The European Council has approved the eIDAS Regulation

Written By

marta breschi Module
Marta Breschi

Associate
Italy

I am a lawyer in our Information Technology and Intellectual Property department.

gianmarco rinaldi Module
Gian Marco Rinaldi

Counsel
Italy

As a Counsel in our Tech & Comms Group in Milan, I have extensive experience of drafting and negotiating outsourcing and IT agreements for national and international companies.

On 30 April 2024, the European Council finally approved the proposed amendment to the eIDAS Regulation. After a waiting period of 20 days, the new Regulation will enter into force in all member states. This is an important step towards harmonising digital identity and trust services across the European Union.

The long-awaited Regulation (EU) 1183/2024 ("eIDAS 2.0") contains the reform provisions of Regulation (EU) 910/2014, better known as the "eIDAS Regulation".

The most notable change is the introduction of the so-called “European Digital Identity Wallet” or “EUDI Wallet”. This new means of electronic identification allows users to identify and authenticate themselves electronically, across borders, to access a wide range of public and private services. Additionally, individuals will be able to use it to sign documents with qualified electronic signatures and as part of strong customer authentication (SCA) systems.

The European Commission plans to adopt implementing acts for the EUDI Wallet's measures as early as 21 November 2024. The EUDI Wallet will also serve as the foundation for a common system to issue and validate attributes (qualified and unqualified) such as educational qualifications (including university degrees, other academic degrees and professional qualifications), driving licences and permits.

New types of trust services have been introduced, including:

  • Electronic ledger service - maintains a sequence of electronic data records, ensuring integrity and accuracy of their chronological order; and 
  • Electronic archiving service - manages the receipt, storage, retrieval and deletion of electronic data and electronic documents to maintain durability, legibility, integrity, confidentiality and proof of origin throughout the preservation period.

Significant changes are also on the horizon for qualified (e.g., the preservation of qualified electronic signatures) and non-qualified trust service providers. 

Qualified trust service providers must undergo an audit by a conformity assessment body at least 24 months, at their own expense. The audit will ensure that the providers and the qualified trust services they offer meet the requirements outlined in eIDAS 2.0 and Article 21 of Directive (EU) 2022/2555 (i.e., on cybersecurity risk management measures). Non-qualified trust service providers must adhere to notification requirements and comply with other provisions of eIDAS 2.0.

Finally, the eIDAS 2.0 rules provide for the European Commission to issue several implementing acts to establish common reference standards and procedures.

Our team is available to provide you with updates on the implementation of eIDAS 2.0.

 

Latest insights

More Insights
Curiosity line green background

China Cybersecurity and Data Protection: Monthly Update - December 2024 Issue

17 minutes Dec 23 2024

Read More
featured image

Update on recent UK data protection guidance in the financial services space

3 minutes Dec 19 2024

Read More
Bank card propped up against laptop

Germany: BaFin updates AML guidance

Dec 19 2024

Read More