by Kristina Dedi, Elena Carrieri, Anne Moutardier, Masotti Cassella. Â
To respond to the growing demand for secure digital identities at the European level, the EU has updated the eIDAS regulation, introducing new rules for electronic identification (eID): the eIDAS 2 Regulation.
This regulation came into effect on May 20, 2024, but the
publication of the implementing acts is expected in
November 2024 and May 2025, as well as the first decisions
from national governments in application of this regulation.
eIDAS 2 significantly enhances digital interoperability across
the EU, enabling citizens, businesses, and professionals.
The Regulation introduces advanced protection
measures to safeguard user data, imposing significant
penalties for non-compliance, to encourage service
providers to maintain high standards of security and
reliability.
The main innovations contained in the Regulation:
• European Digital Identity Wallet (EDIW): A unified, secure, and interoperable European digital wallet for all EU citizens, usable across member states. This wallet allows access to a
wide range of public and private services with a single certified digital identity. For high-level authentication services, businesses (excluding small and medium-sized) must accept the EDIW upon users’ request.
• Expansion of Included Fiduciary Services: Extending beyond electronic signatures to include electronic registers with presumed integrity and accurate chronological order. Introduction of foundations for blockchain and smart contracts.
• Electronic Seals: New provisions to ensure the integrity and authenticity of digital communications. Enterprises using HSM (Hardware Security Modules) must comply by May 21, 2026.
• “Electronic” and “Qualified” Archiving: eIDAS 2 introduces new definitions of electronic and qualified archiving to preserve digital documents, ensuring durability, readability, integrity,
confidentiality, and proof of origin. A minimum share capital of 5 million euros is required to operate as a Qualified Trust Service Provider.
• Authentication Certificates: Stricter rules and new obligations for website authentication certificates and the fiduciary service of validating data transmitted via certified delivery methods and related proofs.
