The EACB, alongside the other members of the European Credit Sector Associations (ECSAs), has submitted comments on three draft Implementing Acts under eIDAS 2.0, which respectively:
- update the standards and technical specifications for qualified electronic attestations of attributes;
- amend the rules on information that wallet relying parties must provide to national registers; and
- adjust the technical references and architecture specifications needed to ensure the interoperable implementation of the EUDIW.
The ECSAs highlight the need for clear, proportionate and interoperable technical requirements to ensure that the EUDIW can be implemented effectively by financial institutions and other relying parties.
A first set of comments focuses on interoperability, technological neutrality and architectural clarity. The ECSAs recommend allowing equivalent authentication solutions rather than mandating a single mechanism and call for clearer rules on the linkage between pseudonym registration and electronic attestations, including further guidance on the level of ‘link’ to be retained for certificates. They also underline the need for consistent, risk based requirements, particularly where fixed validity periods, single use obligations or hardware dependent solutions may create operational dependencies or limit scalability.
A second core theme concerns privacy, data minimisation and legal certainty. The ECSAs request measurable criteria for privacy-preserving revocation mechanisms, clarification that, only strictly necessary data should be included in the verification result and safeguards against the creation of EU wide persistent identifiers. They also stress the importance of avoiding mandatory references to technical standards that are still pending adoption and of introducing transitional periods where new certification or cryptographic specifications apply.
Finally, the ECSAs raise several practical implementation and governance issues. These include the need for clearer allocation of responsibilities when intermediaries act on behalf of relying parties; minimum safeguards for public access to national registers (e.g., rate limiting, abuse detection, differentiated access for bulk queries); clarification of ambiguous terminology such as ‘data set’; and the possibility for Member States to rely on pagination limits or download thresholds when full dataset retrieval is requested.
Through these contributions, the EACB reiterates its commitment to supporting a secure and interoperable European Digital Identity framework, while ensuring that requirements remain proportionate and workable for all actors involved.