CEF eID:  Towards a smooth identification and authentication process on online public services across Europe

European Commission, 2018

How can we make the digital identification and authentication of European citizens as smooth as possible when accessing online public services abroad? The European Commission and Member States answer this question with the eIDAS regulation on trust services in the internal market. eIDAS allows for the reuse of nationally-issued electronic identity (eID) to access online public services in other European countries.

In recent years, Member States worked hard to promote, and ensure, technical interoperability between their electronic identification schemes. Yet, this does not guarantee the uptake of electronic identification among the general public. Only user-friendly applications and well thought through websites will encourage citizens to start using their electronic identity to access eGovernment services. This becomes even more important when considering the cross-border context, where additional challenges for the citizen, such as differences in the administrative procedures and language barriers, exist. 

Member States are now closely collaborating to ensure that citizens are properly informed and guided through the different steps of the identification and authentication process when using their national eID to access foreign online services. The challenge is to ensure that across Member States there is a common approach to user experience for the cross-border user journey. This means the Member States must collectively anticipate the potential difficulties users may experience, and together define a set of best practice design guidelines for the cross-border user journey. 

On 6 April 2018, 18 representatives from 11 Member States gathered to work on this challenge. The objective of the workshop was to align on a set of common user experience recommendations to apply to the eID cross-border user journey enabled through eIDAS. The workshop was hosted by the Danish Agency for Digitisation in Copenhagen. The day started with a stock-take of the design work already completed towards the cross-border authentication journey, with each Member State in attendance presenting their respective designs. The afternoon was dedicated to a group activity during which the participants explored common user problems, identified potential solutions to these problems and agreed on the set of common UX recommendations.

Results of the group activity on common user problems and solutions

Specifically, the workshop focused on aligning the Member States' approach towards several key elements of the authentication journey. The takeaways from the discussion include:

• Discovery: On a foreign government website, it is important that users actually understand that they can reuse their nationally-issued eIDs to authenticate to the service (a very new concept for most). This understanding can be facilitated by working on providing clear explanation and being careful about the terminology used (e.g. focusing on explaining in clear language the possibility to log-in with a foreign national eID, rather than relying on terms that people do not relate to, such as 'eIDAS').
• Country / eID selection: Once users understand that they can reuse their national solutions, they need to select the specific scheme they have. At the moment there are only a few schemes available that have been pre-notified, but the design adopted by the Member States needs to be scalable to allow for more eID schemes in the future. Member States explored the best ways to present information to the user which will maximise correct navigation (e.g. presenting in parallel the country flags and associated eID scheme names and logos).
• Attribute consent: At the moment, Member States have developed different solutions to collect the consent of users regarding the sharing of their identification attributes. Sometimes this consent is requested multiple times. Information about why the attributes are collected and which additional attributes are necessary to access the service in question needs to be crystal clear to avoid frustration and abandonment of the process.
• Use of the service: The eIDAS regulation is introducing a mutual recognition of eIDs across Europe. All online public services requesting secure electronic identification (Level of Assurance of substantial and above) need to provide the possibility to log-in with any foreign eID scheme that has been notified under eIDAS. However, successful authentication to a government website does not necessarily mean a foreign citizen will be eligible to benefit from the specific service; in many cases more is requested of the citizen, notably registration in the national register of the country and additional documents to prove their rights. Member States are therefore investigating how best to inform users in a convenient manner of the steps they may need to take in order to be able to actually use the service requested, and to avoid any frustration.

In the upcoming months, the Member States will continue to collaborate on these issues and more user testing is expected to identify the most successful approach. User research is a continuous process that requires an important mindset shift in the way public services are designed and delivered in Europe. With regard to cross-border eID, the Member States are committed to improvement by implementing user-centric principles and developing tools to exchange best practices and key information with their European colleagues. Ultimately this contributes to the vision of a Digital Single Market by removing non-necessary barriers to online transactions, so that citizens can feel just like at home when using foreign public services online.