The Council of Government Representatives of the EU Member States finally approved two long-controversial draft standards on Tuesday. These are the regulation for a European electronic identity (EUid) based on digital wallets (e-wallets) and the European Media Freedom Act (EMFA). In principle, both legislative processes have been completed.
Advertisement
With the reform of the eIDAS regulation, EU states will have to make an e-wallet available to all citizens and companies in the future. Users should be able to voluntarily save their national eID, especially on mobile devices, and link it with evidence of other personal attributes such as driver's license, diplomas, birth or marriage certificates, payment details and medical prescriptions. The EU Parliament in particular spoke out against the obligation initially demanded by the Commission to design the EUid as a lifelong personal identification number.
Another sticking point was the approach according to which browsers such as Chrome, Edge, Firefox, Opera and Safari must recognize qualified certificates for website authentication. With their agreement, the EU legislative bodies adhered in principle to the introduction of such Qualified Website Authentication Certificates (QWACs). After massive criticism from scientists and civil rights activists, they added clauses on how the “established safety rules and standards of the industry should be adhered to”. Experts have repeatedly warned that government root certificates in the form of QWACs make it easier for authorities to intercept encrypted communications.
EU Council praises achievements for digital society
A surveillance issue was also at the center of the dispute over the Media Freedom Act. The Council of Ministers demanded that security authorities be allowed to spy on media representatives with spyware for “national security”. The negotiators ultimately removed this clause from the text of the standard at the urging of the people's representatives. However, this now shows that the EMFA “respects” the national responsibilities of the member states set out in the EU treaties. This is intended to make it clear that EU countries are responsible for measures in the area of national security. You could therefore set your own guidelines for the use of state trojans against journalists.
Basically, the EMFA contains a holey anti-spyware clause. This means that security authorities are allowed to use spying software with a judge's order against media service providers as well as their employees and their relatives in the fight against “serious crimes” that can be punished with a prison sentence. Representatives of the Belgian Council Presidency welcomed the decisions as milestones for the digital transition and democratic society. The eIDAS amendment will come into force 20 days after its publication in the EU Official Journal and will be fully applicable in 2026. The EMFA should take effect immediately 20 days after its official publication.
(ds)