Digital identity and eIDAS2: the new era of eGovernment

Transforming the state means redefining how we identify ourselves in the digital world. Digital identity, backed by European regulations such as the new eIDAS2, is emerging as the basis on which administrations, businesses and citizens will be able to interact securely, easily and across borders. In this context, experts such as Nacho Alamillo highlight both the opportunities and the legal challenges that this regulatory evolution towards a truly pan-European eGovernment brings with it.

Digital identity is a set of mechanisms that allow a person, company or institution to securely demonstrate who they are in the online environment. Unlike traditional identification, which is based on physical documents or face-to-face procedures, this model uses verifiable electronic credentials that replace paper and facilitate interaction with public and private services. Its main objective is to ensure trust in a world where more and more transactions, from opening a bank account to enrolling at a university, are carried out remotely.

Within the context of the European Union, digital identity does not function as a sum of isolated initiatives in each country, but is part of a framework regulated by standards, such as eIDAS and its subsequent reforms. The first major step was the eIDAS Regulation (2014), which gave legal force to the mutual recognition of electronic identities and trust services across the EU.

On that basis, common technical standards (e.g., requirements for digital wallets) are developed so that documents and credentials can be verified between countries, enhancing security, reducing bureaucratic barriers and promoting smoother digital cooperation between citizens, businesses and administrations.

A digital identity is built on different elements that guarantee its validity and security. These include digital certificates, which act as a kind of electronic "card" issued by a trusted authority; cryptographic key pairs (public key and private key), which ensure that only the legitimate holder can sign or access certain information; and digitised national identifiers, such as the electronic ID card in Spain, which transfer the function of the physical document to the online environment. In addition to these components, there are digital wallets: electronic wallets in which citizens can store and present credentials, such as academic qualifications, professional licences or driving licences, in a simple and verifiable way.

The big difference compared to traditional methods, such as a physical ID card or a paper degree, is that digital identities allow information to be validated in seconds, electronic signatures to be made with full legal validity, verifiable attributes to be shared and transferred between systems without the need for copies or intermediate steps. While traditional documents rely on centralised registers and slow processes, digital identities rely on interoperable, and in many cases, distributed structures that reduce administrative frictions, increase portability between countries and enhance protection against fraud or manipulation.

The eIDAS2 Regulation, (Regulation (EU) 2024/1183) adopted on 11 April 2024 and in force since 20 May 2024, is the revision of the European legal framework governing electronic identification and trust services. It is a decisive step towards a common digital identity within the European Union, establishing shared standards that allow citizens and businesses to interact online with guarantees equivalent to those in the physical world. One of its main innovations is the introduction of the EU Digital Identity Wallet, an EU-certified digital wallet, which will allow anyone to store and present electronic credentials with full legal validity across all Member States. Alongside this development, eIDAS2 strengthens trust services, such as electronic signatures, seals or time stamps, ensuring that digital transactions are secure, auditable and recognised across borders.

Objectives of the eIDAS2 regulation

The goals of eIDAS2 can be summarised into four key areas: ensuring mutual recognition of digital identities across the EU, giving citizens more control over their personal data and credentials, boosting technical interoperability between Member States, and making it easier for both public and private services to be validated automatically and securely. The aim is to create a more integrated, reliable and accessible European digital space.

Electronic signature types and trust levels

The regulation distinguishes between three types of electronic signatures: simple, advanced and qualified. The simple signature is used to validate everyday documents, while the advanced guarantees a stronger link to the signatory and the integrity of the document. The qualified signature has the highest level of legal certainty and is the only signature that has the same legal value as a handwritten signature in all EU Member States. This classification allows the level of protection and trust to be adjusted according to the type of transaction or document.

The European digital wallet explained

The European digital wallet is the cornerstone of eIDAS2. It is a Europe-wide certified application that will allow citizens and businesses to store, manage and share credentials such as academic qualifications, professional licences, residence permits and company data. One of its key features is that the user will decide what information they share, with whom and at what time, thus ensuring control and privacy. Moreover, it will be designed to work automatically in all EU countries, so that a diploma issued in Spain can be immediately validated in Germany or a professional licence recognised in Italy. The European Commission has already approved implementation regulations that set out the essential functions of these wallets, including security, interoperability and cross-border recognition.

Large-scale pilots are currently underway in 26 Member States, and the European Commission has set a target that by December 2026 all countries should offer at least one EU Digital Identity Wallet for citizens, residents and businesses.

The implementation of the eIDAS2 regulation opens up a scenario of concrete benefits that impact on different levels.

For citizens, it is a step towards secure, cross-border digital access. With a single identity mechanism valid across all Member States, any person can be authenticated in Spain, France or Germany with the same legal validity. This model also reinforces individual sovereignty over data: the user decides what attributes to share, with whom and at what time, avoiding overexposure of personal information.

Companies benefit from cost and time reductions in key processes. With verifiable identities and attributes, they can automate verification of customers, contracts or accreditations without relying on time-consuming or costly manual processes. Furthermore, eIDAS2 ensures that these procedures comply with European regulations from the outset, which reduces legal risks and facilitates the expansion of business in other EU countries.

As for public administrations, the framework brings efficiency and reduced reliance on paper. Formalities such as official notifications, registrations or the granting of licences can be carried out entirely digitally with full legal validity. This not only reduces bureaucracy and waiting times, but also increases transparency and traceability of administrative procedures.

Overall, eIDAS2 establishes a common ground that provides trust and agility, balancing security and usability for all actors involved.

In Spain there are already concrete initiatives showing how digital identity and verifiable credentials are being implemented, some in the pilot phase, in order to modernise traditional processes.

A relevant case is CertiDigital, an inter-university project promoted within the UniDigital Plan involving more than twenty Spanish universities. Through this system, academic institutions are developing capacity to issue verifiable digital credentials (micro-credentials, certificates of attendance, professional competences) with European standards, and exploring their integration with infrastructures such as EBSI. In the initial stages, these credentials will allow students and universities to share and validate degrees or certifications without manual intervention or paper.

In this context, it is worth mentioning the Spanish eIDAS node, which allows the eDNI electronic ID card to be recognised by eGovernment services in other countries. Thanks to this infrastructure, a Spanish citizen can use their eID to access procedures in France or Germany, while a European citizen can use their national identity to interact with public services in Spain. This interoperability represents the practical application of the principle of mutual recognition set out in eIDAS, and shows how European regulation translates into tangible benefits for the mobility of people and businesses.

Another emerging example is the new digital ID card, approved by the government, which can be used as a means of identification via a mobile application. Initially it will be functional for face-to-face transactions, and is expected to gradually become fully valid for online procedures.

Finally, the Fábrica Nacional de Moneda y Timbre (FNMT-RCM), the National Mint, already offers pilots on verifiable identity credentials: users can go through a video-identification process, the automatic verifications and asynchronous validations of which allow credentials to be issued in the corresponding digital wallet.

The implementation of eIDAS2 marks a turning point in the way citizens, businesses and administrations interact in Europe. By consolidating a common digital identity framework, the regulation not only strengthens security and trust, but also opens the door to a more streamlined, interoperable and accessible eGovernment.

Spain is already taking firm steps with pioneering projects and an infrastructure aligned with European standards, positioning the country at the forefront of this transformation. The challenge now is to ensure that all actors take advantage of the opportunities offered by this framework: more efficiency for institutions, more competitiveness for businesses and more control for citizens in a digital environment that transcends borders.

You can read more on the ISBE website.