EU Regulation 2024/1183 establishes a comprehensive European Digital Identity Framework. It allows EU citizens to verify their identity online across member states securely and conveniently. The regulation sets out standards and procedures for creating, managing, and recognizing digital identities. It promotes interoperability and trust in digital transactions within the EU. This Regulation went into force on 20 May 2024. It amends EU Regulation 910/2014 on electronic identification and trust services (abbreviated: eIDAS).
One of the critical aspects of this regulation is the creation and implementation of detailed standards and procedures through a series of implementing acts. Here’s a breakdown of the purposes of these implementing acts and the rationale behind their staged implementation.
Purposes of the Implementing Acts
The implementing acts for EU Regulation 2024/1183 are designed to achieve several crucial objectives:
- Establishing Reference Standards: These acts set reference standards and procedures necessary for implementing various aspects of the regulation. This includes ensuring compliance with the European Digital Identity Wallet requirements and related cybersecurity certification schemes. By establishing clear standards, the regulation aims to maintain a high level of security and interoperability across the EU.
- Certification Procedures: Implementing acts define the certification processes for the conformity of European Digital Identity Wallets and other related services. These processes cover requirements relevant and non-relevant to cybersecurity, ensuring that national certification schemes align with these EU-wide standards. This uniform approach helps in maintaining trust and security across different member states.
- Operational Compliance: They ensure that the provision and management of electronic attestation of attributes, electronic archiving services, and other trust services comply with the regulatory framework. This compliance is critical for the seamless operation of digital identity services, enhancing the reliability and trustworthiness of electronic transactions within the EU.
Responsibility for Implementing Acts
The responsibility for working on the implementing acts lies primarily with the European Commission. Specifically, the Commission is tasked with:
- Establishing Standards and Specifications: By November 21, 2024, the Commission must establish a list of reference standards and necessary specifications and procedures for the catalogue of attributes, attestation schemes, and verification procedures for qualified electronic attestations of attributes.
- Ongoing Oversight and Refinement: The Commission will continue to oversee the implementation process, making necessary adjustments and adopting further implementing acts by May 21, 2025. This ensures the regulation remains effective and responsive to the evolving digital identity landscape.
- Collaboration with Member States: The Commission will work closely with member states to ensure that public sector bodies issuing electronic attestations of attributes comply with the established standards and procedures, providing a level of reliability and trustworthiness equivalent to qualified trust service providers.
Why There Will Be Two Batches of Implementing Acts
The implementation of the acts is planned in two batches to ensure a phased and thorough approach:
- Initial Establishment (by November 21, 2024): The first batch focuses on establishing initial standards, specifications, and procedures necessary for setting up the European Digital Identity Wallet and related services. This includes ensuring that foundational standards and processes are in place for implementing the digital identity framework. This initial phase is crucial for laying the groundwork for the broader regulatory framework.
- Further Refinement and Integration (by May 21, 2025): The second batch aims to refine and expand on the initial standards and procedures. This stage involves further detailed specifications and procedures for various advanced services such as the validation of electronic signatures, electronic seals, and other related trust services. This phased approach allows for addressing any issues or gaps identified during the initial implementation phase and ensures comprehensive regulatory compliance.
Previous implementing acts remain binding until further notice
In July 2024 we are currently in a transitional phase.
The previous implementing acts relating to EU Regulation 910/2014 remain valid – especially regarding listing trust services in national trusted lists and corresponding entry in EU/EEA Trusted List Browser – because:
- There are currently no new binding market standards for which conformity assessment bodies could have been accredited.
- The implementation of NIS-2 is not yet in force.
In parallel to work on implementing acts on the legal side:
Work on technical standards
Work on market standards is ongoing. ETSI and CEN are working together to develop several standards to support this new regulatory framework, building on the latest globally recognised standards for website authentication, open identities and mobile-based wallets.
In September 2024 The ETSI/CEN Workshop on EU Digital Identity Framework Standards will present the latest status of these standards and aims to include demonstrations from large-scale pilots applying the EU Digital Identity Wallet. Namirial experts will be participating in this and other forthcoming events that will influence the development of these standards.
Work in large Scale Pilots
The work on large scale pilots is intrinsically connected to the development and implementation of the acts under EU Regulation 2024/1183. Large scale pilots serve as practical testing grounds for the standards, specifications, and procedures outlined in the implementing acts, allowing for real-world validation and refinement.
The Large scale pilots (Digital Credentials For Europe (DC4EU), EU Digital Wallet Consortium (EWC) NOBID Consortium, Potential) provide an opportunity to test the reference standards and procedures in a controlled yet realistic environment. This helps ensure that the proposed measures are feasible, effective, and can be seamlessly integrated across different member states.
Their goals are to:
- identify any practical challenges or gaps in the implementing acts.
- drive stakeholder engagement, including public sector bodies, private companies, and end-users.
- enable iterative improvements to the implementing acts.
Recommended reading:
Stay tuned for further updates.