Tn 30 April 2024, the European Council finally approved the proposed amendment to the eIDAS Regulation. After a waiting period of 20 days, the new Regulation will enter into force in all member states. This is an important step towards harmonising digital identity and trust services across the European Union.
The long-awaited Regulation (EU) 1183/2024 (“eIDAS 2.0“) contains the reform provisions of Regulation (EU) 910/2014, better known as the “eIDAS Regulation“.
The most notable change is the introduction of the so-called “European Digital Identity Wallet” or “EUDI Wallet”. This new means of electronic identification allows users to identify and authenticate themselves electronically, across borders, to access a wide range of public and private services. Additionally, individuals will be able to use it to sign documents with qualified electronic signatures and as part of strong customer authentication (SCA) systems.
The European Commission plans to adopt implementing acts for the EUDI Wallet’s measures as early as 21 November 2024. The EUDI Wallet will also serve as the foundation for a common system to issue and validate attributes (qualified and unqualified) such as educational qualifications (including university degrees, other academic degrees and professional qualifications), driving licences and permits.
New types of trust services have been introduced, including:
- Electronic ledger service – maintains a sequence of electronic data records, ensuring integrity and accuracy of their chronological order; and
- Electronic archiving service – manages the receipt, storage, retrieval and deletion of electronic data and electronic documents to maintain durability, legibility, integrity, confidentiality and proof of origin throughout the preservation period.
Significant changes are also on the horizon for qualified (e.g., the preservation of qualified electronic signatures) and non-qualified trust service providers.
Qualified trust service providers must undergo an audit by a conformity assessment body at least 24 months, at their own expense. The audit will ensure that the providers and the qualified trust services they offer meet the requirements outlined in eIDAS 2.0 and Article 21 of Directive (EU) 2022/2555 (i.e., on cybersecurity risk management measures). Non-qualified trust service providers must adhere to notification requirements and comply with other provisions of eIDAS 2.0.
Finally, the eIDAS 2.0 rules provide for the European Commission to issue several implementing acts to establish common reference standards and procedures.
Our team is available to provide you with updates on the implementation of eIDAS 2.0.
For further information, please contact:
Marta Breschi, Partner, Bird & Bird
marta.breschi@twobirds.com