BETA

Activities of Marcel KOLAJA related to 2021/0136(COD)

Shadow opinions (1)

OPINION on the proposal for a regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity
2022/09/14
Committee: IMCO
Dossiers: 2021/0136(COD)
Documents: PDF(262 KB) DOC(168 KB)
Authors: [{'name': 'Andrus ANSIP', 'mepid': 124696}]

Amendments (39)

Amendment 13 #
Proposal for a regulation
Recital 1
(1) The Commission Communication of 19 February 2020, entitled “Shaping Europe’s Digital Future”16 announces a revision of Regulation (EU) No 910/2014 of the European Parliament and of the Council with the aim of improving its effectiveness, extend its benefits to the private sector and promote trusted digital identities for all Europeanscitizens and other residents as defined by national law. _________________ 16 COM/2020/67 final
2022/05/24
Committee: IMCO
Amendment 19 #
Proposal for a regulation
Recital 7
(7) It is necessary to set out the harmonised conditions for the establishment of a framework for European Digital Identity Wallets to be issued by Member States, which should empower all Union citizens and other residents as defined by national law to retain full control over their choice to use the Wallet, to store data and to share securely data related to their identity in a user friendly and convenient way under the sole control of the user. Technologies used to achieve those objectives should be developed aiming towards the highest level of security, user convenience and wide usdata protection, user convenience, wide usability and extensive interoperability. Member States should ensure equal access to digital identification to all their nationals and residents, including vulnerable persons, such as persons with disabilities, persons who experience functional limitations, such as elderly persons, and persons with limited access to digital technologies. They should not, directly or indirectly, limit access to government services, government-funded services, labour or business rights of individuals who do not use the European Digital Identity Wallet and should develop and ensure free availability of alternative solutions for such individuals.
2022/05/24
Committee: IMCO
Amendment 24 #
Proposal for a regulation
Recital 8
(8) In order to ensure compliance within Union law or national law compliant with Union law, service providers should communicate their intent to rely on the European Digital Identity Wallets to Member States. That will allow Member States to protect users from fraud and prevent the unlawful use of identity data and electronic attestations of attributes as well as to ensure that the processing of sensitive data, like health data, can be verified by relying parties in accordance with Union law or national law. Entities that are not established in a Member State may therefore not become relying parties.
2022/05/24
Committee: IMCO
Amendment 25 #
Proposal for a regulation
Recital 9
(9) All European Digital Identity Wallets should allow users , in a manner that is transparent and traceable, to securely request and obtain, store, select, combine and share the necessary legal person identification data and electronic attestation of attributes, while ensuring that selective disclosure is possible to electronically identify and authenticate online and offline across borders for accessing a wide range of public and private services and to create and use qualified electronic signatures and seals which are accepted across the Union. Without prejudice to Member States’ prerogatives as regards the identification of their nationals and residents, Wallets can also serve the institutional needs of public administrations, international organisations and the Union’s institutions, bodies, offices and agencies. Offline use would be important in many sectors, including in the health sector where services are often provided through face-to-face interaction and ePrescriptions should be able to rely on QR-codes or similar technologies to verify authenticity. The European Digital Identity Wallet should also allow the user to consult the history of the transactions, transfer the wallet's data, restore the access on a different device and block access to the wallet in case of a security breach that leads to its suspension, revocation or withdrawal, and offer the possibility to contact support services of the wallet's issuer. Relying on the level of assurance “high”, the European Digital Identity Wallets should benefit from the potential offered by tamper-proof solutions such as secure elements, to comply with the security requirements under this Regulation. The European Digital Identity Wallets should also allow users to create and use qualified electronic signatures and seals which are accepted across the EU. To achieve simplification and cost reduction benefits to persons and businesses across the EU, including by enabling powers of representation and e- mandates, Member States should issue European Digital Identity Wallets relying on common standards to ensure seamless interoperability and a high level of security. Those European Digital Identity Wallets should be developed in a manner that ensures a high level of security, including the encryption of content. They should ensure their seamless interoperability by relying for instance on the use of open-source technology or reflecting the ability to function on major operating systems. Only Member States’ competent authorities can provide a high degree of confidence in establishing the identity of a person and therefore provide assurance that the person claiming or asserting a particular identity is in fact the person he or she claims to be. It is therefore necessary that the European Digital Identity Wallets rely on the legal identity of citizens, other residents or legal entities. Trust in the European Digital Identity Wallets would be enhanced by the fact that issuing parties are required to implement appropriate technical and organisational measures to ensure a level of security commensurate to the risks raised for the rights and freedoms of the natural persons, in line with Regulation (EU) 2016/679.
2022/05/24
Committee: IMCO
Amendment 31 #
Proposal for a regulation
Recital 12 a (new)
(12 a) It is essential to use open source principles and transparency to achieve better security and faster development.
2022/05/24
Committee: IMCO
Amendment 34 #
Proposal for a regulation
Recital 15
(15) Streamlining of the current notification, in particular by diligent ongoing assessment by the Commission and peer-review procedures, will prevent heterogeneous approaches to the assessment of various notified electronic identification schemes and facilitate trust- building between Member States. New, simplified, mechanisms should foster Member States’ cooperation on the security and interoperability of their notified electronic identification schemes.
2022/05/24
Committee: IMCO
Amendment 36 #
Proposal for a regulation
Recital 17
(17) Service providers use the identity data provided by the set of person identification data available from electronic identification schemes pursuant to Regulation (EU) No 910/2014 in order to match users from another Member State with the legal identity of that user. However, despite the use of the eIDAS data set, in many cases ensuring an accurate match requires additional information about the user and specific unique identification procedures at national level. To further support the usability of electronic identification means, this Regulation should require Member States to take specific measures to ensure a correct identity match in the process of electronic identification. For the same purpose, this Regulation should also extend the mandatory minimum data set and require the use of a unique and persistentcryptographically verifiable electronic identifier in conformity with Union law in those cases where it is necessary to legally identify the user upon his/her request in a unique and persistent way.
2022/05/24
Committee: IMCO
Amendment 40 #
Proposal for a regulation
Recital 18
(18) In line with Directive (EU) 2019/88222 , persons with disabilities should be able to use the European digital identity wallets, trust services and end-user products used in the provision of those services on an equal basis, with an emphasis on ensuring that the quality of user experience is on a par with that of other users. _________________ 22 Directive (EU) 2019/882 of the European Parliament and of the Council of 17 April 2019 on the accessibility requirements for products and services (OJ L 151, 7.6.2019, p. 70).
2022/05/24
Committee: IMCO
Amendment 50 #
Proposal for a regulation
Recital 28
(28) Wide availability and usability of the European Digital Identity Wallets require their acceptance and trust by both private individuals and by private service providers. Private relying parties providing services in the areas of transport, energy, banking and financial services, social security, health, drinking water, postal services, digital infrastructure, education or telecommunications should accept the use of European Digital Identity Wallets for the provision of services where strong user authentication for online identification is required by national or Union law or by contractual obligation. Where very large online platforms as defined in Article 25.1. of Regulation [reference DSA Regulation] require users to authenticate to access online services, those platforms should be mandated to accept the use of European Digital Identity Wallets upon voluntary request of the user. Users should be under no obligation to use the wallet to access private services, but i and should not be discriminated against for not using the wallet. If they wish to do so, large online platforms should accept the European Digital Identity Wallet for this purpose while respecting the principle of data minimisation and other legal safeguards. Given the importance of very large online platforms, due to their reach, in particular as expressed in number of recipients of the service and economic transactions this is necessary to increase the protection of users from fraud and secure a high level of data protection. The Commission should assess the effectiveness of these provisions for the availability and usability for the user of the European Digital Identity Wallets after 18 months of their deployment and propose revision of their provisions to ensure their acceptance by means of delegated acts in the light of this assessment. Self- regulatory codes of conduct at Union level (‘codes of conduct’) should be developed, with clear targets, in order to contribute to wide availability and usability of electronic identification means including European Digital Identity Wallets within the scope of this Regulation. The codes of conduct should facilitate wide acceptance of electronic identification means including European Digital Identity Wallets by those service providers which do not qualify as very large platforms and which rely on third party electronic identification services for user authentication. They should be developed within 12 months of the adoption of this Regulation. The Commission should assess the effectiveness of these provisions for the availability and usability for the user of the European Digital Identity Wallets after 18 months of their deployment and revise the provisions to ensure their acceptance by means of delegated acts in the light of this assessment.
2022/05/24
Committee: IMCO
Amendment 55 #
Proposal for a regulation
Recital 32
(32) Website authentication services provide users with assurance that there is a genuine and legitimate entity standing behind the website. Those services contribute to the building of trust and confidence in conducting business online, as users will have confidence in a website that has been authenticated. The use of website authentication services by websites is voluntary. However, in order for website authentication to become a means to increasing trust, providing a better experience for the user and furthering growth in the internal market, this Regulation lays down minimal security and liability obligations for the providers of website authentication services and their services. To that end, web-browsers should ensure support and interoperability with Qualified certificates for website authentication pursuant to Regulation (EU) No 910/2014. They should recognise and display Qualified certificates for website authentication to provide a high level of assurance,additional rules for qualified certificates for website authentication pursuant to Regulation (EU) No 910/2014 and establishes an EU Digital Identity Compliance Label, certifying that the owner of the website in question has been properly identified. This will allowing website owners to assert their identity as owners of a website and users to identify the website owners with a high degree of certainty. To further promote their usage, public authorities in Member States should consider incorporating QEU Digital Identity Compliance Label and qualified certificates for website authentication in their websites.
2022/05/24
Committee: IMCO
Amendment 57 #
Proposal for a regulation
Recital 36
(36) In order to avoid fragmentation and barriers, due to diverging standards and technical restrictions, and to ensure a coordinated process to avoid endangering the implementation of the future European Digital Identity framework, a process for close and structured cooperation between the Commission, Member States, civil society, academics and the private sector is needed. To achieve this objective, Member States should cooperate within the framework set out in the Commission Recommendation XXX/XXXX [Toolbox for a coordinated approach towards a European Digital Identity Framework]26 to identify a Toolbox for a European Digital Identity framework. The Toolbox should include a comprehensive technical architecture and reference framework for the decentralised self sovereign architecture of the European Digital Identity Wallet, a set of common standards and technical references and a set of guidelines and descriptions of best practices covering at least all aspects of the functionalities and interoperability of the European Digital Identity Wallets including eSignatures and of the qualified trust service for attestation of attributes as laid out in this regulation. In this context, Member States should also reach agreement on common elements of a business model and fee structure of the European Digital Identity Wallets, to facilitate take up, in particular by small and medium sized companies in a cross-border context. The content of the toolbox should evolve in parallel with and reflect the outcome of the discussion and process of adoption of the European Digital Identity Framework. _________________ 26 [insert reference once adopted]
2022/05/24
Committee: IMCO
Amendment 65 #
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i
Regulation (EU) 910/2014
Article 3 – paragraph 1 – point 48
(48) ‘qualified electronic archiving service’ means a service ensuring the receipt, storage, deletion and transmission of electronic data or documents, guaranteeing their integrity, the accuracy of their origin and legal features throughout the conservation period and that meets the requirements laid down in Article 45g;
2022/05/24
Committee: IMCO
Amendment 66 #
Proposal for a regulation
Article 1 – paragraph 1 – point 3 – point i
Regulation (EU) 910/2014
Article 3 – paragraph 1 – point 49
(49) ‘EU Digital Identity Wallet Trust MarkCompliance Label’ means an indication in a simple, recognisable and clear manner that a Digital Identity Wallet has been issued in accordance with this Regulation;
2022/05/24
Committee: IMCO
Amendment 70 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6 – paragraph 1a (new)
1 a. The European Digital Identity Wallet shall have the following characteristics: (a) use a decentralised identity architecture, including decentralised identifiers; (b) provide access to cryptographically verifiable, specific, discrete parts of the wallet and personal identity; (c) allow creation of unique, private and secure peer-to-peer connections between two parties; (d) be under full control of the person or entity to whom it belongs, including revocability and self certification.
2022/05/24
Committee: IMCO
Amendment 76 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7 Regulation (EU) 910/2014
(a) securely request and obtain, store, select, combine and share, in a manner that is transparent to, controlled and traceable by the user, the necessary legal person identification data and electronic attestation of attributes to authenticate online and offline in order to use online public and private services;
2022/05/24
Committee: IMCO
Amendment 79 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6a – paragraph 3 – point b
(b) sign by means of qualified electronic signatures.
2022/05/24
Committee: IMCO
Amendment 80 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6a – paragraph 3 – point b a (new)
(b a) make an informed decision about the sharing of personal information with relying parties. This includes identification of the relying party, complete or partial refusal of information requests from relying parties, a full transaction history and information about the exercise of their rights.
2022/05/24
Committee: IMCO
Amendment 84 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6a – paragraph 4 – point a – subpoint (iv)
(4) for the user to allow interaction with the European Digital Identity Wallet and display an “EU Digital Identity Wallet Trust MarkCompliance Label”;
2022/05/24
Committee: IMCO
Amendment 85 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6a – paragraph 4 – point a – subpoint iv a (new)
(4 a) for relying parties to be uniquely identified and limited to requesting information based on their approval from their Member State of establishment in accordance with Article 6b(1);
2022/05/24
Committee: IMCO
Amendment 86 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6a – paragraph 4 – point b
(b) ensure that trust service providers of qualified attestations of qualified or non-qualified attributes cannot receive any information about the use of these attributes;
2022/05/24
Committee: IMCO
Amendment 87 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6a – paragraph 4 – point d
(d) provide a mechanism to ensure that the relying party is able to authenticate the user andor to receive electronic attestations of attributes; via selective disclosures that are not linkable to the user and that minimise the processing of personal data. Where attestations of attributes are adequate for the purposes of the relying party, no prior electronic authentication or identification shall take place;
2022/05/24
Committee: IMCO
Amendment 90 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6a – paragraph 4 – point e
(e) ensure that the person identification data referred to in Articles 12(4), point (d) uniquely and persistently represent the natural or legal person is associated with it.
2022/05/24
Committee: IMCO
Amendment 115 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
1. Where relying parties intend to rely upon European Digital Identity Wallets issued in accordance with this Regulation, they shall communicate it torequest approval from the Member State where the relying party is established to ensure compliance with requirements set out in Union law or national law for the provision of specific services. When communicating their intention to rely on European Digital Identity wallets, they shall also inform about the intended use of the European Digital Identity Wallet.
2022/05/24
Committee: IMCO
Amendment 118 #
Proposal for a regulation
Article 1 – paragraph 1 – point 7
Regulation (EU) 910/2014
Article 6b – paragraph 3
3. Relying parties shall be responsible for communicating their unique identifier in every interaction with the European Digital Identity Wallet and carrying out the procedure for authenticating person identification data and electronic attestation of attributes originating from European Digital Identity Wallets.
2022/05/24
Committee: IMCO
Amendment 125 #
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Regulation (EU) 910/2014
Article 11a – title
UniqueEuropean Digital Identity Wallet Identificationers
2022/05/24
Committee: IMCO
Amendment 127 #
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Regulation (EU) 910/2014
Article 11a – paragraph 1
1. When notified electronic identification means and the European Digital Identity Wallets are used for authentication, Member States shall ensure unique identificationthat cryptographically verifiable identifiers are used.
2022/05/24
Committee: IMCO
Amendment 128 #
Proposal for a regulation
Article 1 – paragraph 1 – point 12
Regulation (EU) 910/2014
Article 11a – paragraph 2
2. Member States shall, for the purposes of this Regulation, include in the minimum set of person identification data referred to in Article 12.4.(d), a unique and persistentthat cryptographically verifiable identifiers are used in conformity with Union law, to identify the user upon their request in those cases where identification of the user is required by law.
2022/05/24
Committee: IMCO
Amendment 132 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
3. Where very large online platforms as defined in Regulation [reference DSA Regulation] Article 25.1. require users to authenticate to access online services, alongside their own authentication systems, they shall also accept the use of European Digital Identity Wallets issued in accordance with Article 6a strictly upon voluntary request of the user and in respect of the minimum attributes necessary for the specific online service for which authentication is requested, such as proof of age. In this case, revocable pseudonyms can be generated and used in connection to an identifiable European Digital Identity Wallets.
2022/05/24
Committee: IMCO
Amendment 139 #
Proposal for a regulation
Article 1 – paragraph 1 – point 16
Regulation (EU) 910/2014
Article 12b – paragraph 5
5. The Commission shall make an assessment within 18 months after deployment of the European Digital Identity Wallets whether on the basis of evidence showing availability and usability of the European Digital Identity Wallet, additional private online service providers shall be mandated to accept the use of the European Digital identity Wallet strictly upon voluntary request of the user. Criteria of assessment may include extent of user base, cross-border presence of service providers, technological development, evolution in usage patterns. The Commission shall be empowered to adopt delegated acts based on this assessment, regarding a revision of the requirements for recognition of the European Digital Identity wallet under points 1 to 4 of this article.deleted
2022/05/24
Committee: IMCO
Amendment 160 #
Proposal for a regulation
Article 1 – paragraph 1 – point 38
Regulation (EU) 910/2014
Article 45 – paragraph 2
2. Qualified certificates for website authentication referred to in paragraph 1 shall be recogaccompanised by web-browsers. For those purposes web-browsers shall ensure that the identity data provided using any of the methods is displayed in a user friendly manner. Web-browsers shall ensure support and interoperability with qualified certificates for websitean EU Digital Identity Compliance Label, certifying that the owner of the website in question has been properly identified. Website owners will authenomatication referred to in paragraph 1, with the exception of enterprises, considered to be microenterprises and small enterprises in accordance with Commission Recommendation 2003/361/EC in the first 5 years of oplly receive the right to use the EU Digital Identity Compliance Label once they have been issued with qualified cerating as providers of web- browsing servicficates.
2022/05/24
Committee: IMCO
Amendment 161 #
Proposal for a regulation
Article 1 – paragraph 1 – point 38
Regulation (EU) 910/2014
Article 45 – paragraph 2 a (new)
2 a. For the purpose of enhancing security and trust, a EU database of trusted websites shall be established by the Commission. The issuers of qualified certificates for website authentication will automatically feed the appropriate data into the database.
2022/05/24
Committee: IMCO
Amendment 162 #
Proposal for a regulation
Article 1 – paragraph 1 – point 38
Regulation (EU) 910/2014
Article 45 – paragraph 3
3. Within 12 months of the entering into force of this Regulation, the Commission shall, by means of implementing acts, provide the specifications and reference numbers of standards for qualified certificates for website authentication referred to in paragraph 1 and the design and mechanisms for the EU Digital Identity Compliance Label and the EU database detailed above. Those implementing acts shall be adopted in accordance with the examination procedure referred to in Article 48(2).;
2022/05/24
Committee: IMCO
Amendment 164 #
Proposal for a regulation
Article 1 – paragraph 1 – point 39
Regulation (EU) 910/2014
Article 45c – paragraph 3
3. Where a qualified electronic attestation of attributes has been revoked after initial issuance, it shall lose its validity from the moment of its revocation, and its status shall not in any circumstances be reverted. Only relying parties with which the user shares this attribute shall be able to obtain knowledge of its revocation.
2022/05/24
Committee: IMCO
Amendment 171 #
Proposal for a regulation
Article 1 – paragraph 1 – point 40
Regulation (EU) 910/2014
Article 48a – paragraph 2 – point c a (new)
(c a) the number of security incidents reported, categorised by type;
2022/05/24
Committee: IMCO
Amendment 173 #
Proposal for a regulation
Article 1 – paragraph 1 – point 40
Regulation (EU) 910/2014
Article 48a – paragraph 2 – point c b (new)
(c b) the number of user complaints, categorised by type.
2022/05/24
Committee: IMCO
Amendment 177 #
Proposal for a regulation
Annex V – paragraph 1 – point f
(f) the attestation identity coderyptographically verifiable character string, which must be unique for the qualified trust service provider and if applicable the indication of the scheme of attestations that the attestation of attributes is part of;
2022/05/24
Committee: IMCO
Amendment 181 #
Proposal for a regulation
Annex VI – paragraph 1 – point 3
3. Gender;deleted
2022/05/24
Committee: IMCO
Amendment 182 #
Proposal for a regulation
Annex VI – paragraph 1 – point 4
4. Civil status;deleted
2022/05/24
Committee: IMCO
Amendment 183 #
Proposal for a regulation
Annex VI – paragraph 1 – point 5
5. Family composition;deleted
2022/05/24
Committee: IMCO