The European Credit Sector Associations (ECSAs) have provided comprehensive feedback on several draft implementing acts (IAs) related to the European Digital Identity Wallet (EUDIW). Our observations regarding the draft IAs for EUDIWs focus on the need for a consistent Europe-wide framework, emphasising the necessity to address critical issues to enhance the regulation’s effectiveness. Additionally, we have expressed concerns regarding the integrity and core functionalities of the EUDIWs, suggesting that the draft regulation should include more detail on core functions, regulatory references, and business models. Our feedback extends to protocols and interfaces, where we advocate for clearer guidance on necessary standards to ensure interoperability and effective deployment. Furthermore, we have addressed the provisions related to person identification data and electronic attestations, as well as notifications to the Commission concerning the EUDIWs ecosystem, underscoring the importance of robust and clear regulations in these areas.
In our contributions to the IAs, we also provided the Commission with the ECSAs’ considerations regarding the Architecture Reference Framework (ARF). The ECSAs have identified several key considerations that we believe should be integrated into the framework and the drafting of implementing acts stemming from the EUDIW Regulation. We have raised concerns about the current level of trust within the ARF, particularly regarding the binding of digital data to its subject, which poses risks of impersonation and fraud. To address this, we propose the introduction of a Passport-Grade Identity that incorporates advanced security features and biometrics, making biometric inclusion in Personal Identification Data (PID) mandatory. Additionally, we recommend the integration of Zero Knowledge Proof (ZKP) schemes into the ARF. Given the increasing demand for both convenience and security in online interactions, we stress the need for robust certification mechanisms within the EUDIW framework. Lastly, we highlight the necessity for clearer guidelines concerning the registration, certification, synchronisation, and de-registration processes for Relying Parties to facilitate smooth operations across jurisdictions. These reflections are vital for ensuring a coherent and harmonised approach across the EU in the implementation of the EUDIW Regulation.