EU Digital Identity Wallet: A leap towards secure and trusted electronic identification through certification
September 2024 by ENISA
In line with Regulation (EU) 2024/1183 to establish the European Digital Identity Framework, the European Commission has requested ENISA to provide support for the certification of European Digital Identity (EUDI) Wallets, including the development of a candidate European cybersecurity certification scheme in accordance with the Cybersecurity Act (Regulation (EU) 2019/881).
European Commission Acting Director for Digital Society, Trust and Cybersecurity, Christiane Kirketerp de Viron, highlighted: “Certification scheme for the EU Digital Identity Wallets is key for a successful functioning of the Wallets concept. The certification ensures that EUDI wallets are secure and protect the privacy of users and their personal data. Moreover, it would also guarantee that the citizens can use their national digital wallets across the EU.”
EU Agency for Cybersecurity Executive Director, Juhan Lepassaar stated that: “In today’s interconnected world, the use of digital wallets is a pivotal step towards a seamless and secure identification in both the physical and digital world. By developing the European cybersecurity certification scheme for the European Digital Wallet (EUDIW), ENISA will support the Commission and the Member States to set out cybersecurity controls in the digital identification field allowing its timely uptake across the EU. Digital Wallets contribute to the maturity of EU’s digitalization and enhance citizens’ cybersecurity and privacy."
What about the EU Digital Identity Wallets?
As the wave of technological advancements has transformed the private and public sectors and services alike, it is essential to propose solutions that securely identify and authenticate users in the evolving digitalised world.
In May 2024, the European Digital Identity Framework entered into force. The EUDI Wallets is a step in this direction. EUDI Wallets allow storing, accessing and sharing of personal identification data and documents, all in one easy to access application. Through EUDI Wallets, the online identification and authentication processes will be improved and address longstanding barriers in a common, safe and reliable way across Europe.
Developing certification schemes for EUDIW
The Commission request addresses two main work strands. First, it calls for ENISA to support the establishment of national certification schemes of EU Member States by providing harmonized certification requirements under the European Digital Identity Framework. To complement that, ENISA will be involved in the preparation of the relevant implementing acts establishing a list of reference standards and, where necessary, specifications and procedures for the purpose of expressing detailed technical specifications of those requirements (addressing primarily security and privacy aspects). Secondly, it requests ENISA to launch the preparation of a candidate European cybersecurity certification scheme for the EUDI Wallets and their electronic identification (eID) schemes under the Cybersecurity Act.
According to the EU Cybersecurity Act adopted in 2019, the European Commission can issue a request to ENISA for the development of a European cybersecurity certification scheme. ENISA will kick off the technical preparatory work taking into account existing and upcoming certification schemes to the extent possible. Currently ENISA can leverage on the adopted European Cybersecurity Certification Scheme on Common Criteria (EUCC) as well as the work related to the draft candidate European Certification Scheme for Cloud Services (EUCS) and the certification of 5G (EU5G). A public consultation is currently ongoing regarding the embedded Universal Integrated Circuit Card (eUICC) certification under EUCC, developed in the framework of EU5G. The eUICC certification would be one possibility to support the certification objectives of the EUDI Wallets.
ENISA will lead this work in close cooperation with the EU Member States and stakeholders. It has already been supporting the eIDAS Expert Group and its Certification Subgroup and will support the European Digital Identity Cooperation Group once established. Moreover, ENISA has been supporting the EUDI Toolbox the last 3 years providing advice on digital wallets threats and security requirements. The development of the candidate European cybersecurity certification scheme will be supported by an ad-hoc Working Group composed by expert in the domain and conducted in close coordination with the European Cybersecurity Certification Group (ECCG) in line with the Cybersecurity Act.