Representation using the European Digital Identity Framework

Regulation (EU) 2024/1183 introduces specific provisions for representing natural persons within the European Digital Identity Wallet (EDIW), with a particular focus on Qualified Electronic Attestations of Attributes (QEAA). These attestations are integral to ensuring the secure and trustworthy representation of individuals and their attributes across digital environments.

This is a framework but sectorial legislation is required to harness the full potential of increased efficiency and digitalisation. These power of attorney, or equivalent, are holder artefacts bound to the representing natural person that can be validated for revocation, but there are no requirements, or need, for relying parties to integrated toward any central register.

1. What Are Qualified Electronic Attestations of Attributes (QEAA)?

• Definition: QEAA are more or less digital certificates issued by qualified trust service providers that confirm specific attributes of a natural person. These attributes can include: Identity details (e.g., name, date of birth, nationality). Professional qualifications (e.g., licenses, degrees, certifications). Roles or rights (e.g., power of attorney, parental authority).
• Legal Weight: QEAA have a high level of trust and legal certainty under the eIDAS framework, making them suitable for high-stakes transactions.

2. Representation of Natural Persons Using QEAA

• Secure Attribute Verification: Natural persons can link QEAA to their EDIW to securely represent verified attributes online and offline. Attributes stored in the wallet are authenticated and can be presented in a verifiable manner to third parties.
• Examples of Representation: A parent can use a QEAA in their wallet to demonstrate parental authority for signing school forms. An employee can prove their professional qualifications, such as being a certified engineer, without needing physical documents. Individuals can present a digital proof of age (e.g., for accessing restricted services).

3. How QEAA Will Be Used

• Public Services: Citizens can access government services (e.g., tax filing, social benefits) by presenting QEAAs linked to their wallet, reducing bureaucratic delays. A resident may use QEAA to prove their right to reside in another EU country.
• Private Sector Applications: E-commerce: Proving age for purchasing restricted goods or accessing age-limited content. Banking and Finance: Simplifying KYC (Know Your Customer) processes by presenting verified identity and address details. Travel: Using QEAA for cross-border identity verification (e.g., visa applications or accessing transport services).
• Legal Representation: Individuals with power of attorney can present their QEAA to act on behalf of others in legal, financial, or medical matters.
• Professional and Educational Credentials: Workers and students can use their wallet to demonstrate qualifications, degrees, or employment history.

4. Interoperability and Portability

• Cross-Border Functionality: QEAA are designed to be interoperable across all EU member states, enabling seamless representation in both domestic and cross-border contexts. For example, an individual in Germany can use their EDIW to demonstrate a professional license in France.
• Portability of Attributes: Users retain full control of their QEAAs and can choose when, where, and how to share specific attributes.

5. Security and Data Protection

• GDPR Compliance: QEAAs respect the principles of data minimization and consent. Natural persons can share only the specific attributes required for a transaction, without exposing unnecessary information.
• Tamper-Proof Verification: The use of qualified trust service providers ensures that QEAAs cannot be falsified or altered, increasing trust in digital transactions.

Here’s a description of how a Qualified Electronic Attestation of Attributes (QEAA) is used, represented as a sequence of steps:

Sequence of Events for QEAA Usage

User:

• The process begins with the user (individual or organization) who needs to obtain or use a QEAA.
• The user requests a specific attestation, such as verifying their age, education, or professional qualification.

EUDI Wallet:

• he EUDI Wallet stores and manages the user’s digital identity and credentials.
• It securely communicates with the QEAA Issuer (e.g., a government agency, educational institution) to initiate the process of obtaining the attestation.
• The wallet will require authentication to ensure that the user’s request is genuine.

QEAA Issuer:

• The QEAA Issuer (such as a regulatory authority, educational institution, or other relevant body) verifies the user's details. For representation this also entails validation from the party being represented.
• Once verified, the QEAA Issuer creates a Qualified Electronic Attestation, which certifies specific attributes (like degree completion or professional certification).
• This attestation is then issued to the EUDI Wallet for secure storage.

Verifier:

• the Verifier (such as an employer, government agency, or service provider) requests verification of the user’s QEAA from the EUDI Wallet.
• The user consents to sharing the relevant information from their wallet to the verifier.
• The verifier checks the validity and authenticity of the QEAA through theensuring the attestation hasn’t been tampered with or revoked.

Service Provider:

• Based on the successful verification, the Service Provider (such as a bank, government department, or healthcare provider) grants the user access to services or benefits.
• The QEAA can be used for various purposes, including applying for loans, accessing healthcare, or participating in educational programs.

This flow allows for the efficient, secure, and verifiable exchange of personal data with the necessary consents, ensuring privacy and security while providing trustworthy credentials for users across various sectors.

The distinction on Verifier and Service provider is artificial and only relveant where this is outsourced internally or externally.

Conclusion

QEAA plays a pivotal role in the representation of natural persons within the EUDI Wallet framework. By providing a legally secure and interoperable method for verifying and sharing personal attributes, QEAA empowers individuals to engage in trusted digital interactions across the EU.