EU - Digital ID
-
As you all know the NodeBB team did a super job implementing GDPR.
The EU, that bastion of make work productivity looks set to create more make work for the NodeBB team and their EU user base.
Nom de plume must die!
Q: Why?
A: Because the pen is mightier than the sword.
Part of a wide bundle of things they are pretending to tackle, will have wide reaching implications for basic tenets of cyber culture, message boards, forums etc. etc. they're moving to be so close to having to log on to the internet (ISP), the EU wants it's techno totalitarian cake and eat it IMHO, and is trying to lead the world down this path.
Read for your amusement and dismay:
-
Is there any NodeBB instance with over 45 million monthly active users in the EU? If not, then there is no requirement for NodeBB to implement any integration with any of this (and even then, at that point I imagine its maintainers can handle it themselves), and that's assuming the most ambitious option passes, as there are currently three with different levels of ambition proposed:
Option 1 is just harmonization of eIDs across EU. Currently there is no requirement for member states to "notify" of their eIDAS scheme, which essentially means they don't have to let others use their eIDs in their (currently only public) services. Some states elected to do so and chose to allow other eIDs in their public services too, but some didn't. Poland for example didn't notify the EU of its eIDAS scheme AFAIK, so while I can use it for public services here, it's useless anywhere else in the EU.
Option 2 involves expanding the scope of eIDAS outside of public services for access to information about a person. However, it only proposes requiring relying on this for already regulated sectors, such as energy and finance. But from my understanding it's basically still just about when a service requires a real identity anyway.
Option 3 is the most ambitious one, and it's the one proposing the creation of the "European Digital Identity Wallet" - a more centralized* way of managing the eID, and also identities for more online services, while allowing the user to control the amount of data shared. This is the closes to relevance for NodeBB, but even this doesn't add a requirement to actually implement this for anyone outside of regulated sectors, which at least here also includes "very large online platforms" (which seems vague, but is actually defined in Digital Services Act as online platforms which provide their services to a number of average monthly active recipients in the Union equal to or higher than 45 million. That number will also increase with larger changes in the EU population, so that it continues to be around 10% of EU population)
There is even a section in the proposal on impact on SMEs. The language there seems quite clear on it being something the EU wants to be desirable to implement and not forced:
Removing commonly reported barriers to SME uptake of eID and trust service solutions, such as complexity and lack of information, is therefore likely to support an increase in uptake up to slightly under half of SMEs (47%), and enable an additional 3 in 10 SMEs to access the benefits estimated.
And this from my understanding includes using eIDAS as end-user - so the goal isn't even for half of small to medium businesses to even use eID themselves, much less integrate with it themselves. About it, the document even has to say this:
SMEs would need to identify a strong business case in order to deploy the necessary resources and develop the wallet and conclude agreements with other players in the Wallet ecosystem e.g. credential providers).
So it very much recognizes it's not for everyone.
But If you just want to read it yourself, you can find the proposal here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52021PC0281
And the impact assessment: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=SWD:2021:124:FINSo TL;DR: while one may have differing opinions on whether this direction foe eID is a good idea at all (I personally think that it will help with services that already had to identify you anyway, especially cross-broder, but for the rest I'm okay with most of it since it's not mandatory to use or even have eID), it doesn't impact NodeBB in any currently proposed form. Other than potentially allowing for development of an eIDAS authentication plugin sometime down the line if somebody wanted to do it
*there are sub options for what this means, but I think the option of one EU-wide app developed directly by the EU was actually discarded.
