Establishing a Framework for European Digital Identity
The EBC team spoke yesterday with Dr. Nacho Alamillo-Domingo, Chief Trust Officer at Alastria Blockchain Ecosystem, about the eIDAS 2 proposed regulation, establishing a framework for European Digital Identity.
Alastria, is a non-profit association created on 2017 which fosters the digital economy through the development of decentralized Blockchain logging technologies.
Visual of Dr. Nacho Alamillo-Domingo elaborated by EBC team
A story by
Marta G. Roqué
How will the new Digital Identification Regulation in Europe work?
The Regulation aims to establish the necessary interoperability structure for the creation of an EU Digital Identity Ecosystem, building on legal identities issued by Member States.
Having a public identity wallet will contribute significantly to reduce the legal identity verification, issues we face in the European Union. In cross border scenarios, in KYC/CDD procedures for example, now include virtual currencies custodian wallet providers.
“A public identity wallet fosters a new data sharing market for identity attributes, under the self-control and autonomy of the citizen”
When do you envision the full adoption of the new Regulation?
It is really difficult to forecast when the Regulation will be approved by the European co-legislators. It will really depend on a numerous number of factors, including the political interests of the Member States and the push of the European Commission.
In the case of the current eIDAS, it took approximately two years to pass the regulation, in first reading. Once it has been approved, it should be implemented in one year. To this end, the Commission has recommended creating a toolbox.
Who will be the providers of European Digital Identity wallets? Private companies and public institutions?
The proposed Regulation mandates Member States to issue the European Digital Identity Wallet, under a notified eID scheme. Although it doesn’t prohibit other entities issue their own identity wallets, including private sector bodies.
While these other identity wallets will not benefit from the legal effects of the European Digital Identity Wallets, they can still offer support to the issuance and sharing attestations of identity attributes.
Who is going to issue the digital credentials in the first phase? Private companies and public institutions?
Honestly, it is quite difficult to imagine who will start first issuing digital credentials, because it may vary a lot between Member States and the business models. The list of minimum attributes contained in Annex VI of the proposal, makes reasonable the assumption that public sector will start fist, but it could well happen that financial institutions decide to adhere to the new eIDAS as a form to facilitate user’s KYC data in other platforms.
“Public sector is going to start issuing digital credentials”
What benefits does it have for the users?
The European Digital Identity Wallet may solve one of the major barriers for the development of the Digital Single Market, which is of course lack of a secure and convenient identification scheme. It may imply an effective European identity metasystem, because users would have the right of using this Identity wallet for strong authentication in online access to public services; in the areas of transport and financial services, as well as in the large online platforms, under GDPR principles.
What kind of new business models do you see will arise from the use of SSI?
SSI is a new paradigm for identity management, which ensures full control by users of their identity attributes. Contrary to other identity management systems, such as delegated authentication to online platforms such as Facebook, Google, Apple or Twitter, with SSI the user does not have any dependency on a third party, because it’s identifier is anchored on a blockchain or other decentralised verifiable register.
The eIDAS 2 proposal bases SSI in a foundational, high level of assurance, identity wallet, which is granted by the State. This is a game changer in the market, because regulating the issuance of attestations of identity attributes as a trust service will facilitate the digitalisation of the identity data and its trustworthy sharing as an economic activity while ensuring full autonomy of users. One key concept for the future development of this market is the legal effect of the presented attestations irrespectively of its form, which will allow giving a legal effect even to zero knowledge proofs, i.e. instead of presenting an official ID will all my data to be able to buy alcoholic drinks I just generate and present a mathematical proof that I’m older-than-18.
“The European Digital Identity Wallet may solve one of the major barriers for the development of the Digital Single Market”
Do you think the SSI wallets will be free of charge for the users in the future?
This will depend on the market configuration. In the case of natural persons, the proposed regulation requires the Member State to issue the European Digital Identity Wallets to natural people free of charge, but legal persons could be charged a fee.
Nothing in the proposed Regulation forbids private companies to issue other SSI identity wallets, for instance to be used in specific scenarios, such as in corporate environments, but this possibility is more feasible for legal people because of the gratuity of the European Identity Wallet for natural persons. Another scenario is the issuance of SSI identity wallets for refugees and other persons without a legal identity, for example.
Electronic ledgers have been proposed as new trust services: what are the benefits of this approach?
A regulation for electronic ledgers is of paramount importance to give legal effect to the transactions contained within. According to the proposed Regulation, a qualified electronic ledger shall enjoy the presumption of the uniqueness and authenticity of the data it contains, the accuracy, their date and time thus, supporting the legal validity of transferrable records or NFTs.
This approach will also foster the adoption of DLT because it defines a proper liability regime.
How can electronic ledgers actually provide these new trust services?
Electronic ledgers and, more specifically, distributed ledgers such as blockchains, are one of the most disruptive technologies ever seen, with the ability to destroy traditional intermediaries such as financial institutions, but ledgers are created with the intervention of new actors (called miners or validators, depending on the consensus mechanism used by the DLT network), and they are rewarded by their activity. The may not be intermediaries from the perspective of the transaction which the ledger incorporates, but the trustworthiness of the ledger depends on their intervention. And it is not always clear what are the legal or contractual rules they should comply with, and in many cases it is impossible to determine whether they will be liable for damages caused because of their errors and omissions, or in case of fraud.
To ensure an appropriate level of trustworthiness, the proposed Regulation considers that qualified electronic ledgers must be created by one or more qualified trust service providers or providers, by implementing technologies that ensure the requirements set forth in the Regulation. One can think of miners or validators as these trust service providers. They’ll need to select and apply proper cryptographic algorithms, consensus protocols and security measures, amongst others.
Thank you for reading EBC news. If you have enjoyed this article, we would be happy if you forward it to your colleagues or share it on social media.
Published June 18 2021, Barcelona