The European Union eIDAS (Electronic Identification, Authentication and trust Services) regulation dates from 2014. This Regulation establishes a regulatory framework for electronic identification and related matters. This regulation is currently being reviewed and developed in order to establish the new technical framework for all Member States of the European Union. This new regulation will be eIDAS 2.

Although the new regulation has not been officially presented, there has been a leak and the draft eIDAS 2 has already been published. The filtered document shows concern among many people and entities working in the cybersecurity sector, and has published a joint letter of 500 researchers and privacy support entities and other fundamental rights in this area, warning of the risks of the new regulations that the European Union intends to establish.

A complete digital identity

Concern is mainly due to Article 45, which contains the draft. Future legislation seems to seek to create a digital identity for every inhabitant of the European Union. That digital identity will be collected in a wallet and will contain a large amount of data and documents from each person, such as all the information required for payment, driving licence, identity cards, medical records or academic degrees. I mean, lots of centralized personal information and documentation in a single digital warehouse.

This digital identity will be interoperable and will, in theory, serve to access public services or the use of multiple platforms and private sector services. The whole content of digital identity appears to be useful and useful throughout the European Union.

Security and privacy at risk

The European Union shall provide digital certificates for the use of services and information related to digital identity. Experts say that this is not a total guarantee when we talk about the Internet and that there may be errors in granting permits. "It's always been hard to manage. If a certifying authority fails and issues a certificate that should not, we have a problem," explains computer professor Juan Tapiador, according to the Xataka portal.

In addition to possible errors with certifications and permits and the chances of non-compliance with safety standards, a new risk has been identified: the eIDAS 2 proposal states that the ability of governments to spy on EU citizens increases considerably by providing them with the technical means to intervene in encrypted web traffic. And not only for a government to control the inhabitants of a particular country, but also to care for the inhabitants of all the states of the European Union.

Furthermore, they have announced that the digital identity will collect personal information and documentation from multiple fields, but that the segregation and division of the use of each of them from the general database is not ensured. "If I do an operation with my wallet to prove that I am older [showing an ID card, for example], because I am going to buy a product that requires showing my age, and then I do an operation related to education or health, the logical thing is that these transactions cannot be linked. So you don't know who buys this product is an engineer and also has a cardiovascular problem at once," said Tapiador.

Concern

With the new regulation, the door is opened for governments to have certification authorities in place, which can give licences, which intervene in all digital information collected and in communications. "We are very concerned that, as proposed in the current version, legislation will not be a proper technological guarantee for citizens and businesses, as you like. The truth is that it will surely be less secure for everyone," the letter states. Among other things, they point out the influence that the creation of digital identity can have on citizens' privacy.