eIDAS: Parliament and Council search for compromise on differing positions
Written By
Regulatory and Public Affairs Advisor
Belgium
As a Regulatory and Public Affairs Advisor, I assist clients in understanding the EU decision-making processes and the impact of EU laws on their sectors.
Related
Practices
Sectors
Regions
Countries
The European Parliament and Council are seeking a compromise on the European Digital Identity framework to address secure online identification. While negotiations have proven challenging, common positions were reached for interinstitutional negotiations. The Council's general approach focuses on qualified certificates, validation services, and record matching, emphasizing unique identifiers and the obligation to verify attributes. The Parliament proposes expanding the wallet's use, reinforcing cybersecurity and privacy, and advocating the 'once only principle.' Trilogues have begun, but divergent positions on privacy have caused delays. Technical meetings are planned before a new trilogue in June. If no agreement is reached, the file will be passed to the Spanish Presidency.
To address the issue of secure online identification, the European Commission proposed a new framework for a European Digital Identity in 2021. The proposal aims to facilitate proof of identity and enable the sharing of electronic documents from a European Digital Identity app, referred to as a ‘wallet’. The European Parliament and the Council were able to agree on common positions on the proposal to enter interinstitutional negotiations (‘trilogues’) with the Commission. However, the negotiations on the future law have been proven particularly challenging. With a few weeks left before the end of the Swedish Presidency of the Council, many issues remain open, and a political agreement remains a remote possibility.
Council’s general approach
The Council of the EU agreed on a General Approach for the proposal on a European Digital Identity framework on 6 December 2022. More specifically, the General Approach introduced a new Article (32a) detailing requirements for the validation of advanced electronic signatures based on qualified certificates; and a new Article (33) stating that a qualified validation service for qualified electronic signatures may only be provided by a qualified trust service provider. Regarding record matching, the General Approach has retained the concept of unique and persistent identifiers for Wallets. The relevant definition clarifies that the identifier may consist of a combination of several national and sectoral identifiers if it serves its purpose. The issuance of qualified electronic attestation of attributes by qualified providers has also been retained by the Council, including the obligation for member states to ensure that attributes can be verified against an authentic source within the public sector. Furthermore, Member States proposed that the issuance, use for authentication and revocation of wallets should be free of charge to natural persons, however, businesses may incur a cost for authentication with the wallet. Concerning the implementing period for the provision of wallet and fees, the Council’s text proposes that the implementing period of 24 months be counted from the adoption of the implementing acts.
Parliament’s position
The European Parliament adopted its final Report on the proposal on 16 March 2023. In particular, MEPs proposed to expand the use of the wallet, by enabling citizens not only to prove their identity and share documents but also to verify companies' and other citizens' identities and documents. Both cybersecurity and privacy of the wallet are reinforced by the Parliament, by explicitly asking that the design of the wallet ensures cybersecurity and privacy by design. In addition, the Parliament encourages the 'once only principle', where citizens and businesses should not have to provide the same data to public authorities more than once. On cross-border user identification, instead of 'unique identification' (as proposed by the Commission), the report proposes the wording 'cross-border user identification' and proposes that Member States that have at least one unique identifier would issue unique and persistent identifiers only for cross-border use. Finally, a new chapter on a European Digital Identity Board is included. The Board would have advisory and coordination tasks as well as a role in supporting the application of the regulation.
Next steps
On 21 March 2023, three-way negotiations (‘trilogues’) between the Commission, Council and Parliament started. While the first ‘trilogue’ went well, according to reports from the Council, the file was put on hold by the Swedish Presidency in the weeks thereafter, due to distant positions between the Parliament and the Council on privacy aspects. While a second ‘trilogue’ was eventually held on 23 May 2023, the institutions remain far apart in their positions. Currently, the Swedish Presidency is planning technical meetings in the coming weeks, before a new ‘trilogue’ in the last week of June. If a political agreement is not found at the end of June, the file will pass into the hands of the upcoming Spanish Presidency from July 2023.
For more information, please contact Paolo Sasdelli.
Sign up for our Connected newsletter for a monthly round-up from our Regulatory & Public Affairs team.
