EXECUTIVE SUMMARY SHEET
|
Impact assessment on the proposal for a regulation of the European Parliament and of the Council on a framework for a European digital identity and trust services in the internal market
|
A.Need for action
|
What is the problem and why is it a problem at EU level?
|
Currently, regulatory and implementation shortcomings, as well as market, technological and societal developments, are preventing citizens and businesses to make full use of eIDs and trust services in the EU. Against this background and in the light of the objectives set by the political mandate from the President of the Commission and the European Council, this initiative aims to address the following main problems:
First, the increased demand by public and private services for trusted electronic identification and user expectations for seamless and trusted solutions to identify and share attributes across borders, in a wide range of public and private use-cases, are not met. Furthermore, data control and security concerns are insufficiently addressed by available digital identity solutions.
Second, the unequal conditions for the provision of trust services, and insufficient scope of the regulation.
|
What should be achieved?
|
The general objective of the intervention is to ensure the proper functioning of the internal market, particularly in relation to the provision of cross-border and cross-sector digital public and private services. The specific objectives of the initiative seek to reflect the political and policy mandate formulated by the President of the Commission and by the European Council Conclusions, calling for a European digital identity, the objectives of which are to:
a) provide access to trusted and secure digital identity solutions for all EU citizens and businesses that can be used cross-border, meeting user expectations and demand;
b) ensure that public and private services can rely on trusted and secure digital identity solutions cross-border;
c) provide citizens full control of their personal data and assure their security when using digital identity solutions, and
d) ensure equal conditions for the provision of qualified trust services in the EU, and their acceptance.
|
What is the value added of action at the EU level (subsidiarity)?
|
In order to ensure effectiveness and interoperability of the European digital identity, action at EU level would produce greater benefits compared to action taken solely at Member State level. National measures in the fields of eID and trust services are subject to obvious limitations in the national context, while their direct benefits would be largely or exclusively limited to a single Member State, contributing to further fragmentation. Addressing systemic problems in relation to the free movement facilitated by the extensive use of eID and trust services to access goods and services all over Europe would receive a better response on an EU scale.
|
B.Solutions
|
What are the various options to achieve the objectives? Is there a preferred option or not? If not, why?
|
Three policy options have been considered and assessed, based on a progressive ambition logic:
·Option 1 has a low level of ambition with focus on improving the current legislation without altering its scope;
·Option 2 has a medium level of ambition. It would build on option 1 and, in addition, it would establish a framework regulating a market for the secure exchange of data linked to identity;
·Option 3 has the highest level of ambition. Building on the synergic effect of a set of measures under Options 1 and 2, this option would ensure that a European Digital Identity personal Wallet App would be made available, on a voluntary basis, to all residents and companies in Europe.
With regards to trust services, the three options build on the same level of ambition and rely on a similar set of measures.
The preferred option is option 3, which notably includes the following building blocks:
-establish a European Digital Identity personal Wallet App ecosystem;
-enable the free flow and exchange of digital identity data across borders and a strong, trusted link between them and the Wallet App;
-ensure cross-border trustworthiness of the Wallet App by linking it to the eIDs notified by the Member States, and
-ensure data protection and full user control over identity data.
|
What are different stakeholders' views? Who supports which option?
|
Member States are in general favourable to the measures included in the preferred option, and in particular on the results of the eIDAS evaluation showing that a strong push is needed to accelerate the pace of notifications under eIDAS and on the need to remove the current limitations to the use of eIDs which have an extremely limited reach in the private sector. Industry stakeholders plead for a digital identity framework which would enables seamless interaction between the national eIDs developed by Member States and the related identity attributes framework needed in a wide set of private use-cases.
|
C.Impacts of the preferred option
|
What are the benefits of the preferred option (if any, otherwise of main ones)?
|
The main benefit of the preferred option would be for citizens; the European Digital Identity Wallet would enable citizens to manage their digital identity and associated attributes and credentials that they receive from various sources (e.g. education, employment, municipality, state, professional associations, leisure, etc.) in a self-sovereign way. It would give them access to public and private online services throughout the EU, and full control over their own personal data.
|
What are the costs of the preferred option (if any, otherwise of main ones)?
|
The cost of the preferred option, and who will bear the cost, is dependent on which implementation scenario is chosen (to be implemented though a Member State, under a mandate from a Member State or independently from the Member State and are recognised by the Member States).
|
What are the impacts on SMEs and competitiveness?
|
SMEs are likely to be interested in adopting wallet services for the purposes of business transactions, while larger companies are likely to favour desktop based solutions based on automated processes (e.g. social security companies using dedicated platforms). Integrating the wallet through APIs to consume credentials / attributes and identify or authenticate customers creates costs to SMEs which are however likely to be offset by simplification and efficiency benefits, depending on the specific business case. The preferred option would open up new business opportunities for SME ID/trust service providers, although development and certification costs are likely to act as a certain entry barrier.
|
Will there be significant impacts on national budgets and administrations?
|
Impacts for national budgets and administrations are driven by the requirements to:
1)Deploy fully-fledged eID schemes by the Member States currently not having implemented them (costs vary based on Member State size, population)
2)Costs directly linked to the notification process (1.3 MEUR for the remaining non-notifying Member States)
3) Cost to make available authentic sources for identity credential providers (around €625M on off cost and €162M annually across the EU)
4)Develop and maintain the EU Walet App (up to 10 MEUR, in the scenario where Member States deploy it)
5)Other costs related to e.g. standardisation, certification, familiarisation with the legislative changes, and supervision of new trust services.
|
Will there be other significant impacts?
|
The initiative is expected to have a positive impact on innovation, and to further promote interoperability. A positive impact on employment is expected from these options via their contribution to the future expansion of online transactions and reduction of barriers in the Internal Market. It will boost the presence and accessibility of secure elements in mobile devices, which in turn can enable advances in other identity applications and beyond. In addition, this option is expected to generate positive impacts in terms of increased civic participation, privacy-oriented, secure, and competitive digital basis for personal data management, and promotes better compliance with the provisions of the Charter of Fundamental Rights of the European Union, in line with the positive impacts on Freedom, Equality, Solidarity and Citizens’ Rights.
|
Proportionality?
|
Considering the objectives, the preferred option is sufficiently proportionate and the costs likely to be commensurate to the potential benefits. The costs derived from creating and aligning to the new standards (trust service providers and online service providers) cannot be avoided if the objectives of usability and accessibility are to be achieved. Furthermore, the preferred option intends to harness the investments already made by Member States.
|
D.Follow up
|
When will the policy be reviewed?
|
The initiative will be monitored as regards its implementation, application and other indirect contextual information. A review clause will be introduced in the legal act.
|