decentralized-id.github.io/_posts/government/europe/2020-01-06-eIDAS.md
2023-07-01 02:37:45 +05:30

150 lines
26 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
date: 2020-01-06
title: eIDAS - European Electronic Identification and Trust Services
excerpt: This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.
categories: ["Government"]
tags: ["eIDAS","Europe","EU","Trust Framework","EUDI Wallet","EUDI Framework","eIDAS2","eIDAS Bridge"]
canonical_url: 'https://decentralized-id.com/government/europe/regulation/edias/'
permalink: /government/europe/eu/eidas/
header:
image: /images/eidas-header.webp
teaser: /images/EIDAS_teaser.webp
redirect_from:
- /government/europe/regulation/eidas/
- /regulation/eidas/
- /government/europe/regulation/edias/
- /public-sector/europe/edias/
last_modified_at: 2023-06-08
---
## Main
* [EIDAS](https://www.eid.as/) - Regulation with linked TOC
* [Regulation (EU) No 910/2014 of the European Parliament](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG) and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
> (2) This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.
>
> (3) Directive 1999/93/EC of the European Parliament and of the Council (3), dealt with electronic signatures without delivering a comprehensive cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions. This Regulation enhances and expands the acquis of that Directive.
>
> (11) This Regulation should be applied in full compliance with the principles relating to the protection of personal data provided for in Directive 95/46/EC of the European Parliament and of the Council (7). In this respect, having regard to the principle of mutual recognition established by this Regulation, authentication for an online service should concern processing of only those identification data that are adequate, relevant and not excessive to grant access to that service online. Furthermore, requirements under Directive 95/46/EC concerning confidentiality and security of processing should be respected by trust service providers and supervisory bodies.
>
> (12) One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic identification means used in the Member States to authenticate, for at least public services. This Regulation does not aim to intervene with regard to electronic identity management systems and related infrastructures established in Member States. The aim of this Regulation is to ensure that for access to cross-border online services offered by Member States, secure electronic identification and authentication is possible.
>
> (14) Some conditions need to be set out in this Regulation with regard to which electronic identification means have to be recognised and how the electronic identification schemes should be notified. Those conditions should help Member States to build the necessary trust in each others electronic identification schemes and to mutually recognise electronic identification means falling under their notified schemes. The principle of mutual recognition should apply if the notifying Member States electronic identification scheme meets the conditions of notification and the notification was published in the Official Journal of the European Union. However, the principle of mutual recognition should only relate to authentication for an online service. The access to those online services and their final delivery to the applicant should be closely linked to the right to receive such services under the conditions set out in national legislation.
* [Trust Services and Electronic identification (eID)](https://ec.europa.eu/digital-single-market/en/trust-services-and-eid)
> - ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU eID are available.
> - creates an European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional paper based processes. Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction.
## About
* [Global Identity Networks: How to Leverage Them for Business Benefit](https://www.kuppingercole.com/events/eic2022/blog/global-identity-networks-to-leverage-business-benefit) 2022-03-02 Kuppinger Cole
> The uptake of eIDAS (facilitating cross-border acceptance of eIDs) is low relative to the technical capacity of states; [only 15 of the 27 Member States](https://op.europa.eu/en/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1) able to fulfil the regulations requirements of accepting the eIDs of other Member States for public services.
>
> The EU Commission did reflect on the effectiveness of the regulation in its [Impact Assessment](https://op.europa.eu/en/publication-detail/-/publication/35274ac3-cd1b-11ea-adf7-01aa75ed71a1), and is developing a revision of it. There are multiple revision options being discussed, but thus far, the preferred option would establish a framework that provides citizens with optional use of a personal digital wallet
* [Analyst Chat #134: How Self-Sovereign Identities Will Influence Public Services](https://www.kuppingercole.com/watch/self-sovereign-identities-public-services) 2022-07-25 KuppingerCole
> Europe is on a "Path to a Digital Decade", which envisions 80% of EU citizens using a digital ID card by 2030. A part of that journey will be self-sovereign identities. Research Analyst Alejandro Leal joins Matthias to continue their discussion on the digital transformation in public services. Self-sovereign identities, the new eIDAS regulation, and the impact of both on how interactions between citizens and the state will change, are a controversial topic in the public discussion as well.
* [Digital Identity: Leveraging the SSI Concept to Build Trust](https://www.enisa.europa.eu/publications/digital-identity-leveraging-the-ssi-concept-to-build-trust) 2022-01-20 ENISA
> This report explores the potential of self-sovereign identity (SSI) technologies to ensure secure electronic identification and authentication to access cross-border online services offered by Member States under the eIDAS Regulation. It critically assesses the current literature and reports on the current technological landscape of SSI and existing eID solutions, as well as the standards, communities, and pilot projects that are presently developing in support of these solutions.
* [eIDAS and Self-Sovereign Identity](https://www.thedinglegroup.com/blog/2021/3/11/eidas-and-self-sovereign-identity) 2021-03-11 ([Video](https://vimeo.com/522501200) Dingle Group
> Why then is eIDAS v1 not seen as a success? There are many reasons; from parts of the regulation that focused or constrained its use into the public sphere only, to the lack of total coverage across all of the EU. Likely the key missing piece was that the cultural climate was not yet ripe and the state of digital identity was really not ready. Too many technical problems were yet to be solved. Without these elements the realized state of eIDAS should not be unexpected. All this said, eIDAS v1 laid very important groundwork and created an environment to gather important learnings to allow eIDAS v2 to realize the hoped for levels of success and adoption.
## eIDAS Bridge
* [About SSI eIDAS Bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge/about) 2022-02-22
> By sharing Verifiable Credentials, users can prove claims about themselves, but how can the credentials verifier trust them, if the only thing it knows about the issuer is its DID? This is indeed the goal of this project and where the eIDAS regulation can help. eIDAS stands for electronic identification and trust services for electronic transactions in the internal market. It ensures legal validity of electronic documents and cross border trust services, such as electronic signatures and seals. To make eIDAS available as a trust framework in the SSI ecosystem, the European Commission developed under this project, the eIDAS bridge.
* [Time for the eIDAS bridge](http://validatedid.com/post-en/the-time-for-the-eidas-bridge) 2022-02-18 ValidatedID
> The main goal of this new program was to provide an implementation of eIDAS bridge and to proof the interoperability between different provider implementations. Validated ID was selected to participate in part of the Call 1 of infrastructure. The results of this project are available as open source. If you are interested in digging into the code, you can find it all in the following repositories: [our open source version implementation](https://gitlab.grnet.gr/essif-lab/infrastructure/validated-id/seb) and the [SSI eIDAS Bridge interoperability](https://gitlab.grnet.gr/essif-lab/interoperability/ssi-eidas-bridge) performed with SICPA.
* [Legal compliance and the involvement of governments](https://ssi-ambassador.medium.com/self-sovereign-identity-legal-compliance-and-the-involvement-of-governments-467acdd32e88) 2021-02-06 SSI Ambassador
> Its currently possible to be eIDAS compliant with SSI, leveraging one out of five scenarios described in the SSI eIDAS legal report by Dr. Ignacio Alamillo Domingo. Especially interesting is the SSI eIDAS bridge, which adds legal value to verified credentials with the use of electronic certificates and electronic seals. However, its also possible to derive national eIDs notified in eIDAS, which are eIDAS linked by issuing a verifiable credential with a qualified certificate according to the technical specification.
* [Introducing the SSI eIDAS Legal Report](https://ssimeetup.org/introducing-ssi-eidas-legal-report-ignacio-alamillo-webinar-55/) 2020-05-01 Ignacio Alamillo, SSIMeetup
> The European Commission developed the [SSI (Self-Sovereign Identity) eIDAS bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge), an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuers DID (Decentralized Identifier)
## eIDAS 2.0
- [eIDAS 2.0 - Introduction to The European Digital Identity Wallet & The Evolution of Self-Sovereign Identity](https://utimaco.com/current-topics/blog/eidas-2-the-european-digital-identity-wallet) 2022-08-18
> Until now, the [eIDAS regulation](https://www.legislation.gov.uk/eur/2014/910/contents) has only focused on online identification. However, the new proposal eIDAS 2.0 aims to extend identity to the world of physical services which can be accessed from anywhere around the globe.
* [EIDAS 2.0 Turns To Self-Sovereign Identification To Bring Users Ownership And Control](https://www.forbes.com/sites/alastairjohnson/2022/07/05/eidas-20-turns-to-self-sovereign-identification-to-bring-users-ownership-and-control/?sh=853aa7f7f07e) 2022-07-05 Forbes
> The new proposal will pivot on some of the more key issues that held back the original framework. For example, instead of enforcing a single, rigid ID that openly reveals everything about an individual indefinitely, the eIDAS 2.0 structure can now potentially employ a flexible, self-sovereign identity (SSI) that puts control of all identifying information entirely into the hands of the end-users they pertain to, in both public and private partnership frameworks.
* [Avasts views on the proposed amendments to the eIDAS 2.0 regulation](https://blog.avast.com/eidas-2.0-amendments-analysis) 2022-06-17 Avast
> In this article, we will take you through what we regard as the most important amendments and their implications for EU digital identity wallet providers as well as the overall eIDAS 2.0 ecosystem—and most importantly for European citizens. This article builds on our previous analysis of the proposed eIDAS 2.0 regulation and the European Digital Identity Architecture and Reference Framework.
* [eIDAS 2.0: How Europe can define the digital identity blueprint for the world](https://blog.avast.com/eidas-2.0-avast) 2022-02-24 Avast
> Avast supports the directions of the European Commission with this initiative and the motivators and principles behind it. As an organization that provides safety, privacy and convenience for millions and or people in Europe and around the world, we see great importance of a global interoperable digital smart agent service which is consistent with EC requirements. Further, we recognize the necessity of close public-private sector collaboration in the detailed definition of requirements and in the commercial operation of a partner-led network in Europe and beyond.
* [Drafting of the eIDAS 2.0 report with amendment tracking](https://www.europarl.europa.eu/doceo/document/ITRE-PR-732707_EN.pdf) 2022-05-31 Vedran L. Head of Office at European Parliament
> on the proposal for a regulation of the European Parliament and of the Council
amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
## EU Digital Identity Framework
* [European Digital Identity Architecture and Reference Framework Outline](https://digital-strategy.ec.europa.eu/en/library/european-digital-identity-architecture-and-reference-framework-outline) 2022-02-22
> The present [outline](https://futurium.ec.europa.eu/en/digital-identity/toolbox) provides a summary description of the eIDAS expert groups understanding of the EUDI Wallet concept including:
> - objectives of the EUDI Wallet,
> - roles of the actors of the ecosystem,
> - wallets functional and non-functional requirements and
> - potential building blocks.
* [An analysis of EU digital identity architecture and reference framework](https://blog.avast.com/analysis-of-eu-digital-identity-architecture-and-reference-framework-avast) 2022-03-04
> Broadly, we are impressed with the content and the underlying principles in the Framework. Theres a lot that we like, but there are also some areas of significant concern that need careful attention. To save you some time reading the whole thing, here is a digest of our analysis of what the Framework contains, and what it means.
![](https://lh3.googleusercontent.com/74hEf5KSSVt6i0LfpFGq9umHmwh8lVqEqCpBti4QE92zaFdfbx7-L8yHM8jcyjmXFB6GvSZNztZaZ0gsW9mtgbfzO7xYlUZ7z78GZMpI9bIjNF6aYBHy2kmucbmb77JZUzcOmALR)
* [A European Framework for Decentralized Digital Identity Wallets](https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf) 2021-07-22
> European Council calls for the development of an EU-wide framework for secure public electronic identification (e-ID), including interoperable digital signatures, to provide people with control over their online identity and data as well as to enable access to public, private and cross-border digital services.“ - European Council Conclusions, 2 October 2020
* [Welcoming the Wallet - What the new European Digtal Identity Framework means for citizens, governments and businesses](https://www.sc.pages05.net/lp/22466/795951/gov-wp-welcoming-the-wallet.pdf) 2022-03-10 Thales
> The concept of digital identification is already well established, and using a smartphone to board a plane or prove vaccination status is second nature to many millions of people. In the EU however, while many states have made electronic identification available and domestic use is growing, the development of internationally accepted electronic identity (eID) systems has been piecemeal and inconsistent.
* [Germany and Spain and join forces on the development of a cross-border, decentralised digital identity ecosystem](https://www.bundesregierung.de/breg-de/aktuelles/germany-and-spain-and-join-forces-on-the-development-of-a-cross-border-decentralised-digital-identity-ecosystem-1947302) 2021-07-29
> The cooperation agreement envisages the design and conceptualisation of a cross-border pilot to be implemented in the near future, with a view to contributing to the development of the European Unions Digital Identity Framework, recently announced as part of the eIDAS Commission proposal.
## EU Digital Identity Wallet
* [Two in three Europeans intend to use the EU's Digital Identity Wallet](https://www.nfcw.com/2022/06/08/377379/two-in-three-europeans-intend-to-use-the-eus-digital-identity-wallet/) 2022-06-08 NFCW
> “The results of the survey certainly underline the need for this pioneering European initiative aiming at offering the most convenient user experience (UX) at the highest level of security,” the company adds
* [Self-Sovereign Digital Identity Wallets for Citizens](https://tages.biz/self-sovereign-digital-identity-wallets-for-citizens/) 2022-06-06 TAGES
> During the 2-days workshop, several panels were realized with the great interest of the participants physically and online. The information on Horizon Europe, EU Health, Digital Europe, Creative Europe, Digital Single Market, Citizens, Equality, Rights, and Values Programme were shared by the experts and also the representatives of the organizations that have project experience within the scope of these EU programs shared the achievements, outputs, challenges, lessons learned and cooperation processes with EU member states in the projects they implemented.
- [AB Programları ve Proje Fırsatları Çalıştayı 11.05.2022](https://www.youtube.com/watch?v=GKlgfRSCeXI)
- [AB Programları ve Proje Fırsatları Çalıştayı 12.05.2022](https://www.youtube.com/watch?v=DQIgwVJvFuE&t=28020s)
* [Is the EU Digital Identity Wallet an implementation of Self-Sovereign Identity?](https://www.innopay.com/en/publications/eu-digital-identity-wallet-implementation-self-sovereign-identity) 2022-04-29 Innopay
> The intention of the European Commission is to allow or even force acceptance in a wide range of sectors in the public and private domain and thereby ensure that identities are as wisely usable as possible (interoperability). The principle of consent will also be met, as it is already fulfilled with current eID solutions notified under eIDAS and other EU regulations, such as GDPR and PSD2. One of the explicit requirements of the proposal is selective disclosure, in line with GDPRs rules on data minimalisation.
* [Video] [Where do we stand on Self-Sovereign Identity?](https://www.youtube.com/watch?v=L156YjEyOdo) 2022-02-15 EBSI
> On December 14th, Joao Rodrigues, Head of sector (Digital) Building Blocks at @European Commission participated in an [#ebcTALKS](https://www.youtube.com/hashtag/ebctalks) of the European Blockchain Convention about "Where do we stand on Self-Sovereign Identity"?
>
> In 2021 the European Commission [announced the European digital identity wallet](https://ec.europa.eu/commission/presscorner/detail/en/IP_21_2663). This article explains the basic concepts, highlights the significance of this development and provides an overview of the status quo.
* [EU digital wallet: the race is on for pilot funding, tech supremacy, hearts and minds](https://www.biometricupdate.com/202204/eu-digital-wallet-the-race-is-on-for-pilot-funding-tech-supremacy-hearts-and-minds)2022-04 Biometric Update
> [eIDAS](https://www.biometricupdate.com/tag/eidas) 2.0 is fast approaching. By September 2023, European Union citizens will have the right to download and populate a digital identity wallet on a smart device. In less than 18 months, Europeans may no longer need physical credentials to travel, work and live anywhere else in the bloc. But are they ready?
* [Working together to create an eIDAS wallet](http://web.archive.org/web/20230209032014/https://jolocom.io/blog/once-eidas/) 2021-08-23 Jolocom
> Jolocom is currently working on the project “ONCE Online einfach anmelden” (simply register online ONCE) alongside a number of prestigious partners, with the aim to bring the digital identity of any citizen onto their smartphone.
>
> The project is part of the competitive innovation programme “Showcase Secure Digital Identities” (SSDI) funded by Germanys Federal Ministry for Economic Affairs and Energy (BMWi) and one of four projects that qualified for the implementation phase.
* [EU decision on Identity Wallet: Starting signal for a seamless digital future](https://www.idnow.io/blog/eu-decision-on-identity-wallet-starting-signal-for-a-seamless-digital-future/) 2021-07-25
> Last week, the EU Commission published a draft for the so-called digital identity wallet “EUid”. According to it, within 12 months of the law coming into force, every EU state must provide its citizens with a digital wallet.
* [What does the EU Wallet mean for self-sovereign identity?](https://www.fintechtalents.com/what-does-the-eu-wallet-mean-for-self-sovereign-identity/) 2021-07-06 Fintechtalents.com
> While the EU wallet may not align entirely with every principle of self-sovereign identity, it is certainly a massive leap in that direction.
## Background
* [EU Blockchain Observatory and Forum Report - Blockchain and Identity](https://www.eublockchainforum.eu/sites/default/files/report_identity_v0.9.4.pdf) 2019-05-15
> **Section 19: Decentralised identity and the European regulatory landscape**
> * EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD
>
> Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.
* [EIDAS SUPPORTED SELF-SOVEREIGN IDENTITY](https://ec.europa.eu/futurium/en/system/files/ged/eidas_supported_ssi_may_2019_0.pdf) 2019-05
> 1. The DID / SSI approach to identity and Verifiable claims
> 2. The eIDAS Regulation
> 3. The need for verified identities
> 4. Linking the DID with the identity provided by eIDAS
> 5. Applying eIDAS to the Verifiable Claims lifecycle
>
> The purpose of this document is to stimulate the discussion on how identity management solutions based on the Decentralised Identity / Self-Sovereign Identity (SSI) paradigms can benefit from the trust framework created by the eIDAS Regulation.
* [Aligning SSI with European Union identity legislation (aka eIDAS Regulation)](https://github.com/WebOfTrustInfo/rwot8-barcelona/blob/master/topics-and-advance-readings/Aligning-SSI-with-European-Union-Identity-legislation-eIDAS.md) 2019-02-09 rwot8-barcelona
> Although electronic identification under eIDAS Regulation is today clearly aligned with SAML-based infraestructures (see Opinion No. 2/2016 of the Cooperation Network on version 1.1 of the eIDAS Technical specifications, available at https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=37750723 and eIDAS eID Profile, available https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Profile), nothing in the eIDAS or its implementing acts should prevent the usage of a SSI system as an electronic identification means.
>
> Thus, the second use case considers a DID as an eIDAS compliant electronic identification means, enabling - at least - transactions with Public Sector authorities and Public Administrations and, if so decided by the DID creator, also with private sector entities.
* [EU BLOCKCHAIN OBSERVATORY AND FORUM Report - e-Identity](https://www.eublockchainforum.eu/sites/default/files/reports/workshop_5_report_-_e-identity.pdf) 2018-11-07 e-Identity, Brussels
> **eIDAS: Key Principles for Identity**
> - Cooperation between Member States
> - Reciprocity relying on defined levels of assurance
> - Mandatory cross-border mutual recognition of identifiers
> - Sovereignty of Member states to use or introduce means for eID at their national level
> - Full autonomy to the private sector
> - Interoperability framework
> - Member States can use different means of identification, but with the same functionality
> - The problem is not the technology, but the legal framework, the distribution of liability, and the question to know whether what is enforceable in country A is also enforceable in country B (for instance in the court).
* [Video] [eIDAS and Self-Sovereign Identity](https://www.youtube.com/watch?v=AHa175AEVVs) 2018-09-23 Fabrizio Leoni, MyData 2018
> [MyData 2018 Conference - Track: Interoperability](https://www.youtube.com/playlist?list=PLbpRS19STpXS4SQm8_ATdDxVrQYNlxYtI)
* [go.eIDAS-Initiative launched across Europe and beyond](https://kantarainitiative.org/eidas-initiative-launched-across-europe-and-beyond/) 2018-09-27
> Europe is awaiting a major milestone for trustworthy electronic identification: The cross-border recognition of notified electronic identification systems (eID) will start on 29th of September 2018 across Europe. Against this background, leading European associations, projects and expert organisations in the sector of eID and trust joined forces to launch the non-profit go.eIDAS-Initiative today, which aims at supporting the widespread adoption of eID and trust services according to the eIDAS-Regulation (EU) No 910/2014.
* [eIDAS as guideline for the development of a pan European eID framework in FutureID](https://core.ac.uk/download/pdf/34614563.pdf) 2014
> Abstract: This paper addresses the Regulation on Electronic transactions in the internal market: electronic identification and trust services (eIDAS) and analyses this regulatory framework in relation to the pan European eID infrastructure being developed in the FutureID project. The aim of this paper is to identify if eIDAS sets forward any legal requirements that need to be implemented in the FutureID infrastructure. Even though the focus of this paper is on the development of the FutureID infrastructure, the description of eIDAS and the analysis of its main requirements for technical developers are in general relevant to the development of online identification and authentication schemes.