However, the proposed pan-EU digital ID framework attempts to bridge the discrepancies between multiple national digital IDs and make cross-border online interactions seamless. According to an official note, the digital ID wallets will be built on top of the national electronic identification systems that already exist in a few EU countries. The wallets can also double as a digital repository where Europeans can store their personal documents such as their passport, driver’s licence, educational certificates, bank accounts, medical prescriptions, and more. Wallet holders will additionally be able to e-sign any of these documents.
The EU’s new legislation governing digital IDs and wallets went into effect from May 2024. As per the new rules, public authorities and recognised private entities in the EU are empowered to issue these wallets. However, downloading and signing up for them is reportedly not mandatory for citizens. As for service providers, they are legally required to accept digital ID wallets as a valid method for identification and authentication. “Service providers can be everything from Member States to banks to universities to pharmacies. They will request your Digital ID and/or Digital Documents to verify your identity and other claims when you access their services,” the EU said. On the other hand, wallet providers will be responsible for developing the app in line with the EU’s technical specifications and will also be expected to provide ongoing technical support.
In order to ensure the security and privacy of the data stored on digital ID wallets, the EU said that tracking and profiling will be limited owing to the data minimisation design of the wallets. “A built-in dashboard will give you a complete overview of all your data and transactions. From it, you can send a request to relying parties to delete your data,” the EU said. which will be open source and will have to be developed in compliance with the EU’s General Data Protection Regulation (GDPR) as well as the existing cybersecurity legislation. “Wallets can be suspended in case a serious security risk is identified,” it added.
The digital ID wallet is designed keeping in mind data minimisation capabilities such as zero-knowledge proofs which will allow wallet holders to verify an attribute is true without disclosing any further details. “You could for example confirm that your bank account holds above a certain amount, without revealing the exact figure. This ensures an extremely high level of privacy,” the website reads. Wallet holders can also choose to “only share the specific information requested by a service provider, without revealing extra information. For example, you could choose to share your date of birth, but without revealing any other identifying details that could be used for profiling.”
By pushing for a pan-EU universal digital ID system, the bloc says that it is looking to address privacy risks faced by citizens and businesses who have to constantly share data with companies in order to access online services. Furthermore, digital ID wallets could also make it easier for the EU to enforce certain provisions of its Digital Services Act, which has tougher age verification requirements for platforms with adult content. Additionally, the sharing of credentials through ‘privacy-preserving’ digital ID wallets can also make the ‘sign in with’ options offered by big tech companies like Google and Apple less popular. However, the European digital identity system has been criticised by civil society groups for “being a gift for Google and Facebook to undermine the privacy of EU citizens.”
“Today, we are surveilled based on illegal device fingerprinting. All our clicks and touches are fed into behavioral profiles about us. Soon the eIDAS [EU’s digital identity regulation] might introduce a unique and persistent identifier for every citizen that allows the same Big Tech actors to correlate our behavior across the public and private sector with unprecedented accuracy,” read an open letter dated June 2023 and penned by 24 civil society organisations including digital rights groups such as Privacy International and the Electronic Frontier Foundation. Meanwhile, DigiLocker, the Indian counterpart of the EU’s digital ID wallet, has had hiccups of its own. In 2020, cybersecurity researchers Mohesh Mohan and Ashish Gahlot separately discovered a major vulnerability in the sign-in process of the “secure document access platform” that potentially put the personal details of 3.8 crore DigiLocker users at risk. The authentication flaw was reportedly patched only after it was flagged to the DigiLocker team by the researchers and CERT-In (India’s nodal cybersecurity agency).
 plans to set up its own universal digital identity system continue to advance as it expects to roll out digital identity wallets for EU citizens, residents, and businesses by 2026 in order to make a wide range of public and private services more easily accessible in any country that is part of the international bloc. India has a similar government-backed initiative in place known as DigiLocker. First announced in 2021, the EU’s digital identity wallets are being pilot-tested for various use cases before they are officially rolled out. Over the past few decades, many countries in Asia and Africa have implemented their national biometric-based digital ID systems to promote digitisation of government services and bolster use of digital payments. Even EU countries like Estonia have enforced decentralised e-ID systems for many years.){kind=link}