Ascertia: Adapting to eIDAS 2.0

By Mike Hathaway, Chief Product Officer, Ascertia

The path towards eIDAS 2.0 has been long, but the details were not entirely clear at the beginning. The European Commission first proposed a review of eIDAS on June 3rd, 2021, and a final agreement and vote took place in December 2022.

Now, we’re in October 2023 and there’s not long to go before changes are made. It’s probable that eIDAS 2.0 will become the real deal towards the end of 2023, 20 days following its publication in the Official Journal of the EU. From there, likely in 2024, the implementation of acts should begin.

The first acts to come into force will include:

• Attestation of attributes
• Trusted list
• Wallet

Later, more acts that will be enforced include:

• Audit of QTSPs
• Certificates
• Digital archiving
• Management of QSCD
• Signature preservation

While it may seem as if you still have plenty of time before change comes into effect, it is important to spend this time preparing for what is to come.

Main developments

Here are some of the big inbound changes and trends that you need to be mindful of moving forward.

New features: eIDAS 2.0 will introduce several new features that surpass the current regulation’s capabilities, including:

• The expansion of regulatory boundaries to encompass additional cross-border digital services
• The strengthening of security and privacy measures surrounding electronic identities
• The introduction framework to enable individuals and businesses to employ digital identities without government verification
• The simplification of digital identities and trust services in public procurement, improving interoperability between national systems

Cloud-based signatures: The introduction of the EUDI Wallet will enable citizens to generate Qualified Signatures, signalling the decline of token-based signatures. eIDAS 2.0 introduces a new Qualified Trust Service for the management of remote qualified electronic creation devices, and only a QTSP can manage qualified signatures or seal keys and keep it in a remote QSCD.

Wider than the wallet: While the EUDI Wallet has rightfully collected a lot of attention, it has overshadowed other key elements of the evolving regulation. eIDAS 2.0 improves upon several digital building blocks, with interoperability becoming a crucial element for service providers, unlocking the potential for a trusted digital identity ecosystem.

Ascertia has been long focused on interoperability with SigningHub, its electronic signature platform.

Identity verification: We are currently in the proliferation phase of identity verification with digital identity schemes, self and video identification and eIDs. eIDAS will help usher in the next phase, rationalisation, through the EUDI wallet and video collaboration. The preference for eID identification has been growing, and is still doing so, as it’s faster, cheaper and provides a better user experience.

User sovereignty: eIDAS 2.0 stresses the principle of “exclusive control”, which permits EU citizens to wield their rights to a digital identity under their jurisdiction. This is foreseen to stimulate broader adoption, thus boosting user trust. This differs from eIDAS 1.0 which was criticised for its inflexibility, whereas 2.0 allows the end-user to govern all of their identification data.

Preparing for eIDAS 2.0

As you can tell just from the few highlighted elements above, eIDAS 2.0 is a gigantic leap for digital transformation across the EU. It will usher in a new era by enabling individuals to access physical services from anywhere globally and establishing a secure and dependable identification process for all.

There is still time to prepare for these important regulation changes. Ascertia recently published a free eBook focused on this exact topic to help companies like yours ready for the next phase of digital trust in Europe. Download your copy here, and feel free to contact our team if you have any questions.

More info here.