The European Digital Identity (EUDI) Regulation (eIDAS 2,0) is expected to bring a secure and fundamental rights-respecting digital identity to all EU citizens and residents by 2026. Before the European Digital Identity Wallets make their way into the life of Europeans, some technical aspects need to be considered. This is why CENTR brought together key industry experts to reflect on the interplay between European digital identity, the Domain Name System, and standardisation in a fireside chat event titled “Interoperability as the Way Forward: Digital Wallets and Internet Infrastructure”.
The fireside chat was a chance to discuss the topic with insights from Paolo de Rosa, Policy Officer at the European Commission, Evgenia Nikolouzou, Cybersecurity Expert at European Union Agency for Cybersecurity (ENISA), Catherine Vigneron, standards development expert at CEN/CENELEC, and CENTR member representatives Jaromír Talíř from .cz registry CZ.NIC, and Helen Aaremäe-Saar of .ee registry Estonian Internet Foundation.
Implications of eIDAS 2.0 on European ccTLDs
With eIDAS 2.0, the Commission’s intent is to move away from the federated approach of national eID schemes and towards an EU-wide format. Successful implementation therefore needs a great deal of standardisation to ensure interoperability across member states. It will also be crucial to make sure the updated Regulation is contextual within the rest of digital legislation of the EU.
As a matter of fact, the process of implementing secure cross-border digital identity that is available for use within both the public and private sector has a significant impact on internet infrastructure, including the work of European domain name operators:
- For example, the registration data accuracy obligation under EU cybersecurity legislation where EU digital identity wallets have a direct use case for verifying identities of domain name holders
- There is also a more general cybersecurity and privacy angle to the ability of all European internet users to identify themselves online, and what this means in terms of user experience and access to foundational internet's infrastructure, such as domain names
- Lastly, there is a strong interoperability case to be made for EU digital wallets to become as adopted and widespread as they are expected to be, and the role of open standards within the European standardisation processes
From national to European solutions
While we wait for the EU-wide scheme, national eIDs and innovative identity solutions are being developed and implemented within the European domain space, for example Estonia’s biometric passwordless eeID authentication service, or the Czech MojeID.
Ultimately, the EU’s ambition is to have a European digital wallet scheme where every member state’s system is subject to the same legal and technical requirements, with data sharing mechanisms across providers and even a common interface for users.
It is unclear whether the existing federated eID schemes and identity solutions in place across EU ccTLD space will be available after the EU digital wallets take the centre stage. It is therefore important that any further development and standardisation efforts for cross-border wallets take into account existing technologies and solutions that have already proven their viability and scalability, both at global and national level.
For example, Estonia’s X-Road is an open-source software and ecosystem solution that provides unified and secure data exchange between private and public sector organisations. It is the backbone of e-Estonia and it is already implemented across 20 countries around the world. CZ.NIC is part of the EU Digital Wallet Consortium (EWC) that is developing the wallet solution based on Digital Travel Credentials across member states, based on its experience with MojeID. The implementation of the EU Digital Wallets should provide European internet users with more choice and workable alternatives, rather than creating more complexity.
The future use case of a European digital wallet scheme within the ccTLD space can help with validating mandatory datasets under the EU cybersecurity legislation that obliges domain name registries to verify identities of domain name holders. From an operator perspective, there is a need to agree on the common set of credentials for the wallets to be usable for the purposes of the NIS2 Directive compliance. At the same time, it is of utmost importance to maintain the voluntary nature of wallets for accessing digital services, especially when it comes to accessing essential digital infrastructure, such as domain names. After all, EU digital wallets are just a piece of a bigger puzzle, and not the key to digital transformation.
With appropriate open standardisation processes, and learning from innovative national identity technologies that ccTLDs have already been using for years, Europe can reach its full potential to scale up and fully support the development of an interoperable European eID scheme.