The involvement of the financial services sector will be key to the success of the eID wallet.
While a growing number of Europeans use their Google or Facebook profiles to access a variety of services and platforms, the EU’s first attempt to create a widely used digital identity (the 2014 eIDAS regulation) for accessing public services, fell short.
A second attempt was announced by the European Commission (EC) in June: an EU digital identity app (known as the eID wallet), to be issued by national governments and accepted all over the bloc to access both public and private services. To make it work this time, the involvement of the financial services sector will be key.
More secure data
The proposed eID wallet will allow citizens, residents and businesses to share documents such as a driving licence and access services such as opening a bank account across EU countries ‘with a click of a button on their phone’ or as ID on websites and platforms.
One of the key advantages over private platforms is data protection, because the wallet will be backed by national governments under the framework of EU-wide regulation. Additionally, it will be designed to give the user control over what information they share.
The eIDAS regulation, on which the new proposal is based, came in for a lot of criticism because of its focus on public services. This resulted in a rather heterogeneous and underused digital identity ecosystem in the EU. Another missing ingredient was cross-border interoperability.
Due to a poor adoption rate, with only 14 out of 27 member states creating a national scheme, only 59% of EU citizens had access.
Second, member states adopted their own technical solutions which did not always connect effectively with other systems, making it impossible for the user to access benefits across borders. All in all, no single use case for interoperable, cross-border solutions emerged from the market.
The shortcomings of the eIDAS called for a reform which could involve the private sector to ensure a secure and interoperable system.
The private sector’s role
If the new eID wallet lives up to expectations, it could be an important step to equip the EU for the digital economy.
Take-up will be on a voluntary basis for the user. However, for private service providers, from transportation to banking, it will be compulsory to accept the eID wallet as an alternative in the login systems.
[The new eID wallet] could be an important step to equip the EU for the digital economy
For the private sector, making substantial investments in a tool that might not succeed at mass adoption is risky.
Therefore, close co-operation between the public and private sectors will be key to ensure its interoperability across national borders and industry sectors which will, in turn, entice citizens to use the eID wallet and make it a success.
The EC seems to be well aware of this. In parallel to the legislative procedures, it is creating a working group, where participants from the private and public sector will work closely with the commission with the aim of launching a common technical toolbox by September 2022. The pilot implementation of the eID wallet is set for late 2022 at the earliest.
Banks will have a say
The bulk of the requirements of electronic identity and remote authentication remain with the private sector – particularly in areas such as banking which are required by law to verify the identity of their customers. Let us not forget that when a bank provides an online service based on an ID it is subject to the liabilities of the user regardless of who issued the ID in the first place.
The special role of the financial sector is recognised by the commission in Recital 31 of the proposed regulation, whereby “secure electronic identification and the provision of attestation of attributes should offer additional flexibility and solutions for the financial services sector”.
While designing the eID wallet and its implementation, it will be essential to consider sector-specific regulations such as those of the revised Payment Services Directive, in the case of banks, and with other related legislation such as General Data Protection Regulation.
The three European credit sector associations – the Banking Federation of the European Union, the European Savings and Retail Banking Group, and the European Association of Co-operative Banks – have established a common eID Task Force, bringing together experts from 36 financial institutions, with the goal of expressing a common position for the whole sector. The specificities of the financial sector must be considered: as vital parties, banks should be aware of the chain of trust in data sharing, including all the actors involved.
Diederik Bruggink is head of payments and innovation at the European Savings and Retail Banking Group.
