25-10-2024

The impact of the new eIDAS regulation

Danny Greefhorst

eIDAS stands for ‘Electronic Identification And Trust Services’. With the eIDAS regulation, the European member states have made agreements to use the same concepts, reliability levels and mutual digital infrastructure for cross-border transactions and the use of trust services. Part of the regulation is the cross-border use of European recognised identification methods. In this context, it is now possible to log in to many foreign government organisations with a Dutch identification method such as DigiD or eHerkenning and vice versa.

eIDAS 2.0

A revised version of the eIDAS regulation has now been published, which includes a number of fundamental changes. The most important is the introduction of European digital identity wallets with which citizens and organisations can use digital services. The wallet can be used as an identification method, for authorisation and representation, for electronic signing and as a means of securely sharing data. It uses verifiable statements to provide evidence to trusting parties. Users can retrieve verifiable statements themselves and determine for themselves to whom they provide these statements. This enables citizens and organisations to gain more control over the data they share with service providers. This largely ties in with the Self Sovereign Identity vision, which states that users should be in control of their own identity data. In contrast to the SSI vision, this mainly involves the use of government-issued identity data that can also be used in other European countries. The regulation assumes that each Member State recognises one or more digital identity wallets and makes these available to its citizens and companies. The Member State provides the digital identity wallet(s) with identity data that the person can use to identify themselves and gain access to both public and private services.

Trust services

In order to create trust between parties, trust services are needed that can support this. The eIDAS regulation describes a number of these types of trust services. These include services for placing electronic signatures (by people), electronically sealing data (by an organisation), creating electronically verifiable statements, creating electronic time stamps and protecting and proving electronic data exchange. These services are offered or supported by suppliers in the market and can be used by organisations to support the provision of access and the exchange of data. Some of these trust services are new, such as the service for creating electronic verifiable statements. This service is necessary for the provision of statements that can be used in an EDI wallet.

Impact on organisations

Organisations must take into account that an EDI wallet will probably be available from 2026. They must consider which data they must be able to provide or receive as verifiable statements at that time. Very specific agreements and standards are available from Europe for this purpose that will have to be used. Trust services that are provided by qualified parties can be used to create statements. An important point of attention here is that the specifications are not yet entirely clear at this time. A number of implementing acts (guidelines) will follow that should provide this clarity.

Another point of attention is that this obligation to provide data is in addition to other obligations that government organisations have to deal with. For example, evidence will also have to be provided to the Once Only Technical System (OOTS) that is being set up in the context of the Single Digital Gateway regulation. This places more emphasis on the provision of information and the cross-border provision of procedures, but therefore partly leads to an additional provision for similar data as for the EDI wallet. In addition, various data spaces are being worked on in sectors with which all kinds of things have to be shared. All this results in all kinds of additional burdens for data exchange.

My role

From ArchiXL I support the development of national domain architectures in the field of data exchange and access. I do this from the MIDO office of the Ministry of the Interior and Kingdom Relations, together with architects from various government organizations. A fixed version of the data exchange domain architecture is now available and you can also read along with the concept version of the access domain architecture. I also think about possible synergy between the EDI wallet, the OOTS and other forms of data provision.

Interessant? Deel het!
Illustratie stel je vraag
Meer weten over deze blog?

Neem contact op met ons, we vertellen er graag meer over!

© ArchiXL  |  Chamber of Commerce  05084421