The News: The European Commission announced plans on Thursday for a new digital wallet framework which will be available to all EU citizens, residents, and businesses in the EU. Through this initiative, EU citizens will be able to prove their identity and share electronic documents throughout Europe using their phone, including national digital identity cards, drivers’ licenses, diplomas, medical prescriptions, and bank accounts. Read the full press release here.
EU to Introduce Digital Wallet Initiative Ahead of US, Sets First Major Milestone for 2022
Analyst Take: The EU is set to introduce its digital wallet initiative ahead of the US, and has set a first major milestone for 2020. Why digital wallets? That’s easy — digital wallets facilitate both data privacy and convenience. Digital wallets enable an individual’s IDs and important documents to be securely stored on their mobile device. According to the European Commission, “the new European Digital Identity Wallets are meant to enable Europeans to access services online without having to use private identification methods or unnecessarily sharing personal data. With this solution they will have full control of the data they share.” And that’s nice, but what this digital wallet initiative really aims to deliver is the ability for EU citizens and residents to carry their IDs, bank information, medical documents, and other important licenses and files securely in their phones without running the risk of losing them or having them stolen.
Although no details about security features for the EU’s digital wallet initiative have yet been made public, one can expect the most critical feature of this framework to be security. Back to that in a moment.
The EU’s digital wallet initiative, called the European Digital Identity (EDI) will be available to any EU citizen, resident, and business in the Union who would like to make use of it. It is also intended to be widely usable as a way either to identify users or to prove certain personal attributes, “for the purpose of access to public and private digital services across the Union.” The EDI wallets are also being designed to allow people to not only choose which aspects of their identity, data, and certificates they will and won’t share with third parties, but also to keep track of who accesses their data.
EU Digital Wallet Initiative’s First Major Milestone Set for 2022: Developing an EU-Wide “Common Toolbox”
To accelerate the rollout of the EU digital wallet initiative process, the Commission invited EU member states to establish “a common toolbox” by September 2022, which will encompass the standards, technical architecture, and best practices for the framework. Note that there currently exists no requirement for member states to develop a national digital ID, let alone to make it interoperable with other member states’ digital infrastructure or verification services. The new proposal addresses that previous oversight.
The Commission intends to work with EU member states and the private sector on the technical aspects of the EDI while the legislative process moves forward with the proposal. As you may recall, the Commission’s 2030 Digital Compass initiative’s list of targets and milestones, like making critical public services available online by 2030, will require the creation of some kind of digital identification mechanism like the EDI.
Commissioner for Internal Market Thierry Breton explained that the ID will make it easier for Europeans to perform a wide range of actions, from renting an apartment or a car, and submitting tax returns, to opening a bank account outside of their home country and enrolling at a European university. To achieve this, the Commission will likely make full use of 2014 eIDAS regulations, borne of Europe’s electronic IDentification and trust Services initiative (eIDAS), which provides a fundamental framework for cross-border electronic identification, authentication, and website certifications within the EU.
The European Commission Is Going to Need to Partner with US Tech To Pull This Off
What the Commission’s announcement this week didn’t talk about was the technology of the digital wallet initiative itself. How will the European Commission build a framework for its EDI that is designed to weather the inevitable maelstrom of attacks from hackers and ransomware pirates? Not without the private sector, to be sure, and most likely not without the help of the very US technology companies that the European Commission is targeting with incessant (and one could argue overzealous) investigations and lawsuits.
Let’s consider the main attack vectors that the European Digital Identity will have to contend with in order to remain viable. This includes the app itself (with various operating systems responsible for enabling their own security patches), the multitude of devices that the EDI app will need to live on, network security, and beyond that, deeper infrastructure like datacenters. This means that the EC will likely need to partner with US tech giants like Google (Android and Cloud), Apple, Amazon (AWS), Microsoft (Azure), and chipmakers like Qualcomm and Intel to deliver on its initiative. Given this reality, it’s more than a little ironic given how aggressively the EC has gone after these very companies in recent years. Perhaps the opportunity to work with these companies on the EDI project will have a positive impact on the Commission’s opinion of the US technology ecosystem. Who knows? It wouldn’t be the worst thing.
As a side note, the moment I read about this EU-wide initiative, my mind traveled back to June 2019, when Qualcomm announced that the integrated Secure Processing Unit on its Snapdragon 855 Mobile Platform had earned Common Criteria EAL-4+ security certification, the gold standard for smart card hardware security assurance and testing. That 2019 certification made the Snapdragon 855 the first mobile SoC to attain smart card level security assurance. Qualcomm has since upgraded its flagship mobile platform to the far more powerful Snapdragon 888, a 5nm SoC with an ARM Cortex-X1 core, integrated 5G modem, and massive AI power, but the point is that Qualcomm was already working on making sure that its Snapdragon mobile platform would be on the bleeding edge of this type of use case two years ago. More to the point, as I recall, the certification had been approved by BSI (Bundesamt für Sicherheit in der Informationstechnik), the German Federal Office for Information Security. This is important because BSI’s certification program is likely to form the framework for many of the security standards and certifications for the EDI.
Why do I bring this up? Because it will be interesting to see if any upcoming Snapdragon mobile platform announcements (later this year) will once again focus on ISPUs and digital wallets. The same goes for Apple. My guess is…yes.
As to whether the EC will consider it prudent, or merely polite, to tap the brakes on its crusade against major US tech companies, at least until the EDI project is complete, I wouldn’t hold my breath just yet, but it might not be a stretch to expect a little more good faith come out of the EC than US tech giants are accustomed to. Keep an eye out for that too.
Futurum Research provides industry research and analysis. These columns are for educational purposes only and should not be considered in any way investment advice.
Other insights from Futurum Research:
Image Credit: ec.europa.eu