ZK in practice

Zero-knowledge is the future of the European Digital Identity Framework

The European Commission is pushing for a European Digital Identity Framework for secure public electronic identification, giving access to public national and international services. And they recommend zero-knowledge proofs to do so!

Let’s talk about what this means.

What’s the European Digital Identity Framework?

Context on the European Digital Identity Framework

The European Commission has argued for the right of every person eligible for a national identity card (citizen or resident) to have a digital identity that is recognized anywhere in the European Union.

Mathieu Michel, Belgian Secretary of State for digitisation, administrative simplification, privacy protection and the building regulation, says:

Enabling citizens to have a unique and secure European digital wallet while remaining in full control of their personal data is a key step forward for the EU, which will set a global benchmark in the digital field and enhance security when engaging with online services. Moreover, by putting citizens at the centre, the European digital identity regulation contributes to significantly improving and simplifying access to public services online. Citizens should not have to bear the burden of administrative and institutional complexity.

This movement started in 2014 with the first regulation on safe access to public services and transactions across borders in the EU. It was confirmed in 2018 and each member state was required to build such a system − but there was no interoperability requirement.

In June 2021, the Commission proposed the framework for the European digital identity wallet. 

The regulation

The end-of-2023 update to that regulation includes a lot more information about the initiative:

  • by 2026, all EU member states must create a digital identity wallet and accept those from the other member states
  • they must make the system voluntary and allow for an opt-out
  • the wallet must be entirely free for all human beings (this implies that there might be a business model about organizations having a similar « passport »)
    • including its creation
    • including its use
    • including validation mechanisms for the authenticity and validity of the wallet
    • including these same mechanisms for identifying the users
  • the client-side element must be open source (but can use closed-source components server-side)

The European Digital Identity Framework in action

The European Commission describes the passport as « a simple and safe way to control how much information you want to share with services that require sharing of information ».

Rings a bell?

Okay, don’t move, I’ve got an even better one:

With the EU Digital Identity Wallets, citizens will be able to prove, across the EU, their identity where necessary to access services online, to share digital documents, or simply to prove a specific personal attribute, such as age, without revealing their full identity or other personal details.
European Digital Identity, European Commission website

They get into more detail, saying that they want a digital wallet to be mobile-friendly and allow people to:

  • share their identity online and offline
  • store and exchange government information such as name, date of birth, or nationality
  • store and exchange information provided by trusted private sources. For instance, in France, the National Post is a private service with close ties to public services
  • use the information to confirm their right to live, work, or study in a given EU state

And finally, the European Commission lists some interesting use cases, for instance:

  • public services such as requesting birth certificates or reporting a change of address
  • storing a medical prescription that can be used anywhere in Europe (things can currently be pretty messy when you travel)
  • proving your age
  • proving you have your driving license before renting a car

These are all things that zero-knowledge enthusiasts have been talking about for years. They’re finally here.

Allow us to brag about France for a moment…

There are many existing identification systems offered by governments in the EU today.

In France, we’ve had FranceConnect for a while now. This service has over 40 million users (out of a population of slightly over 60 million). It connects with nearly 1500 services, including tax returns, the healthcare system, the national postal system, and so on. It allows one-click sign-in using whatever identifier you’d like, be it your social security number, tax return identifier, or email address.

But these systems often have serious issues:

  • they are not available to everyone who lives there or is a citizen of that country;
  • they are often limited to online public services, and this EU regulation would like to open it to private companies;
  • they’re not cross-border friendly.

That’s why the European Commission is working on making them interoperable and mandatory for all states.

Why zero-knowledge proofs?

Countless initiatives in web3 have worked on secure authentication and passport information sharing. There have been quite a few grassroots initiatives to do so, including proof of passport, zkPassport, and the Ocelots passport reader.

We know how to do this and we can do it quite well!

What we’ve been missing is government collaboration, where instead of asking everyone to show us their passport and trust us personally, we partner with initiatives at the state level and remain opt-in but remove all the barriers to entry.

Web3 on its own can’t solve the question of citizen authentication. But zero-knowledge proofs allow Web2 and Web3 regulations to meet in the middle. It’s infusing Web2 with trustlessness and decentralization, something we at Hylé deeply believe in. In short:

[…] our goal should be to find ways to increase the surface area for trust building once again. We need new trust infrastructure, adapted to the world as it is.
− Gestalt Café, On trust infrastructure

There is no better solution than zero-knowledge proofs for digital identity management and the European Digital Identity Framework. Zero-knowledge proofs are perfect for this use case.

In their April 2024 amendment to their regulation, the European Commission showed us that they know this as well as we do, and this is amazing news for the ZK world.