The concept of identity and authentication is at the core of what we do at Pointsharp. How can you prove that you are who you say you are?
Identifying yourself by a username and password was played out long ago. Over the years, we have grown used to seeing various multi-factor authentication methods in play. Everything from scratch cards for logging into your bank account to digital identities with the same level of trust as your passport.
But it has always been a fragmented space where one standard is incompatible with the other or not secure enough to be taken seriously on a broader scale. The second edition of eIDAS, or eIDAS 2.0, will fix many of those problems on a European-wide scale. But it might not be the silver bullet for everything connected to eID.
The goal of a European digital identity
eIDAS 2.0, much like NIS2 and the upcoming updates to GPDR, is meant to address the shortcomings of the initial regulation. For eIDAS, that comes in the form of the ambitious goal of having 80% of European citizens under the new digital ID system by 2030.
That will come by updating the regulation with more robust directives for digital certificates, a wider scope of services, and introducing “qualified trust service providers” to oversee much of the identification.
Hopefully, this means we can enjoy an EU-wide electronic identification system, having one eID system no matter where you might be in Europe.
At Pointsharp, we follow this closely to see where our solutions might help. At the same time, as a company sprung out of Sweden, we also have a good idea of what it takes to do both personal and professional ID right.
Separating personal and organizational ID
As a Swede, you use your digital ID for literally everything. You use it to log in to your bank account, file your taxes, log into your children’s school information system, insurance companies, everything. You can even use eID as a proper ID card in stores.
That is very much what eIDAS 2.0 is trying to accomplish on a Union-wide scale. From the viewpoint of private citizens, this is a great system that gives you access to everything with just one login method. However, on the organizational side, there is still a need for other means of identification.
The Swedish eID system for private citizens is nothing but excellent. However, there are many implications to using your personal ID to sign in to organizational services. Personal ID works great during the initial onboarding stages to identify that you are who you say you are. Still, you will soon need an organizational ID for all the applications and services required for work. Using personal eID to log into the company email is not the safest or most friendly experience, especially considering data protection regulations like GDPR and security regulations like NIS2.
Besides being at the forefront of secure authentication, we are also certified by the Swedish Agency for Digital Government, DIGG, for issuing organizational eID according to the demands of LoA 3 (level of assurance). This gives our customers in Sweden a great way to manage and issue organizational IDs securely. This also makes us uniquely positioned to align with the eIDAS 2.0 regulations on a European scale.
eIDAS 2.0 will usher in an era of one digital identity for all European citizens, and we are well prepared to offer support for implementing that. At the same time, we are just as well prepared to offer our help where there are better solutions than a personal ID system.