Toelichting bij COM(2021)281 - Wijziging van Verordening (EU) nr. 910/2014 betreffende een Europees kader voor een digitale identiteit

Dit is een beperkte versie

U kijkt naar een beperkte versie van dit dossier in de EU Monitor.

dossier COM(2021)281 - Wijziging van Verordening (EU) nr. 910/2014 betreffende een Europees kader voor een digitale identiteit.
bron COM(2021)281 EN
datum 03-06-2021


1. CONTEXT OF THE PROPOSAL

Reasons for and objectives of the proposal

This explanatory memorandum accompanies the proposal for a Regulation of the European Parliament and of the Council amending Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (eIDAS) 1 . The legal instrument aims to provide, for cross-border use:

–access to highly secure and trustworthy electronic identity solutions,

–that public and private services can rely on trusted and secure digital identity solutions,

–that natural and legal persons are empowered to use digital identity solutions,

–that these solutions are linked to a variety of attributes and allow for the targeted sharing of identity data limited to the needs of the specific service requested,

–acceptance of qualified trust services in the EU and equal conditions for their provision.

What is emerging in the market is a new environment where the focus has shifted from the provision and use of rigid digital identities to the provision and reliance on specific attributes related to those identities. There is an increased demand for electronic identity solutions that can deliver these capabilities providing efficiency gains and a high level of trust across the EU, both in the private and the public sector, relying on the need to identify and authenticate users with a high level of assurance.

The evaluation of the eIDAS Regulation 2 revealed that the current Regulation falls short of addressing these new market demands, mostly due to its inherent limitations to the public sector, the limited possibilities and the complexity for online private providers to connect to the system, its insufficient availability of notified eID solutions in all Member States and its lack of flexibility to support a variety of use cases. Furthermore, identity solutions falling outside the scope of eIDAS, such as those offered by social media providers and financial institutions, raise privacy and data protection concerns. They cannot effectively respond to new market demands and lack the cross border outreach to address specific sectoral needs where identification is sensitive and requires a high degree of certainty.

Since the entering into force of the eID part of the Regulation in September 2018, only 14 Member States have notified at least one eID scheme. As a result, only 59 % of EU residents have access to trusted and secure eID schemes across borders. Only 7 schemes are entirely mobile, responding to current user expectations. As not all technical nodes to ensure the connection to the eIDAS interoperability framework are fully operational, cross-border access is limited; very few online public services accessible domestically can be reached cross-border via the eIDAS network.

By offering a European Digital Identity framework based on the revision of the current one, at least 80% of citizens should be able to use a digital ID solution to access key public services by 2030. Furthermore, the security and control offered by the European Digital Identity framework should give citizens and residents full confidence that the European Digital Identity framework will offer everyone the means to control who has access to their digital twin and to which data exactly. This will also require a high level of security with respect to all aspects of digital identity provisioning, including the issuing of a European Digital Identity Wallet, and the infrastructure for the collection, storage and disclosure of digital identity data.

Furthermore, the current eIDAS framework does not cover the provision of electronic attributes, such as medical certificates or professional qualifications, making it difficult to ensure pan-European legal recognition of such credentials in electronic form. In addition, the eIDAS Regulation does not allow users to limit the sharing of identity data to what is strictly necessary for the provision of a service.

While the evaluation of the eIDAS Regulation shows that the framework for the provision of trust services has been rather successful, providing a high level of trust and ensuring the uptake and use of most trust services, more needs to be done to reach full harmonisation and acceptance. For qualified certificates of website authentication, citizens must be able to rely on them and benefit from the secure and trustworthy information about who is behind a web site, thus reducing fraud.

In addition, to respond to the dynamics of the markets and to technological developments, this proposal expands the current eIDAS list of trust services with three new qualified trust services, namely the provision of electronic archiving services, electronic ledgers and the management of remote electronic signature and seal creation devices.

This proposal also offers a harmonised approach to security, for citizens relying on a European digital identity representing them online, and for online service providers who will be able to fully rely on and accept digital identity solutions independently of where they have been issued. This proposal implies a shift for issuers of European digital identity solutions, providing a common technical architecture and reference framework and common standards to be developed in collaboration with the Member States. A harmonised approach is necessary to avoid that the development of new digital identity solutions in Member States create further fragmentation triggered by the use of divergent national solutions. A harmonised approach will also strengthen the Single Market as it would allow citizens, other residents and businesses to identify online in a secure, convenient and uniform way across the EU to access both public and private services. Users would be able to rely on an improved ecosystem for electronic identity and trust services recognised and accepted everywhere in the Union.

In order to avoid fragmentation and barriers due to diverging standards, the Commission will adopt a Recommendation at the same time as this proposal. This Recommendation will setout a process to support a common approach allowing Member States and other relevant stakeholders from the public and private sectors, in close coordination with the Commission, to work towards the development of a Toolbox to avoid divergent approaches and avoid endangering the future implementation of the European Digital Identity framework.

Consistency with existing policy provisions in the policy area

This proposal builds on the current eIDAS Regulation, on the role of Member States as providers of legal identities and on the framework for the provision of electronic trust services in the European Union. The proposal is complementary and fully coherent with other policy instruments at EU level aiming to translate the benefits of the internal market in the digital world, particularly by increasing the possibilities for citizens to access services cross-border. In this respect, the proposal implements the political mandate provided by the European Council 3 and the President of the European Commission 4 to provide an EU-wide framework for public electronic identities which ensures that any citizen or residents can have access to a secure European e-identity, which can be used anywhere in the EU to identify and authenticate for access to services in the public and private sectors, allowing citizens to control what data is communicated and how it is used.

Consistency with other Union policies

The proposal is consistent with the priorities for the digital transformation as set out in the strategy Shaping Europe’s Digital Future 5 and will support achieving the targets indicated in the Digital Decade Communication 6 . Any personal data processing under this Regulation should be carried out in full compliance with the General Data Protection Regulation (now onwards GDPR) 7 . In addition, this Regulation introduces specific data protection safeguards.

To ensure a high level of security, the proposal is also consistent with Union policies related to cyber security 8 . The proposal has been designed to reduce fragmentation applying the general cyber security requirements to trust service providers regulated by the eIDAS Regulation.

This proposal is furthermore coherent with other sectorial policies relying on the use of electronic identities, electronic attestations of attributes and other trust services. This includes the Single Digital Gateway Regulation 9 , requirements to be fulfilled in the financial sector related to anti money laundering and counter terrorism financing, initiatives to share social security credentials, for a digital driving licence or for future digital travel documents and other initiatives set out to reduce administrative burden for citizens and businesses relying fully on the possibilities provided by the digital transformation of procedures both in the public and the private sector. The wallet will furthermore enable qualified electronic signatures that can facilitate political participation 10 .

2. LEGAL BASIS, SUBSIDIARITY AND PROPORTIONALITY

Legal basis

This initiative aims to support the Union’s transformation towards a Digital Single Market. With the growing digitisation of cross-border public and private services which rely on the use of digital identity solutions, there is a risk that within the current legal framework, citizens will continue to face obstacles and not be able to make full use of online services seamlessly throughout the EU and to preserve their privacy. There is also the risk that the shortcomings of the current legal framework for trust services would increase fragmentation and reduce trust if left to Member States alone. Thus, Article 114 TFEU is identified as the relevant legal basis for this initiative.

Subsidiarity (for non-exclusive competence)

Citizens and businesses should be able to benefit from the availability of highly secure and trustworthy digital identity solutions that can be used across the EU and from the portability of electronic attestations of attributes linked to identity. Recent technological developments, market and user demand require the availability of more user friendly cross border solutions that allow access to online services EU–wide, which the eIDAS Regulation in its current form cannot offer.

Users have also grown increasingly accustomed to globally available solutions, for example when accepting the use of Single Sign-On solutions provided by the larger social media platforms to access online services. Member States cannot alone address the challenges this creates in terms of market power of large providers, which requires interoperability and trusted eIDs at EU level. In addition, electronic attestations of attributes issued and accepted in one Member State, such as an electronic health certificate, are often not legally recognised and accepted in other Member States. This creates the risk that Member States continue to develop fragmented national solutions that cannot operate across borders.

For the provision of Trust Services, although largely regulated and functioning in accordance with the current legal work, national practices also create the risk of increased fragmentation.

EU-level intervention is ultimately best suited to provide citizens and businesses the means to identify cross-border and exchange personal identity attributes and credentials using highly secure and trustworthy digital identity solutions, in compliance with EU data protection rules. This requires trusted and secure eID and a regulatory framework linking them to attributes and credentials at EU level. Only EU-level intervention can lay down the harmonised conditions that ensure user control and access to cross border online digital services and an interoperability framework making it easy for online services to rely on the use of secure digital identity solutions, irrespective of where in the EU it has been issued or where a citizen resides. As largely reflected in the review of the eIDAS Regulation, it is unlikely that national intervention would be equally efficient and effective.

Proportionality

This initiative is proportionate to the objectives sought, providing an appropriate instrument for setting the necessary interoperability structure for the creation of an EU Digital Identity ecosystem building on legal identities issued by Member States and on the provision of qualified and non-qualified digital identity attributes. It provides a clear contribution to the objective of improving the Digital Single Market through a more harmonised legal framework. The harmonised European digital Identity wallets to be issued by the Member States on the basis of common technical standards also provide a common EU approach benefitting users and parties relying on the availability of secure cross-border electronic identity solutions. This initiative addresses the limitations of the current electronic identification interoperability infrastructure based on mutual recognition of diverse national electronic identification schemes. Taking into consideration the set objectives, this initiative is considered sufficiently proportionate and the costs likely to be commensurate to the potential benefits. The proposed Regulation will give rise to financial and administrative costs, which are to be borne by Member States as issuers of the European Digital Identity wallets, by trust services and online service providers. However, these costs would likely be outweighed by the significant potential benefits for citizens and users stemming directly from an increase in cross-border recognition and acceptance of electronic identity and attribute services.

The costs derived from creating and aligning to the new standards for trust service providers and online service providers cannot be avoided if the objective of usability and accessibility is to be achieved. The initiative intends to harness and build on the investment already made by Member States in their national identity schemes. Furthermore, the additional costs generated by the proposal are designed to support harmonisation and justified on the expectation that, in the long run, they will reduce administrative burden and compliance costs. The costs linked to the acceptance in regulated sectors of digital identity authentication attributes can also be regarded as necessary and proportionate as far as they support the overall objective and provide the means by which regulated sectors can fulfil legal obligations to legally identify a user.

Choice of the instrument

The choice of a regulation as the legal instrument is justified by the need to ensure uniform conditions in the Internal Market for the application of the European Digital Identity by means of a harmonised framework that aims to create seamless interoperability and provide European citizens and companies with public and private services across the Union with highly secure and trustworthy eIDs.

3. RESULTS OF EX-POST EVALUATIONS, STAKEHOLDER CONSULTATIONS AND IMPACT ASSESSMENTS

Ex-post evaluations/fitness checks of existing legislation

An evaluation of the functioning of the eIDAS Regulation was conducted as part of the review process required by Article 49 of the eIDAS Regulation. The main findings of the evaluation with respect to electronic identity is that eIDAS has not achieved its potential. Only a limited number of eIDs have been notified, limiting the coverage of notified eID schemes to about 59% of EU population. In addition, the acceptance of notified eIDs both at the level of Member States and service providers is limited. It also appears that only a few of the services accessible through domestic eID are connected to the national eIDAS infrastructure. The evaluation study has also found that the current scope and focus of the eIDAS Regulation on eID schemes notified by EU Member States and on enabling access to online public services seems too limited and inadequate. The vast majority of the needs of electronic identity and remote authentication remain with the private sector, in particular in areas like banking, telecom and platform operators that are required by law to verify the identity of their customers. The added value of the eIDAS Regulation with regard to electronic identity is limited due to its low coverage, uptake and usage.

The problems identified in this proposal are linked to the shortcoming of the current eIDAS framework and fundamental contextual changes regarding markets, societal and technological developments triggering new user’s and market’s needs.

Stakeholder consultations

An open public consultation was launched on 24 July 2020 and closed on 02 October 2020. In total, the Commission received 318 contributions. The Commission also received 106 replies to a targeted stakeholder survey. Opinions have also been gathered from Member States in a variety of bilateral and multilateral meetings and surveys organised since early 2020. This notably includes a survey of Member State representatives of the eIDAS Cooperation Network in July-August 2020 and various dedicated workshops. The Commission also held in-depth interviews with industry representatives and met business stakeholders in various sectors (e.g. eCommerce, health, financial services, telecom operators, equipment manufacturers etc.) in bilateral meetings.

A large majority of respondents to the open public consultation welcomed the creation of a single and universally accepted digital identity relying on the legal identities issued by Member States. Member States largely support the need to reinforce the current eIDAS Regulation providing citizens with the possibility to access both public and private services and recognise the need to establish a trust service allowing for the issuing and cross-border use of electronic attestations of attributes. Overall, Member States emphasized the need to build a European Digital Identity Framework on the experience and strength of the national solutions, seeking to find synergies and benefitting from investments made. Many stakeholders referred to how the COVID-19 pandemic had demonstrated the value of secure, remote identification for all to access public and private services. On trust services, most actors agree that the current framework has been a success, however, some additional measures were required to further harmonise certain practices related to remote identification and national supervision. Stakeholders with a largely national customer base expressed more doubts about the added value of a European Digital Identity framework.

Digital identity wallets are perceived more and more by the public and private sector as the most appropriate instrument allowing users to choose when and with which private service provider to share various attributes, depending on the use case and the security needed for the respective transaction. Digital identities based on digital wallets stored securely on mobile devices were identified as a main asset for a future-proof solution. Both the private market (e.g. Apple, Google, Thales) and governments already move in this direction.

Collection and use of expertise

The proposal is based on the information collected as part of the stakeholder consultation for the purpose of the impact assessment and evaluation reports of the eIDAS Regulation in view of the review obligations set out in Article 49 of the eIDAS Regulation. Numerous meetings have been organised with Member State representatives and experts.

Impact assessment

An impact assessment was carried out for this proposal. On 19 March 2021, the Regulatory Scrutiny Board issued a negative opinion with some comments. Following a revised resubmission, on 5 May 2021, the Board delivered a positive opinion.

The Commission examines different policy options to achieve the general objective of the present initiative, which is to ensure the proper functioning of the internal market, particularly in relation to the provision and use of highly secure and trustworthy electronic identity solutions.

The impact assessment examines the baseline scenario, policy options and their impacts for the three policy options considered. Each option presents a choice for political consideration based on the level of ambition. The first option presents a low level of ambition and a set of measures mainly aiming to strengthen the effectiveness and efficiency of the current eIDAS Regulation. By imposing mandatory notification of national eIDs and streamlining the existing instruments available to achieve mutual recognition, the first option is based on meeting the needs of citizens by relying on the availability of diverse national eID schemes that aim to become interoperable.

The second option presents a medium ambition level and mainly aims to extend the possibilities for the secure exchange of data linked to identity, complementing government eIDs and supporting the current shift towards attribute based identity services. The aim of this option would have been to meet user demand and create a new qualified trust service for the provision of electronic attestations of attributes linked to trusted sources and enforceable cross-border. This would have extended the scope of the current eIDAS Regulation and supported as many use cases as possible relying on the need to verify identity attributes linked to a person with a high level of assurance.

The third and preferred option presents the highest level of ambition and aims to regulate the provision of a highly secure personal digital identity wallet issued by Member States. The preferred option was considered to address in the most effective way the objectives of this initiative. To fully address the policy objectives, the preferred option builds on most measures assessed under option one (reliance on legal identities attested to by Member States and the availability of mutually recognised eID means) and option two (electronic attestations of attributes legally recognised cross border).

With regards to the general framework for Trust Services, the level of ambition calls for a set of measures not requiring a step-wise approach in order to meet the policy objectives.

The new qualified trust service for the management of remote electronic signature and seal creation devices would bring considerable security, uniformity, legal certainty and consumer choice benefits both linked to the certification of the qualified signature creation devices and in relation to the requirements to be fulfilled by the qualified trust service providers managing such devices. The new provisions would reinforce the overall regulatory and supervision framework for trust service provision.

The impacts of the policy options on different categories of stakeholders are explained in details in Annex 3 of the Impact Assessment supporting this initiative. The assessment is both quantitative and qualitative. The Impact assessment study indicates that the minimum quantifiable costs can be estimated at €3.2+ billion, since some of the cost items cannot be quantified. Total quantifiable benefits have been estimated to € 3.9 billion – 9.6 billion. With regards to the wider economic impacts, the preferred option is expected to have a positive impact on innovation, international trade and competitiveness, contribute to economic growth and lead to additional investment in digital identity solutions. For example an additional € 500 million investment triggered by the legislative changes under option 3 is expected to generate benefits of € 1,268 million after 10 years (at 67% adoption).

The preferred option is also expected to generate a positive impact on employment, generating between 5,000 and 27,000 additional jobs over the 5 years following the implementation. This is explained by the additional investment and the reduced costs for businesses relying on the use of eID solutions.

The positive environmental impact is expected to be greatest for the third option, which is expected to improve to the maximum extent the take up and usability of eID, bringing positive impacts on the emissions reduction related to public service delivery.

Electronic ledgers provide users with proof and an immutable audit trail for the sequencing of transactions and data records, safeguarding data integrity. While this trust service was not part of the impact assessment, it builds upon existing trust services as it combines time stamping of data and their sequencing with certainty about the data originator, which is similar to e-signing. This trust service is necessary to prevent fragmentation of the internal market, by defining a single pan-European framework that enables the cross-border recognition of trust services supporting the operation of qualified electronic ledgers. Data integrity, in turn, is very important for the pooling of data from decentralised sources, for self-sovereign identity solutions, for attributing ownership to digital assets, for recording business processes to audit compliance with sustainability criteria and for various use cases in capital markets.

Regulatory fitness and simplification

This proposal lays down measures that will apply to public authorities, citizens and online service providers. It will reduce administrative and compliance cost for public administrations and operational costs and reduced expenditure related to security for online service providers. Citizens will benefit from savings from reduced administrative burden, relying fully on digital means to identify and the facility to securely exchange digital identity attributes with the same legal value cross border. Electronic identity providers will also benefit from savings in compliance costs.

Fundamental rights

Since personal data falls within the scope of some elements of the Regulation, the measures are designed to fully comply with the data protection legislation. For example, the proposal improves options to share data and to enable discretional disclosure. Using the European Digital Identity Wallet, the user will be able to control the amount of data provided to relying parties and be informed about the attributes required for the provision of a specific service. Service providers shall inform Member States of their intention to rely on a European Digital Identity Wallet, which would allow Member States to control that sensitive data sets, for example, related to health are only requested by service providers in accordance with national law.

4. BUDGETARY IMPLICATIONS

In order to optimally achieve the objectives of this initiative, it is necessary to finance a number of actions both at the Commission level, where the allocation of about 60 FTEs is envisaged in the period 2022-2027 and at Member State level through their active participation in the expert groups and committees linked with the work of the initiative and which are composed of the representatives of Member States. The total financial resources necessary for the implementation of the proposal in the 2022-2027 period will be up to EUR 30.825 million, including EUR 8.825 million of administrative costs and up to EUR 22 million in operational spending covered by the Digital Europe Programme (pending agreement). The financing will support costs linked to maintaining, developing, hosting, operating and supporting the eID and trust services’ building blocks. It may also support grants for connecting services to the European Digital Identity Wallet ecosystem, the development of standards and technical specifications. Finally, financing will also support carrying out annual surveys and studies effectiveness and the efficiency of the regulation in reaching its objectives. The “financial statement” linked to this initiative provides a detailed overview of the costs involved.

5. OTHER ELEMENTS

Implementation plans and monitoring, evaluation and reporting arrangements

The impacts will be monitored and evaluated in accordance with the Better Regulation Guidelines covering the implementation and application of the proposed Regulation. The monitoring arrangement constitutes an important part of the proposal, in particular in view of the shortcomings of the current reporting framework, as shown by the evaluation study. In addition to the reporting requirements introduced in the proposed Regulation, which aim to ensure a better data and analysis base, the monitoring framework will monitor: 1) the extent to which the necessary changes have been implemented in line with the adopted measures; 2) whether the necessary changes to the relevant national systems have been implemented; 3) whether the necessary changes to the compliance obligations by the regulated entities have been adhered to. The European Commission (1, 2 and 3) and the National Competent Authorities (2 and 3) will be responsible for the data collection based on pre-defined indicators.

On the application of the proposed instrument, the European Commission and the National Competent Authorities will assess through annual surveys: 1) the access to eID means for all EU citizens; 2) the increased cross-border recognition and acceptance of eID schemes; 3) measures to stimulate the adoption by the private sector and the development of new digital identity services.

Contextual information will be gathered by the European Commission using annual surveys on: 1) the size of the market for digital identities; 2) public procurement expenditure linked to digital identity; 3) share of businesses providing their services online; 4) share of online transactions requiring strong customer identification; 5) share of EU citizens using online private and public services.

Detailed explanation of the specific provisions of the proposal

The draft Regulation requires Member States in Article 6a to issue a European Digital Identity Wallet under a notified eID scheme to common technical standards following compulsory compliance assessment and voluntary certification within the European cybersecurity certification framework, as established by the Cybersecurity Act. It includes provisions to ensure that natural and legal persons shall have the possibility to securely request and obtain, store, combine and use person identification data and electronic attestations of attributes to authenticate online and offline and to allow access to goods and online public and private services under the user’s control. This certification is without prejudice to the GDPR in the meaning that personal data processing operations relating to the European Digital Identity wallet can only be certified pursuant to Articles 42 and 43 GDPR.

The proposal sets out in Article 6b specific provisions on the requirements applicable to relying parties for the prevention of fraud and to ensure the authentication of personal identification data and electronic attestations of attributes originating from the European Digital Identity Wallet.

For the purpose of making more electronic identification means available for cross border use and improving the efficiency of the process of mutual recognition of notified electronic identification schemes, the notification of at least one electronic identification scheme by Member States is made mandatory in Article 7. In addition, provisions to facilitate unique identification are added to ensure the unique and persistent identification of natural persons in Article 11a. This concerns cases where identification is required by law such as in the area of health, in the area of finance to discharge anti-money laundering obligations, or for judicial use. For this purpose, Member States will be required to include a unique and persistent identifier in the minimum set of person identification data. The possibility for Member States to rely on certification to ensure conformity with the Regulation and thereby replacing the process of peer review, improves the efficiency of mutual recognition.

Section 3 presents new provisions on the cross-border reliance on the European Digital Identity Wallet to ensure that users can rely on the use of European Digital Identity Wallets to access online services provided by public sector bodies and by private service providers requiring the use of strong user authentication.

In Chapter III on trust services, Article 14 on International aspects is amended to allow the Commission the possibility of adopting implementing decisions attesting the equivalence of the requirements applied to trust services established in third countries and of the services they provide, in addition to the use of mutual recognition agreements in accordance with Article 218 TFEU.

Regarding the general provision applicable to trust services, including qualified trust service providers, Articles 17, 18, 20, 21 and 24 are amended to align with the rules applicable to Network and Information Security in the EU. When it comes to the methods to be used by qualified trust service providers to verify the identity of the natural or legal persons to whom the qualified certificates are issued, the provisions on the use of remote means of identification have been harmonised and clarified in order to ensure that the same rules are applied across the EU.

Chapter III presents a new article 29a to define requirements for a qualified service for the management of remote electronic signature creation devices. The new qualified trust service would be directly linked and build on measures referenced and assessed in the impact assessment notably measures on the “Harmonisation of the certification process for remote electronic signing” and other measures calling for the harmonisation of supervision practices by Member States.

In order to ensure that users can identify who is behind a website, Article 45 is amended to require providers of web browsers to facilitate the use of qualified certificates for website authentication.

Chapter III presents three new sections.

The new section 9 inserts provisions on the legal effects of electronic attestations of attributes, their use in defined sectors and the requirements for qualified attestations of attributes. In order to ensure a high level of trust, a provision on the verification of attributes against authentic sources is inserted in Article 45d. To make sure that users of the European Digital Identity Wallet can benefit from the availability of electronic attestations of attributes and have such attestations issued to the European Digital Identity Wallet, a requirement is inserted in Article 45e. Article 45f contains, instead, additional rules for the provision of electronic attestation of attribute services, including on the protection of personal data.

The new section 10 allows for the provision of qualified electronic archiving services at the EU level. Article 45g on qualified electronic archiving services complements Articles 34 and 40 on qualified preservation services for qualified electronic signatures and qualified electronic seals.

The new section 11 establishes a framework for trust services in regards to the creation and maintenance of electronic ledgers and qualified electronic ledgers. An electronic ledger combines time stamping of data and their sequencing with certainty about the data originator similar to e-signing with the additional benefit of enabling a more decentralized governance that is suitable for multi-party cooperation. This is important for various use-cases that can be built on electronic ledgers.

Electronic ledgers help companies saving costs by making multiparty coordination more efficient, safer and they facilitate regulatory supervision. In the absence of European regulation, there is a risk that national legislators will set diverging national standards. To prevent fragmentation, it is necessary to define a single pan-European framework that will enable the cross-border recognition of trust services supporting the operation of electronic ledgers. This pan-European standard for node operators will apply notwithstanding other EU secondary legislation. Where electronic ledgers are used to support the issuing and/or trading of bonds, or for crypto assets, use cases should be compatible with all applicable financial rules for example with the Markets in Financial Instruments Directive 11 , the Payment Services Directive 12 and the future Markets in Crypto Assets Regulation 13 . Where use cases involve personal data, service providers will need to comply with the GDPR.

75% of all use cases for electronic ledgers were in banking and finance back in 2017. Use cases for electronic ledgers are today increasingly diverse, with 17% in communication & media; 15% in manufacturing & natural resources, 10% in the governmental sector, 8% in insurance, 5% in retail, 6% in transportation, 5% in utilities 14 .

Finally, chapter VI has a new Article 48b to ensure that statistics on the use of the European Digital Identity Wallet is collected for monitoring the effectiveness of the amended Regulation.