The problem will probably be adoption by services. It's a lot more tempting to get more information than just age, if you go through the hassle in the first place.
It's the whole of the EU, it's the new EU ID card standard, with biometrics and NFC on the card itself.
I'm not aware of any large scale user implementations of the protocol though (people have been getting compatible ID cards for years, but I don't know any software that uses them outside of probably cigarette vending machines in Spain). Do you know any?
> I'm not aware of any large scale user implementations of the protocol though (people have been getting compatible ID cards for years, but I don't know any software that uses them outside of probably cigarette vending machines in Spain). Do you know any?
I don't know if that's what you're talking about but, in Belgium for example, to fill taxes online and to do various other types of pointless administratrivia you must use your EID card, which you put in an EID card reader (typically connected by USB).
Now the EU-wide biometrics, a sheer horror (the EU court of justice ruled that the biometrics data can be used for other uses and stored in databases outside the card... although at first it was supposed to be private), isn't implemented all around the EU yet.
My EID car was emitted in 2016 and is valid until 2026 and definitely doesn't have any biometrics data in it. I don't know if the system shall already be put in place in 2026 when I'll have to renew it for another ten years.
My point being: biometrics and NFC are probably not present on a lot of EU citizens' ID cards... Yet. So, atm, it probably doesn't make much economical sense to support that system for random usecases like selling cigarettes or alcohol.
Filing my taxes is the only thing I use my EID for.
Then there are some EU countries using their own "2FA" authentication system for anything "government related" (taxes, car registration, company filings, banks login, social security, etc.), complete with physical devices, phone apps, webapps, etc. which aren't using the EU EID at all. Basically: an entire ID system, using 2FA, but bypassing the EID entirely.
I'd say overall it's still pretty much the wild west.
If your EID card has a photo on it, it has biometrics. The biometrics are the photo and fingerprints (if your country required them). The fingerprints are not accessible to terminals without a government certificate on them, but the photo can be read trivially. You can download one of many apps (ReadID or Regula Forensics are good options) to see what's on the card.
The standard is ICAO 8303 for how the data structures work. It's the same as ePassports. EU cards implement EAC for the fingerprints, which has a whole mutual auth PKI system.
