The eIDAS2 Regulationthe European Union’s Strategic Vision to Regulate a Digital Identity Metasystem under Citizens’ Control as a Public Service

Resum

Identity, in digital format now, emerges as the cornerstone for a society undergoing a profound technological transformation. However, to date, there is no harmonized form of digital identity, but its provision is assumed by very different providers relying on a limited or insufficient form of regulation. In an environment of regulatory insufficiency, digital identity ecosystems have evolved into models raising critical challenges that existing regulations cannot effectively address. In particular, privacy and security are threatened in existing digital identity models, and essential processes have been monopolized by a reduced number of providers. The main drawback, however, is that citizens lack control and assurance over their digital existence. Digital identity is governed in the European Union by the eIDAS Regulation, a multifaceted regulation with a dual legal regime covering electronic identification and trust services. Yet, the first version has been essentially limited to public services beyond other constraints in the digital identity model created that demanded its adaptation. However, identification is a national matter, and therefore, the eIDAS Regulation offers broad implementation possibilities leading to different results. While some countries have opted for a public approach, others have already enabled the participation of private providers, offering lessons that are particularly valuable today with the adoption of eIDAS2. The updated Regulation aims to transform the digital identity ecosystem, paving the way for a model where the role of the identity provider is assumed by different entities, and the user is placed at the center of the ecosystem. At the heart of this Regulation is the European Union Digital Identity Wallet, an innovative form of electronic identification means that also aims to unlock the potential of an ecosystem of identity credentials. The arrival of eIDAS2 marks a key milestone in the digital identity sector, introducing a new form of harmonized digital identity at the European Union level, where Member States are bound to play a guarantor role in its provision. Consequently, independently of the entity that ultimately provides the service, it must do so subject to public service guarantees and obligations. It is suggested in this thesis that the configuration of the Wallet as a public service and its associated legal effects may have repercussions in applicable national law. In the case of Spanish Administrative Law, it could entail the exercise of administrative power, which in turn demands compliance with the requirements for their attribution and exercise. Nevertheless, the provision of the Wallet is only the first step in the new ecosystem; for it to function properly, it is also necessary to define a statute of rights, obligations, and guarantees for its core participants. Ultimately, this thesis aims to question the development that the digital identity layer of the Internet has experienced so far, as a domain predominantly in the hands of the private sector and with timid attempts by the public sector to regulate it. The ability to establish our existence in the digital realm is crucial for exercising our rights and participating effectively in society. Recent events, combined with the loss of sovereignty by the State, have significantly called for a change in the state of affairs in digital identity services, where the digital identity layer, at least for natural persons, must be a public service. However, while recognizing that the role of the State and Public Law will be crucial, it must be acknowledged that the digital sphere is something new and different and will play by different rules than in the past and that while upholding the rule of law is important, it is equally important not to rush to fit new ideas into old frameworks. Autor/es principal/es: Timón López, María Cristina