Qualified Ledgers: Bridging the Gap between Blockchain Technology and Legal Compliance

Dr. Ignacio Alamillo-Domingo, Steffen Schwalm, Dr. Carsten Stoecker, Ricky Thiermann

1. Introduction

Welcome to a new era in the world of Distributed Ledger Technology (DLT). Enter eIDAS 2.0, the European Union’s latest proposal that’s set to redefine the landscape of digital identity, legal compliance, and electronic ledgers.

eIDAS 2.0 introduces the concept of ‘qualified electronic ledgers’, a new category of a qualified trust service on electronic ledger that combines the best of both worlds: ledger technology and legal compliance. It’s like continuing the DLT evolution, only this time, it is also compliant with eIDAS 2.0 as a pan-European legal framework.

In this article, we’ll dive into electronic ledger legal innovations of eIDAS 2.0, explore the different types of DLT ledgers, and discuss how qualified electronic ledgers could potentially turn the ledger debate on its head. We’ll also look at use cases and benefits of qualified ledgers for regulated industries, and make some predictions about the future of DLT, the Spanish presidency of the Council of the EU, and the intersection between identity, industry 4.0, and CBDCs for institutional adoption.

The new [eIDAS 2.0] section 11 establishes a framework for trust services in regards to the creation and maintenance of electronic ledgers and qualified electronic ledgers. An electronic ledger combines time stamping of data and their sequencing with certainty about the data originator similar to e-signing with the additional benefit of enabling a more decentralized governance that is suitable for multi-party cooperation. This is important for various use-cases that can be built on electronic ledgers.

This isn’t just another update; it’s a shift that’s poised to disrupt the ‘public vs. private ledger debate’ on one hand but also the concerns on security and privacy in DLT on the other hand as it is currently known.

So, whether you’re a DLT enthusiast, an identity expert, a cyber-security professional, a lawyer, or just someone who enjoys watching the status quo get a good shake-up, stick around. And remember, in the world of DLT, the only constant is change, and the speed of change is … well, let’s just say it’s a bit faster than a ‘Bitcoin Improvement Proposal’ (BIP) on steroids.

2. Understanding eIDAS 2.0 in the context of DLT and Blockchain

The European Union’s eIDAS 2.0 is a proposed regulation that aims to establish a framework for a European Digital Identity and Trust services. This regulation is designed to support the Union’s transformation towards a Digital Single Market, addressing the growing digitisation of cross-border public and private services which rely on the use of digital identity solutions. The proposal builds on the current eIDAS Regulation, focusing on the role of Member States as providers of legal identities and on the framework for the provision of electronic trust services in the European Union.

eIDAS 2.0 is intended to provide access to highly secure and trustworthy electronic identity solutions as well as trust services for cross-border use. It aims to ensure that public and private services can rely on trusted and secure digital identity solutions, and that natural and legal persons are empowered to use digital identity solutions and trust services

The proposal for eIDAS 2.0 differs from its predecessor in several key ways. The current eIDAS Regulation has been evaluated and needs for optimization were identified in order to address new market demands and developments like:

• Decentralized digital identities and ecosystems
• Self Sovereign identities
• Enlargement of digital identities to include also attributes like driver license, payment tokens, boarding passes etc.
• Trustworthiness and proven security on DLT

Some main reasons why success of eIDAS 1.0 was quite limited are:

• Focus on core identity (PID) for natural entities but excluded additional attributes
• Limitations on Europe wide certification on certain LoA
• Limited harmonization of requirements on digital identities and trust services
• Especially in Germany a disproportion of security and useability of eID

The presumable biggest change in eIDAS 2.0 is the requirements for every Member state to provide an EU-Digital Wallet to its natural entities. The Wallet could be published:

• By member state
• Under authority of member state
• Recognized by member state

This makes also private wallet possible under the recognition of a Member State. Any EUDIW will contain a Personal Identification (for natural or legal entity as wallet holder) based on notified eID scheme on LoA “high” and has to achieve LoA “high” itself.

Directly corresponding with the EU-Digital Wallet the new qualified attestation services acc. Art. 45a-e eIDAS 2.0 have to be taken into account. (Qualified) Attestations (QEAA) are nothing more, nothing less than additional attributes so driver license, diplomas or vaccine passport of EUDI Wallet holder but with qualified seal from issuing QTSP. This means that EU-Digital Wallet will contain the core identity currently covered by government eID as well as additional attributes

With the close binding of QTSP on QEAA and the wallet so the mandatory correlation of implementing acts for EUDI Wallet and QEAA both components directly depend on each other — same with the PID as mandatory for EUDI Wallet. EUDI Wallet, PID and QEAA depend on same protocols, formats etc. as given in the ARF.

In any case eIDAS 2.0 basically does not define the infrastructure for the Wallet nor the QEAA or any other QTSP. So it can be DLT too. Means, beside the EUDI Wallet eIDAS 2.0 aims to change the world of (qualified) trust services by expanding the current list of trust services with, namely the provision of mainly:

• Mentioned (qualified) attestations of attributes so additional identity attributes like driver license,
• the management of remote electronic signature and seal creation devices, and
• (qualified) electronic ledgers

As well as mandatory implementing acts on all trust service to ensure common requirements and certification across Europe and may solve the lack of harmonization in eIDAS 1.0

One of the many significant introductions in eIDAS 2.0 is the concept of qualified electronic ledgers. These ledgers provide users with proof and an immutable audit trail for the sequencing of transactions and on-chain records, safeguarding data integrity. This trust service is necessary to prevent fragmentation of the internal market, by defining a single pan-European framework that enables the cross-border recognition of trust services supporting the operation of qualified electronic ledgers. It also gives the chance to boost the utilization of European Blockchain Service Infrastructure EBSI when it`s provided by proven trust services with dedicated liability obligations. This means that eIDAS 2.0 gives Europe the chance to solve one main issue in utilization of DLT: Legal Trust through proven security as QTSP for Electronic Ledger will have to fulfill the requirements valid for all QTSP so e.g.:

• Conformity Assessment by CAB
• Supervision by National Supervisory Body
• Reporting obligations in case of security issues
• Full liability

Another change is the binding of QTSP on NIS2 Directive. In the result QTSP become part of critical infrastructure and so have to fulfil foreseeable higher security requirements than under eIDAS 1.0. Same applies to any QTSP using an electronic ledger as infrastructure.

Before we dive deeper into the topic of qualified electronic ledgers, it’s important to understand the main categories of ledger types which are outlined in the following chapter.

3. Types of Electronic Ledgers

Electronic ledgers, which are digital systems for recording and organizing transaction and registry data, come in various forms and serve different purposes. They can be broadly categorized into two types: General non-DLT Ledgers and DLT Ledgers.

3.1 Distributed Ledger Technology or Blockchain

Basically, DLT is a decentralized distributed peer-to-peer network of technical nodes for data exchange and transaction execution. According to ISO 22739 a distributed ledger is in this case shared across a set of DLT nodes and synchronized between the DLT nodes using a consensus mechanism. The consensus mechanism ensures that all transactions are valid and unaltered. Its manner depends on the type of DLT so that the well-known prejudice that DLT implies unacceptable high energy need is only valid for some consensus mechanisms e.g. Proof of Work, other ones are much more efficient especially those ones in DLT with restricted access rights e.g. BFT, Proof of Authority, Proof of Stake. DLT networks allow the transfer of data or value from one party to another without having intermediates involved. Once written to the ledger the transactions are immutable, mainly based on hash protection of data stored on the chain. Any transaction can reliably be tracked on the chain. In case the DLT is organized in blocks it`s called blockchain, so basically a blockchain is a special kind of DLT.

If the factual distributed data set or transactions are bundled in sequential linked blocks it is called a blockchain — a special kind of DLT. The blocks can also include the hash of the previous block and so build the mentioned hash-protection and a so called “timestamp”. This DLT-“timestamp” as well as DLT “signatures” have currently to be differentiated from timestamps defined in eIDAS and related standards due to its lack of a trustworthy source of time, missing creation and validation of digital signatures by trust service provider and missing Proof of Existence created by a third party instead of the system, here DLT, itself. The hash-based integrity protection of each block is based on Merkle-trees. This means that if authenticity or Proof of Existence within DLT needed they have to be added from (qualified) trust service providers acc. eIDAS. Similar challenges occur in case the parties participating in a transaction shall be made evident. In this case the DLT has to be combined with external systems to ensure unique and trustworthy identification of legal and/or natural entities.

In comparison to the original ideas of blockchain, DLT does not mandatorily require the elimination of an operator or consortium providing the distributed network, this depends on the kind of DLT which can be distinguished regarding the access rights and transparency of the transactions. In public DLT everybody can view all transactions and data so there is full transparency, in private DLT only authorized users are allowed, similar conditions apply concerning execution of transactions. In permissionless DLT every user is allowed to validate and persist transactions, in permissioned DLT it depends on the access rights who has the authorization to do so. Furthermore, DLT is differentiated concerning data storage, on chain if data are stored on the ledger or off-chain if data are only represented by hash in DLT

The main discussion point is that Section 11 of eIDAS 2.0 draft is technology neutral. This means the definition of Electronic Ledger also allows traditional registries which do not fulfill the requirements on electronic ledger defined in ISO 22739 as the main technical standards which were adopted in Europe. Their entries can be altered or deleted, which is not possible with DLT acc. ISO 22739. On the other hand, the electronic ledgers under eIDAS 2.0 are expected to provide an immutable audit trail for the sequencing of transactions and data records, safeguarding data integrity which would require certain properties to be fulfilled.

3.2 General non-DLT Ledgers

Before the advent of Distributed Ledger Technology (DLT), electronic ledgers were widely used in various fields, especially in accounting and finance. The most common type is the General Ledger, which is the primary ledger used in double-entry bookkeeping systems. It contains all the accounts of a business or a financial institution, where all transactions are recorded1. In the digital age, general ledgers are often maintained in electronic form in accounting software.

Another prominent example is Digital Accounting Systems, such as SAP; ServiceNow, or Oracle ERP. These systems essentially function as complex electronic ledgers, recording and processing a wide range of financial transactions and producing reports that provide detailed insights into a business’s financial health.

An additional example of a non-DLT ledger is a core banking system, which is a software used to support a bank’s most common transactions, including services like loans, deposits, and credit processing. This system acts as a ledger, recording all transactions that occur within the bank.

However, these traditional electronic ledgers differ significantly from the electronic ledgers envisioned in the eIDAS 2.0 framework. Traditional electronic ledgers, such as general ledgers, digital accounting systems, core banking systems, and IdPs, are typically centralized systems controlled by a single entity. Their entries can be altered or deleted, which is not possible with DLT. On the other hand, the electronic ledgers under eIDAS 2.0 are expected to provide an immutable audit trail for the sequencing of transactions and data records, safeguarding data integrity.

The scope of the paper is Distributed Ledger so that the following sections focus on this subject

.

4. DLT and Qualified Ledger within eIDAS 2.0

The eIDAS 2.0 establishes a pan-European legal framework on (de-)centralized digital identities and (qualified) trust services as an amendment of the already implemented eIDAS 1.0. As the regulation is technology neutral it`s possible to use DLT as infrastructure for or by any component or actor within the eIDAS 2.0 ecosystem:

This means also that it has to be differentiated between:

• EUDI Wallet and/or (qualified) trust services using electronic ledger as well as any subcomponent like Trust lists (Trusted issuer registries etc.)
• QTSP for Electronic Ledger

There`s no dependency between EUDI Wallet and certain QTSP like the one for Electronic Ledger intended by the regulation.

4.2 (Qualified) Trust Services on Electronic Ledger

4.2.1 Fundamentals

The eIDAS 2.0 defines in Art. 45 i that (qualified) trust services on electronic Ledger “Qualified electronic ledgers shall meet the following requirements:

a) they are created and managed by one or more qualified trust service provider or

providers;

b) they establish the origin of data records in the ledger;

c) they ensure the unique sequential chronological ordering of data records in the ledger;

d) they record data in such a way that any subsequent change to the data is

immediately detectable, ensuring their integrity over time”

This recognizes the fact that DLT Systems can be provided by one or more parties so e.g. a consortium or pan-European consortium like the European Blockchain Service Infrastructure. It also refers to the current standardization as ISO 22739 also requires that a distributed ledger is tamper resistant (origin or data records = on-ledger records), contains confirmed and validates transactions (unique sequential chronological ordering as well as correct and provable order) and ensures immutability (ensuring integrity over time). So in fact as the regulation is aimed to be technology neutral it also recognized the current state of the art standardization. Like for any (qualified) trust service as well as EUDI Wallet also for (qualified) trust services on Electronic Ledger mandatory implementing acts referencing European Standards are required.

4.2.2 Multi-party Cooperation and Trust

Qualified electronic ledgers are a unique concept as it ensures the immutability of on-ledger records as well as correct sequencing and accuracy of time of transaction including tamper proof in centralized or decentralized manner. On the other hand it does not replace existing (qualified) trust services like timestamping or (qualified) signatures and seals but complements them. Means that if the author of a transaction has to be made evident in non.repudiated manner in DLT a QES will still be needed. But it might become much more easier to provide QES, QSeal or qualified timestamps using an electronic ledger as ledger is recognized by the regulation.

So it´s imaginable that a certain vendor provides on one hand the infrastructure for a certain QTSP issuing (qualified) certificates for QES/QSeal or QTimestamp using an electronics ledger, which will be in this case part of conformity assessment of the QTSP using the ledger provider as 3rd party supplier. On the other hand the same vendor may act a QTSP for electronic ledger using same network, but other nodes.

As e.g. DLT combines the time stamping of data and their sequencing with certainty about the date QTSP for Electronic Ledger provides infrastructure which is suitable for multi-party cooperation as done e.g. in EBSI. As mentioned: In case a QTSP for any other trust service than electronic ledger use a ledger as infrastructure the certification will be part of the conformity assessment of this QTSP. This also leads to the question: What`s the scope for QTSP on Electronic Ledger?

4.2.3 Possible scope and items of QTSP for Electronic Ledger

It has to be stated that Section 11 focus on all use cases not covered by EUDI Wallet or all other (qualified) trust services so e.g. (qualified) signatures, seals, timestamps, attestations electronic delivery etc.. Means that DLT can be used as infrastructure for any EUDI Wallet as well as any other QTSP too — the security will be proven within the conformity assessment of the CAB. This differentiation is interesting as it lead to the core use cases for QTSP for Electronic Ledger as e.g.:

• Tokenization or digital assets
• Cryptocurrencies
• Supply Chain (traceability)
• Infrastructure for complex utilization like Web 3

In summary Section 11 creates basement for trustworthy infrastructure for core tools in decentralized ecosystems beyond wallets, attestations etc. in general and use cases like metaverse in particular due to proven security and trust as well as liability at QTSP. Furthermore, eIDAS 2.0 lead to Europe-wide harmonization and interoperability solving the national differences and disadvantages from eIDAS 1.0 but also enhanced trust and technical framework to integrate developments like decentralized identities covering all dimensions of digital identities as well as distributed infrastructure like DLT

As a QTSP for Electronic Ledger underlies the same legal obligations as any QTSP (see Section 2) it`s in case of DLT only possible to provide it as a permissioned DLT — otherwise it seems difficult to fulfill security and liability requirements if the write access on the ledger can`t be controlled as it´s typical in permissionless DLT.

A QTSP for Electronic Ledger may provide a whole DLT-System (or network), it`s also thinkable that any node within a DLT-system could be provided by a QTSP. In this case the only open question would be the responsibility for the consensus mechanism. This means the scope or extension of QTSP for Electronic Ledger depens on the provided ledger.

Also the question of business model for such a QTSP remains still open.

In any case the ledger are created and maintained by qualified trust service providers, i.e., qualified node operators. Each qualified Trust Service Provider (qTSP) that in this case operates a node of the qualified ledger must undergo a strict conformance assessment regarding processes and technology done by a formally accredited conformance assessment body (CAB). The assessment will be be done against European standards referenced by implementing acts and so de facto legally mandatoriy. This means that security and trust are proven by trusted 3rd parties which will solve one main concern against DLT e.g. by Cybersecurity Authorities. The certification as qualified trust service providers will provide legal certainty for use cases that build on electronic ledgers, especially in regulated industries. This concept for qualified electronic ledgers should be notwithstanding the need for use cases to comply with EU and national law including data privacy requirements and GDPR.

4.2.4 Use cases for QTSP using DLT and QTSP for Electronic Ledger

As mentioned eIDAS 2.0 clear differentiates between QTSP for Electronic Ledger and other (qualified) trust services and EUDI Wallet using Ledger. This affect directly the practical implementation. This means not that no DLT is useable for EUDI Wallet or by other QTSP, but in this case not QTSP for Ledger needed — the DLT will be part of conformity assessment of certain EUDIW or qualified trust service (like e.g. issuance qualified certificates, preservation etc.). Against this background the possible use cases have to be differentiated between:

5. EBSI European Blockchain Service Infrastructure

5.1 Fundamentals

The European Blockchain Services and Infrastructure (EBSI) is a project initiated by the European Commission and a group of 29 European countries. The project, which was set up in 2018, aims to lay the foundation for future EU public services. The EBSI is currently transitioning into a new organisational entity for the operations of EBSI, the European Digital Infrastructure Consortium (EDIC), which is expected to be fully operational by the end of 2024.

The EDIC will focus on integrating a host of public applications, like digital identity, tracing and verifying goods, storing licenses to more easily transfer between countries, and more. It shall be understood that because of GDPR the EBSI design does not intend to anchor any citizen data on immutable electronic ledgers. When it comes to legal entity identity it can be expected that identifiers of and trust registries about legal persons will be anchored on the EDIC ledger.

The EBSI project is currently run by nodes operated by member states. Each country is expected to operate at least one node of EBSI at full scale. This approach aligns with the decentralized nature of blockchain technology and is suitable for multi-party cooperation. EBSI on one and it ensures a governmental trust anchor and so clear responsibility on the other hand this approach leads to the question on how such a network might be provided (QTSP for Electronic Ledger) or use (by EUDI Wallet Issuer or QTSP using DLT) by a certain provider

With the introduction of eIDAS 2.0 and the concept of qualified electronic ledgers, the EBSI could potentially not only evolve from an ‘electronic ledger’ into a ‘qualified electronic ledger’ enhancing security and reliability of the network, and also providing legal certainty for use cases that build on the EDIC’s electronic ledger. EBSI could also act as decentralized, pan-European Infrastructure for other (qualified) trust services as well as the EUDI Wallets but for infrastructure components like a trust issuer registry as scalable replacement of the trust list or verifiable data registry.

5.2 EBSI between eIDAS 2.0 and QTSP for Electronic Ledger

Currently the European Union is improving the European Blockchain Service Infrastructure to adjust it according the new eIDAS 2.0 but also to establish cross-border use cases to be adopted and rolled out on a pan-European DLT-network so e.g.:

• Digital Credentials for Europe
• EBSI VECTOR
• TRACE4EU
• EBSI-NE

The Large Scale Pilot Digital Credentials for Europe (DC4EU) focus on using EBSI as infrastructure for EU Digital Wallet including the technical improvement according the ARF. The other EBSI Projects support this technical evolution. One task is the adjustment of the technical framework to the ARF. Regarding the fact that EBSI is widely used across Europe and is a functionable network another task is the contribution to ARF in order to ensure it´s feasibility within existing infrastructures like EBSI as eIDAS 2.0 in general and the EUDI Wallet or QTSP for QEAA in particular are not built on a green field.

In comparison to existing PKI and eID EBSI contains a feasible, tested and widely used technical framework for decentralized identities in all their dimension (so core identity = PID and attributes = QEAA) so the adjustment should focus on closing gaps instead of reinventing the wheel. In the result EBSI could be established as basement for trustworthy decentralized infrastructure provided by QTSP and so trusted liable 3rd party for ecosystems or use cases like metaverse

In parallel the EBSI projects contributes on further development of EBSI in subjects like cybersecurity, revocation, long-term provability or interoperability. This will be some input for requirements on QTSP for Electronic Ledger using EBSI or QTSP/EUDIW Providers using using EBS for European standardization bodies and so the possible future certification requirements.

In parallel also the EBSI Governance needs to be adjusted according eIDAS 2.0 As the governance recognize the governmental trust anchor as one main property of European Trust Model the adjustment might not be the most difficult step. A possible option for mapping of governance roles into eIDAS is given in the table below:

As shown in the table EBSI still lacks off several roles like accredited Conformity Assessments Bodies or EUDI Wallet Providers as well as the certification processes for the several actors. On the other hand it provides with Trusted Schema Registry a tool which would ensure additional trust in QEAA or PID within eIDAS 2.0 if adopted. Similar with Trusted Issuer Registry on DLT as possible technical alternative to TrustList based on XML regarding performance and scalability.

Regarding the QTSP for Electronic Ledger the core questions currently remains open: What will a QTSP for Electronic Ledger really provide? In case of EBSI the nodes are provided by Member States which won`t foreseeably act as QTSP. This could mean that QTSP could provide sub-nodes not involved in the consensus mechanism of EBSI.

This question will be solved within the ongoing projects and until eIDAS 2.0 is fully applicable.

6. Predictions for the Future of DLT in Regulated Industries

The impact of eIDAS 2.0 in general and so integration of DLT in this ecosystem in order to achieve legal trust could extend beyond identity and beyond the EU. As the first legal framework of its kind, eIDAS 2.0 could set a precedent for other use case ecosystems and jurisdictions around the world. This could lead to the global adoption of qualified ledgers, further enhancing their potential for cross-border transactions and cooperation.

One of the key predictions is that qualified ledgers will become an integral part of the digital infrastructure in various sectors. They can provide a reliable and legally recognized foundation for a wide range of applications. This could lead to a surge in the adoption of DLT technologies and the development of innovative applications that leverage the unique capabilities of qualified ledgers. With the advent of eIDAS 2.0, the ‘Section 11 Electronic Ledger’ is expected to transition from a legal requirement into practical implementation, aligning with the EBSI.

6.1 EBSI within eIDAS 2.0 and German Concerns

As Digital Credentials for Europe (DC4EU) kis the Large Scale Pilot on EUDI Wallet using EBSI this move could pave the way for the use of EBSI e.g. infrastructure for the EUDI Wallet and QEAA or other QTSP within the ARF. The assessment is currently done in the ongoing EBSI projects and results should be taken into account for further development,

The integration of DLT into the ARF could have far-reaching implications. It could facilitate the creation of a secure and interoperable digital identity infrastructure across the EU (legacy and DLT), enabling citizens and businesses to share identity data in a secure and convenient way. This, in turn, could boost the digital economy and foster more efficient and secure cross-border cooperation in the EU.

On the other side, it is worth noting that the German government decided to not support the integration of any DLT for their national EUDI wallet implementation while in parallel German parties take part in DC4EU but also EWC as both use DLT as (one) infrastructure. The rationale behind the German decision is the ‘missing provable security standard’ for DLT-systems, mitigation of cyber-attack scenarios, and assessment of the respective conformance requirements, examples are standards for consensus algorithms, crypto agility of the underlying DLT infrastructure, HSM-based key management of the DLT nodes, key attestation and crypto-modules of end-devices, and revocation mechanisms. Hence the German government took the following National Political Decision:

“Use of the eID as Personal Identifiable Data (PID) and no use of Blockchain or distributed ledger technology.” Source: BMI EUDI Wallet Consultation Process.

As the eIDAS 2.0 framework is implemented and any EUDIW as well as any QTSP also those ones using DLT-system like EBSI as well as QTSP for Electronic Ledger using EBSI will be certified by independent CAB regarding European standards those concerns can be solved. Another background is that for EUDIW as well as each (qualified) trust service mandatory implementing acts have to be provided by the EC referencing European standards — which will solve the request for such a framework by the German government. With dedicated certification requirements on EUDIW as well as QTSP for Electronic ledger proven by independent CAB the concerns of the German Government can be solved in future.

6.2 Qualified DLT, A Catalyst for Industry 4.0 Transformation

Qualified Distributed Ledger Technology (DLT) can be a game-changer for Industry 4.0, particularly in sectors such as energy, supply chain, and manufacturing. The use of qualified DLT can provide a secure, reliable, and efficient means of recording and verifying transactions and data exchanges, which is crucial for the smooth operation of these industries.

In the energy sector, Transmission System Operators (TSOs) can leverage qualified DLT for a variety of use cases. TSOs are regulated entities that know how to operate critical infrastructure in accordance with compliance and security requirements. They provide public services and have mechanisms for their network services and pricing. These capabilities can be leveraged to operate qualified DLT nodes.

For instance, qualified DLT can be used for secure authentication, authorisation, service discovery, and data sharing in the energy system. It can support use cases such as flexibility aggregation, load shifting, EV charging forecasting and settlement, Guarantee of Origin, smart dispatch, smart city, and customer switching processes. By providing a secure and reliable infrastructure for tamper-proof registries, qualified DLT can enhance the security, compliance, and efficiency of these services. Qualified ledgers are a prerequisite for DLT technology to be adopted before it can become relevant for critical infrastructures such as energy grids.

In the manufacturing sector, qualified DLT can also play a significant role. Industrial use cases such as Third-Party Risk Management, smart manufacturing, digital product passports (DPPs), and supply chain optimisation can benefit from a qualified DLT infrastructure. For example, consortium structures such as Catena-X, an open data ecosystem for the automotive industry, can leverage qualified DLT to provide a standardized global data exchange based on European values.

In the future, we can expect to see more industries adopting qualified DLT as part of their digital transformation & ecosystem strategies. As the benefits of this technology become more widely recognized, it is likely that we will see a proliferation of use cases across different sectors. This will not only enhance the efficiency and security of these industries but also pave the way for new innovations and business models.

In the industry section qualified electronic ledgers may enable execution of European Supply Chain Regulation for proof of origin of products but also product-/data and document traceability. Trusted Digital Product Passes can be enabled using qualified ledger and EUDIW for legal entities. EBSI could be the common decentralized infrastructure. Against this background the developments in TRACE4EU should be taken into account. Document traceability might be also exciting for public sector and e-commerce for audit trails on any online service — a combination with eDelivery could also ensure evident confirmation of receipt in decentralized ecosystems.

6.3 Qualified Electronic Ledgers and Central Bank Digital Currencies (CBDCs)

As the world of finance continues to evolve, Central Bank Digital Currencies (CBDCs) are emerging as a new frontier in digital payments. CBDCs represent a digital form of a country’s fiat currency, issued, and regulated by its central bank. They are set to play a pivotal role in the future of financial systems, offering the potential for greater financial inclusion, improved payment efficiency, reduced cross-border transaction delays, and enhanced security.

Central banks and CBDC systems, particularly in the ‘institutional financial services’ domain, could greatly benefit from the unique features of qualified electronic ledgers and the practical experiences gained through the eIDAS 2.0 activities.

Moreover, the intersection of identity and CBDC, as seen in the European Digital Identity (EUDI) Wallet that will support both payments and identity, further underscores the potential of qualified electronic ledgers. The EUDI Wallet and the Digital EURO are prime examples of how identity and CBDC can coexist in a single system, and the adoption of qualified electronic ledgers could further enhance their functionality and security.

However, the application of qualified electronic ledgers in the retail user domain for CBDCs will require careful consideration of privacy and GDPR challenges. Ensuring the privacy of users and compliance with data protection regulations is paramount, and solutions will need to be found to address these issues.

As the world moves towards the adoption of CBDCs and digital identity at the same time, the concept of qualified electronic ledgers could play a crucial role in shaping the future of digital currencies.

7. Conclusion

The advent of eIDAS 2.0 and the introduction of qualified electronic ledgers mark a significant milestone in the evolution of digital identity and trust services. These ledgers, with their unique ability to ensure the uniqueness, authenticity, and correct sequencing of data entries, are poised to revolutionize various sectors, from cross-border trade to public services, and even extend their influence beyond the EU.

Moreover, the potential of qualified ledgers in the context of Industry 4.0 and Central Bank Digital Currencies (CBDCs) is immense. They could provide a reliable and legally recognized foundation for various industrial use cases and play a pivotal role in shaping the future of digital currencies.

As we navigate this new era of digital transformation, we invite you to join the conversation, explore the potential of qualified ledgers, and contribute to the development of this groundbreaking technology. Whether you’re a technologist, policy maker, business leader, or simply an interested observer, your insights and perspectives are valuable. Together, we can shape the future of DLT and blockchain technology, and unlock the full potential of qualified electronic ledgers.

Selected bibliography

Abbreviations: https://medium.com/@schwalm.steffen/collection-of-eidas-identity-related-terms-and-abbreviations-d14eada34364

[AlSc22] Alamillo, Dr. I., Schwalm S.: Self-Sovereign-Identity & eIDAS: a Contradiction? Challenges and Chances of [eIDAS2]. European Review of Digital Administration & Law — Erdal2021, Volume 2, Issue 2, pp. 89–108

[ALStScTh24] Alamillo, Dr. I., Schwalm S., Stoecker, C., Thiermann, R.: Qualified Ledgers: Bridging the Gap between Blockchain Technology and Legal Compliance. 2024.

[ArchGER23] https://gitlab.opencode.de/bmi/eudi-wallet/eidas-2.0-architekturkonzept-v1

[ARF23] The Common Union Toolbox for a Coordinated Approach Towards a European Digital Identity Framework. The European Digital Identity Wallet Architecture and Reference Framework. December 2023; https://github.com/skounis/architecture-and-reference-framework/blob/80d00cf5ad1c3930235e4140b1fc8a975638f787/docs/arf.md

[BSI19] Federal Office for Information Security (BSI): Towards Secure Blockchains. Concepts, Requirements, Assessments. 2019

[BSI21] Eckpunktepapier für Self-sovereign Identities (SSI) unter besonderer Berücksichtigung der Distributed-Ledger-Technologie (DLT). Bundesamt für Sicherheit in der Informationstechnik. Bonn 2021

[CENTR17982] European Digital Identity Wallets standards Gap Analysis

[CyberSecAct] REGULATION (EU) 2019/881 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act)

[DINTS31648] DIN TS 31648:2021. Criteria for trusted transaction. Records Management and Evidence Preservation in Distributed Ledger Technologies and Blockchain.

[DINSPEC4997] DIN SPEC 4997: Privacy by Blockchain Design: A standardised model for processing personal data using blockchain technology. 2020

[EBSI] EBSI, European Blockchain Services Infrastructure, https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/EBSI, accessed: 30/03/2020

[eIDAS1] Regulation (EU) No 910/2014 of the European Parliament and of the Council — of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. eIDAS, 2014.

[eIDAS2] Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Regulation (EU) No 910/2014 as regards establishing a framework for a European Digital Identity. 2021/0136 (COD) (Version from 10.12.2023)

[ETSIEN319411] ETSI EN 319 411 Policy and security requirements for Trust Service Providers issuing certificates; Part 1: General requirements

[ETSITS119471] ETSI TS 119 471 Policy and Security requirements for Providers of Electronic Attestation of Attribute Services

[ETSITS119612] ETSI TS 119 612 Electronic Signatures and Infrastructures (ESI); Trusted Lists.

[ETSITR119476] ETSI TR 119 476 Analysis of selective disclosure and zero-knowledge proofs applied to Electronic Attestation of Attributes

[GDPR] Regulation (EU) 2016/ 679 of the European Parliament and of the Council — of 27 April 2016 — on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/ 46/ EC (General Data Protection Regulation). GDPR, 2016.

[IDW21] https://fragdenstaat.de/anfrage/id-wallet-des-bundeskanzleramts-ein-projekt-der-bundesregierung-datenschutzrechtliche-aspekte/#nachricht-643462

[ISO22739] ISO 22739:2020: Blockchain and distributed ledger technologies — Terminology, 2020

[ISOTR24332] ISO DTR 24332. Information and documentation — Blockchain and DLT in relation to authoritative records, records systems, and records management

[Ko20] Korte, U. et. al.: Criteria for trustworthy digital transactions — Blockchain/ DLT between eIDAS, GDPR, Data and Evidence Preservation. OpenIdentity Summit 2020. Lecture Notes in Informatics (LNI). Proceedings. Bonn 2020 p. 49–60

[Ko21] Korte, U. et. Al.: Records Management and Long-Term Preservation of Evidence in DLT. In: Roßnagel, H., Schunck, C. H. & Mödersheim, S. (Hrsg.), Open Identity Summit 2021. Bonn: Gesellschaft für Informatik e.V.. (131–142)

[NIS2] DIRECTIVES DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive)

[Sc22] Schwalm. S.: The (not only) social impact of the eIDAS 2.0 digital identity approach in Germany and Europe. In: CRYPTOASSETS, DEFI REGULATION AND DLT: Proceedings of the II Token World Conference 2022. p 23–38

[Sc23] Schwalm S.: Decentralised Digital Identity in the Metaverse under eIDAS 2. Webinar of Chair for the responsible development of the Metaverse. Alicante 2023.

[W320] W3C VC Data Model v2.0. 2024

[Wer] Werbach, K.: The Blockchain and the New architecture of Trust. Massachusetts Institute of Technology. 2018