@richardwonka Pillars of Interoperability
eIDAS Nodes: These are technological infrastructures that act as “bridges” between countries. If a German citizen wishes to access a public service in Spain (such as the Tax Agency), the Spanish eIDAS node communicates with the German one to validate the identity without Spain needing direct access to Germany’s databases. 4/4
https://www.aepd.es/en/press-and-communication/blog/eidas2-the-eudi-wallet-and-the-gdpr-i#:~:text=The%20Regulation%20(EU)%202024/,relying%20on%20a%20mobile%20app
https://didit.me/blog/eidas-2-0-levels-of-assurance-guide/
mjarteaga
@mjarteaga@oslo.town
mastodon
4.5.9
Let's make hope normal again
0
Followers
0
Following
Joined November 08, 2022
Posts
@richardwonka Pillars of Interoperability
Architecture Reference Framework (ARF): To prevent each country from creating an incompatible system, the European Commission has established a set of common technical specifications (ARF) that all e-wallets, including the German one, must follow. 3/4
Architecture Reference Framework (ARF): To prevent each country from creating an incompatible system, the European Commission has established a set of common technical specifications (ARF) that all e-wallets, including the German one, must follow. 3/4
0
0
0
@richardwonka Pillars of Interoperability
Mandatory Mutual Recognition: Unlike previous regulations, where recognition was voluntary in many cases, the new framework requires all Member States to accept electronic identification means issued by other countries that meet "substantial" or "high" assurance levels. 2/4
Mandatory Mutual Recognition: Unlike previous regulations, where recognition was voluntary in many cases, the new framework requires all Member States to accept electronic identification means issued by other countries that meet "substantial" or "high" assurance levels. 2/4
0
0
0
@richardwonka Interoperability is at the heart of the new eIDAS 2.0 Regulation (EU 2024/1183). Its aim is to ensure that any citizen of the European Union can use their national digital wallet to identify themselves and carry out administrative procedures in any other Member State without difficulty...1/4
0
0
0
@pojntfx Mitigation Measures in Germany and the EU 3/3
Physical media as a backup: Germany maintains the physical ID card with a chip (nPA) as the primary “source of truth.” The wallet is only a digital representation; if the phone fails or is locked, the citizen can always use their physical card and a standard NFC reader to identify themselves. https://ec.europa.eu/commission/presscorner/detail/en/ip_24_3433
https://www.vzbv.de/en/digital-markets-act-apple-and-google-fail-comply-certain-regulations
https://www.reddit.com/r/europrivacy/s/mgTR3gEoAr
Physical media as a backup: Germany maintains the physical ID card with a chip (nPA) as the primary “source of truth.” The wallet is only a digital representation; if the phone fails or is locked, the citizen can always use their physical card and a standard NFC reader to identify themselves. https://ec.europa.eu/commission/presscorner/detail/en/ip_24_3433
https://www.vzbv.de/en/digital-markets-act-apple-and-google-fail-comply-certain-regulations
https://www.reddit.com/r/europrivacy/s/mgTR3gEoAr
1
0
0
@pojntfx Mitigation Measures in Germany and the EU 2/3
Interoperability between Member States: According to the regulation, if the German wallet fails due to a lockout, citizens should be able to legally use any other certified wallet from another EU country to identify themselves for German services.
Interoperability between Member States: According to the regulation, if the German wallet fails due to a lockout, citizens should be able to legally use any other certified wallet from another EU country to identify themselves for German services.
1
1
0
@pojntfx Mitigation Measures in Germany and the EU 1/3
To prevent this technological “lock-in,” several measures are being implemented:
Alternatives Outside Official Stores: The EU is exerting pressure through the Digital Markets Act (DMA) to compel Apple and Google to allow the installation of apps from alternative sources (“sideloading”) and open access to their security chips without going through their accounts.
To prevent this technological “lock-in,” several measures are being implemented:
Alternatives Outside Official Stores: The EU is exerting pressure through the Digital Markets Act (DMA) to compel Apple and Google to allow the installation of apps from alternative sources (“sideloading”) and open access to their security chips without going through their accounts.
1
0
0
@pojntfx Extraterritorial Surveillance:
There is a theoretical risk that, because it is integrated into the OS ecosystem, the manufacturer (under laws such as the U.S. Cloud Act) could be compelled to provide metadata on when and where the wallet is used, which conflicts with the GDPR’s prohibition on tracking. 2/2
There is a theoretical risk that, because it is integrated into the OS ecosystem, the manufacturer (under laws such as the U.S. Cloud Act) could be compelled to provide metadata on when and where the wallet is used, which conflicts with the GDPR’s prohibition on tracking. 2/2
6
0
3
@pojntfx This scenario raises two main conflicts:
Availability and Access: The GDPR and EU principles require that access to fundamental rights not depend on third countries. Forcing a citizen to accept the terms and conditions of a private U.S. company in order to use their state-issued identity is viewed by many regulators as coercion that invalidates the “free consent” required by the GDPR. 1/2
Availability and Access: The GDPR and EU principles require that access to fundamental rights not depend on third countries. Forcing a citizen to accept the terms and conditions of a private U.S. company in order to use their state-issued identity is viewed by many regulators as coercion that invalidates the “free consent” required by the GDPR. 1/2
8
4
5