In only about two years, a large group of service providers in both the public and private sector will be required to accept the European digital identity (EUDI) wallet. Yet, many organizations still have little understanding of the implications of the wallet – or how to prepare for acceptance. As there is a range of business opportunities to be found in the EUDI framework, it’s about time for organizations to get involved, argues Koen de Jong, EUDI wallet expert and advisor at InnoValor Advies.
“With a large range of business opportunities to be found in the EUDI framework, it’s time for organizations to get involved.”
eIDAS 2.0 & the EUDI wallet ecosystem
The EUDI wallet will enable users to identify, authenticate, and share data in the form of attributes. These attributes include various types of information such as personal records, diplomas, and payment cards.
By 2026, each member state will be required to have at least one EUDI wallet in use, with mandatory acceptance for service providers in the (semi-)public sector and specifically designated private sectors. In addition, authentic sources will be required to make data – the so-called attributes – available.
In the digital identity wallet framework, we can distinguish between four significant roles: the wallet provider, the issuers, the relying parties, and the user.
- The wallet provider: any party that offers a wallet solution and is recognized by an EU member state – this might be the government, or a private party
- The issuer: any party that provides data attributes
- The relying party: a person or party that utilizes the identity or other attributes provided by the issuer
- The user: the natural or legal person managing the wallet
Service providers as relying parties
Service providers will be able to take on different roles in the framework. The most important roles, however, will be those of the relying party and of the issuer.
In the case that a service provider owns data about a user, such as customer cards or access passes, the provider will be an issuer – and they can make this data accessible to an EUDI wallet. Many service providers will automatically become issuers.
The real business case, however, lies within the role of the relying party. A relying party can be any organization that wants their customers to use the EUDI wallet to identify or prove certain attributes. They should, however, never be able to access more data than needed.
To achieve this, a relying party will need to identify and register as a relying party. This process must be conducted in the member state in which the party has been established. To create transparency on the intended use of the wallet, the member state will publish the identity of the organization and the requested data in a register.
Many service providers will already be required to be a relying party, as they are legally obliged to accept the wallet as a means of identification or authentication. In the Netherlands, this is at least the case for all websites that allow a DigiD login. However, in general, this will be the case for all semi public and public organizations with a legal or contractual obligation for strong customer authentication.. What’s new in the eIDAS 2.0 framework is that service providers are not only obliged to accept Dutch recognized wallets, but also those from other member states of the EU.
“Organizations will be able to improve their services, personalize services, and make them more efficient, just by using attributes from the EUDI Wallet.”
As a relying party, service providers will also be able to rely on a wide range of attributes. While this is not legally required as a service provider, it is where the best opportunities lie: by relying on attributes, organizations can improve their services, personalize services, and make them more efficient.
For example, service providers will be able to use the EUDI wallet to request and assemble data from clients. The use of the wallet will make this process more efficient, as users won’t have to fill in endless forms, but at the same time, it allows the client to remain in control of their data and only share what’s needed.
Getting started
“The digital identity wallet framework is complex, and lots of details are still to be filled in – which makes this the perfect time to get involved.”
Where do we start? The digital identity wallet framework is complex, and lots of details are still to be filled in – which makes this the perfect time to get involved.
- Gain an understanding of eIDAS 2.0
We’ve talked about issuers, users, relying parties and providers, but there’s a lot more roles and terms involved in the eIDAS 2.0 framework. To get an understanding of the wallet, its use cases, its corresponding terms, and its timeline, Ubiqu has a large range of resources that you can find here.
- Follow the EUDI wallet pilot projects
The European Commision is currently supporting four pilots that will develop and test the usage of the EUDI wallet for individuals and businesses around a diverse range of everyday use cases. Everyday scenarios include providing identification to online and offline public and private services, displaying your mobile driving license, authorizing payments, signing documents electronically, and presenting medical prescriptions.
- Talk to the experts
Every organization is different, and it’s never a bad idea to look for advice tailored to your specific needs. Advisors such as InnoValor are running masterclasses and workshops that help you understand the EUDI wallet, what it will mean for your organization, what your use cases could be, and how you can use the wallet to your advantage.