IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
EU aims to standardise digital IDs with personal data control by 2026
Fri, 3rd Nov 2023

The European Union (EU) is collectively looking to better manage digital IDs in light of the forthcoming revision of the EU Common Identity Framework Regulation, also known as eIDAS 2.0.

All EU member states are expected to implement a new standard structure for electronic credentials based on digital identity wallets, a process set to take effect between 2025 and 2026.

The newly established structure aims to move beyond federated identities, where cloud-based digital identity providers control users' access to online services. Instead, it will introduce the EU Digital Identity (EUDI) wallet, placing control over the dissemination of personal data squarely in the user's hands. The wallet is expected to store many credentials, including driver's licences, educational credentials, digital medical prescriptions, credit card data, and more.

Moving towards realising this lofty ambition, the EU has organised four large-scale pilots involving over 250 private companies and government authorities across 25 EU Member States, in addition to Norway, Iceland, and Ukraine. The aim is to develop the underlying technology necessary and to test real-life use cases across the EU.

Apart from the other associates, Yubico, a web authentication company, has been invited to join as an associate partner in the EWC, one of the four EUDI wallet large-scale pilots. The EWC project was co-founded by Swedish government agencies, including the Agency for Digital Government (DIGG), the Companies Registration Office (Bolagsverket), the Research Council (Vetenskapsrådet) and Sunet (University Computer Network). The Finnish Ministry of Finance and Bolagsverket are coordinating EWC's efforts.

The objective is to create an ARF-compliant wallet architecture that is secure, easy to use, and independent of significant phone and platform providers. As part of this endeavour, GUnet (Greek Universities Network) has developed an open-source web-based identity wallet. Collaboration with Yubico and other research and education networks, including Sunet in Sweden, ensures support for FIDO-based authentication and encryption.

The intent is to secure digital wallets with the FIDO (Fast Identity Online) standard, a globally recognised standard for user authentication backed by all major web browsers on desktop and mobile platforms.

Security-wise, FIDO keys eliminate cyber threats such as phishing and credential stuffing. More importantly, because cryptographic operations with FIDO keys are delegated to dedicated hardware, users can employ FIDO security keys for user authentication and play a crucial role in securing personal data in digital identity wallets.

With this format, an individual's wallet contents can be encrypted and decrypted using cryptographic keys derived from secure FIDO keys with multiple vendors, including Yubico. Additional security keys can be introduced to back up an individual's wallet or enable users sharing an organisational wallet to access it securely with their FIDO security key.

In light of this development, EU citizens are set to become entirely in control of their identity, in harmony with the European Commission's desire to reduce the influence of non-EU Big Tech.

The initial focus of Yubico's involvement will be to assist the EWC in producing a wallet that can be shared and beneficial for companies and other legal entities. The ultimate goal is to enable all EU citizens with EUDI wallets that can be used across government and commercial services by 2026.