EUid: EU Commission sets uniform technical standards for wallets

Based on the legal act for a European digital identity (EUid), EU member states will have to provide all citizens and companies with a wallet in future. In the digital wallet, users will be able to store their national eID, particularly on mobile devices, and link it to proof of other personal attributes such as driving licenses, birth certificates and doctor's prescriptions. The EU Commission has now defined uniform standards and procedures for the technical functions and for certification so that the wallets are interoperable and accepted throughout the EU.

With four implementing regulations, the Commission wants to ensure that the technical functions of the wallets are the same in all member states. These include data formats for the cross-border use of digital documents and measures to ensure the reliability and security of wallets. The Brussels-based government institution emphasizes that "the protection of personal data and privacy is guaranteed" in the wallets. Local storage is mandatory, for example. Users retain control over what information they pass on. No tracking or profiling takes place during the development of the wallets. A data protection dashboard is also built in. This offers "complete transparency" about "how and with whom information from the wallet is shared".

Progress in data protection

It didn't always look like this. The civil rights organization Epicenter.works criticized in October, for example, that the implementing acts did not safeguard the right to use pseudonyms in the European Digital Identity (EUDI). There was a risk of "over-identification" and the loss of anonymity. Banking associations and other lobby groups had also campaigned for biometric data to be required for wallets. The member states would be required to implement this. In the meantime, however, the activists are talking about major steps in the final negotiations. The revised regulations now provide for privacy by design, for example: This would ensure that confidential data is protected from misuse by governments or private companies. Logs would remain on the user's device.

The fifth regulation sets out a framework for certification. Here, too, the focus has been placed on data protection, the Commission emphasizes. It is convinced: "Digital wallets will offer private users and companies a universal, trustworthy and secure way to identify themselves when accessing public and private services across borders". Examples include opening a bank account, proof of age, renting a car or issuing flight tickets. The implementing regulations are to be published in the EU Official Journal shortly and enter into force 20 days later. In Germany, a competition is underway to program prototypes for EUid wallets.

(vbr)