eIDAS 2.0 Regulation Compliance in Denmark

eIDAS 2.0 (Regulation (EU) 2024/1183) is the substantially revised version of the original eIDAS Regulation (Regulation (EU) 910/2014), published in the Official Journal of the EU on April 30, 2024. The original eIDAS (2014) created the EU framework for electronic identification and trust services — establishing legal recognition for qualified electronic signatures, electronic seals, timestamps, and certified delivery services. eIDAS 2.0 significantly expands this framework by: (1) Introducing the EU Digital Identity Wallet (EUDIW): a personal digital identity tool that all EU member states must provide to their citizens and businesses. (2) Mandating acceptance: Key sectors (banking, telecoms, healthcare, government services, transport, energy, insurance) must accept the EUDIW from users who choose to use it. (3) Expanding trust services: New trust service categories including electronic attestation of attributes, electronic archiving, electronic ledger services, and management of remote electronic signature/seal creation devices. (4) Strengthening QTSP oversight: More prescriptive security requirements, updated conformity assessment processes, and harmonized supervisory powers. eIDAS 2.0 represents the EU's ambition to give every EU citizen a secure, universally accepted digital identity that works across borders, sectors, and devices.

eIDAS 2.0 makes six major changes relative to the original eIDAS 1.0 framework: (1) EU Digital Identity Wallet: The single largest addition. eIDAS 1.0 had no wallet concept; eIDAS 2.0 creates a mandatory EUDIW that member states must issue and key sectors must accept. (2) Attribute attestation: eIDAS 2.0 introduces qualified electronic attestation of attributes (QEAA) as a new trust service — enabling verified, privacy-preserving sharing of credentials (age, qualifications, health data) without exposing underlying identity documents. eIDAS 1.0 had no equivalent. (3) New trust service categories: Electronic archiving, electronic ledger (blockchain notarization), and management of remote signature creation devices are added as regulated trust services. (4) Cross-border acceptance mandate: eIDAS 1.0 required mutual recognition only for notified eID schemes; eIDAS 2.0 extends mandatory acceptance to the EUDIW and requires designated sector relying parties to accept it. (5) Stronger security requirements: QWAC and QTSP security standards are upgraded; minimum assurance levels for identity proofing at wallet issuance are raised to "high." (6) Supervisory powers: Supervisory bodies gain new investigative and enforcement tools, including the ability to impose temporary suspension of qualified trust services pending investigation.

The EU Digital Identity Wallet (EUDIW) is a digital application — typically a smartphone app — that allows EU citizens and businesses to store and present their digital identity and personal attributes in a secure, portable, and privacy-preserving way. Key features of the EUDIW: (1) Identity storage: National identity credential (analogous to a digital passport or ID card) issued and backed by the member state. (2) Attribute attestation: Store verified credentials from qualified providers — degree certificates, driving licences, professional qualifications, health records, insurance documents. (3) Selective disclosure: Citizens can choose exactly which attributes to share with a service — for example, proving you are over 18 without revealing your date of birth or name. (4) Cross-border use: Works across all 27 EU member states; accepted by online services and physical readers. (5) Strong authentication: Wallet authentication meets "high" assurance level under eIDAS 2.0 — the strongest level for digital identity. (6) Offline capability: The EUDIW specification includes an ISO 18013-5 mDL (mobile driving licence) interface enabling offline verification via NFC/Bluetooth. The EUDIW must be made available free of charge to all EU citizens and businesses who wish to use it, with member states obligated to issue it by November 2026. Technical specifications are defined in the Architecture and Reference Framework (ARF) published by the European Commission.