Finland should wait for the European Digital Identity before trying to fix something that isn’t broken

On 3 June 2021, the European Commission proposed a framework for a European Digital Identity which will be available to all EU citizens, residents, and businesses.

According to the Commission, citizens will be able to prove their identity and share electronic documents from their European Digital Identity Wallets with just a tap on their smartphones. Citizens should be able to access online services with their national digital identification, which will be recognised throughout Europe, and extensive platforms will be required to accept the use of European Digital Identity Wallets upon request of the user, for example, to prove their age.

The proposal for a regulation (COM(2021) 281 final) establishing the framework for the European Digital Identity requires Member States to issue a European Digital Identity Wallet under a notified eID scheme under common technical standards, following a compulsory compliance assessment and voluntary certification within the European cybersecurity certification framework, as established by the Cybersecurity Act. According to the proposal, Member States should issue European Digital Identity Wallets under common standards to ensure seamless interoperability and a high level of security. Issuing the harmonised wallets based on these common technical standards would also provide a common EU approach which will benefit users and parties relying on the availability of secure cross-border electronic identity solutions. The European Digital Identity Wallets could be issued by a Member State, under a mandate from a Member State or independently but recognised by a Member State.

At the same time, the Finnish Ministry of Finance started a digital identity development project last October. Its aim is to develop electronic identification for Finnish citizens and anyone else living in Finland and to promote the development of functional solutions for identification. The project’s objectives include facilitating the registration of foreign nationals and their electronic identification in Finland as well as enabling cross-border electronic identification from Finland and creating equal conditions and opportunities for everyone to use digital identity in public services.

The problem with the current Ministry of Finance project, however, is its timing. Finland has a well-functioning and competitive market for strong electronic identification services. According to a report by the Finnish Transport and Communications Agency Traficom and the Finnish Competition and Consumer Authority, a study of this market showed that it mainly functions well, and legislative and regulatory changes that have been implemented in recent years have further opened it up to competition while removing significant obstacles to competition. Citizens have been satisfied with the strong electronic identification means that are currently available, and thus a possible state-provided means of identification is not seen as being absolutely necessary. The vast majority of the Finnish population has access to strong electronic identification means. Mobile ID, an electronic identification stored on a SIM card, developed by Finnish mobile telephone network operators DNA, Elisa, and Telia, has grown in popularity. Mobile ID already works for using over 1,000 services, including health care, municipal, state administration, educational institution, banking, financing, and insurance services. In addition to Mobile ID, almost every Finn has online codes provided by Finnish banking services that can also be used for strong electronic identification.

According to the Commission proposal, each Member State would need to issue a European Digital Identity Wallet within 12 months after the final regulation comes into force, but the EU decision-making process on these new wallets has just begun. Both the European Parliament and the Council still need to figure out what their view on the proposal is, so it could take over a year just to finalise the regulation – let alone get it to come into force. Member States must agree on a toolbox for the European Digital Identity framework by September 2022. This toolbox would include a comprehensive technical architecture and reference framework and a set of common standards and technical references. It would also lead to a set of guidelines and descriptions of best practices, encompassing at least all aspects of the functionalities and interoperability of the European Digital Identity Wallets including eSignatures, as well as covering the qualified trust services for the attestation of attributes as laid out in the upcoming regulation. This timeframe, along with the slow-moving EU legislative process regarding the proposed regulation, does not coincide with the Finnish Ministry of Finance’s plans to finalise its own project before June 2023. For this reason, we believe that Finland should put a hold on its national plans and wait for the EU-wide standards and introduction of the European Digital Identity Wallets rather than work on something of its own just to have it replaced shortly afterwards under the common EU standards.

Asko Metsola, Legal Affairs, FiCom