Achieving the Digital Single Market: Enabling Cross-Border Authentication with CEF eID
The European Commission and EU Member States have been actively working towards establishing cross-border interoperable solutions for digital services that can act as key enablers for digital services in the Digital Single Market. Currently supported by the Connecting Europe Facility (CEF), the CEF eID building block helps public administrations and private online service providers to easily extend the use of their online services to citizens from other EU Member States.
European Commission 2017
STORK & ISA Beginnings
The ability to use national electronic means of identification (be it a card, a login, etc...) abroad is not automatic per se. In addition, allowing diverse IT systems to interact with one another – i.e. be interoperable – is a complex and multi-disciplinary issue covering legal, operational, semantic and technical aspects. It requires that Member States agree on common standards to make their national systems compatible.
To meet this challenge the European Commission initiated and co-funded a real life pilot project, better known as the STORK, an eID Large Scale Pilot. Large Scale Pilots are public and private sector collaborations that work to connect Europe digitally across-boarders. Owned by the European Commission's Directorate General for Communications Networks, Content & Technology (DG CONNECT) and implemented by a consortium of public and private entities, STORK aimed at solving the issues of cross-border interoperability of eID by piloting natural person authentication and on behalf of legal entities. An additional output of STORK was the development of STORK technical specifications and source-code.
The European Commission's ISA² programme played a key role in supporting STORK. ISA, based in the European Commission's Directorate General for Informatics (DIGIT), maintained the STORK 1.0 code and integrated the STORK infrastructure with the European Commissions’ Authentication Service (ECAS), now known as EU Login. This allowed for the use of national eID schemes to logon to digital online services of the European Commission. ISA enabled the STORK-EU Login integration to allow officials within a European public administration to login to European Commission’s applications and grant access based on their role or position.
In addition, the ISA2 action on Power and Mandates aims at creating a shared European model for maintaining electronic information on the powers and mandates of legal entities. Information on legal entities and their powers and mandates is essential for businesses when establishing relationships with governments, customers or other businesses. However, the cross-border exchange of information is limited by the lack of semantic standards. The absence of such standards prevents automated data processing within Europe, and decreases information reliability. The European Commission aims to overcome this obstacle by creating a common classification for the powers and mandates of legal entities. This model will allow the automatic processing of data from one EU country in the IT systems of others. The action will build on the results of the CEF eID project and the ISA Core Vocabularies
The e-SENS Large Scale Pilot
e-SENS, running from 2015-2017, increased the possibilities to use eID by conducting pilots across various domains, including eProcurement, eHealth, eJustice, Business Lifecycle, Citizen Lifecycle and eAgriculture. Thus, e-SENS permits businesses, citizens and government employees to use the presently widespread (nationally issued) electronic identities in cross-border public and private services.
Concretely, e-SENS, aimed to consolidate the work achieved by previous pilots in different domains and thereby facilitate the deployment of cross-border digital services through generic and re-usable technical components. The work of e-SENS, using STORK 2.0, also contributed to the cross-border digital service infrastructures foreseen in the regulation for implementing the Connecting Europe Facility.
The Connecting Europe Facility
The Digital Single Market strategy aims to ensure that public administrations, business and citizens can seamlessly access and exercise online activities, in a secure environment and across borders. The Connecting Europe Facility (CEF) offers EU funding to expand high-speed broadband Internet network across Europe and deploy Digital Service Infrastructures (DSIs), supporting EU-wide standards and interoperable services for improved service users experience and giving concrete opportunities for businesses to grow by reaping the benefits offered by the digitalisation of the economy.
CEF supports basic and re-usable digital services, known as the CEF building blocks, as well as sector-specific DSI across a variety of domains. The CEF building blocks can be combined with each other and integrated with sector specific DSIs and a variety of online services. The catalogue of re-usable building blocks so far includes eID, eSignature, eInvoicing, eDelivery and eTranslation.
DSI projects deploy trans-European digital services based upon mature technical and organisational solutions, currently supporting DSIs in 15 different domains, in areas as diverse as electronic identification, online dispute resolution and interoperable health services. The projects contribute to improvements in daily life of Europeans through digital inclusion, to the connectivity and interoperability of European digital services, and therefore the development of a Digital Single Market.
The European Commission service DG CONNECT defines the strategic and policy direction of CEF eID, while DIGIT provides technical operation, in close collaboration with the Member States. CEF eID now coordinates work undertaken by the Member States on the technical specifications and sample implementation that Member States can use to enable the provision of their national eID schemes for use across border by setting up an eIDAS Node.
Compared to the previous projects, CEF eID implementation is backed up by the eIDAS Regulation that was adopted in 2014 to provide a regulatory environment enabling secure and seamless electronic interactions between businesses, citizens and public authorities in order to increase the effectiveness of public and private online services in the EU. As such, CEF eID is a technical adaptation of STORK 2.0 to comply with the eIDAS Regulation.
In the context of CEF eID, the eIDAS Regulation provides the legal framework for the cross-border recognition of eID means, ensuring their interoperability and legal certainty. With eIDAS, the European Union has laid the foundations for citizens, businesses and public administrations to access and use on-line services in a more reliable, responsible and convenient manner. CEF eID provides the services and specifications outlined above to help Member States meet the requirements of the eIDAS Regulation.
CEF eID continues to learn from the key findings of past LSPs and has been closely collaborating with e-SENS to make cross-border eID a reality and ensure achieving compliance with the EU legislation on electronic identification and trust services for electronic transactions, the eIDAS Regulation.
Next steps
The uptake and use of CEF eID by the private sector - who are potentially the biggest users and contributors to the Digital Single Market - will help achieve the fulfilment of the Digital Single Market, itself estimated to contribute as much as €415 billion per year to the European economy.
Grant funding supported by the Connecting Europe Facility will support the continued roll-out and adoption of CEF eID until 2020. You can find more information on grant from the Innovation and Networks Executive Agency (INEA). Furthermore, DG CNECT is undertaking a long-term (post-2020) sustainability study for the building blocks to ensure the deepening of the Member States’ cooperation in this field.