News, events & blog
EUDI wallet brings e-identity to the masses?
I consider the first version of the EIDAS regulation a failure. Its new version, EIDAS2, once again attempts to solve the problem of cross-border electronic identity verification throughout the European Union, with the European Digital Wallet as the driving force. This wallet should also allow for digital signing and the use of other documents, permits, and possibly even the digital euro. Based on what I've seen so far, I'm rather skeptical, but still, open to surprises. Therefore, it was interesting to hear the Estonian Digital Wallet pilot project team discussing the project's present and future.
The Digital Wallet is primarily an ID card in your mobile phone — more modern and easier to use. Without raising too many expectations, this could be its only function. In this form, I believe it will work, but mainly for domestic use. Estonia has a problem—we currently have three identity verification methods: a 28-year-old ID card, a 23-year-old Mobile-ID, and a 7-year-old Smart-ID. As we already know that by 2027, we will no longer be able to use Mobile-ID, as SIM cards in their current form will disappear. The new SIM cards, however, cannot be certified according to EIDAS2 requirements. Therefore, the Digital Wallet can be seen as a replacement for Mobile-ID, which, in essence, is very similar to the Smart-ID solution, but with the state as the issuer instead of a private company.
In fact, Smart-ID does not meet eIDAS2 requirements either, but I believe a solution will be found for this, and it will remain a valid alternative alongside the ID card and Digital Wallet in the future. If this does not happen, Smart-ID can still be used domestically in the same way as before.
The Estonian Digital Wallet prototype is now ready, and we await the next steps towards developing the final product. The EU's deadline for the public release of the wallet is November 3, 2026, with a requirement that the European Commission adopts the necessary implementing acts.
The Digital Wallet does not change anything regarding digital signing. EIDAS2 does not include any new standards for this. While EIDAS1 established a framework for digital signatures, it did not specify anything about the format or presentation. EIDAS2 improves this, but only slightly. As a result, two schools of thought continue to exist: those who wish to sign PDFs by adding a signature directly to the file, and those like Estonia, who prefer a container that does not limit the format or number of files being signed. These two approaches do not align.
EIDAS2, however, distinguishes between a digital signature and a digital seal. The former is added by an individual, and the latter by companies. This is a great development, which will hopefully end the confusing discussions about company ID cards and digital signatures in many countries. For me, there is no such thing as a legal entity that signs documents and identifies itself. This is always done by an individual, who may represent an organization when doing so. The digital seal is a much better concept for an anonymous confirmation given on behalf of a company, without revealing the person or system that provided it.
It is unlikely that all these different national digital wallets will work across borders. Digital signing has already been mentioned. But another key issue with such solution is the personal identification code. In Estonia, every person has a unique and public identification code. Meanwhile, in Germany, for example, there is no such thing. There are no e-services for digital transactions and therefore no need or opportunity to use the Digital Wallet. However, things are changing in Germany, and it has been reported that a decision has been made to give Germans a public identification code similar to that of Estonians.
There is, however, one cross-border exception — driver’s licenses. Significant amount of testing is currently underway to ensure that driver’s licenses can be verified regardless of the country. Even the USA is involved in this test project. All this is possible because there are existing agreements and standards between countries regarding driver’s licenses. But no such agreements exist for identification.
Nevertheless, Estonians aim to create the world’s best Digital Wallet, and this will likely succeed. We have a well-functioning eID infrastructure and associated e-services such as the e-Car Register, e-Population Register, e-Business Register, e-Health, e-Banking, etc., and it is very easy to use systems and data across these services without direct connections between them.
An important principle of the Digital Wallet project is the protection of privacy. It should work and allow basic functions even without an internet connection. There should be no central authority through which all queries pass—no third party should be able to track where a person has identified themselves and what services they have used. Of course, there are challenges here, especially from the perspective of anti-money laundering and "know your customer" (KYC) requirements.
On a related note, it is worth mentioning that alongside the Digital Wallet project, there is also talk of the digital euro, which should offer cash-like features in digital form. Here too, no one should have centralized oversight of where and with whom the wallet owner transacts. The digital euro should also be usable without an internet connection. However, in this case, the question remains for me: how will the double-spending problem be solved? How will it be ensured that this digital euro can only be used once in the wallet on your phone?
Our team will keep an eye on developments and look for collaboration opportunities, as we are also trying to solve the electronic identity verification problem globally with our eeID project.
Modernizing Domain Protocols: REPP as an EPP Alternative
In 2014, we began developing a new registry system, where one of the key components was a modern approach to the communication protocol between the registry and registrars: the Extensible Provisioning Protocol (EPP).
Joint CENTR 25th R&D and 51st Tech meeting overview
In October, CENTR’s joint meeting of technical and development working groups took place, with a focus on DNS, particularly from the perspectives of anycast, scanning, and zone generation.
Auction schedule of reserved domains
From May 16, we started auctions of place names and numerical domains that have been reserved until now. Domain names are auctioned in groups in the classic open English auction format. Auctions for reserved domains start every day at 12:00 and last 24 hours until the following noon. In the future, we will publish the domains that will be auctioned at least 30 days in advance.