Having a digital identity is becoming indispensable for many activities in daily life, from filling in forms and paying bills, to vaccination bookings and accessing economic benefits. The resulting advantages and efficiency, combined with the increased security offered for operations performed online, make this tool one of the major digital enablers not only in e-Government and in the relationship between citizens and public administrations, but also for businesses and other private sector entities. Confirming the importance of this tool, the EU Commission’s desire to introduce a uniform system throughout Europe has been clear for several years. The wait now seems almost over, and the European eID and Digital Wallet are finally starting to see the light of day in a climate that, according to a recent Thales study, sees citizens enthusiastic about the new continental systems.
EIDs AS A PASSEPARTOUT TO ACCESS ONLINE SERVICES
Although there is no single definition, the concept of digital identity generally refers to all personal or personally related information that is stored digitally and accessible by the individual who possesses it and, in some cases, also by third parties. In a global context where digital services and goods are playing an ever-increasing role in all spheres of daily and professional life, most personal information is now digitally stored, making it accessible regardless of physical location and time, and usable for public and private services. Confidential information has therefore become one of the key factors of the digital society, not only in terms of accessibility to services and the benefits from their use (above all, in the medical sphere), but, unfortunately, also as a risk factor and as a source of profit for those intending to exploit it for commercial purposes.
THE LONG MARCH OF eID IN EUROPE
At the European level, the focus on these developments and the consequences they may have in a considerable number of activities of daily and professional life began in the 1990s. In response to the growing use of the Internet, in 1999, the European Community adopted Directive 93/1999/EC whereby, and, for the first time in the history of the Old Continent, a regulation for the use of electronic signatures was introduced. Although wide margins of manoeuvre were granted to the various states, they at least identified common lines and agreed on three security levels for which this instrument could be used (simple, advanced and qualified signature). The directive, however, did not provide for the establishment of tools for the so-called ‘digital identity’ (eID), leaving a regulatory vacuum that in the following years saw, inevitably, a proliferation of national eID models. These systems were, and to a large extent still are, lacking interoperability and mutual recognition, as well as common protection in terms of privacy and for-profit use of processed data.
The need to overcome these obstacles, coupled with the consolidation of the qualified electronic signature tool, has over the years increased the awareness of citizens and policymakers on these issues, opening up a debate that, in 2014, led to the approval of eIDAS (electronic IDentification, Authentication and trust Services), the European Regulation for electronic identification and trust services for electronic transactions in the internal market. Since the adoption of the regulation, the focus on the issue of digital identities and authorisations has continued to grow in the EU. Data protection and data security requirements, privacy constraints (e.g. the GDPR privacy regulation – EU 2016/679), as well as the higher technological and interconnectivity standards required by the competitiveness of the global market, have raised further awareness of these services, especially due to their increasing economic and financial value. In 2021, in the midst of the technological and digital acceleration caused by Covid-19, the Commission proposed a revision of this act in order to promote greater integration between states. This eIDAS update, which is expected to materialise in the course of 2022, focuses on a framework for the European digital identity, being achieved through the emergence of the ‘Wallet’.
DIGITAL IDENTITY IN ITALY, THE SPID BOOM
Taking a step back, it is worth mentioning the Italian case. Italy is one of the most avant-garde countries in terms of digital identity in Europe. Indeed, not only can it boast of being one of only four EU countries to have two national eID systems recognised at European level, namely SPID and CIE, but it also broached the subject well ahead of that of many other EU countries. The SPID system began in 2013 when, on the proposal of the MEP Stefano Quintarelli. Since then, work has begun on designing a service that can simplify citizen access to the growing number of online services, forcing users to acquire more and more access credentials. In order to meet the twofold objective of ensuring the widespread use of eID and, at the same time, of placing this tool in a market context aimed at competitiveness and fostering innovation, the distribution of SPID was delegated to companies and private market entities (a model that has been replicated in most cases in Europe). There are no less than nine SPID providers in Italy, and the fact that they are accredited implies that they have obtained the authorisation to operate on the market from the Agenzia per l’Italia Digitale (AGID), the Italian state body responsible for digital identity.
However, in terms of deployment, the real boom of SPID took place with the changes brought about by Covid-19 and, from March 2020 to date, the number has increased by 360%, with one in two Italians now having a digital identity. The advantages are evident in every sector, from access to public administration portals to the health and education sectors, and to the world of work, the Italian digital identity guarantees simplification and security in an increasingly digitalised society.
However, eID is not only the main enabling technology for the digitisation of the public administration. The great value of such tools is also recognised in the business sphere. According to Paolo Fiorenzani, head of InfoCamere’s Development and Management of Digital Identity and Certification Services structure, “digital signatures and digital identities are decisive and fundamental tools for the new digital economy and for the competitiveness of our businesses”. Great advantages are also found in the standardisation and control of cybersecurity, which offers guarantees to both users and producers: “Especially for professionals and entrepreneurs, it is essential to have digital identity tools to operate digitally with legal certainty, from the point of view of both authentication and the signing of digital documents, i.e., the possibility of reliably manifesting our consent to sign commitments even in the digital world”.
However, such intensive use of digital identities is not without criticism. There are still many Italians who approach digital identity with caution, mainly due to a general lack of certainty in the face of a tool that has become, in the space of a few years, so essential in everyday life. According to a recent IPSOS survey, it is precisely in the area of cybersecurity that Italians continue to perceive the greatest risks associated with the use of eIDs. Almost a third of the population said they had experienced a form of digital breach themselves, and among the threats of greatest concern are the fear of suffering identity theft (41%), the misuse of online payment methods (39%), and fraudulent access to an online bank account (34%).
“A RELIABLE AND SECURE DIGITAL IDENTITY FOR ALL EUROPEANS”. THE COMMISSION’S AMBITION IS ACHIEVED IN THE WALLET
European Commission President Ursula Von Der Leyen announced the above during her State of the Union address on 16 September 2020, and now, the project for “a secure European e-identity. One that we trust and that any citizen can use anywhere in Europe to do anything” seems to be becoming a reality with the EU Digital Identity Wallet. In the second half of 2021, the EU executive launched an online platform to gather comments from the various stakeholders on this proposal, while, in February, the European Digital Identity, Architecture and Reference Framework were published, where the European states were invited to initiate study and design phases for the development of a toolbox comprising a technical architecture and a (technical and regulatory) framework.
The main objective of the Wallet is the promotion of accessible and secure digital identities, in a user-friendly context, that facilitates online interactions while maintaining control over one’s own data. Digital Wallets will allow citizens not only to identify themselves digitally but also to store and manage official documents in electronic format (such as driving licences, medical prescriptions, or diplomas) and to allow online authentication without necessarily having to reveal their identity or other sensitive data. Through an alignment of the various national systems and a common regulatory framework, the aim is to enable all citizens, as well as all businesses and third sector entities, to have access to a fully interoperable recognition system, providing secure access to an increasingly wide range of services. To facilitate its deployment and to ensure cross-accessibility based on simplified actions and a general user-friendly approach, the EU Digital Identity Wallet will also be accompanied by a specific app on which citizens and businesses will be able to store and show their identity, as well as share electronic documents and make payments directly from their smartphones.
Operationally, the European Commission’s proposal sets out a tight roadmap that should enable citizens to have their wallets between 2023 and 2024. The common toolbox on which the Member States are working should be ready in September this year and this should then be followed by trials in some countries. Next year will be decisive to see whether the Wallet will succeed in establishing itself as an accepted and recognised system at the EU level, and whether these innovations will be welcomed by citizens just as they are beginning to get used to their own national systems.
According to a recent study by Thales, the Commission can be optimistic as two-thirds of Europeans are ready to upload their documents to the Digital Identity Wallet, driven mainly by the increased security guarantees provided. Among the countries with the highest expectations is Italy, where the percentage of people enthusiastic about the new system has risen to 75%, a figure second only to that of France (85%). However, the survey has also reported a general difficulty – and lack of simplicity – of the eID systems currently in use in the various Member States, with 30% of respondents experiencing problems when making a purchase of value that requires them to show their ID card, and 29% with difficulties when applying for finance. However, of the 40% of those facing such problems, the percentage drops to just 5% or less when using a digital format.
It remains to be seen whether and how the Wallet will affect market trends. In fact, it seems that the approach based on a multitude of private market providers will have to be overcome, in favour of a single provider who will provide the technological support for the distribution of the system and the aggregation of different certificates. Several experts are questioning whether an excessive weighting of this role risks causing the emergence of national monopolists and whether a system with this approach will not end up further strengthening BigTech companies, which have so far remained on the fringes of certified digital identity systems but are now showing their interest.