|
14.6.2021 |
EN |
Official Journal of the European Union |
L 210/51 |
COMMISSION RECOMMENDATION (EU) 2021/946
of 3 June 2021
on a common Union Toolbox for a coordinated approach towards a European Digital Identity Framework
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 292 thereof,
Whereas:
|
(1) |
In just one year, the COVID-19 pandemic has radically changed the role and relevance of digitalisation in our societies and economies, and accelerated its pace. In a response to the increased digitalisation of services, the demand by users and business for means to identify and authenticate online, as well as to digitally exchange information related to identity, attributes or qualifications, in a secure way and with a high level of data protection, has increased radically. |
|
(2) |
The objective of Regulation (EU) No 910/2014 of the European Parliament and of the Council (1) (the ‘eIDAS Regulation’) is to enable the cross-border recognition of government electronic identification (‘eIDs’) to access public services, and to establish a Union market for trust services recognised across borders with the same legal status as the traditional equivalent paper-based processes. |
|
(3) |
In its conclusions of 1-2 October 2020, the European Council called on the Commission to make a proposal for the development of an EU-wide framework for secure public electronic identification, including interoperable digital signatures, to provide people with control over their online identity and data as well as to enable access to public, private and cross-border digital services. |
|
(4) |
The Commission Communication ‘2030 Digital Compass: the European way for the Digital Decade’ (2) sets the objective that, by 2030, the Union and its citizens should benefit from a wide deployment of a trusted, user-controlled identity, allowing each user to control their own online interactions and presence. |
|
(5) |
The Commission adopted a proposal to amend the eIDAS Regulation (3). It proposes a European Digital Identity framework to offer users self-determined personal digital wallets that would allow for a secure and easy access to different services, both public and private, under the users full control. In addition, it creates a new qualified trust service for attestation of attributes concerning information related to identity, such as addresses, age, gender, civil status, family composition, nationality, educational and professional qualifications and titles, licenses, other permits and payment data, that can be offered, shared and exchanged across borders, in full security, data protection and with legal effect across borders. |
|
(6) |
Given the acceleration of digitisation, Member States have deployed or are developing national electronic identity systems including digital wallets and national trust frameworks for the integration of attributes and credentials. Other solutions are being prepared or in the process of being deployed by private sector operators. |
|
(7) |
The development of divergent national solutions creates fragmentation and deprives people and businesses from the benefits of the Single Market, as they cannot use secure, convenient and uniform identification systems across the Union to access both public and private services. |
|
(8) |
To support the competitiveness of European businesses, online service providers should be able to rely on digital identity solutions recognised across the Union, irrespective of the Member State in which they have been issued, thus benefiting from a harmonised European approach to trust, security and interoperability. Users and service providers alike should be able to benefit from the same legal value provided to electronic attestations of attributes valid across the Union. |
|
(9) |
In order to avoid fragmentation and barriers due to diverging standards, and to ensure a coordinated process to impede endangering the implementation of the future European Digital Identity framework, there needs to be a process for close and structured cooperation between the Commission, the Member States and the private sector. |
|
(10) |
To accelerate the path towards achieving this objective, Member States should increase their cooperation and identify a Toolbox for a European Digital Identity framework. The toolbox should lead to a technical architecture and reference framework, a set of common standards and technical references as well as best practices and guidelines as a basis for the implementation of the European Digital Identity framework. To ensure a harmonised approach for electronic identity in line with the expectations of citizens and businesses, including of persons with disabilities, cooperation should start immediately in parallel and in full respect of the legislative process and in alignment with its outcome. |
|
(11) |
This Recommendation sets up a structured process of cooperation between Member States, the Commission and, where relevant, private sector operators to develop the Toolbox. |
|
(12) |
The Toolbox should cover four cross-cutting dimensions, namely the provision and exchange of identity attributes, functionality and security of the European Digital Identity Wallets, reliance on the European Digital Identity Wallet including identity matching, and governance. The Toolbox should meet the requirements laid out in the proposal for a European Digital Identity framework. It should be updated as necessary following the outcome of the legislative process. |
|
(13) |
Collaboration between Member States is necessary for the exchange of best practices and the development of guidelines in areas where harmonisation is not required, but an alignment of practices would support implementation of the European Digital Identity framework by Member State. |
|
(14) |
The eIDAS expert group shall be tasked as main interlocutor for the purposes of implementing this Recommendation. |
|
(15) |
Catalogues of attributes and schemes for the attestation of attributes have already been established in other areas, such as for the Once Only Technical System of the Single Digital Gateway Regulation or other data exchange initiatives at European level. Alignment and reuse of that work should be considered to ensure interoperability considering also the principles of the European Interoperability framework. |
|
(16) |
Existing international and European standards and technical specifications should be re-used where appropriate and reference pilots and test implementations of the European Identity Digital Wallet framework and related components should be carried out to facilitate deployment, up-take and interoperability. |
HAS ADOPTED THIS RECOMMENDATION:
1. OBJECTIVES AND DEFINITIONS
|
(1) |
It is recommended that Member States work towards the development of a Toolbox to support the implementation of the European Digital Identity framework in close coordination with the Commission and, where relevant, other concerned public and private sector parties. In particular, Member States are recommended to work closely together on the basis of a proposal by the Commission to identify the following elements as part of the Toolbox:
|
|
(2) |
For the purposes of this Recommendation, the definitions set out in the Commission’s proposal for a European Digital Identity framework apply. |
2. PROCESS FOR DEVELOPING A TOOLBOX
|
(1) |
It is recommended that Member States implement this Recommendation through the eIDAS expert group. The general rules of procedure of that expert group apply. |
|
(2) |
Standardisation bodies, relevant private and public sector stakeholders and external experts will be consulted and associated to the process as appropriate. |
|
(3) |
The following schedule for the implementation of this Recommendation is foreseen:
|
|
(4) |
Notwithstanding point 4 ‘Review’, it is recommended that the Member States and other concerned parties implement the toolbox following its publication, in the form of test implementations and reference pilots. |
3. COOPERATION AT UNION LEVEL TO DEVELOP A TOOLBOX TO SUPPORT THE IMPLEMENTATION OF THE EUROPEAN DIGITAL IDENTITY FRAMEWORK
Content of the Toolbox
|
(1) |
In order to facilitate the implementation of the European Digital Identity framework, it is recommended that Member States cooperate to establish a toolbox including a comprehensive technical architecture and reference framework, a set of common standards and technical references and a set of guidelines and descriptions of best practices. The scope of the toolbox should cover at least all aspects of the functionality of the European Digital Identity Wallets and of the qualified trust service for attestation of attributes as proposed by the Commission’s proposal for a European Digital Identity framework. The content should evolve in parallel with and reflect the outcome of the discussion and process of adoption of the European Digital Identity Framework. |
Common Standards and Technical References
|
(2) |
It is recommended that Member States identify common standards and technical references in particular in the following areas: European Digital Identity Wallets user functionalities including signing by means of qualified electronic signatures, interfaces and protocols, level of assurance, notification of relying parties and verification of their authenticity, electronic attestation of attributes, mechanisms for verifying validity of electronic attestations of attributes and associated person identification data, certification, publication of a list of European Digital Identity Wallets, communication of security breaches, verification of identity and attributes by qualified trust providers of electronic attestations of attributes, identity matching, minimum list of attributes from authentic sources such as addresses, age, gender, civil status, family composition, nationality, educational and professional qualifications, titles and licenses, other permits and payment data, catalogue of attributes and schemes for the attestation of attributes and verification procedures for qualified electronic attestations of attributes, cooperation and governance. |
Guidelines, best practices and cooperation
|
(3) |
It is recommended that Member States identify guidelines and best practices in particular in the following areas: business models and fees structure, verification of attributes against authentic sources including via designated intermediaries. |
4. REVIEW
It is recommended that Member States cooperate to update the deliverables resulting from this Recommendation after the adoption of the legislative proposal for a European Digital Identity Framework to account for the final text of the legislation.
Done at Brussels, 3 June 2021.
For the Commission
Thierry BRETON
Member of the Commission
(1) Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (OJ L 257, 28.8.2014, p. 73).
(2) COM(2021) 118 final.
(3) COM(2021) 281 final.