As a Counsel in our Tech & Comms Group in Milan, I have extensive experience of drafting and negotiating outsourcing and IT agreements for national and international companies.
On 29 February 2024, the European Parliament approved the proposal to amend the eIDAS Regulation, with the Council’s approval expected to be in March.
The European Parliament has approved the text of the reform of Regulation EU 920/2014, known as the ‘eIDAS Regulation’, resulting from the trialogues between EU Parliament, Council and Commission with 335 votes in favour, 190 against and 31 abstentions.
The text approved by the European Parliament includes:
1. Introduction of a ‘European Digital Identity Wallet’
An electronic identification enables users to securely store, manage and validate a person’s identification data and electronic attestations of attributes, facilitating their provision to relying parties and other Wallet users. Additionally, it allows for signing with qualified electronic signatures and sealing through qualified electronic seals.
The European Digital Identity Wallet will:
Enable the user to sign by means of qualified electronic signatures or seal by means of qualified electronic seals;
Offer all natural persons the ability to sign by means of qualified electronic signatures by default and free of charge; and
Ensure that the person’s identification data, available from the electronic identification scheme under which the Wallet is provided, uniquely represents the natural person, legal person or the natural person representing the natural or legal person, and is associated with that European Digital Identity Wallet.
The use of European Digital Identity Wallet is voluntary, therefore it shall remain possible to access public and private services by other existing identification and authentication means.
Additionally, through the privacy dashboard, European Digital Identity Wallet shall enable the user, in a user-friendly, transparent, and traceable manner, to access a log of all transactions carried out through the Wallet via a common dashboard, allowing the user to:
View an up-to-date list of relying parties with which the user has established a connection and, where applicable, all data exchanged; and
Easily request the erasure of personal data by a relying party.
2. Extension of the ‘Trust Service’ definition will now include:
The issuance of certificates for electronic signatures, certificates for electronic seals, certificates for website authentication or certificates for the provision of other trust services;
The validation of certificates for electronic signatures, certificates for electronic seals, certificates for website authentication or certificates for the provision of other trust services;
The creation of electronic signatures or electronic seals;
The validation of electronic signatures or electronic seals;
The preservation of electronic signatures, electronic seals, certificates for electronic signatures or certificates for electronic seals;
The management of remote electronic signature creation devices or remote electronic seal creation devices;
The issuance of electronic attestations of attributes;
The validation of electronic attestation of attributes;
The creation of electronic timestamps;
The validation of electronic timestamps;
The provision of electronic registered delivery services;
The validation of data transmitted through electronic registered delivery services and related evidence;
The electronic archiving of electronic data and electronic documents; and
The recording of electronic data in an electronic ledger.
The text will now undergo formal adoption procedures in the Council, with expectations for the final text to be adopted in March. Publication in the EU’s Official Journal is most likely to occur in April, with entry into force of the text between April and May 2024.