The European Digital Wallet  – an opportunity for FinTechs and established institutions alike

Actors in the fintech market are pushing the technical development and the financial markets to adapt to customer needs. This also affect legislators which need to adapt legal frameworks to ever-changing market conditions. In turn, fintechs and established financial institutions must stay up to date with the current legislation which affect the digital financial infrastructure. A current push of interests is the European Commission’s focus on enabling use of digital identities for better access to financial services.

The European Commission (the “Commission”) has proposed to amend the eIDAS-Regulation[1] on electronic identifications and trust services to boost more cross border authentications and identifications (the “Proposal”). [2] The Proposal introduces a European Digital Identity Wallet (“Digital Wallet”) to facilitate a new European Digital Identity Framework. In this article we will look closer at some of the Commission’s proposed changes to the eIDAS-Regulation, and how they could benefit fintechs and established financial institutions (jointly referred to in this article as “Financial Businesses”).

Background

The eIDAS-Regulation has laid a foundation for an identification and trust services market and better cross-border authentication and identification (jointly referred to in this article as “identification”) in the EU. This by establishing a network for notified national electronic identification (“eID”) schemes. Persons that have obtained an eID are able to digitally prove and verify their identities via mobile phone or computer when accessing digital services.

The main types of trust services under the eIDAS-Regulation are electronic signatures, electronic seals and electronic time stamps. Trust services are in turn categorized into different qualifications levels depending on their attributes.

The eIDAS-Regulation has brought many benefits to Financial Businesses already by providing the conveniences of easier identification of customers, which in turn helps to facilitate regulatory compliance and better customer access. However, the frequency of cross-border identifications is surprisingly low, in parts because only (by approximation) 60 percent of EU’s citizens have access to eIDs that function for cross border identifications. Another factor is that very few public digital services accept cross border identifications for access.[3] To meet new market demands and policy objectives, the Commission has concluded that the eIDAS-Regulation needs to be amended to boost more cross border identifications by focusing on effectiveness, efficiency, and coherence.

The Proposal

The Commission is proposing the following additions of interest to the eIDAS-Regulation under a new, so called, European Digital Identity framework:

1. Member States must provide citizens and businesses with a Digital Wallet capable of linking their national eID with proof of other personal attributes. The Digital Wallets could be issued either by a Member State, under a mandate from a Member State, or independently but recognised by a Member State.
2. The Digital Wallet must be accepted by public and (some) private services in all Member States. Such private services are services that by law or contract are required to use strong user authentication for online identification which includes services in areas such as banking and other financial services.[4]

The Digital Wallet is a technical solution that goes beyond the functions of the eIDAS-Regulation compliant eIDs but is not separate from that system. The Digital Wallet will allow EU citizens to identify themselves via eIDs, but also store and make available identity data, credentials, and other personal attributes and to make qualified electronic signatures or stamps,[5] most likely through a smart phone or computers.[6]

The Digital Wallet could provide for easier strong user authentication which benefits both Financial Businesses and customers in cases when strong user authentication is necessary for the provision of financial services, e.g. financial services provided by banks. It will also be easier for users to store and make available some basic personal data such as university diplomas, drivers licenses or bank cards instead of having to carry such documents in physical form.[7]

General requirements for Financial Businesses

In general, Financial Businesses have certain hurdles to overcome to reach or establish themselves on a specific market. In most cases, a new service must be able to adapt to an already established market and infrastructure, which requires interoperability and mutual recognition between systems and functions. For an example, think of the interoperability of systems that is required to perform a payment from one bank account to an account in another bank. Secondly, customers must be receptive to the offered service, in particular when the service requires certain technical understandings and computer literacy among the customer base. In this regard, different markets are susceptible to new digital services to a different degree, depending on their digital maturity. Thirdly, regardless of the above, the Financial Businesses must comply with regulatory requirements. In the next chapter we will look at the current situation in Sweden for Financial businesses and use of eIDs.

The situation in Sweden

Any amendment t0 the eIDAS-Regulation will have varying effects on the different Member States. Digitally mature countries such as Sweden have already verified eIDs.[8] Subsequently, Swedish Financial Businesses rely on Swedish eID to either identify users or to identify representatives of the business. Having access to a Swedish eID means that Financial Businesses potentially have:

1. better access to customers since the customers will be able to identify themselves through e.g., their smart phones,
2. better access to necessary information and digital services from banks and public authorities since a general requirement for using such services is the ability to identify the user or the representative of the business.
3. streamlined regulatory compliance since it becomes easier to uphold KYC-requirements under the applicable AML/CFT legal framework and strong customer authentication requirements under payment services-legislation since customers can identify themselves through trusted services.

The current Swedish eID system rely fundamentally on the Swedish population register, meaning that a person applying for eID generally must have a Swedish personal identity number or a so-called coordination number. With certain exceptions, this means that persons who do not have a Swedish personal identity number or a coordination number often cannot obtain a Swedish eID under the current system. Many digital services in Sweden, which are provided by public authorities and Financial Businesses, are mainly accessible based on user identification via Swedish eIDs. As a result, foreign fintechs and customers that cannot obtain a Swedish eID can be excluded from these services and the benefits of Swedish eID.

What could the proposal entail for Financial Businesses?

As already established, Financial Businesses have certain hurdles to overcome to reach or establish themselves on a specific market. Below we will look at specific things that the Proposal potentially could improve for Financial Businesses.

Wider customer base

The introduction of a mandatory requirement for each Member State to issue a Digital Wallet and the requirement that other Member States accept these Digital wallets could affect the size of the customer base for Financial Businesses since, i) more people will have a access to a functioning eID and measures to store and make available some basic personal data,  ii) more Member States and persons may grow accustomed to eIDs and electronic signatures instead of manual identifications and signatures, leading to more persons being susceptible to use digital financial services and iii) cross border identifications could become easier which allows for better cross border access to digital services within the EU.

Strong customer authorisation and know you customer requirements on a cross border basis

There is a general requirement under PSD2 that payment service providers shall perform strong customer authorisation when providing payment services. According to the Swedish Agency for Digital Government (“DIGG”), strong customer authorisation under PSD2 corresponds to approximately the second highest trust level for eIDs under the eIDAS-Regulation.[9] Similarly, the current AML/CFT-rules includes KYC requirements for the provision of certain services and already allows for the use of eIDs to identify customers.

In Sweden, many banks and payment service providers rely on Swedish eIDs which are registered as the second highest trust level under the eIDAS-Regulation to uphold these requirements. We believe that the Proposal can entail that Financial Businesses can gain better access to new markets by virtue of upholding better compliance with payment service-legislation requirements and AML/CFT-requirements in different jurisdictions.

Greater access to public information and other digital services

Financial Businesses must be able to digitally identify themselves with other service providers to, e.g., open a company bank account or to perform necessary daily operations such as signing of digital documents. In Sweden, foreign Financial Businesses often struggle to access necessary services. Hopefully, the Commission’s Proposal will provide easier access to necessary digital services for such Financial Businesses so that these can compete on a more levelled playing field.

To conclude

A cohesive and easy to use Digital Wallet, with the inclusion of different eIDs, electronic stamps and certificates, can be to the benefit of Financial Businesses that must both uphold regulatory requirements to identify customers and convey trust in the offered solutions to the customer base. The Proposal can perhaps also bring other benefits to Financial Businesses such as boosted efficiency for operations that require approvals, identification, exchange of important document, or allow for greater access to public information and necessary digital services.

There is still a lot of work to be done before the results envisaged above can become realities, with legislative and technical efforts taken in the parallel. Yet, based on statements from a representative of the Commission, there may be a  fully operational system for Digital Wallets as early as by 2024.

[1] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC.

[2] Proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity.

[3] The Commission’s evaluation of the eIDAS regulation, COM(2021) 290 final, p. 4.

[4] Section 28 and article 12b in the Commission’s explanatory memorandum on amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity, COM/2021/281 final.

[5] Article 3.42 in the Commission’s explanatory memorandum, COM/2021/281 final.

[6] Agency for Digital Government’s report on a digital wallet, DIGGs ärendenummer 2022-33.

[7] Agency for Digital Government’s report on a digital wallet, DIGGs ärendenummer 2022-33.

[8] Section 3.1 in the Agency for Digital Government’s report on a digital wallet, DIGGs ärendenummer 2022-33; and https://www.digg.se/digitala-tjanster/e-legitimering/tillitsnivaer-for-e-legitimering.

[9] Agency for Digital Government – Ett stärkt skydd mot bedrägerier vid betalningar online, https://www.digg.se/om-oss/remisser-och-yttranden/yttranden-2022/yttranden-2022/2022-04-21-ett-starkt-skydd-mot-bedragerier-vid-betalningar-online.