SlideShare a Scribd company logo

Interoperability academy 2024 - Day 2 - Digital transformation and interoperability_eID.pdf

Support for Improvement in Governance and Management SIGMA
Support for Improvement in Governance and Management SIGMA

Presentation given at the Cross-regional exchange and learning week on Interoperability and Digital Transformation in the Western Balkans and Eastern Partnership region that took place 24-28 June 2024 in Brussels.

1 of 74
Download to read offline
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Laura Kask, CEO Proud Engineers, eID ans trust services legal expert Brussels 25.06.2024 Cross-regional exchange between Western Balkan and EaP countries on DIGITAL TRANSFORMATION and INTEROPERABILITY
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Laura Kask - Former Chief Legal Officer for the CIO of the Estonian Government. - Led developments on the legislative framework of the Estonian information society and was involved in many innovative government projects, including data embassies and digital continuity. - Responsible for implementing the main EU level regulations (e- authentication, electronic signature, cybersecurity, data protection) into the Estonian legislative framework. - Currently obtaining a PhD in IT Law at Tartu University. - CEO of Proud Engineers, a leading multi-disciplinary consulting company with experience in supporting digital transformation reforms
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Agenda for today 1 10.15 – 11.30 “Building the eID System Based on eIDAS” Laura Kask & Stephanie De Bruyne, CEO at Belgian Mobile ID - Itsme 2 11:45 – 13:00 “New Framework for eID,EDIW and trust services” • Detailed review of the main provisions of eIDAS 2.0, Laura Kask • Case study from BIH regarding e-Wallet, Almir Badnjevic, IDDEEA, director eIDAS 2.0: in EU and Adopting it to the National Context 3 14.00 – 15.15 Mutual Recognition of E-Signatures • Lessons Learned, and How to Move Forward - Necessary preconditions for mutual recognition of e-signatures, Laura Kask • Agreement on mutual recognition of trust services Montenegro-Serbia-North Macedonia, Danilo Racic, Ministry of Public Administration, Senior Civil Servant • Moderated talk on the status and plans of mutual recognition 4 15.30-17.00 Group Work • Group 1: Adapting eIDAS 2.0 to National Contexts: Challenges and Opportunities • Group 2: Ensuring Mutual Recognition of E-Signatures: Challenges and Opportunities
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Do we actually know who is behind the computer? Justification for amendments: about 60% of the EU population in 14 Member States are able to use their national eID cross-border. Only 14% of key public service providers across all Member States allow cross-border authentication with an e- Identity system. Aim of eIDAS 2.0: by 2030 80% of the EU population are equipped with a digital wallet that will allow them to prove their identity and authenticate themselves on public services in all EU countries and the UK, regardless of their nationality. *https://commission.europa.eu/strategy-and- policy/priorities-2019-2024/europe-fit-digital- age/european-digital-identity_en Peter Steiner published by The New Yorker on July 5, 1993
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint * https://gataca.io/blog/eidas2-explained/
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Building the eID System Based on eIDAS” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services and Stephanie De Bruyne, CEO at Belgian Mobile ID - itsme
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “New Framework for eID,EDIW and trust services” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint * https://gataca.io/blog/eidas2-explained/
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eIDAS Regulation from 2014 (electronic identity) > Mutual recognition system for eIDs that are notified by Member States: ▪ High ▪ Substantial ▪ Low Article 6 of eIDAS Regulation: 1. May ‘notify’ the ‘national’ electronic identification scheme(s) used at home for access to its public services 2. Must recognise ‘notified’ eIDs of other Member States for cross-border access to its online services when its national laws mandate e-identification 3. Must provide a free online authentication facility for its 'notified' eID(s). 4. May allow the private sector to use ‘notified’ eID
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eIDAS Regulation from 2014 (trust services) > Market regulation, Member States cannot impose rules that are in conflict/more strict than eIDAS regulation; > An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures. (Article 25) > When the public sector accepts a document being signed electronically, they must accept documents signed electronically in the same format from the other member states or with the service offered by the other service providers. (Article 27) > Member states maintain and publish trusted lists where they have all the necessary information about the qualified service providers acting inside the EU. (Article 22)
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Shortcomings of eIDAS Regulation • Previously the eID management has been the sole discretion of the Member States. eIDAS regulation did not interfere with the eID management and set up. • EU citizens possessing a notified eID should be able to use their national identity to access public services online, BUT: • mutual recognition requirement is only for access of the e-service, but not for the service delivery itself; • regulation did not introduce harmonization of digital identities of Member States, but rather established cooperation mechanisms and interoperability; • the focus on public sector as there are no clear incentives for the private sector to use national eIDs. WHY all governments did not notify? > One of the reasons could be the compulsory liability clause of eIDAS Regulation. Article 11 states that the notifying Member State shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with its obligations in a cross-border transaction. 13
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eIDAS 2.0: new amendments (principles) 1.Extension of scope: eIDAS 2.0 extends the scope to new types of trust services, including electronic delivery services, electronic documents. This extension is in response to the increasing use of electronic documents and seals in business transactions. 2.Improved cooperation: A key element of eIDAS is interoperability, which is further strengthened by the new regulation and simplifies the exchange of digital trust services across national borders. 3.Increased security: eIDAS 2.0 introduces stricter security and data protection requirements for trust service providers to ensure the confidentiality, integrity and availability of trust services as well as the protection of personal data in accordance with the GDPR. 4.New rules for electronic identification (eID): These rules are intended to make the use of eID more secure and user-friendly. In particular, the possibility of remote identification, e.g. through video identification, makes access to online services considerably easier.
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Mutual Recognition of eIDs + notified eIDs + up to Member States to decide which schemes to notify + country should accept notified eIDs that are equal of higher level than the eID used in their country (public sector) + Mutual recognition of electronic identities is not considered in eIDAS (although, being an exclusive competence of the EU could be the object of international agreements under art. 218 TFEU) eIDAS 2.0: +The right of every person eligible for a national ID card to have a digital identity that is recognised anywhere in the EU +Operated via digital wallets available on mobile phone apps + MS are obliged to notify at least one “Wallet” under a national eID scheme to make them interoperable at EU level. © copyright
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint New Amendments • A shift from mutual recognition of national eIDs to a system that allows eID users to exchange electronic attestations of attributes that are authenticated by trust service providers. • Scope is wider (eID, EIDW, trust services). • Requirement for Member States to offer and notify a digital identity solution, offering EDIW in addition to storing their eIDs, users shall be able to add other electronic attributes and credentials to their wallets, such as university degrees, diplomas, student IDs or driver`s licenses. • The sectors that must accept EIDW are limited to those where it is required by national or EU law • eIDAS 2.0 Article 11 (a) wanted to add introduction of a persistent and unique identifier for all EU citizens and residents, but this is a controversial issue as some Member States have seen this in violation with the constitution. • Introduction of corporate digital identities. • Creation of European Digital Identity Board is aimed to facilitate the consistent application and sharing of best practices and would consist of competent authorities of Member States and European Commission. 16
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint What is an European Digital Identity Wallet? > Article 3 (42): is a product and service that allows the user to store identity data, credentials and attributes linked to her/his identity, to provide them to relying parties on request and to use them for authentication, online and offline; and to create qualified electronic signatures and seals
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint European Digital Identity Wallet • All Member States must provide their citizens and legal entities with eID Wallets and recognise those of the others. • With the European Digital Identity Wallet (EUDIW), citizens will be able to authenticate themselves online for private and administrative services in the future. • Other digital credentials, such as driving licences or training certificates, can also be stored in the Wallet and shared as required. • To ensure that Wallets and digital identities can be used and recognised throughout Europe, the amendment sets out requirements regarding the interoperability, data protection and security of Wallets as well as the verification of digital attributes. • The specific requirements for the Wallets are being worked out by the European standards committees.
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint What can be done with Digital Identity Wallet from users perspective > Stores your digital identity and other important documents and enables you to present them as part of electronic transaction, via QR (offline verification); > “verified credentials” – government signed credentials showing they are trustworthy (passport, driving license); > Other credentials they are signed by the relying party > You can choose which credentials to present and the use is not connected to the issuer > You may want to share other personal information
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint How far will the regulation go?* > H𝐨𝐨𝐰𝐰 𝐢𝐢𝐬𝐬 𝐭𝐭𝐡𝐡𝐢𝐢𝐬𝐬 𝐝𝐝𝐢𝐢𝐟𝐟𝐟𝐟𝐞𝐞𝐫𝐫𝐞𝐞𝐧𝐧𝐭𝐭 𝐭𝐭𝐨𝐨 𝐭𝐭𝐡𝐡𝐞𝐞 𝐞𝐞𝐈𝐈𝐃𝐃𝐀𝐀𝐒𝐒 𝐰𝐰𝐞𝐞’𝐯𝐯𝐞𝐞 𝐤𝐤𝐧𝐧𝐨𝐨𝐰𝐰𝐧𝐧 𝐬𝐬𝐢𝐢𝐧𝐧𝐜𝐜𝐞𝐞 𝟐𝟐𝟎𝟎𝟏𝟏𝟒𝟒? The main shift in the new regulation is the creation of a European Digital Identity Wallet that will enable citizens and businesses to have greater control over their data whenever they are involved in identification and authentication processes. No longer will we be solely dependent on the entity which provides the identification services in that very moment. This will certainly change the way we think of identities. > 𝐇𝐇𝐨𝐨𝐰𝐰 𝐟𝐟𝐚𝐚𝐫𝐫-𝐫𝐫𝐞𝐞𝐚𝐚𝐜𝐜𝐡𝐡𝐢𝐢𝐧𝐧𝐠𝐠 𝐢𝐢𝐬𝐬 𝐭𝐭𝐡𝐡𝐢𝐢𝐬𝐬 𝐧𝐧𝐞𝐞𝐰𝐰 𝐟𝐟𝐫𝐫𝐚𝐚𝐦𝐦𝐞𝐞𝐰𝐰𝐨𝐨𝐫𝐫𝐤𝐤? By 2026, all states must issue wallets available for all residents free of charge to get and use. What’s more, by 2027 basically all public entities and private businesses must enable the usage of said wallet. Online platforms defined as "gatekeepers" under the EU Digital Markets Act must accept Wallets for user authentication, including social networks, search engines and marketplaces with significant influence in the EU single market. *REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL AMENDING REGULATION (EU) No 910/2014 AS REGARDS ESTABLISHING THE EUROPEAN DIGITAL IDENTITY FRAMEWORK
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Where to get information? > LinkedIn European Digital Identity Wallet community > European Digital Wallet Consortiums – test different use cases (large- scale pilots) > www.globaltrustfoundation.org – online courses for DIW
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Challenges for Member States (1) • Identity theft risk and introduction of EDIW – not only eID credentials but all the information the person has in the EDIW; • EIDW shall be issued under a notified electronic identification scheme of level of assurance high. Therefore, it can also be assumed that the corresponding high scheme would be a prerequisite for the EIDW and should exist first. • Countries must decide which route of the eIDAS 2.0 Article 6a (2) to take: issuing their own EIDW, under a mandate or independent, but recognised EIDW. 22
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Challenges for Member States (2) • In countries with the eID scheme with assurance level high would make possible the remote issuance with a secondary device, but it will be a challenge for countries where no eID mean is issued or this is not recognised on level high. • the challenge of issuing EIDW for legal persons. In many countries, only personal eIDs exist in the market. This means legal person representation is a role that is connected to the private eID (more precisely with identity code) and serves more as an access right. This means countries should decide what and on which circumstances the professional EIDW can be issued and how this can be used in national services. 23
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Conclusion • The obligation to accept the EIDW also degrades the proven value of existing eID schemes and might results in unfair competition. • The proposed timeframe for implementation is complicated, as the implementing acts are on the way for EIDW (the deadline is Nov 2024). • As the concept of unique and persistent identifier has been left aside and have been replaced with record matching, it will be difficult for the e-services of the member states there the persistent unique identifier is needed to log in and use the service, to offer the service with the same quality also for cross-border EIDW users. • Cybersecurity and resilience risks. • Trust establishment plays a key role in scalability of the eID solutions, but trust is built over time and adoption is a lot more complex than legislative or technical framework. © copyright
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Case study from BIH regarding e-Wallet, Almir Badnjevic IDDEEA, director
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “eIDAS 2.0: in EU and Adopting it to the National Context” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint WHY?
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Key principles of trusted eID Without these, success is unlikely
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Strong eID is based on strong physical identity eIDs must only be issued using a carefully secured process involving capture of biometrics
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Unique and ubiquitous identifier of citizens Most business processes in the country must use the identifier, assumes a robust population registry.
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Breaking the stalemate The citizens will not take the ID or remember the PIN codes, when there are no services. There will be no services built for no customers.
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint The eID must have a legal meaning Without a legal framework, the eID is simply people doing complex math
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Building blocks of trusted eID These need to be built
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Legal framework > Population registry and its legal significance > Regulation of trust services > Electronic signature and its significance > Dealing with legacy › Education of legal practitioners › Revamping regulations requiring paper-based processes
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Capabilities > Cybersecurity to › drive requirements for eID and validate deliverables › monitor the ecosystem › execute incident response > Cryptography to keep the ecosystem developing > Legal to drive legal changes > Architecture to define, manage and develop the technical ecosystem
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Trust services > Trust services create and operate services underpinning the trust in eID › Certification Authority and Registration Authority › Time Stamping Authority › Signature creation and validation > Trust must stem from audited, regulated and supervised adherence to standards
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint The ecosystem > It is not possible for a › single government authority to build eID due to the range of capabilities and changes necessary › single private sector organization to build eID due to the lack of critical mass in terms of customers and services > Create and manage an ecosystem of service providers, integrators, technology providers, researchers, cybersecurity practitioners, trust service providers etc. › Alternatively make sure to participate in one
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eID transformation process
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eID transformation process
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eID transformation process
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Supporting the vision execution
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eID organizational structure
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Mutual recognition of e-signatures” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Same eIDAS-based legislative framework, BUT how to prove your intent online?
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Mutual Recognition for Third Countries > eIDAS Regulation is seen as a standard across the globe; > Article 14 of eIDAS regulates the recognition of qualified electronic signatures between the EU and a third country. > Currently, the only option to have mutual recognition of qualified signatures is through an agreement concluded between the EU and the third country in accordance with Article 218 of the Treaty on the Functioning of the European Union (TFEU). > There is a “roundabout” through MRA process.
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Pilot for the International Compatibility of Trust Services > MRA Cookbook (explanatory memorandum of eIDAS Article 14, description of MRA process flow and methodology, minimum requirements, technical recommendations) > eIDAS Article 14 Assessment Check-List (benchmarking laws) > Tools (trusted list browser and validation of trusted lists outputs)
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Mutual Recognition Process > A third country’s signature solution can be recognised as an advanced signature under eIDAS. > The European Commission has created a trust list for advanced signatures from third countries’ trust services and prepared the tools needed for validating the signatures. > An official request should be made to the European Commission. > The trust list provides a tool for validating the signatures, but the legal effect and the trustworthiness of a signature still must be agreed separately between interested parties.
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow I > Scope and objective of MRA (selection of trust services and service providers) > Feasibility study and self-assessment (4 pillars: legal or regulatory framework, supervision and auditing systems, technical or best practices aspect, trust representation model) > Technical pilot with the EC (optional) > Formal negotiations will be opened after the feasibility study, optional pilot and self-assessment have positive outcomes
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow II > Together with its formal request, the 3rd country submits to the EC the detailed documentation for assessment: 1) A general description of the trust services framework, covering legal, supervisory, technical and trust representation aspects 2) The legislative documents, including primary and secondary legislations concerning trust services and other relevant legislations (data protection, consumer rights, privacy, freedom of expression) 3) Links to the relevant trust services framework resources, such as existing or draft trusted list, the list of approved secure devices, the list of approved conformity assessment bodies and a description of the underlying approval rules 4) An eIDAS Art 14 self-assessment 5) The list of standards the trust services framework refers to/uses and a description of the way these standards are used/complied to
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow III > EC evaluates the global compatibility of the 3rd country 4-pillar system with the EU system, based on the provided documentation (preliminary assessment and detailed assessment) > EC submits the preliminary assessment report to the EU Member States and consults them on interest in engaging further with the aim to perform a detailed (mutual) assessment as the next step
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow IV > The drafts of MRA associated execution plan, monitoring plan (including the exchange of annual reports, e.g. reports on changes in the respective frameworks, supervisory activities and known litigations, notified security and/or personal data breaches, and annual surveillance review and the frequency of a formal in-depth review of the MRA implementation), and termination plan will be prepared > Technical and/or legal pilot may be conducted
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow V > EC launches Art 218 (TFEU) procedure and MRA will be drafted > MRA needs the consent of the European Parliament and the approval of the Council, before the MRA could be signed > As part of the MRA drafting, or in parallel, the drafted MRA execution, monitoring and termination plans shall be finalized > The finalisation of the MRA may include one or more negotiation rounds
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Procedure of Article 218 of TFEU I > Negotiations: 1) Council of EU authorises the opening of negotiations (EC, or the High Representative of the Union for Foreign Affairs and Security Policy submits recommendations to EC, which adopts a decision authorising the opening of negotiations and nominating the negotiator or the head of the negotiating team) 2) EC may address directives to the negotiator and designate a special committee in consultation (content of such directives is not public)
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Procedure of Article 218 of TFEU II > Concluding agreement: 1) On a proposal by the negotiator, EC adopts a decision authorising the signing of the agreement or in case where the agreement relates to the common foreign and security policy, EC adopts the decision concluding the agreement after consulting or obtaining the consent of the European Parliament 2) EC acts by a qualified majority throughout the procedure and unanimously when the agreement covers a field for which unanimity is required (if the agreement covers EU accession, finances, or common foreign and security policy unanimous vote is required)
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Procedure of Article 218 of TFEU III > Notification: 1) The European Parliament must be informed at all stages of the procedure and is required to give its consent to any international agreement 2) A Member State, the European Parliament, the Council of EU or EC may obtain the opinion of the Court of Justice
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint New Regulation > Trust services provided by trust service providers established in a third country or by an international organisation shall be recognised as legally equivalent to qualified trust services; > recognised by means of implementing acts or an agreement concluded between the Union and the third country or the international organisation pursuant to Article 218 TFEU.
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint What will change with eIDAS 2.0? + Trade agreement or Implementing Act for recognition + Non- EU should meet requirements for qualified TS/TSP + Should follow trusted list MRA Cookbook 58
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Mutual recognition of e-signatures” Agreement on mutual recognition of trust services Montenegro-Serbia-North Macedonia Danilo Racic Ministry of Public Administration, Senior Civil Servant
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Group Work” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Group Work (45 min) + Group Work Presentations (15 min per group) > Group 1: Adapting eIDAS 2.0 to National Contexts: Challenges and Opportunities › Which countries were represented? › What are the main challenges in implementing eIDAS to National Context in terms of eID / in terms of trust services (e- signatures and e-seals)? › What are the opportunities implementing eIDAS to National Context would bring? › How to overcome the challenges? › What kind of support would be needed from local / international communities? > Group 2: Ensuring Mutual Recognition of E-Signatures: Challenges and Opportunities › Which countries were represented? › What are the main challenges ensuring mutual recognition of e-signatures? › What are the opportunities mutual recognition would bring? › Is there a difference / more opportunities with other third countries / with EU? › How to overcome the challenges? › What kind of support would be needed from local / international communities?
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Group Work Presentations”
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Thank you! Laura Kask laura.kask@proudengineers.com proudengineers.com
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Estonian national framework for eID and trust services
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint + electronic ID is compulsory + 64% use ID-card regularly + 19% people use mobile-ID + 51% use smart-ID + 100,000+ e-Residents electronic ID the strongest identity since 2002
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eID in Estonia High level government provided identity based on identity nr that is unique (eID, mID). › authentication › electronic signing › encryption › i-voting › business, banking › state and healthcare › public transport › loyalty card High level private sector provided identity based on identity nr that is unique (Smart ID). › authentication › electronic signing › business, banking
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Two main legal principles in national law > Electronic identification is as good as face-to-face identification and > electronic signature of certain level is equal to handwritten one. NB! Although the framework exists there is no actual use of the concept of professional certificate (e.g electronic seal)!
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Plans for EDIW > First pilot project done (MVP); > eID + driver`s license; > Estonia will probably launch own EDIW that is procured from the private sector and will be used across sectors
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint What have been the challenges?
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Nature of the security risk The private key can be computed from the public key, which means that theoretically: >it was possible to digitally sign a document in the name of another person >it was possible to enter e-services in the name of another person >it was possible to steal a digital identity without having the physical card >decrypt documents encrypted with the ID card
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Lessons learned > eID is more important than we knew AND we cannot go back on paper > Map cross-dependencies of critical services > Certified does not mean secure > Have alternatives – eID card and mobile-ID, private sector solution > Pool of experts is limited – duplicate, if possible > How to handle a non-incident? > Nobody wants to go back to paper, even if they could > This will not be the last such event
A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint In the rapid technological change the product standards and audits based on standards might not give the guarantees for a liable product  2 years for the audit period is too long period, BUT the audits are expensive and there are not many auditors for the specific topics The notification system is too vague, but the only solution in those cases is tight cooperation The next crisis can be different, the legal framework in place enabled finding solution, but from learnings we never know what the next crisis will look like

More Related Content

Similar to Interoperability academy 2024 - Day 2 - Digital transformation and interoperability_eID.pdf

Lex Cyber Law-Silvana Dode Mobility 2023.pptx
Lex Cyber Law-Silvana Dode Mobility 2023.pptxLex Cyber Law-Silvana Dode Mobility 2023.pptx
Lex Cyber Law-Silvana Dode Mobility 2023.pptx
ChristinaFortunova
 
The Watify Project: Is there life after death: the new role for government is...
The Watify Project: Is there life after death: the new role for government is...The Watify Project: Is there life after death: the new role for government is...
The Watify Project: Is there life after death: the new role for government is...
samossummit
 
TelcoME2015_IOTRegulation
TelcoME2015_IOTRegulationTelcoME2015_IOTRegulation
TelcoME2015_IOTRegulation
EamonHolley
 
PPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
PPT - SIGMA-GIZ Academies - Topic 2 - eID_KaskPPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
PPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
Support for Improvement in Governance and Management SIGMA
 
Interoperability academy 2024 - Day 2 - MNE Digital transformation and intero...
Interoperability academy 2024 - Day 2 - MNE Digital transformation and intero...Interoperability academy 2024 - Day 2 - MNE Digital transformation and intero...
Interoperability academy 2024 - Day 2 - MNE Digital transformation and intero...
Support for Improvement in Governance and Management SIGMA
 
DWS16 - Future Networks forum - Anna Krzyzanowska European Commission
DWS16 - Future Networks forum - Anna Krzyzanowska European CommissionDWS16 - Future Networks forum - Anna Krzyzanowska European Commission
DWS16 - Future Networks forum - Anna Krzyzanowska European Commission
IDATE DigiWorld
 
Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...
Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...
Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...
OW2
 
eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014) eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014)
Cosetta Masi
 
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
South Tyrol Free Software Conference
 
E govermentinlocalandregionaladministrations onlineversionpdf
E govermentinlocalandregionaladministrations onlineversionpdfE govermentinlocalandregionaladministrations onlineversionpdf
E govermentinlocalandregionaladministrations onlineversionpdf
projecte doscinczero1
 
Using eID for business startup in Europe
Using eID for business startup in EuropeUsing eID for business startup in Europe
Using eID for business startup in Europe
Dinand Tinholt
 
SPOCS Presentation EEMA Conference London June 2010
SPOCS Presentation EEMA Conference London June 2010SPOCS Presentation EEMA Conference London June 2010
SPOCS Presentation EEMA Conference London June 2010
Dinand Tinholt
 
Digital single market
Digital single marketDigital single market
Digital single market
Kyiv National Economic University
 
Digital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European UnionDigital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European Union
soranun1
 
EU Digital Identity Wallet - INNOPAY.pptx
EU Digital Identity Wallet - INNOPAY.pptxEU Digital Identity Wallet - INNOPAY.pptx
EU Digital Identity Wallet - INNOPAY.pptx
INNOPAY1
 
TOOP project: Once Only Principle
TOOP project: Once Only PrincipleTOOP project: Once Only Principle
TOOP project: Once Only Principle
Samos2019Summit
 
European Directive DRAFT Network and Information Technology Security
European Directive DRAFT Network and Information Technology SecurityEuropean Directive DRAFT Network and Information Technology Security
European Directive DRAFT Network and Information Technology Security
David Sweigert
 
Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...
Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...
Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...
Victor Gridnev
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
LoriGlavin3
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernment
Eric BILLIAERT
 

Similar to Interoperability academy 2024 - Day 2 - Digital transformation and interoperability_eID.pdf (20)

Lex Cyber Law-Silvana Dode Mobility 2023.pptx
Lex Cyber Law-Silvana Dode Mobility 2023.pptxLex Cyber Law-Silvana Dode Mobility 2023.pptx
Lex Cyber Law-Silvana Dode Mobility 2023.pptx
 
The Watify Project: Is there life after death: the new role for government is...
The Watify Project: Is there life after death: the new role for government is...The Watify Project: Is there life after death: the new role for government is...
The Watify Project: Is there life after death: the new role for government is...
 
TelcoME2015_IOTRegulation
TelcoME2015_IOTRegulationTelcoME2015_IOTRegulation
TelcoME2015_IOTRegulation
 
PPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
PPT - SIGMA-GIZ Academies - Topic 2 - eID_KaskPPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
PPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
 
Interoperability academy 2024 - Day 2 - MNE Digital transformation and intero...
Interoperability academy 2024 - Day 2 - MNE Digital transformation and intero...Interoperability academy 2024 - Day 2 - MNE Digital transformation and intero...
Interoperability academy 2024 - Day 2 - MNE Digital transformation and intero...
 
DWS16 - Future Networks forum - Anna Krzyzanowska European Commission
DWS16 - Future Networks forum - Anna Krzyzanowska European CommissionDWS16 - Future Networks forum - Anna Krzyzanowska European Commission
DWS16 - Future Networks forum - Anna Krzyzanowska European Commission
 
Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...
Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...
Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...
 
eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014) eIDAS Regulation (Reg. No. 910/2014)
eIDAS Regulation (Reg. No. 910/2014)
 
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
SFScon19 - Eugenio Bettella Marco Reguzzoni - Internet of Things & cybersecur...
 
E govermentinlocalandregionaladministrations onlineversionpdf
E govermentinlocalandregionaladministrations onlineversionpdfE govermentinlocalandregionaladministrations onlineversionpdf
E govermentinlocalandregionaladministrations onlineversionpdf
 
Using eID for business startup in Europe
Using eID for business startup in EuropeUsing eID for business startup in Europe
Using eID for business startup in Europe
 
SPOCS Presentation EEMA Conference London June 2010
SPOCS Presentation EEMA Conference London June 2010SPOCS Presentation EEMA Conference London June 2010
SPOCS Presentation EEMA Conference London June 2010
 
Digital single market
Digital single marketDigital single market
Digital single market
 
Digital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European UnionDigital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European Union
 
EU Digital Identity Wallet - INNOPAY.pptx
EU Digital Identity Wallet - INNOPAY.pptxEU Digital Identity Wallet - INNOPAY.pptx
EU Digital Identity Wallet - INNOPAY.pptx
 
TOOP project: Once Only Principle
TOOP project: Once Only PrincipleTOOP project: Once Only Principle
TOOP project: Once Only Principle
 
European Directive DRAFT Network and Information Technology Security
European Directive DRAFT Network and Information Technology SecurityEuropean Directive DRAFT Network and Information Technology Security
European Directive DRAFT Network and Information Technology Security
 
Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...
Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...
Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernment
 

More from Support for Improvement in Governance and Management SIGMA

Session 5 - Rule of Law - Presentation - Final.pdf
Session 5 - Rule of Law - Presentation - Final.pdfSession 5 - Rule of Law - Presentation - Final.pdf
Session 5 - Rule of Law - Presentation - Final.pdf
Support for Improvement in Governance and Management SIGMA
 
Session 4 - Digitalisation - Presentation.pdf
Session 4 - Digitalisation - Presentation.pdfSession 4 - Digitalisation - Presentation.pdf
Session 4 - Digitalisation - Presentation.pdf
Support for Improvement in Governance and Management SIGMA
 
Session 3 - Public Service - Presentation.pdf
Session 3 - Public Service - Presentation.pdfSession 3 - Public Service - Presentation.pdf
Session 3 - Public Service - Presentation.pdf
Support for Improvement in Governance and Management SIGMA
 
Session 2 - Government Effectiveness - Presentation.pdf
Session 2 - Government Effectiveness - Presentation.pdfSession 2 - Government Effectiveness - Presentation.pdf
Session 2 - Government Effectiveness - Presentation.pdf
Support for Improvement in Governance and Management SIGMA
 
Session 1- Parliaments - Super Final.pdf
Session 1- Parliaments - Super Final.pdfSession 1- Parliaments - Super Final.pdf
Session 1- Parliaments - Super Final.pdf
Support for Improvement in Governance and Management SIGMA
 
Key points from parallel session discussions Final.pdf
Key points from parallel session discussions Final.pdfKey points from parallel session discussions Final.pdf
Key points from parallel session discussions Final.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 2 - Milos Djindic - WeBer and WB Experience.pdf
Day 2 - Milos Djindic - WeBer and WB Experience.pdfDay 2 - Milos Djindic - WeBer and WB Experience.pdf
Day 2 - Milos Djindic - WeBer and WB Experience.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 2 - Gert Bouckaert - Final presentation.pdf
Day 2 - Gert Bouckaert - Final presentation.pdfDay 2 - Gert Bouckaert - Final presentation.pdf
Day 2 - Gert Bouckaert - Final presentation.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 2 - Florian Hauser - EaP Governance.pdf
Day 2 - Florian Hauser - EaP Governance.pdfDay 2 - Florian Hauser - EaP Governance.pdf
Day 2 - Florian Hauser - EaP Governance.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 1 - Ukraine - Presentation at conference Advancing Good Governance.pdf
Day 1 - Ukraine - Presentation at conference Advancing Good Governance.pdfDay 1 - Ukraine - Presentation at conference Advancing Good Governance.pdf
Day 1 - Ukraine - Presentation at conference Advancing Good Governance.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 1 - Sandra Fuhr - Good Governance and Principles.pdf
Day 1 - Sandra Fuhr - Good Governance and Principles.pdfDay 1 - Sandra Fuhr - Good Governance and Principles.pdf
Day 1 - Sandra Fuhr - Good Governance and Principles.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 1 - Moldova -Presentation at conference Advancing Good Governance.pdf
Day 1 - Moldova -Presentation at conference Advancing Good Governance.pdfDay 1 - Moldova -Presentation at conference Advancing Good Governance.pdf
Day 1 - Moldova -Presentation at conference Advancing Good Governance.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 1 - Gregor Virant - Principles and assessment methodology.pdf
Day 1 - Gregor Virant - Principles and assessment methodology.pdfDay 1 - Gregor Virant - Principles and assessment methodology.pdf
Day 1 - Gregor Virant - Principles and assessment methodology.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 1 - Georgia - Presentation at conference Advancing Good Governance.pdf
Day 1 - Georgia - Presentation at conference Advancing Good Governance.pdfDay 1 - Georgia - Presentation at conference Advancing Good Governance.pdf
Day 1 - Georgia - Presentation at conference Advancing Good Governance.pdf
Support for Improvement in Governance and Management SIGMA
 
Day 1 - Armenia - Presentation at conference Advancing Good Governance.pdf
Day 1 - Armenia - Presentation at conference Advancing Good Governance.pdfDay 1 - Armenia - Presentation at conference Advancing Good Governance.pdf
Day 1 - Armenia - Presentation at conference Advancing Good Governance.pdf
Support for Improvement in Governance and Management SIGMA
 
Agenda_Advancing Good Governance Final.pdf
Agenda_Advancing Good Governance Final.pdfAgenda_Advancing Good Governance Final.pdf
Agenda_Advancing Good Governance Final.pdf
Support for Improvement in Governance and Management SIGMA
 
PPT - SIGMA-GIZ Academies - Stage 2 - Photo-Gallery.pdf
PPT - SIGMA-GIZ Academies - Stage 2 - Photo-Gallery.pdfPPT - SIGMA-GIZ Academies - Stage 2 - Photo-Gallery.pdf
PPT - SIGMA-GIZ Academies - Stage 2 - Photo-Gallery.pdf
Support for Improvement in Governance and Management SIGMA
 
Interoperability academy 2024 - Day 3 - EU Mutual Recognition Mechanisms_deta...
Interoperability academy 2024 - Day 3 - EU Mutual Recognition Mechanisms_deta...Interoperability academy 2024 - Day 3 - EU Mutual Recognition Mechanisms_deta...
Interoperability academy 2024 - Day 3 - EU Mutual Recognition Mechanisms_deta...
Support for Improvement in Governance and Management SIGMA
 
Interoperability academy 2024 - Day 2 - Europe presentation.pdf
Interoperability academy 2024 - Day 2 - Europe presentation.pdfInteroperability academy 2024 - Day 2 - Europe presentation.pdf
Interoperability academy 2024 - Day 2 - Europe presentation.pdf
Support for Improvement in Governance and Management SIGMA
 
Interoperability academy 2024 - Day 2 - BIH IDDEEA.pdf
Interoperability academy 2024 - Day 2 - BIH IDDEEA.pdfInteroperability academy 2024 - Day 2 - BIH IDDEEA.pdf
Interoperability academy 2024 - Day 2 - BIH IDDEEA.pdf
Support for Improvement in Governance and Management SIGMA
 

More from Support for Improvement in Governance and Management SIGMA (20)

Session 5 - Rule of Law - Presentation - Final.pdf
Session 5 - Rule of Law - Presentation - Final.pdfSession 5 - Rule of Law - Presentation - Final.pdf
Session 5 - Rule of Law - Presentation - Final.pdf
 
Session 4 - Digitalisation - Presentation.pdf
Session 4 - Digitalisation - Presentation.pdfSession 4 - Digitalisation - Presentation.pdf
Session 4 - Digitalisation - Presentation.pdf
 
Session 3 - Public Service - Presentation.pdf
Session 3 - Public Service - Presentation.pdfSession 3 - Public Service - Presentation.pdf
Session 3 - Public Service - Presentation.pdf
 
Session 2 - Government Effectiveness - Presentation.pdf
Session 2 - Government Effectiveness - Presentation.pdfSession 2 - Government Effectiveness - Presentation.pdf
Session 2 - Government Effectiveness - Presentation.pdf
 
Session 1- Parliaments - Super Final.pdf
Session 1- Parliaments - Super Final.pdfSession 1- Parliaments - Super Final.pdf
Session 1- Parliaments - Super Final.pdf
 
Key points from parallel session discussions Final.pdf
Key points from parallel session discussions Final.pdfKey points from parallel session discussions Final.pdf
Key points from parallel session discussions Final.pdf
 
Day 2 - Milos Djindic - WeBer and WB Experience.pdf
Day 2 - Milos Djindic - WeBer and WB Experience.pdfDay 2 - Milos Djindic - WeBer and WB Experience.pdf
Day 2 - Milos Djindic - WeBer and WB Experience.pdf
 
Day 2 - Gert Bouckaert - Final presentation.pdf
Day 2 - Gert Bouckaert - Final presentation.pdfDay 2 - Gert Bouckaert - Final presentation.pdf
Day 2 - Gert Bouckaert - Final presentation.pdf
 
Day 2 - Florian Hauser - EaP Governance.pdf
Day 2 - Florian Hauser - EaP Governance.pdfDay 2 - Florian Hauser - EaP Governance.pdf
Day 2 - Florian Hauser - EaP Governance.pdf
 
Day 1 - Ukraine - Presentation at conference Advancing Good Governance.pdf
Day 1 - Ukraine - Presentation at conference Advancing Good Governance.pdfDay 1 - Ukraine - Presentation at conference Advancing Good Governance.pdf
Day 1 - Ukraine - Presentation at conference Advancing Good Governance.pdf
 
Day 1 - Sandra Fuhr - Good Governance and Principles.pdf
Day 1 - Sandra Fuhr - Good Governance and Principles.pdfDay 1 - Sandra Fuhr - Good Governance and Principles.pdf
Day 1 - Sandra Fuhr - Good Governance and Principles.pdf
 
Day 1 - Moldova -Presentation at conference Advancing Good Governance.pdf
Day 1 - Moldova -Presentation at conference Advancing Good Governance.pdfDay 1 - Moldova -Presentation at conference Advancing Good Governance.pdf
Day 1 - Moldova -Presentation at conference Advancing Good Governance.pdf
 
Day 1 - Gregor Virant - Principles and assessment methodology.pdf
Day 1 - Gregor Virant - Principles and assessment methodology.pdfDay 1 - Gregor Virant - Principles and assessment methodology.pdf
Day 1 - Gregor Virant - Principles and assessment methodology.pdf
 
Day 1 - Georgia - Presentation at conference Advancing Good Governance.pdf
Day 1 - Georgia - Presentation at conference Advancing Good Governance.pdfDay 1 - Georgia - Presentation at conference Advancing Good Governance.pdf
Day 1 - Georgia - Presentation at conference Advancing Good Governance.pdf
 
Day 1 - Armenia - Presentation at conference Advancing Good Governance.pdf
Day 1 - Armenia - Presentation at conference Advancing Good Governance.pdfDay 1 - Armenia - Presentation at conference Advancing Good Governance.pdf
Day 1 - Armenia - Presentation at conference Advancing Good Governance.pdf
 
Agenda_Advancing Good Governance Final.pdf
Agenda_Advancing Good Governance Final.pdfAgenda_Advancing Good Governance Final.pdf
Agenda_Advancing Good Governance Final.pdf
 
PPT - SIGMA-GIZ Academies - Stage 2 - Photo-Gallery.pdf
PPT - SIGMA-GIZ Academies - Stage 2 - Photo-Gallery.pdfPPT - SIGMA-GIZ Academies - Stage 2 - Photo-Gallery.pdf
PPT - SIGMA-GIZ Academies - Stage 2 - Photo-Gallery.pdf
 
Interoperability academy 2024 - Day 3 - EU Mutual Recognition Mechanisms_deta...
Interoperability academy 2024 - Day 3 - EU Mutual Recognition Mechanisms_deta...Interoperability academy 2024 - Day 3 - EU Mutual Recognition Mechanisms_deta...
Interoperability academy 2024 - Day 3 - EU Mutual Recognition Mechanisms_deta...
 
Interoperability academy 2024 - Day 2 - Europe presentation.pdf
Interoperability academy 2024 - Day 2 - Europe presentation.pdfInteroperability academy 2024 - Day 2 - Europe presentation.pdf
Interoperability academy 2024 - Day 2 - Europe presentation.pdf
 
Interoperability academy 2024 - Day 2 - BIH IDDEEA.pdf
Interoperability academy 2024 - Day 2 - BIH IDDEEA.pdfInteroperability academy 2024 - Day 2 - BIH IDDEEA.pdf
Interoperability academy 2024 - Day 2 - BIH IDDEEA.pdf
 

Recently uploaded

In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM
In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARMIn MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM
In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM
euginexenogeneic
 
MPA 210 :Civil Society Organization.pptx
MPA 210 :Civil Society Organization.pptxMPA 210 :Civil Society Organization.pptx
MPA 210 :Civil Society Organization.pptx
Jo Balucanag - Bitonio
 
The Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdf
The Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdfThe Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdf
The Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdf
Social Samosa
 
2023--Annual-Survey-for-Marginal-Farmers.pdf
2023--Annual-Survey-for-Marginal-Farmers.pdf2023--Annual-Survey-for-Marginal-Farmers.pdf
2023--Annual-Survey-for-Marginal-Farmers.pdf
Odessa File
 
MPA 209 : Project Planning Presentation
MPA 209 : Project Planning PresentationMPA 209 : Project Planning Presentation
MPA 209 : Project Planning Presentation
Jo Balucanag - Bitonio
 
SDGs-Bangladesh_Progress_Report 2020.pdf
SDGs-Bangladesh_Progress_Report 2020.pdfSDGs-Bangladesh_Progress_Report 2020.pdf
SDGs-Bangladesh_Progress_Report 2020.pdf
Shamim Hosen
 
MPA 210 : STRATEGIC QUALITY MANAGEMENT
MPA 210 : STRATEGIC QUALITY MANAGEMENTMPA 210 : STRATEGIC QUALITY MANAGEMENT
MPA 210 : STRATEGIC QUALITY MANAGEMENT
Jo Balucanag - Bitonio
 
GUIA_LEGAL_CHAPTER_3_CORPORATE REGULATIONS.pdf
GUIA_LEGAL_CHAPTER_3_CORPORATE REGULATIONS.pdfGUIA_LEGAL_CHAPTER_3_CORPORATE REGULATIONS.pdf
GUIA_LEGAL_CHAPTER_3_CORPORATE REGULATIONS.pdf
ProexportColombia1
 
MPA 209 : PLAN FOR IMPLEMENTATION.pdf
MPA 209 : PLAN FOR IMPLEMENTATION.pdfMPA 209 : PLAN FOR IMPLEMENTATION.pdf
MPA 209 : PLAN FOR IMPLEMENTATION.pdf
Jo Balucanag - Bitonio
 
The Bellingcat Annual Report for the year 2023
The Bellingcat Annual Report for the year 2023The Bellingcat Annual Report for the year 2023
The Bellingcat Annual Report for the year 2023
VladMihet
 
Protection and referral for CBP members.ppt
Protection and referral for CBP members.pptProtection and referral for CBP members.ppt
Protection and referral for CBP members.ppt
Mohammed Nizam
 
MPA 210 : POVERTY PLAN ASSESSMENT.pptx
MPA 210 : POVERTY PLAN ASSESSMENT.pptxMPA 210 : POVERTY PLAN ASSESSMENT.pptx
MPA 210 : POVERTY PLAN ASSESSMENT.pptx
Jo Balucanag - Bitonio
 
In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...
In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...
In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...
ogwypas
 
Beyond Rhetoric: Youth-led Solutions for a Sustainable and Just Energy Transi...
Beyond Rhetoric: Youth-led Solutions for a Sustainable and Just Energy Transi...Beyond Rhetoric: Youth-led Solutions for a Sustainable and Just Energy Transi...
Beyond Rhetoric: Youth-led Solutions for a Sustainable and Just Energy Transi...
Just Energy Transition in Coal Regions Knowledge Hub
 
The Bank of Punjab. DigiBop Internet Banking. Discounts & Offers
The Bank of Punjab. DigiBop Internet Banking. Discounts & OffersThe Bank of Punjab. DigiBop Internet Banking. Discounts & Offers
The Bank of Punjab. DigiBop Internet Banking. Discounts & Offers
reema kushawaha
 
In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...
In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...
In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...
508tomato
 
ASSESSMENT PUBLIC REFORMS PHILIPPINES
ASSESSMENT PUBLIC REFORMS PHILIPPINESASSESSMENT PUBLIC REFORMS PHILIPPINES
ASSESSMENT PUBLIC REFORMS PHILIPPINES
Jo Balucanag - Bitonio
 
Vidhi Vaishnav 23BSPHH01jgjgjggC0469.docx
Vidhi Vaishnav 23BSPHH01jgjgjggC0469.docxVidhi Vaishnav 23BSPHH01jgjgjggC0469.docx
Vidhi Vaishnav 23BSPHH01jgjgjggC0469.docx
RohanShekar
 
ASSESSMENT OF INFRASTRUCTURE DEVELOPMENT
ASSESSMENT OF INFRASTRUCTURE DEVELOPMENTASSESSMENT OF INFRASTRUCTURE DEVELOPMENT
ASSESSMENT OF INFRASTRUCTURE DEVELOPMENT
Jo Balucanag - Bitonio
 
Malviya Nagar @ℂall @Girls ꧁❤ 9873777170 ❤꧂Glamorous sonam Mehra Top Model Safe
Malviya Nagar @ℂall @Girls ꧁❤ 9873777170 ❤꧂Glamorous sonam Mehra Top Model SafeMalviya Nagar @ℂall @Girls ꧁❤ 9873777170 ❤꧂Glamorous sonam Mehra Top Model Safe
Malviya Nagar @ℂall @Girls ꧁❤ 9873777170 ❤꧂Glamorous sonam Mehra Top Model Safe
shoeb2926
 

Recently uploaded (20)

In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM
In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARMIn MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM
In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM
 
MPA 210 :Civil Society Organization.pptx
MPA 210 :Civil Society Organization.pptxMPA 210 :Civil Society Organization.pptx
MPA 210 :Civil Society Organization.pptx
 
The Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdf
The Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdfThe Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdf
The Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdf
 
2023--Annual-Survey-for-Marginal-Farmers.pdf
2023--Annual-Survey-for-Marginal-Farmers.pdf2023--Annual-Survey-for-Marginal-Farmers.pdf
2023--Annual-Survey-for-Marginal-Farmers.pdf
 
MPA 209 : Project Planning Presentation
MPA 209 : Project Planning PresentationMPA 209 : Project Planning Presentation
MPA 209 : Project Planning Presentation
 
SDGs-Bangladesh_Progress_Report 2020.pdf
SDGs-Bangladesh_Progress_Report 2020.pdfSDGs-Bangladesh_Progress_Report 2020.pdf
SDGs-Bangladesh_Progress_Report 2020.pdf
 
MPA 210 : STRATEGIC QUALITY MANAGEMENT
MPA 210 : STRATEGIC QUALITY MANAGEMENTMPA 210 : STRATEGIC QUALITY MANAGEMENT
MPA 210 : STRATEGIC QUALITY MANAGEMENT
 
GUIA_LEGAL_CHAPTER_3_CORPORATE REGULATIONS.pdf
GUIA_LEGAL_CHAPTER_3_CORPORATE REGULATIONS.pdfGUIA_LEGAL_CHAPTER_3_CORPORATE REGULATIONS.pdf
GUIA_LEGAL_CHAPTER_3_CORPORATE REGULATIONS.pdf
 
MPA 209 : PLAN FOR IMPLEMENTATION.pdf
MPA 209 : PLAN FOR IMPLEMENTATION.pdfMPA 209 : PLAN FOR IMPLEMENTATION.pdf
MPA 209 : PLAN FOR IMPLEMENTATION.pdf
 
The Bellingcat Annual Report for the year 2023
The Bellingcat Annual Report for the year 2023The Bellingcat Annual Report for the year 2023
The Bellingcat Annual Report for the year 2023
 
Protection and referral for CBP members.ppt
Protection and referral for CBP members.pptProtection and referral for CBP members.ppt
Protection and referral for CBP members.ppt
 
MPA 210 : POVERTY PLAN ASSESSMENT.pptx
MPA 210 : POVERTY PLAN ASSESSMENT.pptxMPA 210 : POVERTY PLAN ASSESSMENT.pptx
MPA 210 : POVERTY PLAN ASSESSMENT.pptx
 
In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...
In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...
In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...
 
Beyond Rhetoric: Youth-led Solutions for a Sustainable and Just Energy Transi...
Beyond Rhetoric: Youth-led Solutions for a Sustainable and Just Energy Transi...Beyond Rhetoric: Youth-led Solutions for a Sustainable and Just Energy Transi...
Beyond Rhetoric: Youth-led Solutions for a Sustainable and Just Energy Transi...
 
The Bank of Punjab. DigiBop Internet Banking. Discounts & Offers
The Bank of Punjab. DigiBop Internet Banking. Discounts & OffersThe Bank of Punjab. DigiBop Internet Banking. Discounts & Offers
The Bank of Punjab. DigiBop Internet Banking. Discounts & Offers
 
In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...
In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...
In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...
 
ASSESSMENT PUBLIC REFORMS PHILIPPINES
ASSESSMENT PUBLIC REFORMS PHILIPPINESASSESSMENT PUBLIC REFORMS PHILIPPINES
ASSESSMENT PUBLIC REFORMS PHILIPPINES
 
Vidhi Vaishnav 23BSPHH01jgjgjggC0469.docx
Vidhi Vaishnav 23BSPHH01jgjgjggC0469.docxVidhi Vaishnav 23BSPHH01jgjgjggC0469.docx
Vidhi Vaishnav 23BSPHH01jgjgjggC0469.docx
 
ASSESSMENT OF INFRASTRUCTURE DEVELOPMENT
ASSESSMENT OF INFRASTRUCTURE DEVELOPMENTASSESSMENT OF INFRASTRUCTURE DEVELOPMENT
ASSESSMENT OF INFRASTRUCTURE DEVELOPMENT
 
Malviya Nagar @ℂall @Girls ꧁❤ 9873777170 ❤꧂Glamorous sonam Mehra Top Model Safe
Malviya Nagar @ℂall @Girls ꧁❤ 9873777170 ❤꧂Glamorous sonam Mehra Top Model SafeMalviya Nagar @ℂall @Girls ꧁❤ 9873777170 ❤꧂Glamorous sonam Mehra Top Model Safe
Malviya Nagar @ℂall @Girls ꧁❤ 9873777170 ❤꧂Glamorous sonam Mehra Top Model Safe
 

Interoperability academy 2024 - Day 2 - Digital transformation and interoperability_eID.pdf

  • 1. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Laura Kask, CEO Proud Engineers, eID ans trust services legal expert Brussels 25.06.2024 Cross-regional exchange between Western Balkan and EaP countries on DIGITAL TRANSFORMATION and INTEROPERABILITY
  • 2. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Laura Kask - Former Chief Legal Officer for the CIO of the Estonian Government. - Led developments on the legislative framework of the Estonian information society and was involved in many innovative government projects, including data embassies and digital continuity. - Responsible for implementing the main EU level regulations (e- authentication, electronic signature, cybersecurity, data protection) into the Estonian legislative framework. - Currently obtaining a PhD in IT Law at Tartu University. - CEO of Proud Engineers, a leading multi-disciplinary consulting company with experience in supporting digital transformation reforms
  • 3. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Agenda for today 1 10.15 – 11.30 “Building the eID System Based on eIDAS” Laura Kask & Stephanie De Bruyne, CEO at Belgian Mobile ID - Itsme 2 11:45 – 13:00 “New Framework for eID,EDIW and trust services” • Detailed review of the main provisions of eIDAS 2.0, Laura Kask • Case study from BIH regarding e-Wallet, Almir Badnjevic, IDDEEA, director eIDAS 2.0: in EU and Adopting it to the National Context 3 14.00 – 15.15 Mutual Recognition of E-Signatures • Lessons Learned, and How to Move Forward - Necessary preconditions for mutual recognition of e-signatures, Laura Kask • Agreement on mutual recognition of trust services Montenegro-Serbia-North Macedonia, Danilo Racic, Ministry of Public Administration, Senior Civil Servant • Moderated talk on the status and plans of mutual recognition 4 15.30-17.00 Group Work • Group 1: Adapting eIDAS 2.0 to National Contexts: Challenges and Opportunities • Group 2: Ensuring Mutual Recognition of E-Signatures: Challenges and Opportunities
  • 4. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Do we actually know who is behind the computer? Justification for amendments: about 60% of the EU population in 14 Member States are able to use their national eID cross-border. Only 14% of key public service providers across all Member States allow cross-border authentication with an e- Identity system. Aim of eIDAS 2.0: by 2030 80% of the EU population are equipped with a digital wallet that will allow them to prove their identity and authenticate themselves on public services in all EU countries and the UK, regardless of their nationality. *https://commission.europa.eu/strategy-and- policy/priorities-2019-2024/europe-fit-digital- age/european-digital-identity_en Peter Steiner published by The New Yorker on July 5, 1993
  • 6. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint * https://gataca.io/blog/eidas2-explained/
  • 7. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Building the eID System Based on eIDAS” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services and Stephanie De Bruyne, CEO at Belgian Mobile ID - itsme
  • 8. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “New Framework for eID,EDIW and trust services” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services
  • 9. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint * https://gataca.io/blog/eidas2-explained/
  • 11. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eIDAS Regulation from 2014 (electronic identity) > Mutual recognition system for eIDs that are notified by Member States: ▪ High ▪ Substantial ▪ Low Article 6 of eIDAS Regulation: 1. May ‘notify’ the ‘national’ electronic identification scheme(s) used at home for access to its public services 2. Must recognise ‘notified’ eIDs of other Member States for cross-border access to its online services when its national laws mandate e-identification 3. Must provide a free online authentication facility for its 'notified' eID(s). 4. May allow the private sector to use ‘notified’ eID
  • 12. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eIDAS Regulation from 2014 (trust services) > Market regulation, Member States cannot impose rules that are in conflict/more strict than eIDAS regulation; > An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures. (Article 25) > When the public sector accepts a document being signed electronically, they must accept documents signed electronically in the same format from the other member states or with the service offered by the other service providers. (Article 27) > Member states maintain and publish trusted lists where they have all the necessary information about the qualified service providers acting inside the EU. (Article 22)
  • 13. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Shortcomings of eIDAS Regulation • Previously the eID management has been the sole discretion of the Member States. eIDAS regulation did not interfere with the eID management and set up. • EU citizens possessing a notified eID should be able to use their national identity to access public services online, BUT: • mutual recognition requirement is only for access of the e-service, but not for the service delivery itself; • regulation did not introduce harmonization of digital identities of Member States, but rather established cooperation mechanisms and interoperability; • the focus on public sector as there are no clear incentives for the private sector to use national eIDs. WHY all governments did not notify? > One of the reasons could be the compulsory liability clause of eIDAS Regulation. Article 11 states that the notifying Member State shall be liable for damage caused intentionally or negligently to any natural or legal person due to a failure to comply with its obligations in a cross-border transaction. 13
  • 14. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eIDAS 2.0: new amendments (principles) 1.Extension of scope: eIDAS 2.0 extends the scope to new types of trust services, including electronic delivery services, electronic documents. This extension is in response to the increasing use of electronic documents and seals in business transactions. 2.Improved cooperation: A key element of eIDAS is interoperability, which is further strengthened by the new regulation and simplifies the exchange of digital trust services across national borders. 3.Increased security: eIDAS 2.0 introduces stricter security and data protection requirements for trust service providers to ensure the confidentiality, integrity and availability of trust services as well as the protection of personal data in accordance with the GDPR. 4.New rules for electronic identification (eID): These rules are intended to make the use of eID more secure and user-friendly. In particular, the possibility of remote identification, e.g. through video identification, makes access to online services considerably easier.
  • 15. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Mutual Recognition of eIDs + notified eIDs + up to Member States to decide which schemes to notify + country should accept notified eIDs that are equal of higher level than the eID used in their country (public sector) + Mutual recognition of electronic identities is not considered in eIDAS (although, being an exclusive competence of the EU could be the object of international agreements under art. 218 TFEU) eIDAS 2.0: +The right of every person eligible for a national ID card to have a digital identity that is recognised anywhere in the EU +Operated via digital wallets available on mobile phone apps + MS are obliged to notify at least one “Wallet” under a national eID scheme to make them interoperable at EU level. © copyright
  • 16. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint New Amendments • A shift from mutual recognition of national eIDs to a system that allows eID users to exchange electronic attestations of attributes that are authenticated by trust service providers. • Scope is wider (eID, EIDW, trust services). • Requirement for Member States to offer and notify a digital identity solution, offering EDIW in addition to storing their eIDs, users shall be able to add other electronic attributes and credentials to their wallets, such as university degrees, diplomas, student IDs or driver`s licenses. • The sectors that must accept EIDW are limited to those where it is required by national or EU law • eIDAS 2.0 Article 11 (a) wanted to add introduction of a persistent and unique identifier for all EU citizens and residents, but this is a controversial issue as some Member States have seen this in violation with the constitution. • Introduction of corporate digital identities. • Creation of European Digital Identity Board is aimed to facilitate the consistent application and sharing of best practices and would consist of competent authorities of Member States and European Commission. 16
  • 17. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint What is an European Digital Identity Wallet? > Article 3 (42): is a product and service that allows the user to store identity data, credentials and attributes linked to her/his identity, to provide them to relying parties on request and to use them for authentication, online and offline; and to create qualified electronic signatures and seals
  • 18. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint European Digital Identity Wallet • All Member States must provide their citizens and legal entities with eID Wallets and recognise those of the others. • With the European Digital Identity Wallet (EUDIW), citizens will be able to authenticate themselves online for private and administrative services in the future. • Other digital credentials, such as driving licences or training certificates, can also be stored in the Wallet and shared as required. • To ensure that Wallets and digital identities can be used and recognised throughout Europe, the amendment sets out requirements regarding the interoperability, data protection and security of Wallets as well as the verification of digital attributes. • The specific requirements for the Wallets are being worked out by the European standards committees.
  • 19. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint What can be done with Digital Identity Wallet from users perspective > Stores your digital identity and other important documents and enables you to present them as part of electronic transaction, via QR (offline verification); > “verified credentials” – government signed credentials showing they are trustworthy (passport, driving license); > Other credentials they are signed by the relying party > You can choose which credentials to present and the use is not connected to the issuer > You may want to share other personal information
  • 20. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint How far will the regulation go?* > H𝐨𝐨𝐰𝐰 𝐢𝐢𝐬𝐬 𝐭𝐭𝐡𝐡𝐢𝐢𝐬𝐬 𝐝𝐝𝐢𝐢𝐟𝐟𝐟𝐟𝐞𝐞𝐫𝐫𝐞𝐞𝐧𝐧𝐭𝐭 𝐭𝐭𝐨𝐨 𝐭𝐭𝐡𝐡𝐞𝐞 𝐞𝐞𝐈𝐈𝐃𝐃𝐀𝐀𝐒𝐒 𝐰𝐰𝐞𝐞’𝐯𝐯𝐞𝐞 𝐤𝐤𝐧𝐧𝐨𝐨𝐰𝐰𝐧𝐧 𝐬𝐬𝐢𝐢𝐧𝐧𝐜𝐜𝐞𝐞 𝟐𝟐𝟎𝟎𝟏𝟏𝟒𝟒? The main shift in the new regulation is the creation of a European Digital Identity Wallet that will enable citizens and businesses to have greater control over their data whenever they are involved in identification and authentication processes. No longer will we be solely dependent on the entity which provides the identification services in that very moment. This will certainly change the way we think of identities. > 𝐇𝐇𝐨𝐨𝐰𝐰 𝐟𝐟𝐚𝐚𝐫𝐫-𝐫𝐫𝐞𝐞𝐚𝐚𝐜𝐜𝐡𝐡𝐢𝐢𝐧𝐧𝐠𝐠 𝐢𝐢𝐬𝐬 𝐭𝐭𝐡𝐡𝐢𝐢𝐬𝐬 𝐧𝐧𝐞𝐞𝐰𝐰 𝐟𝐟𝐫𝐫𝐚𝐚𝐦𝐦𝐞𝐞𝐰𝐰𝐨𝐨𝐫𝐫𝐤𝐤? By 2026, all states must issue wallets available for all residents free of charge to get and use. What’s more, by 2027 basically all public entities and private businesses must enable the usage of said wallet. Online platforms defined as "gatekeepers" under the EU Digital Markets Act must accept Wallets for user authentication, including social networks, search engines and marketplaces with significant influence in the EU single market. *REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL AMENDING REGULATION (EU) No 910/2014 AS REGARDS ESTABLISHING THE EUROPEAN DIGITAL IDENTITY FRAMEWORK
  • 21. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Where to get information? > LinkedIn European Digital Identity Wallet community > European Digital Wallet Consortiums – test different use cases (large- scale pilots) > www.globaltrustfoundation.org – online courses for DIW
  • 22. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Challenges for Member States (1) • Identity theft risk and introduction of EDIW – not only eID credentials but all the information the person has in the EDIW; • EIDW shall be issued under a notified electronic identification scheme of level of assurance high. Therefore, it can also be assumed that the corresponding high scheme would be a prerequisite for the EIDW and should exist first. • Countries must decide which route of the eIDAS 2.0 Article 6a (2) to take: issuing their own EIDW, under a mandate or independent, but recognised EIDW. 22
  • 23. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Challenges for Member States (2) • In countries with the eID scheme with assurance level high would make possible the remote issuance with a secondary device, but it will be a challenge for countries where no eID mean is issued or this is not recognised on level high. • the challenge of issuing EIDW for legal persons. In many countries, only personal eIDs exist in the market. This means legal person representation is a role that is connected to the private eID (more precisely with identity code) and serves more as an access right. This means countries should decide what and on which circumstances the professional EIDW can be issued and how this can be used in national services. 23
  • 24. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Conclusion • The obligation to accept the EIDW also degrades the proven value of existing eID schemes and might results in unfair competition. • The proposed timeframe for implementation is complicated, as the implementing acts are on the way for EIDW (the deadline is Nov 2024). • As the concept of unique and persistent identifier has been left aside and have been replaced with record matching, it will be difficult for the e-services of the member states there the persistent unique identifier is needed to log in and use the service, to offer the service with the same quality also for cross-border EIDW users. • Cybersecurity and resilience risks. • Trust establishment plays a key role in scalability of the eID solutions, but trust is built over time and adoption is a lot more complex than legislative or technical framework. © copyright
  • 25. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Case study from BIH regarding e-Wallet, Almir Badnjevic IDDEEA, director
  • 26. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “eIDAS 2.0: in EU and Adopting it to the National Context” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services
  • 28. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Key principles of trusted eID Without these, success is unlikely
  • 29. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Strong eID is based on strong physical identity eIDs must only be issued using a carefully secured process involving capture of biometrics
  • 30. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Unique and ubiquitous identifier of citizens Most business processes in the country must use the identifier, assumes a robust population registry.
  • 31. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Breaking the stalemate The citizens will not take the ID or remember the PIN codes, when there are no services. There will be no services built for no customers.
  • 32. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint The eID must have a legal meaning Without a legal framework, the eID is simply people doing complex math
  • 33. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Building blocks of trusted eID These need to be built
  • 34. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Legal framework > Population registry and its legal significance > Regulation of trust services > Electronic signature and its significance > Dealing with legacy › Education of legal practitioners › Revamping regulations requiring paper-based processes
  • 35. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Capabilities > Cybersecurity to › drive requirements for eID and validate deliverables › monitor the ecosystem › execute incident response > Cryptography to keep the ecosystem developing > Legal to drive legal changes > Architecture to define, manage and develop the technical ecosystem
  • 36. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Trust services > Trust services create and operate services underpinning the trust in eID › Certification Authority and Registration Authority › Time Stamping Authority › Signature creation and validation > Trust must stem from audited, regulated and supervised adherence to standards
  • 37. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint The ecosystem > It is not possible for a › single government authority to build eID due to the range of capabilities and changes necessary › single private sector organization to build eID due to the lack of critical mass in terms of customers and services > Create and manage an ecosystem of service providers, integrators, technology providers, researchers, cybersecurity practitioners, trust service providers etc. › Alternatively make sure to participate in one
  • 44. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Mutual recognition of e-signatures” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services
  • 45. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Same eIDAS-based legislative framework, BUT how to prove your intent online?
  • 46. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Mutual Recognition for Third Countries > eIDAS Regulation is seen as a standard across the globe; > Article 14 of eIDAS regulates the recognition of qualified electronic signatures between the EU and a third country. > Currently, the only option to have mutual recognition of qualified signatures is through an agreement concluded between the EU and the third country in accordance with Article 218 of the Treaty on the Functioning of the European Union (TFEU). > There is a “roundabout” through MRA process.
  • 47. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Pilot for the International Compatibility of Trust Services > MRA Cookbook (explanatory memorandum of eIDAS Article 14, description of MRA process flow and methodology, minimum requirements, technical recommendations) > eIDAS Article 14 Assessment Check-List (benchmarking laws) > Tools (trusted list browser and validation of trusted lists outputs)
  • 48. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Mutual Recognition Process > A third country’s signature solution can be recognised as an advanced signature under eIDAS. > The European Commission has created a trust list for advanced signatures from third countries’ trust services and prepared the tools needed for validating the signatures. > An official request should be made to the European Commission. > The trust list provides a tool for validating the signatures, but the legal effect and the trustworthiness of a signature still must be agreed separately between interested parties.
  • 49. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow I > Scope and objective of MRA (selection of trust services and service providers) > Feasibility study and self-assessment (4 pillars: legal or regulatory framework, supervision and auditing systems, technical or best practices aspect, trust representation model) > Technical pilot with the EC (optional) > Formal negotiations will be opened after the feasibility study, optional pilot and self-assessment have positive outcomes
  • 50. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow II > Together with its formal request, the 3rd country submits to the EC the detailed documentation for assessment: 1) A general description of the trust services framework, covering legal, supervisory, technical and trust representation aspects 2) The legislative documents, including primary and secondary legislations concerning trust services and other relevant legislations (data protection, consumer rights, privacy, freedom of expression) 3) Links to the relevant trust services framework resources, such as existing or draft trusted list, the list of approved secure devices, the list of approved conformity assessment bodies and a description of the underlying approval rules 4) An eIDAS Art 14 self-assessment 5) The list of standards the trust services framework refers to/uses and a description of the way these standards are used/complied to
  • 51. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow III > EC evaluates the global compatibility of the 3rd country 4-pillar system with the EU system, based on the provided documentation (preliminary assessment and detailed assessment) > EC submits the preliminary assessment report to the EU Member States and consults them on interest in engaging further with the aim to perform a detailed (mutual) assessment as the next step
  • 52. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow IV > The drafts of MRA associated execution plan, monitoring plan (including the exchange of annual reports, e.g. reports on changes in the respective frameworks, supervisory activities and known litigations, notified security and/or personal data breaches, and annual surveillance review and the frequency of a formal in-depth review of the MRA implementation), and termination plan will be prepared > Technical and/or legal pilot may be conducted
  • 53. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint MRA process flow V > EC launches Art 218 (TFEU) procedure and MRA will be drafted > MRA needs the consent of the European Parliament and the approval of the Council, before the MRA could be signed > As part of the MRA drafting, or in parallel, the drafted MRA execution, monitoring and termination plans shall be finalized > The finalisation of the MRA may include one or more negotiation rounds
  • 54. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Procedure of Article 218 of TFEU I > Negotiations: 1) Council of EU authorises the opening of negotiations (EC, or the High Representative of the Union for Foreign Affairs and Security Policy submits recommendations to EC, which adopts a decision authorising the opening of negotiations and nominating the negotiator or the head of the negotiating team) 2) EC may address directives to the negotiator and designate a special committee in consultation (content of such directives is not public)
  • 55. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Procedure of Article 218 of TFEU II > Concluding agreement: 1) On a proposal by the negotiator, EC adopts a decision authorising the signing of the agreement or in case where the agreement relates to the common foreign and security policy, EC adopts the decision concluding the agreement after consulting or obtaining the consent of the European Parliament 2) EC acts by a qualified majority throughout the procedure and unanimously when the agreement covers a field for which unanimity is required (if the agreement covers EU accession, finances, or common foreign and security policy unanimous vote is required)
  • 56. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Procedure of Article 218 of TFEU III > Notification: 1) The European Parliament must be informed at all stages of the procedure and is required to give its consent to any international agreement 2) A Member State, the European Parliament, the Council of EU or EC may obtain the opinion of the Court of Justice
  • 57. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint New Regulation > Trust services provided by trust service providers established in a third country or by an international organisation shall be recognised as legally equivalent to qualified trust services; > recognised by means of implementing acts or an agreement concluded between the Union and the third country or the international organisation pursuant to Article 218 TFEU.
  • 58. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint What will change with eIDAS 2.0? + Trade agreement or Implementing Act for recognition + Non- EU should meet requirements for qualified TS/TSP + Should follow trusted list MRA Cookbook 58
  • 59. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Mutual recognition of e-signatures” Agreement on mutual recognition of trust services Montenegro-Serbia-North Macedonia Danilo Racic Ministry of Public Administration, Senior Civil Servant
  • 60. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint “Group Work” Laura Kask, CEO Proud Engineers, legal expert on eID and trust services
  • 61. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Group Work (45 min) + Group Work Presentations (15 min per group) > Group 1: Adapting eIDAS 2.0 to National Contexts: Challenges and Opportunities › Which countries were represented? › What are the main challenges in implementing eIDAS to National Context in terms of eID / in terms of trust services (e- signatures and e-seals)? › What are the opportunities implementing eIDAS to National Context would bring? › How to overcome the challenges? › What kind of support would be needed from local / international communities? > Group 2: Ensuring Mutual Recognition of E-Signatures: Challenges and Opportunities › Which countries were represented? › What are the main challenges ensuring mutual recognition of e-signatures? › What are the opportunities mutual recognition would bring? › Is there a difference / more opportunities with other third countries / with EU? › How to overcome the challenges? › What kind of support would be needed from local / international communities?
  • 63. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Thank you! Laura Kask laura.kask@proudengineers.com proudengineers.com
  • 64. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Estonian national framework for eID and trust services
  • 65. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint + electronic ID is compulsory + 64% use ID-card regularly + 19% people use mobile-ID + 51% use smart-ID + 100,000+ e-Residents electronic ID the strongest identity since 2002
  • 66. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint eID in Estonia High level government provided identity based on identity nr that is unique (eID, mID). › authentication › electronic signing › encryption › i-voting › business, banking › state and healthcare › public transport › loyalty card High level private sector provided identity based on identity nr that is unique (Smart ID). › authentication › electronic signing › business, banking
  • 67. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Two main legal principles in national law > Electronic identification is as good as face-to-face identification and > electronic signature of certain level is equal to handwritten one. NB! Although the framework exists there is no actual use of the concept of professional certificate (e.g electronic seal)!
  • 68. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Plans for EDIW > First pilot project done (MVP); > eID + driver`s license; > Estonia will probably launch own EDIW that is procured from the private sector and will be used across sectors
  • 71. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Nature of the security risk The private key can be computed from the public key, which means that theoretically: >it was possible to digitally sign a document in the name of another person >it was possible to enter e-services in the name of another person >it was possible to steal a digital identity without having the physical card >decrypt documents encrypted with the ID card
  • 73. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint Lessons learned > eID is more important than we knew AND we cannot go back on paper > Map cross-dependencies of critical services > Certified does not mean secure > Have alternatives – eID card and mobile-ID, private sector solution > Pool of experts is limited – duplicate, if possible > How to handle a non-incident? > Nobody wants to go back to paper, even if they could > This will not be the last such event
  • 74. A joint initiative of the OECD and the EU, principally financed by the EU. Restricted Use - À usage restreint In the rapid technological change the product standards and audits based on standards might not give the guarantees for a liable product  2 years for the audit period is too long period, BUT the audits are expensive and there are not many auditors for the specific topics The notification system is too vague, but the only solution in those cases is tight cooperation The next crisis can be different, the legal framework in place enabled finding solution, but from learnings we never know what the next crisis will look like