Digital

Blog

European Commission Digital

What does it mean to be eIDAS Compliant? Webinar on eID under eIDAS

European Commission, March 2017

On 7 March 2017, experts from the European Commission, Member States and the private sector, discussed electronic identification (eID) under the eIDAS Regulation, with approximately 230 participants in attendance. 

The goal of the live webinar was to align participants on the meaning of being eIDAS-compliant, explore this with examples and use cases, and offer an opportunity for participants to discuss, interact and exchange views.

Regulation (EU) N°910/2014 on electronic identification and trust services for electronic transactions in the internal market (commonly known as the eIDAS Regulation), provides a predictable regulatory environment to enable secure and seamless electronic interactions between businesses, citizens and public authorities.

The Regulation is therefore central to a number of building blocks, financed by the Connecting Europe Facility (CEF), based on identification and electronic transactions, namely CEF eID, CEF eSignature and CEF eDelivery.

The European Commission provided an update on where Member States stand in terms of putting in place eIDAS-compliant eID infrastructure, as well as their plans for the future. In this context, a recent milestone towards establishing eID and trust services in the EU has been the pre-notification by Germany of online ID function of its national identity card and electronic residence permit. This is a major step forward since, as of September 2018, all Member States will have to recognise the notified German eID scheme as well as all the other notified schemes to access at least online public services. Representatives from Austria, the Netherlands and the UK shared their national experiences of putting eIDAS-compliant eID infrastructure in place. For example, Hebert Leitold from the Secure Information Technology Centre, Austria, noted that “the webinar was an excellent opportunity to exchange on the eIDAS state of play and to discuss with interested parties”. Public and private organisations provided concrete examples of eIDAS-compliant eID for the private sector, such as eHealth and mobile identification. Gautam Hazari and Marta Ienco from GSMA concluded “just like the Commission, we consider eIDAS as a fundamental milestone to create a trustworthy digital identity ecosystem […] Therefore, building on the success of a GSMA previous technical proof of concept, [GSMA] just established a working group of public and private multi-stakeholders experts to drive forward a Mobile Connect for eIDAS implementation Pilot and we are inviting interested parties to join this initiative”.

Finally, presenters from the private sector looked to exchange knowledge about key technological trends impacting the field of electronic identification.

Jeremy Grant from the Chertoff Group looked at how fast-paced technological change affects policy. He noted that passwords are no longer considered sufficient as a cybersecurity tool and technology now allows us to have all the functionalities of a smart card (and more) on our smartphones. Multi-factor authentication, he explained, is now easily accessible - in large part due to new standards developed by the FIDO Alliance - and can be applied well beyond the traditional use-cases (e.g. banking). Mr Grant concluded that eIDAS allows for integration between eID schemes in the Member States actively collaborating on harmonisation, while at the same time facilitating integration with the private sector, which has a strong interest for cross-border identification.

Pascal Nizri from Chekk.me concluded the webinar on a similar theme, looking at why cross-sector, cross-domain and cross-border Digital Identity solutions are required, to help achieve the key balance between offering a customer a seamless experience whilst also providing adequate security, especially in the baking sector. Mr Nizri  noted that "customers expectations and regulatory environment are shifting personal data ownership from businesses to individuals, to the benefit of both. Chekk.me enables this shift with cross-businesses, cross-banks, cross-industries and cross-borders Digital Identity and KYC solutions".

The CEF eID building block helps public administrations and private online service providers to easily extend the use of their online services to citizens from other EU Member States. The CEF eID solution can assist compliance with eIDAS Regulation, which ensures legal certainty and cross-border mutual recognition by providing a clear regulatory framework. CEF eID can be combined with other CEF building blocks to create more complex services. In the words of Michael de Boer, European Commission IT Services Officer for CEF eSignature, "the possibility for combining different building blocks, such as eSignature and eID, are endless. That's why we call them building blocks".


To discover how CEF eID is #ConnectingEurope, visit CEF Digital 2018 now.