Presentation given at the Cross-regional exchange and learning week on Interoperability and Digital Transformation in the Western Balkans and Eastern Partnership region that took place 24-28 June 2024 in Brussels.
Report
Share
Report
Share
1 of 74
Download to read offline
More Related Content
Similar to Interoperability academy 2024 - Day 2 - Digital transformation and interoperability_eID.pdf
The document discusses cyber law and conventions regarding online responsibility. It summarizes key Albanian laws related to electronic communications, electronic commerce, data protection, and other areas of cyber law. It also discusses international sources of cyber law like the UNCITRAL Model Law on Electronic Signatures and the EU Directive on Electronic Commerce. Decisions by the European Court of Human Rights are analyzed that relate to the responsibility of online news portals for user comments.
The Watify Project: Is there life after death: the new role for government is...samossummit
The document discusses the WATIFY initiative, an EU campaign to support technological transformation in SMEs and regions. It summarizes various EU programs that foster digital transformation, including CEF which supports interoperability of eID schemes. The role of postal sectors in identity management is also discussed. It concludes that cost effectiveness and fraud reduction are priorities for service providers using eIDAS infrastructure, and that separation of identity management functions shows promise to build an expanded eIDAS ecosystem through partnerships.
This document discusses collaborating on regulation for machine-to-machine (M2M) and internet of things (IoT) technologies in the Middle East region. It notes that key stakeholders are bringing together issues like big data, cloud computing, privacy, and cybersecurity to devise a regulatory framework. It suggests establishing a regional M2M/IoT working group through DLA Piper to develop whitepapers on relevant topics. While some see no need yet for specific regulation, others argue regulators can facilitate joining supply and demand. Examples of regional collaboration discussed include initiatives by the UAE's TRA and smart city projects in Dubai.
Presentation given at the Service Design and Delivery in a Digital Age - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Topic 2: Digital transformation.
Presentation given at the Cross-regional exchange and learning week on Interoperability and Digital Transformation in the Western Balkans and Eastern Partnership region that took place 24-28 June 2024 in Brussels.
DWS16 - Future Networks forum - Anna Krzyzanowska European CommissionIDATE DigiWorld
The document discusses the European Union's goals for a Gigabit society by 2025, including providing extremely high connectivity (gigabit speeds) to socio-economic drivers and digitally intensive enterprises, access to connectivity offering at least 100 Mbps download speeds to all households across Europe, and uninterrupted 5G coverage in all urban areas and along major transport paths by 2020. These objectives will be achieved through modernizing telecoms rules, providing free public WiFi access across Europe, and coordinating a 2020 timeline for 5G commercialization. Funding may come from the European Fund for Strategic Investments, European Structural and Investment Funds, and Connecting Europe Broadband Fund.
Overview of the European digitzal agenda, Anna nietyksza, EEEC, European Econ...OW2
Mrs. Nietyksza will present an overview of the European digital agenda for the coming years and cover topics such as cloud computing, social networks and place of the open source in the future european innovations.
This document summarizes the key points of a presentation on the eIDAS Regulation (Regulation No. 910/2014) regarding electronic identification and trusted services in Europe. The presentation discusses how the eIDAS Regulation aims to increase online transactions in the EU by establishing a framework for mutual recognition of electronic identification and trust services. It innovates beyond the earlier 1999 Directive by expanding the scope to various certification services, establishing assurance levels, and introducing frameworks for mutual recognition between member states and supervision of trust service providers. The implementation process includes a timeline for adoption and implementing acts by the European Commission to facilitate interoperability and cooperation between states.
The document discusses the challenges of cybersecurity for Internet of Things (IoT) devices. It begins by defining IoT and providing examples of applications. It then discusses the risks of cyber attacks for IoT devices and statistics on attacks. The document outlines relevant European and Italian regulations on cybersecurity and compliance requirements for IoT devices. It argues that open source software can help address vulnerabilities in IoT devices by allowing for continuous updates.
This document provides guidance to local and regional administrations on implementing digital solutions and finding EU funding to modernize public services. It recommends developing a comprehensive digital strategy involving all departments. Key aspects discussed include developing infrastructure like eIDs; opening high-value datasets through an open data portal; and participatory budgeting to increase transparency and citizen engagement in decision-making. The document provides principles, tools, and examples to help local governments digitalize services in line with EU recommendations.
Presentation about the SPOCS project on pan-European interoperability for the Services Directive, given at the EEMA eIdentity conference in London on 10 June 2010.
SPOCS Presentation EEMA Conference London June 2010Dinand Tinholt
Presentation given by Dinand Tinholt, SPOCS Programme Director, about European interoperability of cross-border business startup at the EEMA conference in London on 10 June 2010.
The document discusses the European Union's Digital Single Market Strategy, which aims to create a unified digital economic area across Europe. The key pillars of the strategy are improving access to digital goods and services, creating the right conditions for digital networks and innovation, and maximizing growth of the digital economy. The European Union is working to establish common standards, regulations, and a level playing field to facilitate the free flow of data and digital trade both within Europe and internationally. The document emphasizes that Ukraine should align its digital policies and regulations with those of the European Union to integrate into the growing European digital single market.
Digital Identity Standards by ENISA, European Unionsoranun1
This document provides an overview of digital identity standards and standardization organizations. It defines digital identity as a unique representation of a subject engaged in an online transaction. The document outlines the scope of digital identity standards, which can describe policies, services, formats/protocols, auditing, security requirements and processes. It analyzes standards related to means supporting digital identity, including trust services, electronic identification means, and the proposed EU Digital Identity Wallet. The analysis considers factors like life cycle coverage, maturity, authentication capabilities, user control, and data protection. Recommendations are provided for EU policymakers, European standardization organizations, and ENISA regarding digital identity standardization needs.
The EU is developing an EU Digital Identity Wallet that will standardize digital identity across Europe. The wallet will be mandated for acceptance by public and private sectors. It restricts third party digital identity services and data custodians. While aiming to harmonize digital identity, it may fragment the landscape due to different national implementations. Banks and other organizations should prepare for its impact on digital identity and data management in Europe.
The document discusses the Once-Only Principle Project (TOOP), an EU-funded project aimed at establishing a digital single market in Europe. The project seeks to (1) bridge data silos and reduce duplication by enabling information to be accessed once and reused many times across borders and sectors; (2) be user-centric and bring most-used citizen services online with cross-border access; and (3) decrease administrative burdens through increased data sharing between public agencies. The TOOP project has run pilots involving 20 EU member states and over 50 partners from public administrations, universities, and businesses to test the feasibility of the Once-Only Principle across Europe.
European Directive DRAFT Network and Information Technology SecurityDavid Sweigert
This document proposes a directive to improve network and information security across the EU. It notes that cybersecurity incidents are increasing and negatively impacting businesses and society. There are currently insufficient protections and fragmented approaches among EU member states. The proposed directive would require member states and critical infrastructure operators to improve cybersecurity capabilities and cooperation to establish a high common level of network and information security across the EU.
Рынок средств электронной индентификации в Европе: Технологии, инфраструктура...Victor Gridnev
This document summarizes a report on the state of the electronic identity market in Europe. It finds that the eID market is still immature and fragmented, and that eID technologies have not been fully utilized to enable the digital economy or cross-border online services. However, trusted online identity management and authentication are seen as essential for the digital economy. The report recommends further research on interoperable credentials, mobile authentication, and assessing the socioeconomic impacts of eID initiatives to help realize the potential of eID.
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
This document discusses the use of FIDO authentication in the payments and identity landscape in Europe. It provides an overview of the FIDO European Working Group, which aims to facilitate communication around FIDO adoption in Europe. It discusses the eIDAS2 legislation around digital identity in the EU and how FIDO could be used for the EU Digital Identity Wallet. It also discusses how FIDO, specifically passkeys, could be used to simplify payment authentication flows in Europe by providing a more seamless and phishing-resistant user experience. Finally, it outlines ongoing collaboration between FIDO, EMVCo, and W3C on integrating FIDO authentication into payment standards and specifications.
National identity schemes - digital identity - national ID - eGovernmentEric BILLIAERT
http://www.gemalto.com/govt/documents/national-identity-schemes
Firstly, the national identity scheme indicates the roles of the sovereign state with regard to digital identity:
Is the state a regulator?
An issuer of sovereign identities or the digital derivatives of these identities?
What are its responsibilities within the chosen ecosystem in terms of organization, data and applications, and infrastructure?
Next, the national identity scheme establishes the underlying principles and operating methods of the digital identity ecosystem. It describes the main systems and flows linked to the use of digital identities to access services, authenticate users, and exchange and verify data linked to the service requested.
Where necessary, it provides useful details on the approved identity types and trust levels supported by the ID ecosystem. For example, commercial or transactional uses for identity may have functionalities distinct from those associated with authentication in the public domain.
It is clear that the deployment of digital identities under different national frameworks represents a dual challenge for nations, which must manage their sovereignty in the digital space while improving services to companies and citizens, in other words the framework for market interactions, and ultimately the healthy operation of the economy.
Yet reconciling market demands and sovereignty is no simple task. It requires constructive negotiation between their respective objectives.
A good example is provided by the European Union. Here, national identity schemes must be viewed in terms of both the actions of individual states, and the implementation of the eIDAS regulation (which may indicate future convergence), as well as the objectives of the European Digital Single Market and European Digital Agenda 2020 strategies.
In the end, these actions surrounding digital identity demonstrate a desire to rekindle economic growth through the more effective use of digital services, and build a single digital space of trust, offering a high level of security, interoperability and data protection.
Similar to Interoperability academy 2024 - Day 2 - Digital transformation and interoperability_eID.pdf (20)
Presentation from Session 5 - Rule of Law at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation from Session 4 - Digitalisation at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation from Session 3 - Public Service at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation from Session 2 - Government Effectiveness at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation from Session 1- Parliaments at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Key points from parallel session discussions at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Milos Djindic at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Gert Bouckaert at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Florian Hauser at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Ukraine at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Sandra Fuhr at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Moldova at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Gregor Virant at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Georgia at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Presentation given by Armenia at the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Agenda from the SIGMA-GIZ joint event Advancing Good Governance in Public Administration Reform in the Eastern Partnership Countries, that took place 4-5 June 2024 in Brussels.
Photo gallery from Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 2: Elevating for excellence.
Presentation given at the Cross-regional exchange and learning week on Interoperability and Digital Transformation in the Western Balkans and Eastern Partnership region that took place 24-28 June 2024 in Brussels.
Presentation given at the Cross-regional exchange and learning week on Interoperability and Digital Transformation in the Western Balkans and Eastern Partnership region that took place 24-28 June 2024 in Brussels.
Presentation given at the Cross-regional exchange and learning week on Interoperability and Digital Transformation in the Western Balkans and Eastern Partnership region that took place 24-28 June 2024 in Brussels.
More from Support for Improvement in Governance and Management SIGMA (20)
In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARMeuginexenogeneic
In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM In MOFOLO ^%[+27633867063*Abortion Pills For Sale In MOFOLO ORANGE_FARM
The Ministry of Information and Broadcasting Advisory Dated 03.07.2024.pdfSocial Samosa
According to the advisory, advertisers in the Food and Health sectors must submit an annual self-declaration before printing, airing, or displaying any advertisement.
Protection and referral for CBP members.pptMohammed Nizam
Protection in humanitarian responses is very important· and it is heart· of all humanitarian activities . Effective referral· through updated referral· pathways is vital for protection· responses . To ensure· community· resilience for protection· risk· mitigation and prevention· , capacity-building on referral· pathways is essential· .
The slides for this topic· helps you to guide· some basic knowledge· to teach· CBP members on that.
In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's...ogwypas
In Madadeni [(+27633867063*)] 🏥 Abortion Pills For Sale in Madadeni ● Women's Abortion Clinic in Madadeni ● Abortion Pill Prices in Madadeni 🏥🚑!! Abortion Doctors Near me, Abortion Services Near Me, Abortion Pills Over The Counter, Abortion Pill Doctors' Offices, Abortion Clinics, Abortion Places Near Me, Cheap Abortion Places Near Me, Medical Abortion & Surgical Abortion, approved cyctotec pills and womb cleaning pills too plus all the instructions needed This Discrete women’s Termination Clinic offers same day services that are safe and pain free, we use approved pills and we clean the womb so that no side effects are present. Our main goal is that of preventing unintended pregnancies and unwanted births every day to enable more women to have children by choice, not chance. We offer Terminations by Pill and The Morning After Pill.” Our Private VIP Abortion Service offers the ultimate in privacy, efficiency and discretion. we do safe and same day termination and we do also womb cleaning as well its done from 1 week up to 28 weeks. We do delivery of our services world wide SAFE ABORTION CLINICS/PILLS ON SALE WE DO DELIVERY OF PILLS ALSO Abortion clinic at very low costs, 100% Guaranteed and it’s safe, pain free and a same day service. It Is A 45 Minutes Procedure, we use tested abortion pills and we do womb cleaning as well. Alternatively the medical abortion pill and womb cleansing !!!
This presentation by Edwin Hlangwani, BRICS Young Scientist at the University of Johannesburg, was part of the Expert Exchange "Youth Empowerment for a Just Energy Transition" held on June 18, 2024.
In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Mada...508tomato
In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Madadeni In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Madadeni In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Madadeni In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Madadeni In BLOEMFONTEIN ^%[+27633867063*Abortion Pills For Sale In BLOEMFONTEIN Madadeni
2. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Laura Kask
- Former Chief Legal Officer for the CIO
of the Estonian Government.
- Led developments on the legislative
framework of the Estonian information
society and was involved in many
innovative government projects,
including data embassies and digital
continuity.
- Responsible for implementing the
main EU level regulations (e-
authentication, electronic signature,
cybersecurity, data protection) into the
Estonian legislative framework.
- Currently obtaining a PhD in IT Law at
Tartu University.
- CEO of Proud Engineers, a leading
multi-disciplinary consulting company
with experience in supporting digital
transformation reforms
3. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Agenda for today
1
10.15 – 11.30 “Building the eID System Based on eIDAS”
Laura Kask & Stephanie De Bruyne, CEO at Belgian Mobile ID - Itsme
2
11:45 – 13:00 “New Framework for eID,EDIW and trust services”
• Detailed review of the main provisions of eIDAS 2.0, Laura
Kask
• Case study from BIH regarding e-Wallet, Almir Badnjevic,
IDDEEA, director
eIDAS 2.0: in EU and Adopting it to the National Context
3
14.00 – 15.15 Mutual Recognition of E-Signatures
• Lessons Learned, and How to Move Forward - Necessary
preconditions for mutual recognition of e-signatures, Laura
Kask
• Agreement on mutual recognition of trust services
Montenegro-Serbia-North Macedonia, Danilo Racic, Ministry
of Public Administration, Senior Civil Servant
• Moderated talk on the status and plans of mutual recognition
4
15.30-17.00 Group Work
• Group 1: Adapting eIDAS 2.0 to National Contexts:
Challenges and Opportunities
• Group 2: Ensuring Mutual Recognition of E-Signatures:
Challenges and Opportunities
4. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Do we actually know who is
behind the computer?
Justification for amendments: about 60%
of the EU population in 14 Member
States are able to use their national eID
cross-border.
Only 14% of key public service
providers across all Member States allow
cross-border authentication with an e-
Identity system.
Aim of eIDAS 2.0: by 2030 80% of the EU
population are equipped with a digital
wallet that will allow them to prove their
identity and authenticate themselves on
public services in all EU countries and the
UK, regardless of their nationality.
*https://commission.europa.eu/strategy-and-
policy/priorities-2019-2024/europe-fit-digital-
age/european-digital-identity_en
Peter Steiner
published by The New Yorker on July 5, 1993
11. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
eIDAS Regulation from 2014 (electronic identity)
> Mutual recognition system for eIDs that are notified by Member States:
▪ High
▪ Substantial
▪ Low
Article 6 of eIDAS Regulation:
1. May ‘notify’ the ‘national’ electronic identification scheme(s) used at home for access to its
public services
2. Must recognise ‘notified’ eIDs of other Member States for cross-border access to its online
services when its national laws mandate e-identification
3. Must provide a free online authentication facility for its 'notified' eID(s).
4. May allow the private sector to use ‘notified’ eID
12. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
eIDAS Regulation from 2014 (trust services)
> Market regulation, Member States cannot impose rules that are in
conflict/more strict than eIDAS regulation;
> An electronic signature shall not be denied legal effect and admissibility as
evidence in legal proceedings solely on the grounds that it is in an
electronic form or that it does not meet the requirements for qualified
electronic signatures. (Article 25)
> When the public sector accepts a document being signed electronically,
they must accept documents signed electronically in the same format
from the other member states or with the service offered by the other
service providers. (Article 27)
> Member states maintain and publish trusted lists where they have all the
necessary information about the qualified service providers acting inside
the EU. (Article 22)
13. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Shortcomings of eIDAS Regulation
• Previously the eID management has been the sole discretion of the Member States. eIDAS regulation did not
interfere with the eID management and set up.
• EU citizens possessing a notified eID should be able to use their national identity to access public services online,
BUT:
• mutual recognition requirement is only for access of the e-service, but not for the service delivery
itself;
• regulation did not introduce harmonization of digital identities of Member States, but rather
established cooperation mechanisms and interoperability;
• the focus on public sector as there are no clear incentives for the private sector to use national eIDs.
WHY all governments did not notify?
> One of the reasons could be the compulsory liability clause of eIDAS Regulation. Article 11 states that the notifying
Member State shall be liable for damage caused intentionally or negligently to any natural or legal person due to a
failure to comply with its obligations in a cross-border transaction.
13
14. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
eIDAS 2.0: new amendments (principles)
1.Extension of scope: eIDAS 2.0 extends the scope to new types of trust services,
including electronic delivery services, electronic documents. This extension is in
response to the increasing use of electronic documents and seals in business
transactions.
2.Improved cooperation: A key element of eIDAS is interoperability, which is
further strengthened by the new regulation and simplifies the exchange of digital
trust services across national borders.
3.Increased security: eIDAS 2.0 introduces stricter security and data protection
requirements for trust service providers to ensure the confidentiality, integrity
and availability of trust services as well as the protection of personal data in
accordance with the GDPR.
4.New rules for electronic identification (eID): These rules are intended to make
the use of eID more secure and user-friendly. In particular, the possibility of
remote identification, e.g. through video identification, makes access to online
services considerably easier.
16. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
New Amendments
• A shift from mutual recognition of national eIDs to a system that allows eID users to exchange electronic
attestations of attributes that are authenticated by trust service providers.
• Scope is wider (eID, EIDW, trust services).
• Requirement for Member States to offer and notify a digital identity solution, offering EDIW in addition
to storing their eIDs, users shall be able to add other electronic attributes and credentials to their
wallets, such as university degrees, diplomas, student IDs or driver`s licenses.
• The sectors that must accept EIDW are limited to those where it is required by national or EU law
• eIDAS 2.0 Article 11 (a) wanted to add introduction of a persistent and unique identifier for all EU
citizens and residents, but this is a controversial issue as some Member States have seen this in violation
with the constitution.
• Introduction of corporate digital identities.
• Creation of European Digital Identity Board is aimed to facilitate the consistent application and sharing
of best practices and would consist of competent authorities of Member States and European
Commission.
16
17. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
What is an European Digital Identity Wallet?
> Article 3 (42):
is a product and service that allows the user to store identity data,
credentials and attributes linked to her/his identity, to provide them to relying
parties on request and to use them for authentication, online and offline; and
to create qualified electronic signatures and seals
18. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
European Digital Identity Wallet
• All Member States must provide their citizens and legal entities with eID Wallets
and recognise those of the others.
• With the European Digital Identity Wallet (EUDIW), citizens will be able to
authenticate themselves online for private and administrative services in the
future.
• Other digital credentials, such as driving licences or training certificates, can also
be stored in the Wallet and shared as required.
• To ensure that Wallets and digital identities can be used and recognised
throughout Europe, the amendment sets out requirements regarding the
interoperability, data protection and security of Wallets as well as the verification
of digital attributes.
• The specific requirements for the Wallets are being worked out by the European
standards committees.
19. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
What can be done with Digital Identity Wallet from users perspective
> Stores your digital identity and other important documents and enables
you to present them as part of electronic transaction, via QR (offline
verification);
> “verified credentials” – government signed credentials showing they are
trustworthy (passport, driving license);
> Other credentials they are signed by the relying party
> You can choose which credentials to present and the use is not connected
to the issuer
> You may want to share other personal information
20. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
How far will the regulation go?*
> H𝐨𝐨𝐰𝐰 𝐢𝐢𝐬𝐬 𝐭𝐭𝐡𝐡𝐢𝐢𝐬𝐬 𝐝𝐝𝐢𝐢𝐟𝐟𝐟𝐟𝐞𝐞𝐫𝐫𝐞𝐞𝐧𝐧𝐭𝐭 𝐭𝐭𝐨𝐨 𝐭𝐭𝐡𝐡𝐞𝐞 𝐞𝐞𝐈𝐈𝐃𝐃𝐀𝐀𝐒𝐒 𝐰𝐰𝐞𝐞’𝐯𝐯𝐞𝐞 𝐤𝐤𝐧𝐧𝐨𝐨𝐰𝐰𝐧𝐧 𝐬𝐬𝐢𝐢𝐧𝐧𝐜𝐜𝐞𝐞 𝟐𝟐𝟎𝟎𝟏𝟏𝟒𝟒? The main shift in the
new regulation is the creation of a European Digital Identity Wallet that will enable
citizens and businesses to have greater control over their data whenever they are
involved in identification and authentication processes. No longer will we be solely
dependent on the entity which provides the identification services in that very moment.
This will certainly change the way we think of identities.
> 𝐇𝐇𝐨𝐨𝐰𝐰 𝐟𝐟𝐚𝐚𝐫𝐫-𝐫𝐫𝐞𝐞𝐚𝐚𝐜𝐜𝐡𝐡𝐢𝐢𝐧𝐧𝐠𝐠 𝐢𝐢𝐬𝐬 𝐭𝐭𝐡𝐡𝐢𝐢𝐬𝐬 𝐧𝐧𝐞𝐞𝐰𝐰 𝐟𝐟𝐫𝐫𝐚𝐚𝐦𝐦𝐞𝐞𝐰𝐰𝐨𝐨𝐫𝐫𝐤𝐤? By 2026, all states must issue wallets
available for all residents free of charge to get and use. What’s more, by 2027 basically all
public entities and private businesses must enable the usage of said wallet. Online
platforms defined as "gatekeepers" under the EU Digital Markets Act must accept Wallets
for user authentication, including social networks, search engines and marketplaces with
significant influence in the EU single market.
*REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL AMENDING REGULATION (EU) No 910/2014 AS
REGARDS ESTABLISHING THE EUROPEAN DIGITAL IDENTITY FRAMEWORK
22. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Challenges for Member States (1)
• Identity theft risk and introduction of EDIW – not only eID credentials but all
the information the person has in the EDIW;
• EIDW shall be issued under a notified electronic identification scheme of
level of assurance high. Therefore, it can also be assumed that the
corresponding high scheme would be a prerequisite for the EIDW and
should exist first.
• Countries must decide which route of the eIDAS 2.0 Article 6a (2) to take:
issuing their own EIDW, under a mandate or independent, but recognised
EIDW.
22
23. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Challenges for Member States (2)
• In countries with the eID scheme with assurance level high would make
possible the remote issuance with a secondary device, but it will be a
challenge for countries where no eID mean is issued or this is not recognised
on level high.
• the challenge of issuing EIDW for legal persons. In many countries, only
personal eIDs exist in the market. This means legal person representation is
a role that is connected to the private eID (more precisely with identity code)
and serves more as an access right. This means countries should decide
what and on which circumstances the professional EIDW can be issued and
how this can be used in national services.
23
35. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Capabilities
> Cybersecurity to
› drive requirements for eID and validate deliverables
› monitor the ecosystem
› execute incident response
> Cryptography to keep the ecosystem developing
> Legal to drive legal changes
> Architecture to define, manage and develop the technical ecosystem
36. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Trust services
> Trust services create and operate services underpinning the trust in eID
› Certification Authority and Registration Authority
› Time Stamping Authority
› Signature creation and validation
> Trust must stem from audited, regulated and supervised adherence
to standards
37. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
The ecosystem
> It is not possible for a
› single government authority to build eID due to the range of capabilities and changes
necessary
› single private sector organization to build eID due to the lack of critical mass in terms
of customers and services
> Create and manage an ecosystem of service providers, integrators,
technology providers, researchers, cybersecurity practitioners, trust
service providers etc.
› Alternatively make sure to participate in one
46. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Mutual Recognition for Third Countries
> eIDAS Regulation is seen as a standard across the globe;
> Article 14 of eIDAS regulates the recognition of qualified electronic
signatures between the EU and a third country.
> Currently, the only option to have mutual recognition of qualified signatures
is through an agreement concluded between the EU and the third country
in accordance with Article 218 of the Treaty on the Functioning of the
European Union (TFEU).
> There is a “roundabout” through MRA process.
47. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Pilot for the International Compatibility of Trust Services
> MRA Cookbook (explanatory memorandum of eIDAS Article 14,
description of MRA process flow and methodology, minimum requirements,
technical recommendations)
> eIDAS Article 14 Assessment Check-List (benchmarking laws)
> Tools (trusted list browser and validation of trusted lists outputs)
48. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Mutual Recognition Process
> A third country’s signature solution can be recognised as an advanced
signature under eIDAS.
> The European Commission has created a trust list for advanced signatures
from third countries’ trust services and prepared the tools needed for
validating the signatures.
> An official request should be made to the European Commission.
> The trust list provides a tool for validating the signatures, but the legal
effect and the trustworthiness of a signature still must be agreed
separately between interested parties.
49. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
MRA process flow I
> Scope and objective of MRA (selection of trust services and service
providers)
> Feasibility study and self-assessment (4 pillars: legal or regulatory
framework, supervision and auditing systems, technical or best practices
aspect, trust representation model)
> Technical pilot with the EC (optional)
> Formal negotiations will be opened after the feasibility study, optional pilot
and self-assessment have positive outcomes
50. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
MRA process flow II
> Together with its formal request, the 3rd country submits to the EC the detailed
documentation for assessment:
1) A general description of the trust services framework, covering legal, supervisory,
technical and trust representation aspects
2) The legislative documents, including primary and secondary legislations concerning
trust services and other relevant legislations (data protection, consumer rights, privacy,
freedom of expression)
3) Links to the relevant trust services framework resources, such as existing or draft
trusted list, the list of approved secure devices, the list of approved conformity
assessment bodies and a description of the underlying approval rules
4) An eIDAS Art 14 self-assessment
5) The list of standards the trust services framework refers to/uses and a description of the
way these standards are used/complied to
51. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
MRA process flow III
> EC evaluates the global compatibility of the 3rd country 4-pillar system
with the EU system, based on the provided documentation (preliminary
assessment and detailed assessment)
> EC submits the preliminary assessment report to the EU Member States
and consults them on interest in engaging further with the aim to perform a
detailed (mutual) assessment as the next step
52. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
MRA process flow IV
> The drafts of MRA associated execution plan, monitoring plan (including
the exchange of annual reports, e.g. reports on changes in the respective
frameworks, supervisory activities and known litigations, notified security
and/or personal data breaches, and annual surveillance review and the
frequency of a formal in-depth review of the MRA implementation), and
termination plan will be prepared
> Technical and/or legal pilot may be conducted
53. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
MRA process flow V
> EC launches Art 218 (TFEU) procedure and MRA will be drafted
> MRA needs the consent of the European Parliament and the approval of
the Council, before the MRA could be signed
> As part of the MRA drafting, or in parallel, the drafted MRA execution,
monitoring and termination plans shall be finalized
> The finalisation of the MRA may include one or more negotiation rounds
54. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Procedure of Article 218 of TFEU I
> Negotiations:
1) Council of EU authorises the opening of negotiations (EC, or the High
Representative of the Union for Foreign Affairs and Security Policy
submits recommendations to EC, which adopts a decision authorising
the opening of negotiations and nominating the negotiator or the head of
the negotiating team)
2) EC may address directives to the negotiator and designate a special
committee in consultation (content of such directives is not public)
55. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Procedure of Article 218 of TFEU II
> Concluding agreement:
1) On a proposal by the negotiator, EC adopts a decision authorising the
signing of the agreement or in case where the agreement relates to the
common foreign and security policy, EC adopts the decision concluding
the agreement after consulting or obtaining the consent of the European
Parliament
2) EC acts by a qualified majority throughout the procedure and
unanimously when the agreement covers a field for which unanimity is
required (if the agreement covers EU accession, finances, or common
foreign and security policy unanimous vote is required)
56. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Procedure of Article 218 of TFEU III
> Notification:
1) The European Parliament must be informed at all stages of the
procedure and is required to give its consent to any international
agreement
2) A Member State, the European Parliament, the Council of EU or EC may
obtain the opinion of the Court of Justice
57. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
New Regulation
> Trust services provided by trust service providers established in a third
country or by an international organisation shall be recognised as legally
equivalent to qualified trust services;
> recognised by means of implementing acts or an agreement concluded
between the Union and the third country or the international organisation
pursuant to Article 218 TFEU.
61. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Group Work (45 min) + Group Work Presentations (15 min per group)
> Group 1: Adapting eIDAS 2.0 to National Contexts: Challenges and Opportunities
› Which countries were represented?
› What are the main challenges in implementing eIDAS to National Context in terms of eID / in terms of trust services (e-
signatures and e-seals)?
› What are the opportunities implementing eIDAS to National Context would bring?
› How to overcome the challenges?
› What kind of support would be needed from local / international communities?
> Group 2: Ensuring Mutual Recognition of E-Signatures: Challenges and Opportunities
› Which countries were represented?
› What are the main challenges ensuring mutual recognition of e-signatures?
› What are the opportunities mutual recognition would bring?
› Is there a difference / more opportunities with other third countries / with EU?
› How to overcome the challenges?
› What kind of support would be needed from local / international communities?
66. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
eID in Estonia
High level government provided identity based on identity nr that is unique
(eID, mID).
› authentication
› electronic signing
› encryption
› i-voting
› business, banking
› state and healthcare
› public transport
› loyalty card
High level private sector provided identity based on identity nr that is unique
(Smart ID).
› authentication
› electronic signing
› business, banking
67. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Two main legal principles in national law
> Electronic identification is as good as face-to-face identification
and
> electronic signature of certain level is equal to handwritten one.
NB! Although the framework exists there is no actual use of the
concept of professional certificate (e.g electronic seal)!
71. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Nature of the security risk
The private key can be computed from the public key,
which means that theoretically:
>it was possible to digitally sign a document in the name
of another person
>it was possible to enter e-services in the name of
another person
>it was possible to steal a digital identity without having
the physical card
>decrypt documents encrypted with the ID card
73. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
Lessons learned
> eID is more important than we knew AND we cannot go
back on paper
> Map cross-dependencies of critical services
> Certified does not mean secure
> Have alternatives – eID card and mobile-ID, private sector
solution
> Pool of experts is limited – duplicate, if possible
> How to handle a non-incident?
> Nobody wants to go back to paper, even if they could
> This will not be the last such event
74. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Restricted Use - À usage restreint
In the rapid technological change the product standards and audits based on
standards might not give the guarantees for a liable product
2 years for the audit period is too long period, BUT the audits are expensive and
there are not many auditors for the specific topics
The notification system is too vague, but the only solution in those cases is tight
cooperation
The next crisis can be different, the legal framework in place enabled finding
solution, but from learnings we never know what the next crisis will look like