Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
The electronic identification and trust services regulation (‘European Digital Identity Regulation’) creates a system for secure electronic interactions across the European Union (EU) between businesses, citizens and public authorities.
It aims to improve trust in EU-wide electronic transactions and increase the effectiveness of public and private online services. It applies to:
European Digital Identity Wallets provided by a Member State;
trust service providers established in the EU.
The main novelty under the revised European Digital Identity Regulation is that all Member States shall provide at least one European Digital Identity Wallet by December 2026 to all citizens and residents in the EU.
KEY POINTS
European Digital Identity Wallets
Member States must introduce the European Digital Identity Wallets by December 2026. The wallets will enable users to securely identify themselves or provide confirmation of certain personal information for accessing online and offline public and private services, and to store, present and share digital documents across the EU.
The conformity of European Digital Identity Wallets and the electronic identification scheme under which they are provided shall be certified by conformity assessment bodies designated by Member States.
Electronic identification
An eID issued in one Member State must be recognised in all others. This applies only if the eID meets the regulation’s requirements and has been notified to the Commission and published in a list. Mutual recognition of eIDs has been mandatory since and facilitates secure electronic transactions across the EU.
An eID scheme must specify one of three levels of assurance (low, substantial and high) for the form of electronic identification issued under that scheme. Mutual recognition is mandatory only when the relevant public sector body uses the ‘substantial’ or ‘high’ levels for accessing that service online.
When notifying the Commission of eID schemes, Member States must provide information on aspects such as:
the level of assurance and the issuer of eID under that scheme;
the applicable supervisory and liability systems; and
the body managing the registration of unique personal ID data.
Trust services
The European Digital Identity Regulation defines trust services as services, normally provided for remuneration, that include:
the issuance of certificates for electronic signatures, certificates for electronic seals, certificates for website authentication or certificates for the provision of other trust services;
the validation of certificates for electronic signatures, certificates for electronic seals, certificates for website authentication or certificates for the provision of other trust services;
the creation of electronic signatures or electronic seals;
the validation of electronic signatures or electronic seals;
the preservation of electronic signatures, electronic seals, certificates for electronic signatures or certificates for electronic seals;
the management of remote electronic signature creation devices or remote electronic seal creation devices;
the issuance of electronic attestations of attributes;
the validation of electronic attestations of attributes;
the creation of electronic timestamps;
the validation of electronic timestamps;
the provision of electronic registered delivery services;
the validation of data transmitted through electronic registered delivery services and related evidence;
the electronic archiving of electronic data and electronic documents;
the recording of electronic data in an electronic ledger.
Trust service providers based in the EU are considered ‘qualified’ if they meet the applicable requirements in the European Digital Identity Regulation. They are legally entitled to provide qualified trust services (e.g. qualified electronic signatures, seals or certificates) in all Member States.
As to international aspects, trust services offered by service providers from non-EU countries will be considered legally equivalent to qualified ones provided by qualified trust service providers established in the EU by means of implementing acts or following an agreement between the EU and the non-EU country or an international organisation.
Supervision
Member States shall designate one or more supervisory bodies for the supervisory activities for the European Digital Identity Wallets and trust services under this regulation. These bodies must cooperate with data protection authorities and authorities responsible for cybersecurity where appropriate.
All trust service providers are subject to supervision and to risk management and security breach notification obligations.
Qualified trust service providers based in the EU are subject to strict supervision. This includes prior authorisation by supervisory bodies and auditing at least once every two years by a conformity assessment body that assesses whether they meet regulation requirements.
Non-qualified trust service providers are subject to ‘light-touch’ supervision, i.e. the supervisory body only reacts when informed that the non-qualified trust service providers or the trust services they provide allegedly do not meet the requirements laid down in this regulation.
Governance
The European Digital Identity Cooperation Group (the Cooperation Group) is established with the aim of supporting and facilitating cross-border cooperation and exchange of information between Member States on trust services, European Digital Identity Wallets and notified eID schemes.
Implementing acts
To ensure the uniform and correct implementation of the European Digital Identity Regulation across the EU, the Commission has adopted implementing acts laying down detailed technical, procedural and organisational rules.
Taken together, these implementing acts complement and operationalise the regulation across a wide range of areas and specify, among other matters, interoperability requirements, security and certification standards, notification and information-exchange procedures, formats for trusted lists, reactions to security breaches, governance and supervision arrangements, and operational arrangements for eID schemes, trust services and European Digital Identity Wallets.
The implementing acts cover a broad set of technical and operational aspects and are not limited to the areas listed above. They are regularly updated to reflect technological developments, emerging security risks and evolving standards, covering the Architecture and Reference Framework (ARF) jointly developed by the Commission and Member States, and apply directly in all Member States.
FROM WHEN DOES THE REGULATION APPLY?
The regulation has applied since .
KEY TERM
Electronic identification (eID). Tangible or intangible forms of identification containing personal ID data used for authenticating an online service.
MAIN DOCUMENT
Regulation (EU) No 910/2014 of the European Parliament and of the Council of on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, , pp. 73–114), including its amendment by means of Regulation (EU) 2024/1183 of the European Parliament and the Council.
Successive amendments to Regulation (EU) No 910/2014 have been incorporated into the original text. This consolidated version is of documentary value only.