eIDAS is a great opportunity for the public and private sector to join forces
03 / 02 / 2017
eW blog article - As of 29 September 2018, any citizen in the European Union will be able to use his or her national electronic identification (eID) means, notified according to eIDAS rules, to access online public services in any other Member State.
As of 29 September 2018, any citizen in the European Union will be able to use his or her national electronic identification (eID) means, notified according to eIDAS rules, to access online public services in any other Member State. This is made possible by the eIDAS Regulation, which is a set of rules for electronic identification and trust services for electronic transactions. In this blog, Andrea Servida, Head of Unit ‘eGovernment and Trust’ at DG CONNECT at the European Commission, explains to me why this Regulation will have an enormous positive effect on the private and public sector in the EU.
Andrea Servida has headed the Task Force that shaped the proposal for the eIDAS Regulation. He is now leading the team which works on rolling out the Regulation and is responsible for fostering understanding and awareness about the transformative nature of the eIDAS Regulation across various sectors in the digital realm. Andrea Servida is also currently the acting director of the Directorate for “Digital Society, Trust & Cybersecurity”. He is responsible for coordinating the work that is associated with services in charge of cyber security, e-health, smart cities and eGovernment and trust.
The importance of eID for building trust and security in the Digital Single Market
The eIDAS Regulation is a major step in building a Digital Single Market and in boosting trust, security and convenience on-line, for governments, businesses and consumers. Thanks to eIDAS, the EU now has a predictable legal framework providing legal certainty beyond national borders for electronic identification but also for electronic trust services (such as electronic signatures, seals, time stamping, delivery services and website authentication).
Public services are rapidly going digital. There is a growing need to be able to access public services in another EU member state using one’s national eID means. But it is not just about accessing public services. eID means compliant with eIDAS can also provide trust and security for businesses and their customers.
Higher security and more convenience
Rolling out eIDAS means higher security and more convenience for any online activity such as submitting tax declarations, enrolling in a foreign university, access to health data, remotely opening a bank account, setting up a business in another member state, authenticating for internet payments, and so on. As of 29 September 2018, any citizen in the European Union will be able to use his or her national electronic identification (eID) means, notified according to eIDAS rules, to access online public services in any other Member State (provided that the requirements for the level of assurance are met). This is extremely important because the eIDAS Regulation provides not only the possibility to access public services, but also has legal value. With the high level of assurance, these means can be used as legal proof for the verification of the identity of a person.
The recognition of eID means across borders is an extremely important and innovative element of the eIDAS Regulation. Why? In the EU, the responsibility for the provisioning of the eID remains under the sovereign responsibility of the member states. The member states have the choice regarding what is needed, useful or desirable for their citizens and their companies, when they are relying upon or using eID means to access services provided by public sector bodies. This creates a situation where eID means can differ greatly between the various member states. Already 25 member states have rolled out some sort of eID means or are currently doing so, such as eID cards or banking cards, which are recognized at national level.
Some examples: In Sweden, the banking means have been recognized by the government and the government is relying on these services to enable the access to their public services by citizens. The same is true for in Estonia and Austria, which also already accept this type of eID means, in addition to electronic identity card. Italy and Belgium are also developing similar initiatives, etc. The Netherlands is also a key player in the eID domain, having participated in several EU large-scale pilots on the development of eID. It has launched national pilots with electronic identification cards and smart phone apps, to allow online identification for eGovernment services, thus paving the way to become interoperable to connect with other European countries.
A legal framework
With the eIDAS Regulation, the EU put in place a legal framework that will allow all EU member states to mutually recognize each other’s eID systems, as well as an interoperability framework (developed under the Connecting Europe Facility program – CEF) which makes it possible for all these diverse national eIDs to become usable across borders.
eIDAS is, therefore, truly a huge opportunity for Europe. With the Regulation, the implementing acts, the standards as well as the technical interoperability infrastructure being rolled out under CEF, the EU is the first and only region in the world which has a holistic, workable and balanced legal framework for cross-border use of electronic identification and trust services. However, to fully benefit from all this in the Digital Single Market, we have to continue the efforts and move fast.
Removing existing roadblocks in legislation
The member states have made a huge investment, at national level, since the early nineties. They have worked together towards cross-border solutions and in providing the framework that would enable citizens and companies to benefit from these huge investments. According to Andrea: “We should acknowledge the visionary role of member states, because they unlocked a potential for everybody. The member states did their task and we, the European Commission, had to make sure that the necessary regulatory work was done. There should not be any roadblocks in already existing legislation, which would make it difficult for digital initiatives to kick in. That is a very important commitment that the commission took and achieved.”
An opportunity for the private sector
Of course, it is a decision of the private sector whether or not to use government-issued eID means and it is also the legitimate sovereign decision of each member state whether to allow it. In the UK, banks and the telco companies were stimulated to participate in a public-private scheme for UK citizens to access public services. In the Netherlands, the banks introduced a scheme for a new digital identity based on banking credentials, which is called iDIN. With this scheme the Dutch banks open their login mechanism to re-use it for third parties such as the government.
eIDAS is indeed an opportunity for the private sector. Not only the Commission, but also the Regulation itself, encourages the member states to work together with the private sector to provision electronic identification means. “This is where we see the possibility that these means will be used more widely and become truly cross-border,” says Servida.
To reach that goal, the stakeholders must join forces: it is a partnership. This is important because the eIDAS Regulation may appear like it only has effect in the public sector, but it has a big potential for the private sector too. This will benefit everybody whether it is because of greater efficiency and cost savings, growth or innovation on the business side and a better customer experience or greater access to services for the customer.