EUDI Architecture and Reference Framework
The first version of the Architecture and Reference Framework (ARF) elaborated by the eIDAS Expert Group under the European Commission guidance has been published. The document contains concepts based on the Commission’s legislative proposal eIDAS 2.0 and provides requirements, recommendations and specifications for the European Digital Identity (EUDI) Wallet.
While the eIDAS 2.0 is still under legislative process, closing to the end, the European Commission prepares the framework for a reference implementation of the EUDI Wallet. It is foreseen that by Q1/Q2 2023 the code for the EUDI Wallet will be available as open source for re-use by Member States and stakeholders across Europe. The development of the solution and other relevant components, as well as support services has been awarded to Netcompany- Intrasoft S.A. and Scytales AB.
Who are the early adopters of the EUDI Wallet and how they interplay with the ARF?
The first implementers will be the projects selected by the European Commission to carry out Large Scale Pilots (LSPs), following a call for proposals. 4 Consortia have been awarded for co-funding to support the development of the EUDI Wallet and to pilot its usage across a several priority use cases.
EUDI Wallet Consortium (EWC) | NOBID | POTENTIAL | DC4EU | |
Use cases | Mobile Travel Payments Organizational Digital Identity (ODI) | Payments issuance and acceptance | SIM eRegistration Account opening eDriving license eGov services ePrescription eSignature | Educational Credentials and Professional Qualifications Social Security |
Countries | All EU countries, Norway, UK, Ukraine | Denmark, Germany, Iceland, Italy, Latvia, Norway | 19 EU countries, Ukraine | 22 EU countries, Ukraine |
Participants | Over 60, private and public sector | Private and public sector | Private and public sector | Private and public sector |
Coordinators | Swedish and Finnish government authorities | Norway government authority | German and France government authorities | Spain – Ministry of Economic Affairs and Digital Transformation |
website | https://eudiwalletconsortium.org/ | https://www.nobidconsortium.com/ | https://www.digital-identity-wallet.eu/ | https://www.dc4eu.eu/ |
The ARF will be used by the LSPs to inform and guide the design and architecture development of the Wallet, taking into account existing notified eIDs, use cases specificities in the cross-border context.
ARF Summary
While you can download the full ARF document from this LINK, here are the actors of the EUDI Wallet as defined by eIDAS 2.0:
The document describes the lifecycle of three core objects: EUDI Wallet solution, PID and EUDI Wallet Instance. The EUDI Wallet Solution is the entire product and service offered owned by a EUDI Wallet Provider, while the EUDI Wallet Instance is a personal instance of a EUDI Wallet Solution that belongs to and is controlled by a User. The EUDI Wallet Instance can have two status – Operational (which not necessarily requires the PID and can be used for storing loyalty cards, non-personalized tickets or any other non-binding attestation) and Valid (used for EUDI specific functions, tied to a valid PID). This first version excludes a Cloud EUDI Wallet instance.
Who can benefit from eIDAS 2.0?
First and foremost the EU citizens will benefit from the new digital identity framework. We, citizens, are at the center of digital transformation, with digital technology benefiting all individuals, businesses, and society as a whole. As stated by the European Declaration on Digital Rights and Principles, signed by the Member States, the European Parliament and the Commission, digital sovereignty, respect of fundamental rights, rule of law and democracy are at the core of eIDAS 2.0 and EUDI Wallet ecosystem. Digital freedom, privacy, access to public and private services in a highly secure and trusted way are essential for our society’s future.
The EUDI Wallet will bring a massive change in the trust model:
– we trust the private and public organizations we decide to share our personal data with: Trust Services Providers and Relying Parties/Verifiers are approved to connect their services to the EUDI Wallet, they have been verified and authorized by a governance authority to request only specific set of data for the purpose of providing their services;
– the organizations that need to verify our data have the certainty that the data we provide through the EUDI Wallet is real and accurate, and that we are entitled to get access to specific services;
– the whole ecosystem has a clear governance, respecting privacy-by-design principle and data minimization.
eIDAS 2.0 will empower stakeholders to build better products and services at lower cost, while safeguarding homo digitalis.
There is a lot to digest and many apparently disparate facts and developments involving eIDAS 2.0. If you or your organization needs a better understanding on how your services might be impacted, how to become compliant with the latest regulatory requirements, what new services may be deployed based on EUDI Wallet, or how to combine all the technology and standards pieces of the digital identity puzzle, please write to: eidas2consulting@intesigroup.com. We would be happy to guide and support you.
LATER UPDATE:
The European Commission has published the EU Digital Identity Project on GitHub at the following address: https://github.com/eu-digital-identity-wallet
By Viky Manaila