them, if the only thing it knows about the issuer is its DID? This is indeed the goal of this project and where the eIDAS regulation can help. eIDAS stands for electronic identification and trust services for electronic transactions in the internal market. It ensures legal validity of electronic documents and cross border trust services, such as electronic signatures and seals. To make eIDAS available as a trust framework in the SSI ecosystem, the European Commission developed under this project, the eIDAS bridge.
* [Time for the eIDAS bridge](http://validatedid.com/post-en/the-time-for-the-eidas-bridge) 2022-02-18 ValidatedID
> The main goal of this new program was to provide an implementation of eIDAS bridge and to proof the interoperability between different provider implementations. Validated ID was selected to participate in part of the Call 1 of infrastructure. The results of this project are available as open source. If you are interested in digging into the code, you can find it all in the following repositories: [our open source version implementation](https://gitlab.grnet.gr/essif-lab/infrastructure/validated-id/seb) and the [SSI eIDAS Bridge interoperability](https://gitlab.grnet.gr/essif-lab/interoperability/ssi-eidas-bridge) performed with SICPA.
* [Legal compliance and the involvement of governments](https://ssi-ambassador.medium.com/self-sovereign-identity-legal-compliance-and-the-involvement-of-governments-467acdd32e88) 2021-02-06 SSI Ambassador
> Its currently possible to be eIDAS compliant with SSI, leveraging one out of five scenarios described in the SSI eIDAS legal report by Dr. Ignacio Alamillo Domingo. Especially interesting is the SSI eIDAS bridge, which adds legal value to verified credentials with the use of electronic certificates and electronic seals. However, its also possible to derive national eIDs notified in eIDAS, which are eIDAS linked by issuing a verifiable credential with a qualified certificate according to the technical specification.
* [Introducing the SSI eIDAS Legal Report](https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/) 2020-05-01 Ignacio Alamillo, SSIMeetup
> The European Commission developed the [SSI (Self-Sovereign Identity) eIDAS bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge), an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuers DID (Decentralized Identifier)
#### eIDAS 2.0
* [EIDAS 2.0 Turns To Self-Sovereign Identification To Bring Users Ownership And Control](https://www.forbes.com/sites/alastairjohnson/2022/07/05/eidas-20-turns-to-self-sovereign-identification-to-bring-users-ownership-and-control/?sh=853aa7f7f07e) 2022-07-05 Forbes
> The new proposal will pivot on some of the more key issues that held back the original framework. For example, instead of enforcing a single, rigid ID that openly reveals everything about an individual indefinitely, the eIDAS 2.0 structure can now potentially employ a flexible, self-sovereign identity (SSI) that puts control of all identifying information entirely into the hands of the end-users they pertain to, in both public and private partnership frameworks.
* [Avasts views on the proposed amendments to the eIDAS 2.0 regulation](https://blog.avast.com/eidas-2.0-amendments-analysis) 2022-06-17 Avast
> In this article, we will take you through what we regard as the most important amendments and their implications for EU digital identity wallet providers as well as the overall eIDAS 2.0 ecosystem—and most importantly for European citizens. This article builds on our previous analysis of the proposed eIDAS 2.0 regulation and the European Digital Identity Architecture and Reference Framework.
* [eIDAS 2.0: How Europe can define the digital identity blueprint for the world](https://blog.avast.com/eidas-2.0-avast) 2022-02-24 Avast
> Avast supports the directions of the European Commission with this initiative and the motivators and principles behind it. As an organization that provides safety, privacy and convenience for millions and or people in Europe and around the world, we see great importance of a global interoperable digital smart agent service which is consistent with EC requirements. Further, we recognize the necessity of close public-private sector collaboration in the detailed definition of requirements and in the commercial operation of a partner-led network in Europe and beyond.
* [Drafting of the eIDAS 2.0 report with amendment tracking](https://www.europarl.europa.eu/doceo/document/ITRE-PR-732707_EN.pdf) 2022-05-31 Vedran L. Head of Office at European Parliament
> on the proposal for a regulation of the European Parliament and of the Council
amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
#### EU Digital Identity Framework
* [European Digital Identity Architecture and Reference Framework Outline](https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-architecture-and-reference-framework-outline) 2022-02-22
> The present [outline](https://futurium.ec.europa.eu/en/digital-identity/toolbox) provides a summary description of the eIDAS expert groups understanding of the EUDI Wallet concept including:
> - objectives of the EUDI Wallet,
> - roles of the actors of the ecosystem,
> - wallets functional and non-functional requirements and
> - potential building blocks.
* [An analysis of EU digital identity architecture and reference framework](https://blog.avast.com/analysis-of-eu-digital-identity-architecture-and-reference-framework-avast) 2022-03-04
> Broadly, we are impressed with the content and the underlying principles in the Framework. Theres a lot that we like, but there are also some areas of significant concern that need careful attention. To save you some time reading the whole thing, here is a digest of our analysis of what the Framework contains, and what it means.
![](https://lh3.googleusercontent.com/74hEf5KSSVt6i0LfpFGq9umHmwh8lVqEqCpBti4QE92zaFdfbx7-L8yHM8jcyjmXFB6GvSZNztZaZ0gsW9mtgbfzO7xYlUZ7z78GZMpI9bIjNF6aYBHy2kmucbmb77JZUzcOmALR)
* [A European Framework for Decentralized Digital Identity Wallets](https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf) 2021-07-22
> European Council calls for the development of an EU-wide framework for secure public electronic identification (e-ID), including interoperable digital signatures, to provide people with control over their online identity and data as well as to enable access to public, private and cross-border digital services.“ - European Council Conclusions, 2 October 2020
* [Welcoming the Wallet - What the new European Digtal Identity Framework means for citizens, governments and businesses](https://www.sc.pages05.net/lp/22466/795951/gov-wp-welcoming-the-wallet.pdf) 2022-03-10 Thales
> The concept of digital identification is already well established, and using a smartphone to board a plane or prove vaccination status is second nature to many millions of people. In the EU however, while many states have made electronic identification available and domestic use is growing, the development of internationally accepted electronic identity (eID) systems has been piecemeal and inconsistent.
* [Germany and Spain and join forces on the development of a cross-border, decentralised digital identity ecosystem](https://www.bundesregierung.de/breg-de/aktuelles/germany-and-spain-and-join-forces-on-the-development-of-a-cross-border-decentralised-digital-identity-ecosystem-1947302) 2021-07-29
> The cooperation agreement envisages the design and conceptualisation of a cross-border pilot to be implemented in the near future, with a view to contributing to the development of the European Unions Digital Identity Framework, recently announced as part of the eIDAS Commission proposal.
#### EU Digital Identity Wallet
* [Two in three Europeans intend to use the EU's Digital Identity Wallet](https://www.nfcw.com/2022/06/08/377379/two-in-three-europeans-intend-to-use-the-eus-digital-identity-wallet/) 2022-06-08 NFCW
> “The results of the survey certainly underline the need for this pioneering European initiative aiming at offering the most convenient user experience (UX) at the highest level of security,” the company adds
* [Self-Sovereign Digital Identity Wallets for Citizens](https://tages.biz/self-sovereign-digital-identity-wallets-for-citizens/) 2022-06-06 TAGES
> During the 2-days workshop, several panels were realized with the great interest of the participants physically and online. The information on Horizon Europe, EU Health, Digital Europe, Creative Europe, Digital Single Market, Citizens, Equality, Rights, and Values Programme were shared by the experts and also the representatives of the organizations that have project experience within the scope of these EU programs shared the achievements, outputs, challenges, lessons learned and cooperation processes with EU member states in the projects they implemented.
- [AB Programları ve Proje Fırsatları Çalıştayı 11.05.2022](https://www.youtube.com/watch?v=GKlgfRSCeXI)
- [AB Programları ve Proje Fırsatları Çalıştayı 12.05.2022](https://www.youtube.com/watch?v=DQIgwVJvFuE&t=28020s)
* [Is the EU Digital Identity Wallet an implementation of Self-Sovereign Identity?](https://www.innopay.com/en/publications/eu-digital-identity-wallet-implementation-self-sovereign-identity) 2022-04-29 Innopay
> The intention of the European Commission is to allow or even force acceptance in a wide range of sectors in the public and private domain and thereby ensure that identities are as wisely usable as possible (interoperability). The principle of consent will also be met, as it is already fulfilled with current eID solutions notified under eIDAS and other EU regulations, such as GDPR and PSD2. One of the explicit requirements of the proposal is selective disclosure, in line with GDPRs rules on data minimalisation.
* [Where do we stand on Self-Sovereign Identity?](https://www.youtube.com/watch?v=L156YjEyOdo) 2022-02-15 EBSI
> On December 14th, Joao Rodrigues, Head of sector (Digital) Building Blocks at @European Commission participated in an [#ebcTALKS](https://www.youtube.com/hashtag/ebctalks) of the European Blockchain Convention about "Where do we stand on Self-Sovereign Identity"?
>
> In 2021 the European Commission [announced the European digital identity wallet](https://ec.europa.eu/commission/presscorner/detail/en/IP_21_2663). This article explains the basic concepts, highlights the significance of this development and provides an overview of the status quo.
* [EU digital wallet: the race is on for pilot funding, tech supremacy, hearts and minds](https://www.biometricupdate.com/202204/eu-digital-wallet-the-race-is-on-for-pilot-funding-tech-supremacy-hearts-and-minds)2022-04 Biometric Update
> [eIDAS](https://www.biometricupdate.com/tag/eidas) 2.0 is fast approaching. By September 2023, European Union citizens will have the right to download and populate a digital identity wallet on a smart device. In less than 18 months, Europeans may no longer need physical credentials to travel, work and live anywhere else in the bloc. But are they ready?
* [Working together to create an eIDAS wallet](https://jolocom.io/blog/once-eidas/) 2021-08-23 Jolocom
> Jolocom is currently working on the project “ONCE Online einfach anmelden” (simply register online ONCE) alongside a number of prestigious partners, with the aim to bring the digital identity of any citizen onto their smartphone.
>
> The project is part of the competitive innovation programme “Showcase Secure Digital Identities” (SSDI) funded by Germanys Federal Ministry for Economic Affairs and Energy (BMWi) and one of four projects that qualified for the implementation phase.
* [EU decision on Identity Wallet: Starting signal for a seamless digital future](https://www.idnow.io/blog/eu-decision-on-identity-wallet-starting-signal-for-a-seamless-digital-future/) 2021-07-25
> Last week, the EU Commission published a draft for the so-called digital identity wallet “EUid”. According to it, within 12 months of the law coming into force, every EU state must provide its citizens with a digital wallet.
* [What does the EU Wallet mean for self-sovereign identity?](https://www.fintechtalents.com/what-does-the-eu-wallet-mean-for-self-sovereign-identity/) 2021-07-06 Fintechtalents.com
> While the EU wallet may not align entirely with every principle of self-sovereign identity, it is certainly a massive leap in that direction.
## Background
* [EU Blockchain Observatory and Forum Report - Blockchain and Identity](https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf) 2019-05-15
> **Section 19: Decentralised identity and the European regulatory landscape**
> * EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD
>
> Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.
* [EIDAS SUPPORTED SELF-SOVEREIGN IDENTITY](https://ec.europa.eu/futurium/en/system/files/ged/eidas_supported_ssi_may_2019_0.pdf) 2019-05
> 1. The DID / SSI approach to identity and Verifiable claims
> 2. The eIDAS Regulation
> 3. The need for verified identities
> 4. Linking the DID with the identity provided by eIDAS
> 5. Applying eIDAS to the Verifiable Claims lifecycle
>
> The purpose of this document is to stimulate the discussion on how identity management solutions based on the Decentralised Identity / Self-Sovereign Identity (SSI) paradigms can benefit from the trust framework created by the eIDAS Regulation.
* [Aligning SSI with European Union identity legislation (aka eIDAS Regulation)](https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/topics-and-advance-readings/Aligning-SSI-with-European-Union-Identity-legislation-eIDAS.md) 2019-02-09 rwot8-barcelona
> Although electronic identification under eIDAS Regulation is today clearly aligned with SAML-based infraestructures (see Opinion No. 2/2016 of the Cooperation Network on version 1.1 of the eIDAS Technical specifications, available at https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=37750723 and eIDAS eID Profile, available https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Profile), nothing in the eIDAS or its implementing acts should prevent the usage of a SSI system as an electronic identification means.
>
> Thus, the second use case considers a DID as an eIDAS compliant electronic identification means, enabling - at least - transactions with Public Sector authorities and Public Administrations and, if so decided by the DID creator, also with private sector entities.
* [EU BLOCKCHAIN OBSERVATORY AND FORUM Report - e-Identity](https://www.eublockchainforum.eu/sites/default/files/reports/workshop_5_report_-_e-identity.pdf) 2018-11-07 e-Identity, Brussels
> **eIDAS: Key Principles for Identity**
> - Cooperation between Member States
> - Reciprocity relying on defined levels of assurance
@ -41,36 +135,11 @@ last_modified_at: 2020-01-06
> - Interoperability framework
> - Member States can use different means of identification, but with the same functionality
> - The problem is not the technology, but the legal framework, the distribution of liability, and the question to know whether what is enforceable in country A is also enforceable in country B (for instance in the court).
* [eIDAS as guideline for the development of a pan European eID framework in FutureID](https://core.ac.uk/download/pdf/34614563.pdf)
* [eIDAS and Self-Sovereign Identity](https://www.youtube.com/watch?v=AHa175AEVVs) 2018-09-23 Fabrizio Leoni, MyData 2018
> [MyData 2018 Conference - Track: Interoperability](https://www.youtube.com/playlist?list=PLbpRS19STpXS4SQm8_ATdDxVrQYNlxYtI)
* [go.eIDAS-Initiative launched across Europe and beyond](https://kantarainitiative.org/eidas-initiative-launched-across-europe-and-beyond/) 2018-09-27
> Europe is awaiting a major milestone for trustworthy electronic identification: The cross-border recognition of notified electronic identification systems (eID) will start on 29th of September 2018 across Europe. Against this background, leading European associations, projects and expert organisations in the sector of eID and trust joined forces to launch the non-profit go.eIDAS-Initiative today, which aims at supporting the widespread adoption of eID and trust services according to the eIDAS-Regulation (EU) No 910/2014.
* [eIDAS as guideline for the development of a pan European eID framework in FutureID](https://core.ac.uk/download/pdf/34614563.pdf) 2014
> Abstract: This paper addresses the Regulation on Electronic transactions in the internal market: electronic identification and trust services (eIDAS) and analyses this regulatory framework in relation to the pan European eID infrastructure being developed in the FutureID project. The aim of this paper is to identify if eIDAS sets forward any legal requirements that need to be implemented in the FutureID infrastructure. Even though the focus of this paper is on the development of the FutureID infrastructure, the description of eIDAS and the analysis of its main requirements for technical developers are in general relevant to the development of online identification and authentication schemes.
* [EU Blockchain Observatory and Forum Report - Blockchain and Identity](https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf)
> **Section 19: Decentralised identity and the European regulatory landscape**
> * EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD
>
> Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.
## eDIAS and Self Sovereign Identity
[EIDAS SUPPORTED SELF-SOVEREIGN IDENTITY](https://ec.europa.eu/futurium/en/system/files/ged/eidas_supported_ssi_may_2019_0.pdf)
1. The DID / SSI approach to identity and Verifiable claims
2. The eIDAS Regulation
3. The need for verified identities
4. Linking the DID with the identity provided by eIDAS
5. Applying eIDAS to the Verifiable Claims lifecycle
> The purpose of this document is to stimulate the discussion on how identity management solutions based on the Decentralised Identity / Self-Sovereign Identity (SSI) paradigms can benefit from the trust framework created by the eIDAS Regulation.
{% include video id="AHa175AEVVs" provider="youtube" %}
* [FutureTrust Welcomes Kantara Initiative as an Associate Project Partner](https://kantarainitiative.org/futuretrust-welcomes-kantara-initiative-as-an-associate-project-partner/)
> BRUSSELS, 29th APRIL 2019 FutureTrust, a project supporting the practical implementation of eIDAS, today announced the Kantara Initiative as an Associate Project Partner. The Kantara Initiative is the only industry organisation focused on third party assessed digital identity and privacy assurance frameworks. It complements the talent of the existing FutureTrust partners, bringing a wealth of experience in operating trust frameworks.
* [go.eIDAS-Initiative launched across Europe and beyond](https://kantarainitiative.org/eidas-initiative-launched-across-europe-and-beyond/)
> WAKEFIELD, Mass., USA 2018/09/27. Europe is awaiting a major milestone for trustworthy electronic identification: The cross-border recognition of notified electronic identification systems (eID) will start on 29th of September 2018 across Europe. Against this background, leading European associations, projects and expert organisations in the sector of eID and trust joined forces to launch the non-profit go.eIDAS-Initiative today, which aims at supporting the widespread adoption of eID and trust services according to the eIDAS-Regulation (EU) No 910/2014.
{% include video id="ATXCzY-GM_U" provider="youtube" %}
* [Aligning SSI with European Union identity legislation (aka eIDAS Regulation)](https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/topics-and-advance-readings/Aligning-SSI-with-European-Union-Identity-legislation-eIDAS.md)
> Although electronic identification under eIDAS Regulation is today clearly aligned with SAML-based infraestructures (see Opinion No. 2/2016 of the Cooperation Network on version 1.1 of the eIDAS Technical specifications, available at https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=37750723 and eIDAS eID Profile, available https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Profile), nothing in the eIDAS or its implementing acts should prevent the usage of a SSI system as an electronic identification means.
>
> Thus, the second use case considers a DID as an eIDAS compliant electronic identification means, enabling - at least - transactions with Public Sector authorities and Public Administrations and, if so decided by the DID creator, also with private sector entities.