eIDAS 2, the EU proposal for digital identity
November 14, 2023
Are you tired of having to remember multiple usernames and passwords to access your digital accounts? Are you concerned about the security of your personal data online? Don't worry! The EU has proposed the eIDAS 2 initiative, which promises to improve digital identity and online security for citizens of the European Union. However, it does have some black spots, such as Article 45, which we will proceed to analyze..
The concept of digital identity is becoming increasingly important in our daily lives, especially after the COVID-19 pandemic. With the rise of remote work, online shopping, and access to banking, the need for a secure and reliable digital identity has become more critical than ever. To address this issue, the EU has proposed the eIDAS 2 initiative to enhance digital identity and online security for EU citizens.
What is eIDAS 2?
eIDAS 2 is the EU proposal to improve digital identity and online security for citizens of the European Union. This initiative is a continuation of the original eIDAS, which was established in 2014 to enable EU citizens to access online services in other EU countries using their electronic identity. eIDAS 2 aims to further enhance the security and reliability of digital identity in Europe.
What are the objectives of eIDAS 2?
The main objectives of eIDAS 2 are to improve interoperability between the digital identity systems of different EU countries and increase security and reliability of digital identity. It also aims to promote the adoption of digital identity by citizens and businesses throughout the EU.
How will eIDAS 2 affect EU citizens and businesses?
eIDAS 2 will have a significant impact on how citizens and businesses in the Union access services and manage their personal data online.
With a more secure and reliable digital identity, citizens will be able to access online services in other EU countries more easily, and businesses will be able to trust the identity of their online customers. Additionally, eIDAS 2 will also promote the use of digital identity in a wide range of services, both private and public, such as shopping, online banking access, or electronic signatures.
The key characteristics that digital identity services must meet to comply with eIDAS 2 are:
- Secure and privacy-respecting
- Accessible to public and private services
However, although there is no definite date for its entry into force, on November 8, 2023, the European Parliament and the Commission of the European Union approved the proposal.
Article 45, why is it worrisome?
Although the idea of this regulation is very interesting, it leaves some obscurities that we will proceed to analyze, especially related to article 45, for which many experts and users have cried foul.
The regulation talks about creating Certified Authorities, i.e. companies that would have a certified authentication (QWACs). However, Article 45 states that all browsers will be obliged to accept these certificates as valid, regardless of whether or not they comply with security standards. This removes the autonomy of browsers to apply their own security criteria and to take, on a mandatory basis, the criteria of the European Union.
Many experts see this as "a dangerous intervention in Internet security". In fact, in an open letter involving nearly 500 experts from more than 30 countries, they say "the current proposal radically expands the ability of governments to monitor residents across the EU, providing the technical means to intercept encrypted data on the Internet, as well as undermining existing oversight mechanisms".
This could also cause significant inter-territorial damage: if one country makes a mistake in issuing a certificate, the problem could spread across the continent and create an even more fragmented internet than we have today, with sites accessible only in some countries.
Didit, the decentralized alternative that protects your privacy
In an increasingly controlled and centralized environment, Didit emerges as a decentralized solution for humanity, providing and enabling each user with a personal, private and secure digital identity.
At all times, individuals will be aware of what information they include in their identity, choosing what, when and where they share their information.
Decentralization is unstoppable. And with Didit you can take control of your digital identity and be you all over the Internet.
You can find out more about how Didit can help you in your day-to-day life, and if you prefer, create your decentralized digital identity by clicking the button below.