Menu Close

European digital ID must have further security safeguards, Czech EU presidency says

A couple of months after taking over from France as host of the presidency of the Council of the EU, the Czech Republic has shared a new compromise text last week detailing new features of the proposed European Digital Identity (eID) infrastructure.

The document is the result of a July discussion where most EU member states (excluding France and Germany) called for the eID wallet to be a standalone identification document, as opposed to just an ‘empty shell.’

Now, the Czech EU presidency is suggesting changes to the digital ID infrastructure that would allow the wallet to be an electronic identification credential in its own right.

The compromise text, seen by Euractiv, includes a definition of “unique and persistent identifier” defined as an identifier “which may consist of either single or multiple national or sectoral identification data, is associated with a single user within a given system and persistent in time.”

Further, the article on unique identification in the original text has been altered and now refers to record matching (a unique identifier is still conceivable under national law and administrative practice).

The new text also adds new specifications for public and private service providers interested in adopting the European wallet for identification purposes. Service providers will have to register in the member states where they are based to take advantage of the digital ID’s infrastructure.

Interoperability with existing electronic IDs is also discussed in the compromise text by the Czech presidency of the EU Council, alongside a shift away from verification of users’ identity by certified providers at the intermediate ‘substantial’ level. Those providers would only be involved at the highest assurance level.

According to the compromise text, the conformity of the EU Digital Identity Wallets with the requirements laid out in the regulation should be certified by both accredited public and private bodies, with the accreditation proposed to last two years and including a review of the vulnerabilities that may potentially lead to the cancellation of the certification.

Qualified, trusted service providers will have 24 or 72 hours to provide notice of breaches or disruptions. National cybersecurity authorities under the revised Network and Information Security Directive (NIS2) will then be responsible for notifying the supervisory authorities within two months about whether those services comply with the EU cybersecurity requirements or not.

The new compromise text will be examined at the EU Council’s Telecom Working Party meetings next week (5 and 8 September). Representatives from the individual Member States will then be able to submit specific drafting recommendations until 12 September.

The proposed changes to the eID infrastructure come weeks after Czech Deputy Prime Minister for Digitalization Ivan Bartoš removed biometric categorization from the high-risk list in the compromise. Read More

Generated by Feedzy

Disclaimer

Innov8 is owned and operated by Rolling Rock Ventures. The information on this website is for general information purposes only. Any information obtained from this website should be reviewed with appropriate parties if there is any concern about the details reported herein. Innov8 is not responsible for its contents, accuracies, and any inaccuracies. Nothing on this site should be construed as professional advice for any individual or situation. This website includes information and content from external sites that is attributed accordingly and is not the intellectual property of Innov8. All feeds ("RSS Feed") and/or their contents contain material which is derived in whole or in part from material supplied by third parties and is protected by national and international copyright and trademark laws. The Site processes all information automatically using automated software without any human intervention or screening. Therefore, the Site is not responsible for any (part) of this content. The copyright of the feeds', including pictures and graphics, and its content belongs to its author or publisher.  Views and statements expressed in the content do not necessarily reflect those of Innov8 or its staff. Care and due diligence has been taken to maintain the accuracy of the information provided on this website. However, neither Innov8 nor the owners, attorneys, management, editorial team or any writers or employees are responsible for its content, errors or any consequences arising from use of the information provided on this website. The Site may modify, suspend, or discontinue any aspect of the RSS Feed at any time, including, without limitation, the availability of any Site content.  The User agrees that all RSS Feeds and news articles are for personal use only and that the User may not resell, lease, license, assign, redistribute or otherwise transfer any portion of the RSS Feed without attribution to the Site and to its originating author. The Site does not represent or warrant that every action taken with regard to your account and related activities in connection with the RSS Feed, including, without limitation, the Site Content, will be lawful in any particular jurisdiction. It is incumbent upon the user to know the laws that pertain to you in your jurisdiction and act lawfully at all times when using the RSS Feed, including, without limitation, the Site Content.  

Close Bitnami banner
Bitnami