Jaap-Henk Hoepman published the interesting article: Analysing the Architecture of the European Digital Identity Framework. He wrote this article because more technical details on the framework are available.
He mentions the following issues:
- Unlinkability: the European Identity (EUID) will be less privacy friendly than it could have been, as it does not make an effort to make the use of attributes unlinkable.
- The Architecture and Reference Framework (ARF) seems to ignore the importance of holder binding to ensure that the real owner of the wallet is actually using it; where the ARF does mention holder binding, it surprisingly appears to relegate verification of this to the relying party.
- The ARF is ambivalent about the scope of the Personal Identification Data (PID), potentially including many more attributes (that could be made available as (Qualified) Electronic Attestation of Attributes) than necessary.
There are also other comments, like validity checks that could introduce privacy risks. Read the article for more information.
Daniel Leisegang wrote for Netzpolitik the article eIDAS 2.0: Beim europäischen ID-Wallet droht die Überidentifikation (eIDAS 2.0: The European ID wallet is in danger of overidentification).