Wallets: The future of Digital Identity in the European Union?

Lately we hear more and more often about wallets or digital wallets. We get messages from banks, from ecommerce sites or even from cryptocurrency apps. But what are they? In this article we are going to analyze the wallet concept and what the future holds for it within the European Union.

What is E-Wallet?

Many people use this term to refer to the digital version of a wallet, i.e. an application that allows you to store and manage money, means of payment, identity documents and other documents.

The SET (Secure Electronic Transaction) protocol, developed around 1997, and Movilpago/Mobipay, developed around 2001, are the antecedents of today’s wallets.

One of the best known is Google’s, created in 2011 to pay, earn loyalty points and redeem coupons. Even then it incorporated NFC technology, although it was only compatible with one phone model and few stores accepted it.

Successively, the other technological giants were incorporating this technology. In 2014 Apple launched Apple Pay; a year later, Android and Samsung launched their own products and, since then, the Wallet market has only grown and filled with alternatives.

Today, wallets are the fastest growing means of payment. Approximately half of all in-person contact less transactions are already being made with this technology and its use is expected to continue to grow in the coming years. According to Worldpay’s Global Payments Report, by 2024, more than half of all e-commerce payments will be made using wallets.

Other uses of Wallets

However, just as we carry more than just cash and cards in our wallets, e-wallets manage more types of data, such as movie tickets or boarding passes, as did Passbook, which can be considered the first wallet from the Apple giant, even before Apple Pay.

Although the wallet concept is predominantly associated with payment management, in reality, its potential is much broader and some players are beginning to move into the market and seek new applications for wallets. A clear example is the European Union.

eIDAS 2: The new paradigm of digital identity

In June 2021, the European Commission announced its intention to position the Union as a world leader in the use of digital identity by creating a legal framework for wallets with the proposal to amend Regulation (EU) 910/2014 (also known as the eIDAS Regulation). The proposed amendment, known as eIDAS 2, defines the European Union Digital Identity Portfolio (EUDI) as:

“A product and service that enables the user to store identity data, credentials and attributes linked to his or her identity, to provide them to informed parties upon request and to use them for authentication purposes, online and offline, for a service in accordance with Article 6 bis, as well as to create qualified electronic signatures and seals”.

If this proposal is confirmed (although amendments will be introduced in the legislative process), the concept we currently have of wallets would change throughout the European Union and would establish itself as an identity management mechanism with a potential never seen before. Article 6.3 of eIDAS 2 establishes:

European digital identity wallets will enable the user:

Request and obtain, store, select, combine and share in a secure, transparent and user-traceable manner, the legal entity identification data and electronic attribute declaration required to authenticate online and offline for the purpose of accessing public and private online services;

Signing by means of qualified electronic signatures.

According to this, a European citizen could carry and securely share documents such as an ID card, driver’s license, academic degree, health card, electronic prescriptions, professional license or bank certificate, among others, on his or her cell phone.

How would this work?

The EU proposes that each member state issue a personal digital wallet that would allow citizens to store and manage identity data and electronic attribute tokens securely on their devices.

A key concept in these wallets is “attributes” which would be certain information about a person. For example, date of birth, professional licenses or academic record. These attributes will be authenticated by an electronic statement of attributes (testimonials), which will be issued by any entity that has the power to establish the attested attributes as diplomas, e.g., a University, or a Qualified Testimonial Service Provider associated with it. Entities issuing testimonials (qualified or unqualified) are considered reporting parties and those requiring them are considered informed parties (and sometimes relying parties).

Thanks to this, the user will be able to:

Authenticate and identify itself to access online services or to prove data related to it.
Store and exchange information provided by governments as part of their notified electronic IDs (e.g., first name, last name, date of birth, nationality, which would attest, for example, to the right to reside, work or study in a given member state) or by trusted service providers (e.g., attributes and credentials such as professional qualifications, employment history or creditworthiness that could help users, for example, get a new job or a loan).
Selective disclosure of identity data. Just as bank cards are used today to authorize payments, digital wallets will authorize the disclosure of trusted information about users to certain informed parties, under their full control.

Therefore, wallet users will have an app on their cell phones that will incorporate the electronic identity data of their choice and will be able to use them in any country of the European Union. In other words, full cross-border portability of legal identities is guaranteed.

What are the benefits of a European wallet?

A more harmonized approach to digital identification should reduce risks by making wallets safer and more reliable tools for users, who will be supported by a common regulatory framework. Similarly, the current fragmentation resulting from the use of divergent national solutions will no longer be a barrier for users, who will be able to use their wallets throughout the Union, so there will be no need to have several apps downloaded.

In addition, the draft eIDAS 2 includes the option for identity attribute testimonials to be qualified so they should be recognized in any Member State.

Another of the most relevant aspects to be included is the user’s management of the processing of personal data. The Commission’s proposal intends that users can limit the provision of identity attribute testimonies to what is necessary to receive a service and that consent for data processing can be withdrawn. This means that if, for example, I am going to identify myself with the wallet in a procedure that requires my ID card, the service provider would not be able to access any other built-in attributes such as, for example, my Social Security number.

What are the challenges posed by the introduction of the wallet?

As this proposal is consolidated, the main challenge is presented to Public Administrations because according to Article 6 bis, Member States will have twelve months to issue a digital identity wallet from the entry into force of the new Regulation.

The proposed amendment to the Regulation is currently in its first reading by the European Parliament, which will have to approve it without amendment or amend it before the Council can formally hold its first reading.

Although in principle there are no time limits set for the duration of the first reading, the idea is that it will be approved before the next European Parliament elections which are scheduled for May/June 2024.

Member States would therefore have from 2022, if there are no changes to the initial text, less than 3 years to launch a digital identity wallet for their citizens.

In short, if the Commission’s proposal goes ahead, the European Union will once again assert itself as the champion of digital identity in the world, allowing its citizens to have their documents recognized across borders, but guaranteeing the security and, more importantly, the control of their personal data.

About EADTrust

EADTrust is a Qualified Trust Service Provider that has been working for more than ten years to help companies adapt to the challenges of digitalization, providing them with tools that guarantee the security, authenticity, integrity and legality of their processes.

Its main services are:

Issuance of qualified certificates for electronic signature of natural person and natural person representative of legal person and of qualified certificates for electronic seal of legal person.
Issuance of qualified time stamps
Reliable electronic notification (certified e-mail)
Reliable electronic verification of publications on a web page (Reliable publication), especially related to shareholders’ meetings and other corporate acts.
Electronic Shareholders’ Forum
Electronic Voting
Audit of certified digitization and advanced digitized handwritten signature
Consulting

EADTrust, European Agency of Digital Trust, S.L. is an entity specialized in solving the challenges of digitalization by providing solutions to the needs of companies that are considering changing manual processes for digital ones. The combination of legal and technical knowledge of its specialists leaves no loose ends when it comes to answering about the legality of the developed solutions. Since 2020 it has been providing qualified digital trust services as defined in the European EIDAS Regulation, which is directly applicable in all European countries. Its certificates based on Elliptic Curve Cryptography are used by several Ministries and all autonomous communities for the issuance of digital COVID certificates.

For more information about the company, please visit www.eadtrust.eu and www.certificados.de

M	T	W	T	F	S	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30