The EU Digital Identity Wallet aims to provide citizens with a secure, interoperable digital ID. A recent conference by the Swedish Agency for Digital Government (DIGG) explored its current status and future prospects. This article examines the roles of member states, key functional requirements, technological challenges, and upcoming pilot tests, highlighting the project's complexities and potential impact.
At a recent conference by the Swedish Agency for Digital Government (DIGG), various presentations outlined the current status and potential future of the EU Digital Identity Wallet. Different stakeholders are negotiating goals, and many questions remain, including the balance between technology and functionality.
EU Member States are required to ensure citizens have access to interoperable digital ID wallets. Each state can develop the wallet in various ways, including state-led projects, procurement processes, or allowing private companies to create competing wallets.
For example, Sweden prefers multiple private companies to develop digital identity wallets while maintaining state oversight for high-assurance digital identity documents.
Likely functional requirements for the EU Digital Identity Wallet include:
The requirements in the Architecture Reference Framework have a very clear focus on user integrity, anonymity and privacy. However, other EU initiatives in Anti Money Laundering (AML) and crime prevention point towards the need for more, not less access to data on sensitive transactions, e.g. money transfers to and from the bank account of the user.
How to balance the stringent privacy requirements with these data transparency and monitoring requirements is still an open question. It is not unlikely that services engaging with EUDIW holders will be required to store and share sensitive data with authorities, even though the purpose of the EUDIW is to make this monitoring impossible.
Based on the presentation and following discussion by DIGG, it is likely that blockchain technology will become an important part of the EUDIW framework, and that ideas within Decentralized Identity and Self-sovereign Identity will have a significant impact on the EUDIW. However, since there are still many aspects of these technologies that are yet to be developed, it is clear that uncertainty will remain for technology providers as to how viable the requirements are in practice.
The update of the European digital identity framework will now be followed by four Large Scale Pilots running over two years, with an estimated beginning spring 2023. These will test key aspects of the planned technology and infrastructure for the European digital wallet in different use cases and EU member states, including cross border testing. Given that they are public-private partnerships with stakeholders in several countries, it is not unlikely that there will be coordination challenges.
DIGG expects the final eIDAS2 regulation and framework to come into law some time after the completion of the Large Scale Pilots, which would point towards a date in 2025 at the earliest. There is a very high interest on EU level, both from member states and the EU Commission, to develop the EUDIW.
However, the coordination and stakeholder management process challenges are considerable, and it is probably more likely than not that there will be further delays. Also, the technical risk remains high, given that technology that is yet to be developed will be part of the requirements.
The EUDIW project is very ambitious and has the potential to create clear value, both in terms of integrity and efficiency. For Truid, the overall objective is exactly the right one. The main risk is likely political and technical, but the timeline makes it possible for private companies to learn and stay ahead of the official regulatory developments to make sure that it is possible to deliver a product compatible with the EUDIW certification if and when it comes.