German IT Security Association (TeleTrusT) on the amendment of the eIDAS Regulation
Digital identities – EU citizens must be able to move securely and self-determined in the European trust area
(PresseBox) (Berlin, 06.04.2023) Since 2014, the eIDAS Regulation (EU) No. 910/2014 has regulated digital identities and trust services in Europe. The Commission’s proposed amendments, which are now being discussed in the trilogue negotiations between the Commission, the European Parliament and the Council, lay the foundation for the self-determined use of digital identities and their attributes for all EU citizens. The German IT Security Association (TeleTrusT) welcomes the Commission’s proposal as well as the general orientation of the Council and the position of the Parliament, which are not far apart in terms of content, and expects speedy negotiations.
The main innovation of the amendment is that every EU citizen will be provided with an “EUDI Wallet”, with which the person can authenticate himself or herself EU-wide at the “high” level and manage attributes such as driving licences, certificates and other items in a self-determined manner and use them across borders.
From TeleTrusT’s point of view, it is particularly pleasing that the EUDI Wallet is also to be used for a qualified signature and seal. To ensure a high level of security, the core identity of the EUDI Wallet should be derived from the national sovereign identity. A first draft of the technical architecture has already been published as the “European Digital Identity Architecture and Reference Framework”.
TeleTrusT welcomes that Qualified Webpage Certificates (QWACs) should in future be recognised by browsers and displayed in a user-friendly way to allow the identification of the entities responsible for the webpages. This ensures more transparency, data and consumer protection in the digital world. It is important that this obligation is not watered down. It is not the web browsers that should be able to decide whether not to display a certificate due to security concerns, but this should be reserved for European institutions – in the spirit of European digital sovereignty.
After the trilogue negotiations and the adoption of the amendment by the Parliament, the necessary implementing acts will be adopted by the EU Commission.
Dr. Kim Nguyen, member of the TeleTrusT board, explains: “We hope that the parties involved will make use of this possibility quickly and comprehensively, because this is where the European goal of market harmonisation is essentially decided”.
TeleTrusT accompanies the developments in the “Electronic Trust Services Forum”.