EU Digital Identity and Market Integration: Where Do We Stand?
Despite some noteworthy initiatives currently undertaken by the European Commission, a fully operational digital identity for businesses (and citizens) is still not in sight. A commentary by Giorgio Presidente
Recent reports by Enrico Letta and Mario Draghi have underlined that strengthening the EU Single Market is vital to boosting Europe’s productivity and competitiveness. Both reports converge on a key message: Europe’s growth potential depends crucially on removing internal barriers and enabling firms to operate seamlessly across borders.
This view is backed by the data. Research shows that trade barriers within Europe are equivalent to an ad valorem cost of 44 percent for manufactured goods and 110 percent for services (Figure 1). While estimates have been criticized, they remain indicative of a broader pattern of regulatory overreach within the EU.
Source: International Monetary Fund (2024).
In a recent article, Carlo Cuerpo – Spain’s economy, trade and business minister – has argued that digitalization can play a central role in the effort to remove barriers and improve EU market integration.
Specifically, a digital profile for EU companies, embedded in a single digital gateway, would cut regulatory frictions and reduce administrative burdens, allowing companies to interact with authorities and partners anywhere in the EU.
The proposal builds on two key elements: the single digital gateway and companies’ digital profile. The first element already exists in principle, and it is based on the Single Digital Gateway Regulation (EU) 2018/1724 and the Your Europe portal, which provide access to information and some online procedures.
Unfortunately, however, the portal is currently of limited use, because while firms can learn how to register a company or file for VAT in another country, they cannot perform these actions directly on the platform.
The key impediment to making the platform a true one-stop-shop is related to the second element of Cuerpo’s proposal, i.e. the lack of a digital identity for businesses that is universally recognized across EU Member States.
With that objective in mind, the European Commission is working on the European Digital Identity (EUDI) regulation, an attempt to enable a secure, cross-border authentication for companies and individuals.
EUDI is primarily designed for citizens – not businesses, and indeed the Commission is quite vague about the potential benefits of a digital identity for companies.
However, EUDI can play an important role in supporting businesses and deepening EU market integration. For instance, it could help entrepreneurs opening bank accounts abroad, a necessary step to set up a business, or allow companies to participate in online calls for tenders.
Given the large number of regulatory frameworks in place in the EU – e.g. the General Data Protection Regulation (GDPR), the Digital Markets Act (DMA), the Digital Services Act (DSA), and the Artificial Intelligence (AI) Act – a successful implementation of EUDI could also substantially reduce transaction costs for businesses and consumers, thus helping to further integrate and expand the EU digital market.
On the one hand, EUDI is an example of regulation that can be reasonably expected to be efficiency-enhancing – so some regulations, especially in the digital sphere, do come with a silver lining.
On the other hand, the problem is that for EUDI to work, Member States must agree on a common set of rules – specifically a common cybersecurity protocol.
Previous related initiatives faced implementation challenges due to discrepancies in the development and interoperability of national electronic identification schemes. EUDI intends to address these issues by mandating Member States to offer citizens and businesses digital wallets based on a new harmonized security protocol.
Yet, paradoxically, implementing the protocol is proving problematic due to privacy issues that might infringe the very rules that the EU imposed on itself.
For example, one paper argues that the cryptographic algorithms on which the system is based are inadequate at preserving users’ privacy. Therefore, in their current design, digital wallets – the building block of EUDI – risk not being GDPR-compliant.
The harmonized system proposed by the Commission must be convincing to Member States, not only in terms of privacy.
For instance, experts express concerns in relation to the system’s scalability and obsolescence. All such issues will clearly discourage adoption by EU members and slow down the roll-out.
In sum, despite some noteworthy initiatives currently undertaken by the European Commission, a fully operational digital identity for businesses (and citizens) seems still not in sight.
Unless legal and procedural frameworks converge among Member States, especially in relation to cybersecurity, digital platforms will remain sophisticated interfaces over incompatible systems.
IEP@BU does not express opinions of its own. The opinions expressed in this publication are those of the authors. Any errors or omissions are the responsibility of the authors.
