eIDAS for SMEs: Electronic Identification and Trust Services supporting Business in Europe
From 29 September 2018 onwards, the European Union’s Electronic Identification and Trust Services Regulation (eIDAS) will apply directly in its entirety in the European Union. Now it is up to businesses as well as European citizens to take advantage of this revolutionary way of using electronic identification throughout the EU and doing business across borders. The eIDAS for SME pilot helps SMEs to discover eIDAS and how it can benefit their businesses, such as by creating more efficient business processes. The pilot includes webpages, webinars, a checklist and many other useful material.
Via the eIDAS for SMEs page, you can download a general guidance document, checklist, discover a learning programme and dedicated information for the financial services sector, online retail sector, transport sector and professional services sector.
The European Commission has commissioned a study and a pilot to lead eIDAS for SMEs, a cutting-edge campaign focusing on the power and potential of eIDAS, particularly for cross-border trade and small- and medium-sized enterprises (SMEs). Through a hosts of videos, infographics, sector-specific use cases, an interactive training toolbox and a series of cutting-edge, exploratory webinars, SME leaders, policymakers and other digital experts are invited to discover and learn about the latest developments and emerging opportunities of electronic identity (eID) and trust services.
The Connecting Europe Facility (CEF) supports the implementation of eIDAS with the eID, eSignature and eDelivery building blocks
- The CEF eID building block is a set of services (including software, documentation, training and support) provided by the European Commission and endorsed by the Member States, which helps public administrations and private Service Providers to extend the use of their online services to citizens from other European countries. This is realised through the mutual recognition of national electronic identification (eID) schemes (including smartcards, mobile and log-in), allowing citizens of one European country to use their national eIDs to securely access online services provided in other European countries.
- The CEF eSignature building block helps public administrations and businesses to accelerate the creation and verification of electronic signatures through a service offering including The Digital Signature Services (DSS), the Trusted List Manager, DSS Conformance Testing (maintained by ETSI) and Technical specifications and associated standards (maintained by ETSI).
- The CEF eDelivery building block is a network of nodes for digital communications. It is based on a distributed model where every participant becomes a node using standard transport protocols and security policies.
The eIDAS Regulation (Regulation 910/2014 on electronic identification and trust services for electronic transactions in the internal market) sets a framework for electronic identification and trust services for electronic transactions in the European single market. It is a milestone to provide a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities.
CEF eDelivery: Domibus 4.0 FR - Available Now
©Pixabay
The European Commission is happy to announce that the 4.0 final release (FR) of the Domibus AS4 sample implementation software is now available.
Domibus 4.0-FR is a major release, with several modifications regarding the previous versions. The Commission encourages all interested parties to adopt this release.
The eDelivery Building Block of the Connecting Europe Facility (CEF) promotes the use of the AS4 messaging protocol to create a secure channel for the transmission of documents and data by electronic means, over the internet or via a private network.
CEF eDelivery is a network of nodes for digital communications. It is based on a distributed model where every participant becomes a node using standard transport protocols and security policies. AS4 both provides evidence relating to the handling of the transmitted data as well as protecting it against the risk of loss, theft, damage or any unauthorised alterations.
Domibus 4.0-FR has been achieved only through close collaboration between different EU policy projects' IT delivery teams and CEF eDelivery. Highlights of the release include:
- Multi-tenancy support
- TEST service that allows to "ping" a communication partner
- Audit support
- Export UI tables metadata as CSV files
- Management of participants through the administration console
- Alert management module
- Domibus support for Wildfly 12
- Keep the history of PMode changes
- Configurable Domibus Admin Console title
- Support ofr LDAP CRLs
- Fix the Unique Particle Attribution violations in the Default WS Plugin
Domibus 4.0-FR is backwards compatible with 3.3.x and the upgrade is not mandatory. Please note that the custom plugins need to be updated in order to be compatible with Domibus 4.0-FR. PMode configuration files that were used with Domibus 3.3.x can also be used in Domibus 4.0-FR without any change.
In addition, the European Commission is organising a live webinar to be held on 2 October, 10.30 - 11.30 CET, aiming to showcase the new features available with Domibus 4.0 and to promote and support the upgrade to this latest version of the software.
The Connecting Europe Facility (CEF) supports multiple digital infrastructure projects which contribute to improvements in the daily lives of Europeans through digital inclusion, the connectivity and interoperability of European digital services, and the development of a Digital Single Market.
CEF TELECOM GRANT BENEFICIARY
A Connecting Europe Success Story
CEF eInvoicing Implementation Checklist Now Live
©Pixabay
The European Commission has published an eInvoicing Implementation Checklist to support the adoption of eInvoicing solutions compliant with the European standard on eInvoicing and the transposition of the Directive 2014/55/EU (on electronic invoicing in public procurement) into national legislation.
It is an easy-to-consult reference point and contains the essential information to accompany concrete implementation of compliant national eInvoicing policy. It outlines how to successfully drive eInvoicing policy at the national level, how to ensure coherence with EU law and facilitate technical implementation of IT infrastructure to support eInvoicing. It also includes a guide to success factors and pitfalls, as well as aspects to consider throughout the on-boarding process for suppliers to participate in eInvoicing.
This checklist is an extract of the EMSFEI guidance paper published in June 2018. The guidance paper also highlights the tools, services, support and information (such as country factsheets) provided as part of the Connecting Europe Facility (CEF) eInvoicing Building Block, a key support mechanism for Member States in implementing the Directive.
The European Multi-Stakeholder Forum on eInvoicing (EMSFEI) brings together public and private sector representatives from EU Member States, as well as other experts, on a regular basis to discuss and make recommendations to the community of eInvoicing stakeholders and to the European Commission on how to promote and implement eInvoicing. The Directive calls for a European standard on eInvoicing in public procurement to prevent the proliferation of different formats of eInvoices in the Single Market.
Over €18 million requested for CEF eDelivery, eInvoicing & eTranslation
The Innovation and Networks Executive Agency (INEA) has received 35 project proposals by the 18 September deadline for the CEF Telecom 2018-2 call, requesting over €18 million in total EU funding. The total available budget for the call is €10.5 million. Evaluation of the project proposals with the help of external experts will start in October.
Admissibility and eligibility of the project proposals will now be checked and the proposals will then be evaluated against the specific award criteria of the call. The evaluation process, which will involve external experts, is expected to be concluded by November when the final results will be announced.
CEF Telecom 2018-2 | Proposals received | Requested budget | Available budget | Oversubscription rate |
---|---|---|---|---|
eTranslation (Automated Translation) | 11 | €8,964,037 | €5,000,000 | 1.79 |
eDelivery | 5 | €829,330 | €500,000 | 1.66 |
eInvoicing | 19 | €8,238,483 | €5,000,000 | 1.65 |
Total | 35 | €18,031,850 | €10,500,000 | 1.72 |
Updated figures for 2018 Q2 on the CEF Dashboard
The European Commission has published new figures for the second quarter of 2018 regarding the update of Digital Service Infrastructure (DSIs) financed through the Connecting Europe Facility (CEF).
The figures show that their adoption is rising steadily. These figures can be consulted directly on the CEF Dashboard.
Focusing on the sectorial DSIs, Online Dispute Resolution (ODR), the European Single Procurement Document (ESPD) and the European Data Portal have reached all-time highs in terms of their respective uptake.
Diving deeper into the aforementioned DSIs, ODR is now connected to a total of 387 resolution bodies across 29 countries. In terms of use, ODR has now received over 750,000 complaints from consumers since its launch in February 2016.
Secondly, 19 countries have deployed the European Single Procurement Document (ESPD), which is supported by the eProcurement DSI. In terms of use, the ESPD website received 412,817 unique visitors during last quarter, the highest number since the launch of the ESPD.
Finally, the European Data Portal financed by the Public Open Data DSI is continuing to grow. It now facilitates access to over 856,762 datasets from 34 countries. In terms of use, the number of dataset downloads has also reached an all-time high with 15,056 downloads in the second quarter of 2018 alone.
The European Commission updates the CEF Dashboard on a quarterly basis with new data and features to improve the visibility on the progress made by the DSIs and to enhance transparency.
To find out more visit the Monitoring Dashboard, the Reuse Watch and CEF Digital 2018.
GOV.UK Verify eID scheme pre-notified under eIDAS
European Commission, 2018
On 28 August 2018, the European Commission announced that the United Kingdom has pre-notified GOV.UK Verify, a nationally-issued eID scheme based on a federation of private identity providers.
The pre-notification is the first step in a process that would enable citizens residing in the UK to use their GOV.UK Verify credentials to access public services in other Member States. This would make cross-border interactions easier and more secure for UK-based citizens. The UK is the ninth Member State to pre-notify its national eID scheme, following Germany’s successful notification in September 2017, and the pre-notifications from Italy, Spain, Luxembourg, Estonia, Croatia, Belgium, and Portugal.
The mutual recognition of eID schemes across Europe is mandated by Regulation (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market (commonly known as the eIDAS Regulation). The Regulation states that by 29 September 2018 all online public services requiring electronic identification assurance corresponding to a level of 'substantial' or 'high' must be able to accept the notified eID schemes of other EU countries.
GOV.UK Verify allows British citizens and to other individuals legally residing in the UK to digitally prove their identity online to access eGovernment services and for example apply for a universal credit, check your income tax, check your state pensions, etc.. Soon additional services will be made available such as signing your mortgage deed, sign in to view your total reward statement.
The eID scheme is relying on seven certified companies (Barclays, CitizenSafe, Digidentity, Experian, Post Office, Royal Mail, and SecureIdentity) that can verify the identity of users and issue the necessary credentials to identity and authenticate oneself online. All provides a different set of services and prices to accommodate the needs of different customer segments. In a country were no national identification system is in place, GOV.UK Verify is providing a convenient option to UK citizens and residents.
Following the British pre-notification, the other Member States participating in the Cooperation Network may peer-review GOV.UK Verify (if requested by the UK). The actual notification of the eID scheme should then follow within six months. Other Member States have to recognise a notified eID scheme at the latest 12 months after the publication of the notification in the Official Journal of the European Union.
The Connecting Europe Facility (CEF) eID Building Block primarily supports the Member States in the roll-out of the eIDAS Network (the technical infrastructure which connects national eID schemes). CEF eID is a set of services (including software, documentation, training and support) provided by the European Commission and endorsed by the Member States, which helps public administrations and private Service Providers to extend the use of their online services to citizens from other European countries.
Publication of Trust Models Guidance: learn what's the best option for your project
European Commission
The CEF eDelivery team is happy to announce the publication of the Trust Model Guidance document to help businesses and public administrations to make an informed decision on the trust model to operate when using the Connecting Europe Facility (CEF) eDelivery Building Block.
This document is a key resource to facilitate the choice of the best fitting trust model for projects aiming to use CEF eDelivery. It lists organisations' general requirements and the assessment of the different trust models is based on expert opinion and industry good practices.
A trust model is a collection of rules that ensure the legitimacy of the digital certificates used by the CEF eDelivery components. Digital certificates enable the identification of the organisations using eDelivery and are instrumental for the authenticity, confidentiality, integrity and non-repudiation of the information. Different trust models are available based on different trust anchor models and different rules to create, manage, distribute, store and revoke the digital certificates.
A trust anchor represents an authoritative entity via a public key and associated data. The public key is used to verify digital signatures, and the associated data is used to constrain the types of information for which the trust anchor is authoritative. A relying party uses trust anchors to determine if a digitally signed object is valid by verifying a digital signature using the trust anchor's public key, and by enforcing the constraints expressed in the associated data for the trust anchor.
This document considers four alternative trust models that can be used in any implementation of CEF eDelivery:
- Dedicated Domain PKI: in this model, digital certificates are associated to a single trust anchor. In this case, the trust anchor serves a single domain i.e. it is a dedicated anchor.
- Shared Domain PKI: in this model, digital certificates are associated to a single trust anchor. In this case, the trust anchor serves multiple domains i.e. it is a shared anchor.
- Mutual exchange: this model relies on digital certificates from different trust anchors. As there is no single trust anchor, organisations use the trust anchor of their choice (typically, according a set of well-defined criteria).
- Domain trusted lists: this model relies on a list containing the trusted certificates and/or trust anchors complying with a common domain policy. As a result, organisations are free to choose their preferred trust anchor from that list.
This document relates to the Security Controls guidance document also also available on CEF Digital 2018.
CEF eDelivery Accelerates Swedish ‘Secure Communication’ Project
European Commission
Swedish authorities have started working on “Säker digital kommunikation/Secure Digital Communication”, a project that helps ensure simpler and safer exchange of information between authorities.
Several municipalities, county councils, regions and authorities collaborate to provide secure digital communication. The project was launched in 2017 and is expected to run through 2020. It is currently still in the planning phase but plans to launch its pilots in 2019.
Secure Digital Communication is necessary because a majority of information exchanged daily between municipalities, local councils, regions and state authorities is of a sensitive nature and must be treated securely. Today information exchange is often still by letter, telephone, e-mail or fax. These methods take time and many people are unsure whether their information is handled securely. The digitalisation of such communication provides valuable methods to ensure increased security.
The Connecting Europe Facility (CEF) eDelivery building block is facilitating this project. CEF eDelivery enables the project to reuse existing standards, saving the Swedish team costs and time throughout this project. CEF has supported the project in setting up the infrastructure (AP, SML, SMP) for their test environment. The project is working according to a Platform as a Service (PaaS) and Continuous integration/continuous delivery (CI/CD) concept, in order to make the infrastructure cost efficient and scalable.
You can read more on the project website (in Swedish) here.
CEF eInvoicing Publishes Updated Country Factsheets
The European Commission has published updated Connecting Europe Facility (CEF) eInvoicing country factsheets. The factsheets have been prepared and updated thanks to close cooperation with Member State experts in the European Multi-Stakeholder Forum on eInvoicing (EMSFEI).
Every European country has a unique approach to dealing with eInvoicing. Each country factsheet provides a useful and regularly updated guide to Member States’ policy frameworks, eInvoicing platforms (if existing) and approach for receiving and processing eInvoices.
The updated country factsheets also highlight the great efforts made by central, regional and local authorities in transposing Directive 2014/55/EU (on eInvoicing in public procurement) into national law.
The Directive called for the creation of a European standard on eInvoicing. The standard makes it possible for sellers to send invoices to many customers by using a single eInvoicing format and thus not have to adjust their sending and/or receiving to connect with individual trading parties.
You might also be interested in registering for the 'CEF eInvoicing Webinar #12 - Learn from other countries' eInvoicing implementations' on Thursday, 4 October 2018 - 10:30 - 12:00 (CET). Experts from various European countries involved in the implementation of the Directive and standard on electronic invoicing will be sharing their hands-on experience in eInvoicing implementation.
The CEF eInvoicing building block serves to support public administrations in complying with the aforementioned eInvoicing Directive, and helps solution providers adapt their services accordingly. To do so, CEF eInvoicing makes the following services available:
- eInvoicing Service Desk
- eInvoicing on-site and remote Trainings
- eInvoicing Readiness Checker
- eInvoicing Conformance Testing