Recently, the European Union signed into law regulations concerning the new eIDAS 2 directive, which has the potential to change how businesses operating in EU member countries approach identity, age verification, and a whole lot more. Uptime Solution’s COO Lukasz Bargiel highlights in this overview that this is something that opens up new avenues for businesses looking to streamline their offering or bring new innovative services to market.
At Uptime, we specialize in leveraging digital identity providers to build software that integrates smoothly with their functionalities. Most commonly, this involves user authentication to verify identities. However, we also digitize processes such as signing contracts and agreements.
Implementation details often vary by country, as each interprets and enforces directives differently. These differences, though small, can significantly impact use cases. For instance, whether advanced electronic signatures (AES) can be used for signing medical consents depends on the specific regulations of each EU Member State. Sweden allows AES for all types of medical documentation, Germany restricts it to internal documents, while Poland permits AES for internal clinic documentation.
Understanding these differences is key in providing solutions that not only meet the regulatory framework of each state, but also offer the end users the user experience and options they’re used to.
Staying Current in a Rapidly Changing Landscape
Keeping up-to-date with market trends, available solutions, and evolving regulations is critical for anyone operating in this space, including us. This includes monitoring EU-level legislation as well as country-specific implementations, ensuring that any new project can be undertaken without spending an exorbitant amount of time spent on onboarding the partner.
And this is a landscape that’s rapidly changing, both on local levels, as well as on the EU-level.
One notable milestone is the publication of Regulation (EU) 2024/1183 on April 30, 2024, which entered into force on May 20, 2024. This regulation, commonly referred to as eIDAS 2, builds upon the foundation laid by the original eIDAS regulation. While the first directive was solid and widely adopted across the EU, it had notable shortcomings:
- Not accessible to the entire population.
- Often limited to online public services.
- Lacked smooth cross-border functionality.
The new regulation addresses many of these issues, introducing EU Digital Identity Wallets. These wallets will enable citizens to:
- Prove their identity across the EU to access online services.
- Share digital documents.
- Verify specific personal attributes (e.g., age) without revealing unnecessary personal information.
Critically, users retain full control over their data, choosing what to share and with whom. Article 5a pt.4a emphasizes this capability:
4. European Digital Identity Wallets shall enable the user, in a manner that is user-friendly, transparent, and traceable by the user, to:
(a) securely request, obtain, select, combine, store, delete, share and present, under the sole control of the user, person identification data and, where applicable, in combination with electronic attestations of attributes, to authenticate to relying parties online and, where appropriate, in offline mode, in order to access public and private services, while ensuring that selective disclosure of data is possible.
These new regulations open up a wide spectrum of new possibilities, improving upon the options available today.
Real-World Applications and Benefits
While some already implemented eID schemes, such as Sweden’s BankID or Freja eID, already offer robust capabilities, others, like Poland’s Profil Zaufany, are limited to public services. Non-EU examples like Australia’s myGovID demonstrate how streamlined identity solutions can enhance access to services, further underscoring the potential global relevance of eIDAS 2.
One exciting possibility is the integration of Digital Identity Wallets for age verification. For quite some time, there has been a global discussion about setting age restrictions for accessing social media. Australia appears to be among the first countries considering an outright ban for teenagers under certain age limits.
A system like the EU Digital Identity Wallet, implemented under eIDAS 2.0, could address such cases effectively. With selective data disclosure capabilities, users could verify their age without revealing unnecessary personal details, offering a privacy-preserving solution that is both reliable and efficient. This could also replace inefficient methods, such as simple pop-ups asking users to confirm their age, with more robust approaches.
The issue of age verification also extends to other sensitive areas, such as accessing adult content. For example, Article 5a(4)(a) highlights that selective data disclosure will allow users to confirm their age anonymously without sharing additional personal information. This could be a game-changer in addressing the prevalence of minors accessing inappropriate content online.
Addressing Technical Challenges
Implementing these solutions requires overcoming challenges, such as ensuring compatibility with legacy systems and maintaining low latency in high-traffic environments. For instance, integrating a Digital Identity Wallet within a high-volume e-commerce platform necessitates optimization to avoid delays during checkout. This requires both industry know-how, as well as a clear understanding of the regulatory space.
However, if implemented successfully, the regulation offers numerous new opportunities for businesses. Article 5a p.5g mentions, for example, that Digital Identity Wallets should allow natural persons to sign documents with qualified electronic signatures. This provision alone offers up new avenues for streamlined business practices, as well as enables companies to bring new innovative services to market. Faster and more efficiently.
At Uptime, we’re excited about the possibilities this opens up for our clients. For instance:
- Enabling smooth contract signing directly within applications.
- Facilitating cross-border transactions with unified identity verification.
- Developing innovative use cases that leverage these new capabilities.
If you’d like to read more about how one of our clients revolutionized the fertility industry in the UK by building a product that leverages AES signatures, click here.
Looking Ahead
EU Member States have two years to implement eIDAS 2, but discussions on how best to leverage it are already underway. From age verification for social media to privacy-preserving digital document sharing, the potential applications are significant.
We’re closely following these developments and are eager to help businesses integrate these solutions into their systems. The future of digital identity is here, and we’re excited to be at the forefront of this transformation.
Additional reading:
1. Overview of eID schemes under eIDAS: https://ec.europa.eu/digital-building-blocks/sites/display/EIDCOMMUNITY/Overview+of+pre-notified+and+notified+eID+schemes+under+eIDAS
2. Regulation (EU) 2024/1183 (eIDAS 2): https://eur-lex.europa.eu
3. Research on minors accessing pornography: https://wya.net