1. IN Groupe
  2. /
  3. Newsroom
  4. /
  5. Insights
  6. /
  7. eIDAS 2.0: towards a phygital identity

eIDAS 2.0: towards a phygital identity

In an increasingly connected world, where daily life is digitized at a breakneck pace in the fields of health, education, finance and travel, making life easier for citizens, businesses and government bodies has become a priority.

Digital identity appears to be a promising solution to the challenges of our time, but it is essential to understand the issues involved and adopt a pragmatic approach that combines both digital and physical aspects. The phygital era is opening up new horizons for digital identity and trust.

Phygital identity, a contraction of the terms "physical" and "digital", aims to combine the advantages of the digital world (speed, efficiency, accessibility) with those of the physical world (security, trust, authenticity). This hybrid approach makes it possible to meet users' needs for digital identity and trust, while taking into account regulatory constraints and concerns about personal data protection.

Version 2.0 of the eIDAS (Electronic Identification, Authentication and Trust Services) regulation, and the advent of phygital identity, mark an important milestone in the construction of a secure, interoperable European digital space that respects the fundamental rights of citizens, businesses and government bodies.

eIDAS article

eIDAS equips Europeans with e-Wallet electronic wallet

The eIDAS regulation offers European citizens the possibility of benefiting from an electronic wallet, known as the e-Wallet, as part of the implementation of the eIDAS 2.0 regulation. The European Union Digital Identity Wallet (EUDI) is a digital version of your wallet, containing your physical identity documents and personal attributes. Users will be able to store various credentials, such as identity cards, passports, driving licenses, personal health cards, etc., in the form of verifiable credentials (VCs), compliant with World Wide Web Consortium (W3C) standards.

According to the European Commission, this initiative aims to create a common, secure digital space for all member states, facilitating secure interaction and transactions between citizens, administrations and businesses.

The e-Wallet will enable users to control their personal data and share it selectively (the holder of the data controls what he or she wishes to divulge), while guaranteeing its authenticity and integrity.

Thanks to e-Wallet, users will be able to authenticate and register with public and private online services (e.g., open a bank account, fill out a declaration, or enroll in a university) and electronically sign all documents issued by registered trusted service providers. This digital solution should help simplify administrative procedures and boost confidence in online transactions, while complying with the requirements of the General Data Protection Regulation (GDPR).

 

eIDAS expands the range of electronic trust services

In order to create a unified and secure digital environment within the European Union, the eIDAS regulation establishes standards for electronic identification and authentication. This regulatory framework is based on two fundamental pillars:

  • The issuance of qualified trust certificates for electronic signature, electronic seal and website authentication. These certificates guarantee the integrity and authenticity of digital transactions, reinforcing trust between stakeholders.
  • The list of digital trust service providers recognized throughout Europe. These carefully selected and certified providers ensure the supply of secure digital services that comply with regulatory requirements.

Electronic signatures and digital services are growing rapidly throughout Europe, and require a high level of authentication to guarantee the security and reliability of transactions. Three key application areas illustrate this trend:

  • Property registration and transfer procedures with notaries require strong authentication to prevent fraud and ensure the accuracy of transactions. This requirement strengthens the protection of stakeholders' interests and contributes to the fluidity of processes.
  • The introduction of electronic invoicing is designed to reduce fraud and data entry errors, and strengthen tax compliance on an international scale. Strong authentication plays a crucial role in securing these exchanges and preserving data integrity.
  • Compliance with the Payment Services Directive 2 (PSD2) requires strong customer authentication for all e-commerce transactions in Europe. This measure is designed to protect consumers and combat online fraud.

To comply with the requirements of the eIDAS regulation, trust certificates must conform to current regulations. These stipulate that "the natural person or the authorized representative of the legal entity must present an official identity document with photograph (national identity card, passport, residence permit or other document relating to residence)" in order to be issued with a digital signature.

This provision guarantees the reliable identification of users and the security of digital transactions within the European single market.

 

eIDAS reaffirms the importance of providing authentic sources for the generation of this digital identity

To be recognized and accepted by all stakeholders, digital identity must be guaranteed and approved by a trusted third party, such as the state. This bond of trust is based on legal identity, i.e. the creation of digital identity is based on legal physical credential (national identity card, residence permit, passport, and so on.). The state assigns each individual a PID (Person Identification Data), based on a civil registry or electronic identity card.

This legal digital identity is based on a highly secure element embedded in the ID card itself: the "secure element". All European ID cards complying with the latest regulations feature this "secure element" on the ID chip, guaranteeing enhanced protection of citizens' identity data thanks to high-performance security systems and cryptographic processes (biometrics and biographical fields, for example).

Acting as a national printing works for the state, we strive to provide citizens with the same level of identity insurance in the digital world as in the physical world, in line with a phygital strategy.

Protecting rights and privacy: a major challenge for digital identity

The protection of rights and privacy is of paramount importance when establishing a digital identity. It must enable each individual to control access to his or her personal information online, and to guarantee consenting use of his or her data.

The eIDAS 2.0 regulation emphasizes the principle of total user control over personal data. Users have access to their information and certificates, which they can use and revoke as they see fit. The digital portfolio restricts data sharing to information strictly necessary for the provision of the trust service for which the digital signature is required.

 

eIDAS image article 2

Digital identity, a vector for social and economic inclusion

Identity is a universal right that states must grant to their citizens from birth. Providing every citizen with a digital identity strengthens both social and economic inclusion, by facilitating access to online services offered by governments, businesses and organizations, participation in democratic life, access to financial services and access to employment and education.

As such, it enables :

  • Secure access to government and corporate online services
  • Participation in democratic life by providing access to online platforms for voting, expressing oneself and taking part in public debates.
  • Access to financial services by opening online bank accounts, accessing digital payment services and obtaining online bank loans.
  • Access to employment and education to verify qualifications. Facilitate online application processes and provide access to training and apprenticeship programs.

Complementarity between physical and digital identities

On a global scale, only 55% of the population are equipped with a smartphone, and almost half the world's population has no access to the Internet, which means that citizens still need a physical identity. Having an e-wallet requires a functional, state-of-the-art device, and in the event of breakage, loss, theft, hacking or ransomware of the phone, the physical credential remains essential to prove identity.

The physical identity document is still required in certain situations, such as international travel or face-to-face interactions with public authorities. What's more, some European countries confirm the need for a physical identity document to create its digital twin, and impose security features in the physical document to ensure the integrity of the chain of trust. In the event of a mass cyber-attack, an entirely digital solution remains vulnerable.

Digital identity and physical identity must therefore coexist to guarantee security, sovereignty and the right of every citizen to access public and private services. IN Groupe, aware of the stakes, works on both aspects of identity and promotes a phygital identity that contributes to the emergence of an efficient digital administration, an innovative economy and a connected, secure and inclusive society.

Massin Marie-Aude - Director, System & Digital Identity Business Line