The EU’s digital wallet shows leadership but uncertainties remain in its implementation

Towards the end of March this year, the Council of the European Union passed a legal agreement for the implementation of eIDAS 2, (Electronic Identification, Authentication, and Trust Services 2), a cross-border digital identification wallet (EUDIW) for electronic transactions, paving the way for the text to be placed into the Official Journal of the Union, and then enter into force within the EU region as law 20 days later. 

The bloc’s response to the challenge of digital identification – labelled by Belgian Secretary of State for Digitisation, Mathieu Michel, as “a milestone in our society’s digital transformation” – is set to be its most ambitious attempt at providing cross-border services to date. Though the responsibilities for building individual apps will lie with member states (who are mandated to do so by 2027), these wallets will be built to the same specification across the continent, and offered to citizens, residents, and businesses. 

While uptake of these wallets will remain voluntary for citizens, and safeguards have been put in place to prevent the marginalisation of those who opt not to use them, the legal requirement for member states to build a digital solution and provide them free of charge to its citizens is, nonetheless, set to supercharge European digital government.  

Digital services in a few clicks

The EU’s informational website about the wallet is testament to as much. “Opening a new bank account, applying to a top university, or applying for your next dream job”, the site says, “it should only take a few clicks – but often, it doesn’t”. With the wallet, citizens will be able to securely identify themselves online, storing and sharing electronic credentials with relevant public and private sector bodies. 

Crucially, EUDIW is designed to maximise user privacy. It is this impulse that lay behind the creation of the wallet in the first place. Back in 2020, when European Commission President, Ursula von der Leyen, announced the initiative, she referenced logging into an app or website where “we have no idea what happens to our data in reality”, proposing instead “a technology where we can control ourselves what data is used and how”. 

When authenticating themselves on a social media platform, for example, a citizen would be able to share their age without revealing their date of birth; in renting a car they could prove their license validity without their address. The aim, according to the EU’s rapporteur for the bill, Romana Jerkovic, is “to empower citizens by putting them in full control of the use and sharing of their data”.  

While convenience and privacy are the immediate benefits of the wallet that citizens will enjoy, it also paves the way for greater uptake of digital government services. As the EU states on its website, the wallet will “enable more public services to be offered, as 100 per cent of citizens will have access to as a means of electronic identification”, while a “wide range of private sector use cases” will also “create a large pool of users tempted to switch to digital public service provision”. For governments sceptical about the power of Big Tech on privacy grounds – such as the Dutch Government, which is currently trying to create its own GPT model, or the Italian government that initially banned ChatGPT – the EUDIW is a double victory. 

To be clear, the eIDAS 2 is not the first digital ID; it is not even the first digital wallet in Europe. More than half of EU member states already possess digital IDs, and the likes of Singapore’s Tech Stack – with its common infrastructure and reusable code across government – already demonstrate the benefits of reusable architecture for digital government. 

The real innovation in the EU’s new Act is its focus on cross-border interoperability. The common specifications in the EUDIW will allow wallets to work seamlessly across borders, a crucial part of the EU’s goal to make key public services available to everyone in the EU by 2030.  

Isolated examples of this sort of collaboration are already underway: universities from Spain, Greece and Switzerland recently announced an initiative to standardise and recognise university documents across borders. EUDIW is the most ambitious effort in this respect so far – as well as forging interoperability within the EU, surrounding countries (like Ukraine) can and have signed up to participate in the initiative. 

An uncertain road ahead

As exciting as the digital wallet is for European data privacy and digital government, its adoption still has a long way to go. Several key challenges lie ahead in the form of coordination, privacy challenges, and user uptake.  

Since May 2023, four large-scale pilot projects have been underway with 360 entities, including representatives of 26 member states and three other European countries. These projects will continue until 2025, from which point it will be up to individual countries to prove the initiative’s worth. 

The participating countries will no doubt be mindful of the challenges faced by eIDAS 1, which struggled after its introduction back in 2014. As Taylor Wessing’s Senior Council, Kelly Burke, notes, “it contains inherent limitations, excessive complexity and a lack of flexibility” contributing to limited adoption among member states.  

With a stronger legal mandate, there is little doubt that eIDAS 2 will be a different story, but testimony gathered ahead of the law’s final drafting suggests stakeholders continue to be concerned about some of these themes. 

Take Microsoft, for example, who cited the need to coordinate eIDAS with legislation such as the European Cybersecurity Act, to avoid regulatory overlap and inconsistencies. Or the City of Stockholm, who raised concerns that citizens might struggle to understand how their personal data will be used by the wallet and what conditions apply to it.  

The concerns expressed by these stakeholder groups have wider implications for the take-up of the scheme, on the basis that users may find its purpose and benefits confusing, especially its cross-border components. 

Rolling out these IDs will require strong informational campaigns at both a member state and Union-wide level to highlight the benefits of the wallet. Confusion over the wallet’s purpose and functionality may, otherwise, leave citizens at best ambivalent, and at worst outright reluctant to adopt the solution.  

Governments will also have to rely on the goodwill and enthusiasm of private sector companies, many of whom are set to have their powers constrained by it (since less data will be shared with them) to ensure take-up of the wallets. The fastest path to adoption will come if its users begin to adopt it as the default option for logging into social media or interacting with banks. 

There are challenges still to be solved which go beyond clarity over the wallet’s purpose. Last year, an open letter to the European Parliament and Council was circulated, with signatories arguing that – far from enhancing user privacy – the revised eIDAS could open the internet up to surveillance by governments.  

Ambiguities about one of the clauses in the act, according to the Mozilla Foundation, might give governments power to “surveil their citizens by ensuring cryptographic internet keys under government control can be used to intercept encrypted traffic across the EU”. Under the new regulation, internet browsers would be prohibited from revoking trust in keys designated as “trustworthy” by member states, and there would be no independent body to check what a government does. 

The EU insists that the concerns of Mozilla, and the other signatories, are unfounded. But this issue, and those voiced by Microsoft and others, show that the success of eIDAS 2 is no done deal. The existence of four pilots is evidence that technical progress is well underway. But it is on the political level, in winning citizens and private sector companies over to the benefits of a continent-wide digital ID, that the EUDIW rollout will be won or lost.