Ana Isabel Segovia, Digital Regulation Manager at BBVA, explores the latest developments in a European digital identity system.
Last June the European Union announced the future creation of digital identity wallets as part of a change in its electronic identification regulations. The measure represents a major step forward in the harmonization of identity systems in Europe.
Obviously, the Covid-19 crisis has provided an extraordinary boost to digitalisation, and the capacity to demonstrate identity in order to operate digitally is one of the key foundations of economic and social development. Consumers and companies have shifted their transactions and operations to the digital world, where they can access basic public and private goods and services, such as healthcare, education and financial services.
On average, each EU citizen currently has about 90 digital identities giving access to social media accounts, online merchants, mobility platforms and online banking; and they have to provide the same information and documentation each time. Until now, there has been a lack of available and broadly accepted identity solutions in Europe that allow users to identify themselves uniquely to suppliers of goods and services, even from a variety of sectors. This situation could be slowing down the process of digitalisation.
Aware of this problem, the European Commission is proposing to amend the eIDAS Regulation (on electronic identification and trust services for electronic transactions), approved in 2016, to oblige Member States to issue digital identity wallets, defined as a service that will allow users to store data, credentials and attributes linked to their identity and either share them with third parties who request them, or use them to identify themselves online or offline, all at European level.
The wallets will be voluntary for citizens, but both the States and private companies, particularly those which use enhanced identification systems (such as the financial sector) will be obliged to accept them as valid. The bigtechs will also have to use them if requested by users.
Although Member States will be responsible for issuing the wallets within a year of the approval of the law, the providers may be public or private (mandated and/or recognised by the Member States). The purpose of this measure is to guarantee users’ control over the data that identify them, in line with other European laws, such as the General Data Protection Regulation (GDPR).
The idea of this identity wallet is a very important step in creating a European ecosystem for the use and management of digital identities that may be used in all sectors and by multiple providers. The aim must be to allow individuals and companies to integrate seamlessly into the digital value creation processes based on digital identities.
The future wallet will also help to preserve users’ privacy, giving them full control over the attributes that shape their identity and minimising the personal data to be exchanged. reducing dependence on third parties that could track user activity.
In the case of financial institutions, whose enhanced identity verification instruments are among the most trustworthy and robust on the market, the new wallet opens up a world of possibilities to participate in the new ecosystem, both as identity authentication service providers and, ultimately, as the suppliers of the wallet itself, under the mandate of the Member States. They have long experience developing trusted identification processes with the highest levels of security, due to the high regulatory requirements in place, especially in anti-money laundering regulations. For this reason, the onboarding solutions of the banks could be leveraged in other industries and sectors, with the highest levels of assurance.
Banks have already started to participate in the digital identity business as potential trusted partners in some countries in Europe, so the solvency of its solutions for other sectors has already been demonstrated. One example is BankID, a solution developed in Sweden by major banks that can be used by citizens and businesses to access different services, both public and private.
We also think that the proposal will encourage Member States to develop digital identity solutions with widespread adoption rates. Until now, one of the problems with national solutions is their lack of usability for citizens, which led to their low utilisation.
Interoperability is also key, in order to ensure that adoption by all the actors has as little impact as possible on their systems. It is very relevant to avoid fragmentation, which would lead to increased operational costs in case of incoherent national solutions and investments needed from the private sector actors, if they have to adapt its systems to all the 27 national solutions. This is especially relevant since some private companies, like banks, according to the new regulation will be obliged to accept the European Digital Identity Wallet.
There are still many aspects to be defined in this new scheme, as the details remain to be worked out. It is the Commission’s task over the coming months to harmonise the different solutions proposed by the Member States.