Findynet and the eIDAS revision

The digital environment in the European Union is constantly changing and the importance of digital identity solutions for interactions between citizens, businesses and public authorities has increased significantly.

The eIDAS reform, which will enter into force in 2024, will update and extend the original eIDAS Regulation to better meet today’s needs.

Findynet is already implementing eIDAS-compliant solutions.

Findynet is already implementing solutions that are compliant with the upcoming eIDAS Regulation.

Findynet complements the future eIDAS ecosystem

We consider the reform of the eIDAS Regulation as an important milestone

In the process of revising the eIDAS Regulation, it has been recognized that digital credentials and wallet application are the best way to manage digital identity data. The regulation promotes the formation of trust ecosystems based on digital credentials, as all EU member states are required to provide wallet applications to their citizens, with wallet applications mandated to be accepted as a means of electronic identification in certain sectors.

Our solutions are technically compatible with the eIDAS Regulation

In our technological choices, Findynet is committed to adhering to technologies compliant with the eIDAS Regulation. We maintain ongoing collaboration with several technology providers who are developing wallet applications and credential agents compatible with eIDAS. The solutions we are currently implementing also work with wallet applications certified according to the eIDAS Regulation. As these eIDAS-compliant solutions are adopted in member states, the implementations can be scaled EU-wide.

We allow trust ecosystems to define their own rules

The upcoming eIDAS Regulation imposes requirements on certain sectors' service providers. Additionally, some ecosystems may wish to rely on eIDAS-certified wallet applications and adhere to the regulation's trust model, but this may not be necessary or desirable in all ecosystems. In many trust ecosystems, broad usability and streamlined administrative procedures may be more important goals than reliance on the eIDAS Regulation. Findynet offers each trust ecosystem the opportunity to define its own rules based on its specific needs.

We are already developing interoperable solutions with the new regulation

Findynet is accelerating the national roll-out of digital identity solutions. Support services for the trust model are expected to go live in the last quarter of 2024. This is 2-3 years earlier than the timeframe set in the eIDAS reform. Early migration to eIDAS-enabled solutions will ensure that Finnish organisations are ready to adapt and benefit from future solutions at the forefront.

Objectives of the eIDAS regulation revision – 3 key points

Extending the use of digital identity data

The reform will introduce a European Digital Identity Wallet that will enable secure and easy access to digital services across Europe. The European Digital Identity Wallet will allow citizens and legal persons to securely manage and share their data. The Regulation mandates Member States to provide core dataset from public registers in the digital wallet.

Improving security and interoperability across the EU

The revision aims to enhance the security and trust of electronic transactions by providing clear rules and standards for digital identity and trust service providers. The goal is to improve the interoperability of national electronic identification systems within the EU, enabling citizens, businesses, and public sector actors to interact smoothly across the EU. The aim is to reduce the risks and costs associated with the fragmentation of existing national solutions.

Supporting EU competitiveness and digital sovereignty

The upcoming eIDAS Regulation will create an EU-wide digital identity ecosystem. This will streamline transactions, improve access to goods and services, and reduce costs and business risks. The revision will also help the EU to improve its digital sovereignty by strengthening its own digital infrastructure by reducing dependence on non-EU technologies. Digital sovereignty will also be promoted by giving citizens and businesses more control over their data.

        
                                                                                    The roll-out of solutions under the renewed eIDAS regulation is scheduled 2027
                                                                                
                                                                                    Q2/2024: Publication of the revised eIDAS Regulation in the Official Journal of the European Union. The amending regulation enters into force 20 days after its publication in the Official Journal of the European Union.
Q4/2024: The Commission adopts implementing acts six months after the entry into force of the regulation.
Q4/2026: Member states must provide at least one European Digital Identity Wallet within 24 months of the entry into force of the implementing acts.
Q4/2027: Private sector entities in certain sectors must accept the use of the European Digital Identity Wallet to provide services requiring strong user authentication.

The new eIDAS Regulation is binding legislation for certain data sets and sectors

Member states must ensure that qualified trust service providers can verify the authenticity of the following attributes, if based on official public sector sources:

Address
Age
Gender
Civil status
Family composition
Nationality or citizenship
Educational qualifications, titles and licences
Professional qualifications, titles and licences
Powers and mandates to represent natural or legal persons
Public permits and licences
For legal persons, financial and company data

The European Digital Wallet application must be accepted as an means of online identification in services requiring strong user authentication.

This requirement applies at least to the following areas:

Transport
Energy
Banking and financial services
Social security
Health
Drinking water
Postal services
Digital infrastructure
Telecommunications
Education

Digital wallets will not replace existing identification solutions, but will be deployed alongside them.

Frequently asked questions about the eIDAS Regulation

What does eIDAS mean

eIDAS (for ”electronic IDentification, Authentication and trust Services”) is an EU regulation with the stated purpose of governing ”electronic identification and trust services for electronic transactions”. It passed in 2014 and its provisions came into effect between 2016 and 2018.
Does the eIDAS Regulation apply to all digital credentials and wallet applications?

In some ecosystems, there may be a desire to rely on eIDAS-compliant certified wallet applications and the trust model outlined in the regulation, but this is not necessary for all trust ecosystems.
Will the eIDAS regulation apply to all wallet applications?

The revised eIDAS Regulation defines the requirements for wallet applications that wallet application providers wish to certify as European identity wallets.

The previous eIDAS Regulation covered strong electronic identification. Of the strong means of electronic identification in use in Finland, only the citizen certificate has been notified as an eIDAS-compliant means. Other means (such as online banking credentials and mobile certificate) can be used safely in e-services, even if their providers have not chosen to notify them under the eIDAS regulation.

Similarly, after the eIDAS reform, many actors will be able to offer wallet applications that can be used safely in e-commerce, even if they have not been notified under the eIDAS regulation.
Mitä teknologioita eIDAS-asetus pakottaa käyttämään?

The regulation itself does not directly address technologies. The EU Commission’s 2024 implementing acts will specify the regulation with technical requirements.

Based on what is known about the work on the technical requirements, wallet applications compliant with the eIDAS regulation can operate under two configurations. The technologies under the first set of regulations (known as Type 1 configuration) concern the issuance and reception of core Personal Identity Data issued by the state and other credentials issued by authorities. These utilize two specifications for evidence formats in parallel (ISO mDL and SD-JWT, with the latter likely to be updated) and OID4VC protocol family for online transactions.

A Type 2 configuration has also been under preparation, but no position has yet been taken on its technologies.
Are Findynet's solutions compliant with the upcoming eIDAS Regulation?

Findynet implements solutions compliant with the eIDAS Regulation. As a rule, we utilise the technologies required by the technical implementing acts of the eIDAS Regulation.

In some trust ecosystems supported by Findynet, there may be a desire to utilise additional technologies or trust models, especially if the user’s privacy in using the credential needs to be secured in a manner stronger than what is mandated by the eIDAS Regulation.

Interested?

Contact us

Trust online is built on verified data managed by the users themselves. Contact us to learn more about the potential of Findynet projects for your organisation.