Why we need a harmonized EU regulatory framework for digital identity verification

This blog summarizes what we believe are some of the shortcomings of the current EU regulations, and outlines our ideal solution for a new digital identity solution. Read the full report here.

Shortcomings of the current EU regulatory framework

Our call: the ideal solution for a new digital identity regulation 

eIDAS supports a limited amount of use cases, it lacks comprehensiveness. 

A comprehensive framework that supports all digital/online use cases, across all sectors & markets. 

There is no certifiable standard for digital identity providers. 

A standardized framework, certifiable around predefined Levels of Assurance. 

No harmonization across Member States and sectors. 

A mandatory and harmonized framework across the EU27 and all sectors. 

Innovative identity verification solutions are excluded, due to excessive prescription

Rules that are framed around tech neutrality and performance/outcome for business and end-users. 

 

The role of digital identity verification

Digital identity verification plays a crucial role in financial services and tech ecosystems in Europe. Knowing that a customer is who they say they are online, allows European businesses to onboard, authenticate and re-verify customers at scale, both quickly and securely, while fulfilling customer expectations. Not only does it help them grow, but also fuels their global competitiveness. 

Why do we need an EU-wide framework for digital identity verification?

Now more than ever, businesses around the world need to adapt and serve customers digitally. This has become more apparent during the current Covid-19 pandemic. Digitisation can help them to continue providing what are often vital services (for example in the healthcare space). 

Looking at an example, businesses that already rely on identity verification, such as banks, need to quickly switch from physical methods of verification (including face-to-face) and costly and time-consuming methods (such as live-video link identification) to a single, fully digitalized solution.

This means there’s an increased need for the EU to create a harmonized EU-wide framework that 1) supports digital identity verification and 2) allows European organizations to adopt safe and robust digital solutions. The upcoming eIDAS review provides an opportunity to look at digital identity more broadly. 

What are the shortcomings of the current EU regulatory framework?

We feel that the lack of cross-border standards at the EU level hinders the uptake of digital identity verification. Which means businesses are facing operational challenges as they digitize and expand across borders. 

1. eIDAS supports a limited amount of use-cases and lacks comprehensiveness

The current eIDAS framework provides a strong basis for specific use-cases of digital identity verification, including government digital identity schemes, e-signatures, seals and more. But it doesn’t support many other emerging use cases such as age verification, online healthcare, online education and online voting, among others.

2. There is a lack of a certifiable standard for digital identity providers

While eIDAS sets technical specifications for electronic seals and signatures, it falls short in setting standards for other digital identity verification use cases. Many businesses are currently unable to certify under the eIDAS regulation due to this lack of standardization.

3. No harmonization across Member States and sectors

Both the Commission’s ROFIEG report and the eID and KYC Expert Group report, recognize that national regulatory bodies across the EU have different standards with regards to the compliance of digital identity verification.

This fragmentation prevents access to face-to-face alternatives, such as digital solutions, and weakens the overall effectiveness of AML/CFT processes. 

4. Innovative identity verification solutions are excluded due to excessive prescription

With most businesses unable to certify under eIDAS, innovative digital identity verification solutions are blocked in some markets. While on the flip side, they are accepted as safe and robust in others.

What do we see as the ideal solution for an EU-wide framework?

1. The framework should support all digital and online use cases, across all sectors and markets

To ensure consumers can enjoy all the benefits that digital identity verification provides, the EU Commission should look to create a comprehensive framework for digital identity verification, not restricted to specific components and sectors. 

A framework should apply to all of the following, and more: age verification for online gambling, verification of identities for e-Pharmacies and telemedicine, as well as car rentals, home-sharing, social media verification and e-voting. 

2. A highly standardized framework, certifiable around predefined Levels of Assurance

With harmonized standards, the EU Commission can ensure businesses don’t need to implement tailored models in each jurisdiction. This will lead to reduced costs and make the EU market more accessible to new innovative solutions. 

Furthermore, this will strengthen the position of European digital identity verification providers. They will access more Member States, technologies, and consumers, strengthening Europe’s competitiveness in the field of digital identity. 

3. A mandatory and harmonized framework across the EU27 and all sectors

The current regulatory fragmentation around eKYC standards that exists across Member States causes a high level of uncertainty for businesses. While some EU Member States accept facial checks with video or static images, other Member States only accept identification via a synchronous video call. 

We believe that a future EU-wide certification scheme should provide for mutual recognition. Member States should accept solutions that are considered safe in others to ensure continuity for consumers and businesses alike. 

4. Rules framed around tech neutrality and performance/outcome for business and end-users

Restrictive, overly prescriptive and technology-specific models are harming competition by prohibiting new, innovative solutions from being adopted in some markets while having been accepted as safe and robust in others. So there should be a joint standard across the EU which allows innovative RegTechs, FinTechs and start-ups to access all markets across the EU. 

We believe that by adopting these changes, the EU Commission can put in place a comprehensive, unified, highly robust, standardized, and certifiable framework that promotes user convenience, inclusiveness, and innovation.

Previous Article
OnCamera Episode 2: AI with Mohan Mahadevan
OnCamera Episode 2: AI with Mohan Mahadevan

Onfido's VP of Research chats about our use of AI at Onfido, the steps we take to improve our AI and machin...

Next Article
Onfido, Deloitte and Evernym Prove that Re-usable Digital Identity is Market-Ready with the FCA Regulatory Sandbox
Onfido, Deloitte and Evernym Prove that Re-usable Digital Identity is Market-Ready with the FCA Regulatory Sandbox

Pilot results confirm the potential of reusable digital identity