The problem with eIDAS 1 was the lack of confidence of the EU in itself.
By initially limiting the regulation to citizen-government interations, perhaps more unconciously due to lack of ambition or confidence rather than by rigid dogma, the vast majority of citizens neither really know or care about eIDAS. This got translated to the slow uptake by Member States.
The missing components were public awareness and a good private sector business transactional model. (I dont mean just organisational trust actors like QTSPs but relying parties and citizens themselves - the actual economic beneficiaries)
So now we are looking towards eIDAS 2......But what do we see? 1) Still no planned transactional business model or capability considered in the Architectural Reference Framework (ARF) and 2) no awareness campaigns towards citizens, who this time must drive the takeup. Without citizen-to-business, eIDAS 2 will have limited impact for the relatively few citizen-to-government transactions, just like its elder regulation.
Lets look at item: Transactional finance and charges (1)
With anonymity baked-in to the architecture and overall raison d'etre, how do costs get carried along the supply chain anonymously? Especially if the costs may be proportional the the gain to the relying party and the costs to the credential issuer. (Assume the user usually does not get charged).
Any identifiable cost will carry some measure of traceability. - especially as charges must be auditable! I am sure there are ways to do this. The simpler the better, but it will almost for sure involve a trusted third party somehow. This could act as a distributer of attributable charges. However it works the ARF will need an additional entity and lots more connections.
So lets start discussing what is needed now, before the ARF gets baked-in and charges distribution becomes more of a workaround post-facto!
Now the more straightforward issue of awareness. (2)
The genie is out of the bottle....
True story!: After visiting a delightul Salvador Dali immersive exhibition in London a few weeks ago, I strolled down the nearby Brick Lane food market with my daughter. She convinced me to buy a vegetarian corn-dog from a street barrow vendor. Upon paying with a credit card, I only asked the barrow owner if most people paid by card or cash. Unprovoked, the street vendor then entered into a 15 minute monologue concerning digital wallets and how European Governments were using them to control people's freedoms by concentrating credentials in one place. They would 'vanish' your passport if they did not want you to travel, and would block you access to the credit cards if they wanted to reduce your spending etc. She had been reading the anti-vax newsletters and believed some or most of it. But the fact that she was talking about it (after being fed lies) means that something does need to be redressed. Otherwise wallets will not be the success that we hope for.
So we need to consider awareness actions and dissemination of eIDAS benefits and advantages early. We need to start fully funded programs now, so that the public are prepared for digital identity wallets, without doubt and without fear!
Its up to the EU to commence the important second phase of eIDAS 2 earlier rather than later, and invest in a public communication effort, so that the technological effort already started is not wasted and and does not wither away, unused.
Comments