Since 2021, the EU has been laying the groundwork for a universal digital ID system. This system aims to simplify access to online services for citizens and businesses.
The European Union is progressing with its plans to establish a universal digital identity system. It aims to introduce digital identity wallets for EU citizens, residents, and businesses by 2026. This initiative is intended to facilitate easier access to a wide range of public and private services across all member countries. Similar to this, India has a government-backed initiative called DigiLocker.
The EU first announced its digital identity wallets in 2021 and is currently pilot-testing them for various use cases before a full rollout. Over the past few decades, many countries in Asia and Africa have implemented national biometric-based digital ID systems to promote the digitization of government services and encourage digital payments. Even within the EU, countries like Estonia have implemented decentralized e-ID systems for many years.
The proposed pan-EU digital ID framework aims to address the disparities between multiple national digital IDs and make cross-border online interactions seamless.
How will EU’s digital ID wallets work?
The EU has introduced digital ID wallets available as free downloadable apps for Europeans. These wallets allow individuals to selectively share their credentials with public or private services for identity or age verification.
The digital ID wallets will be based on existing national electronic identification systems in some EU countries and can also be used as a digital storage space for personal documents like passports, driver’s licenses, educational certificates, bank accounts, and medical prescriptions. Additionally, wallet holders can electronically sign these documents.
The new legislation for digital IDs and wallets in the EU came into effect in May 2024. According to the new rules, public authorities and recognized private entities in the EU can issue these wallets, but it is not mandatory for citizens to download and sign up for them. However, service providers are legally required to accept digital ID wallets for identification and authentication.
The EU stated that service providers, including Member States, banks, universities, and pharmacies, will request your Digital ID and/or Digital Documents to verify your identity when accessing their services.
Wallet providers are responsible for developing the app in line with the EU’s technical specifications and providing ongoing technical support.
How will digital ID wallets be kept safe and private?
To ensure the security and privacy of the data stored on digital ID wallets, the EU has stated that tracking and profiling will be limited due to the data minimization design of the wallets. The EU has emphasized that a built-in dashboard will provide a complete overview of all data and transactions, and allow users to request the deletion of their data from relying parties.
Additionally, it has been revealed that the data will only be stored locally on the wallets, which will be open source and developed in compliance with the EU’s General Data Protection Regulation (GDPR) and existing cybersecurity legislation. The EU has also stated that wallets can be suspended in the event of a serious security risk.
The digital ID wallet is designed with data minimization capabilities such as zero-knowledge proofs, allowing wallet holders to verify an attribute without disclosing further details. This means that users could, for example, confirm that their bank account holds an amount above a certain level without revealing the exact figure, ensuring a high level of privacy.
Moreover, wallet holders can choose to only share specific information requested by a service provider without revealing additional details. For instance, they could share their date of birth without revealing any other identifying information that could be used for profiling.
Digital ID wallets: The good, bad, and ugly
The European Union is advocating for a pan-EU universal digital ID system to address privacy risks faced by citizens and businesses. The system aims to reduce the need for constant data sharing with companies to access online services. Additionally, digital ID wallets could help enforce certain provisions of the EU’s Digital Services Act, which includes stricter age verification requirements for platforms with adult content. Furthermore, the use of “privacy-preserving” digital ID wallets could reduce the popularity of “sign in with” options offered by tech giants like Google and Apple.
However, civil society groups have criticized the European digital identity system, claiming that it could compromise the privacy of EU citizens and potentially benefit companies like Google and Facebook. Concerns have been raised about potential surveillance and the creation of a unique identifier for every citizen that could allow Big Tech companies to track behavior across public and private sectors.
DigiLocker, the Indian equivalent of the EU’s digital ID wallet, has faced its own challenges. In 2020, cybersecurity researcher Ashish Gahlot discovered a major vulnerability in the platform’s sign-in process, which potentially put the personal details of 38 million DigiLocker users at risk. The authentication flaw was reportedly fixed after being brought to the attention of the DigiLocker team and CERT-In, India’s nodal cybersecurity agency.