ⒾMachine translations by Deepl
Digital identity stealthily becoming mandatory after all
Privacy First objects to European Banking Authority proposal to make European digital identifier mandatory.
In 2022, the Lower House passed a motion calling on the cabinet not to agree to plans for a European digital identity ('EUDI wallet'). This motion was not implemented by the cabinet.[1] The then secretary of state indicated that he would remain attentive to ensuring the voluntary use of digital identity in the follow-up process, both for government services and for services provided by critical sectors such as energy and banks.
Privacy First Foundation notes that it is already becoming apparent that the use of digital identity will become mandatory rather than voluntary in practice. To this end, Privacy First refers to the plans of the European Banking Authority (EBA), an authority that makes rules with which banks and other financial institutions must comply. The EBA wants to require banks and other financial institutions to identify their customers using digital means from now on. Only if digital identity is not available or it is unreasonable to request it would financial institutions be allowed to allow other means of identification. If this rule becomes mandatory for banks and other institutions, it means that citizens will no longer be able to freely choose whether to use a digital identity. Free choice will then no longer become the rule but the exception.
EBA's proposal violates Regulation European Digital Identity[2] and with the state secretary's assurances that the use of digital identity is always voluntary and that there is always a full non-digital alternative for people who want to use it.[3] The European regulator cannot override these rules by requiring banks and other institutions to ask for digital identification by default.
Consultation response Privacy First
As part of a consultation held by the EBA, Privacy First recently objected to the proposal to make the EUDI wallet mandatory, firstly because it goes against the European rules on which the wallet is based.
Secondly, Privacy First points to the European Accessibility Directive, which requires the large group of less digitally-savvy people (around 5.5 million people in the Netherlands) to be taken into account. For this group in particular, digital verification of identity poses major risks.
Measures
In doing so, Privacy First has argued that the company deploying the EUDI wallet is obliged to verify that the person who will use this solution understands the risks of the EUDI wallet. Privacy First further believes that companies subject to the anti-money laundering rules are obliged to provide a physical alternative, allowing the customer to verify the reliability of the party physically identifying and the reliability of the equipment used in doing so.
Such measures are needed to mitigate the high risks to citizens associated with digital identification.
Critical tracking
Privacy First calls on the Dutch parliament to keep a critical eye on this issue and ask the cabinet to urge the European Commission to intervene where rules are introduced that conflict with the principle of voluntariness in the method of identification.
Further information:
- The EBA's consultation paper is available via this page find;
- Message AFM on the Accessibility Directive: https://www.afm.nl/nl-nl/sector/actueel/2025/apr/sb-eaa-update%201
- Privacy First's response is at this page announced, where our full English-language consultation response (pdf) can be found.
[1] See letter State Secretary for Kingdom Relations and Digitalisation dated 2 December 2022, https://open.overheid.nl/documenten/ronl-fd67a73179ccacb2bdfdb0b4626eb7ef69cc9643/pdf
[2] Regulation (EU) 2024/1183
[3] See for example The EDI Wallet Identity - Digital Government
