Presentation given at the Service Design and Delivery in a Digital Age - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Topic 2: Digital transformation.
Presentation given at the Service Design and Delivery in a Digital Age - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Topic 2: Digital transformation.
An important part of eIDAS is to regulate electronic signature and ensure safe transactions online. By providing qualified electronic signature, Trust Service Providers allow both signatory and recipient a higher level of convenience and security. Use this guide to understand and navigate the regulation goals and benefits.
Electronic Signatures Guidance - by BEISZeev Shetach
Published by the UK Department for Business, Energy and Industrial Strategy (BEIS), the revised guidance with the eIDAS Regulations and some tips for the ICO's
Presentation given at the Service Design and Delivery in a Digital Age - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Topic 2: Digital transformation.
An important part of eIDAS is to regulate electronic signature and ensure safe transactions online. By providing qualified electronic signature, Trust Service Providers allow both signatory and recipient a higher level of convenience and security. Use this guide to understand and navigate the regulation goals and benefits.
Electronic Signatures Guidance - by BEISZeev Shetach
Published by the UK Department for Business, Energy and Industrial Strategy (BEIS), the revised guidance with the eIDAS Regulations and some tips for the ICO's
Securing eHealth, eGovernment and eBanking with Java - DWX '21Werner Keil
The EU increases its cooperation on cyber defense to strengthen its resilience to cyber-attacks through the EU Cybersecurity Act and certification of products, services or applications. To be as well prepared as possible against hacker attacks or the distribution of "fake news", fake documents or transactions. Like a One Trillion Amazon refund or fake tax returns. The IT industry may use this mechanism to certify products like connected vehicles, government services or smart medical devices. Due to its platform independence, Java plays an important role, especially in web, cloud or enterprise environments. In addition the PSD2 regulation went into effect in 2019 to make payments more secure, boost innovation and help banking services adapt to new technologies.
This session shows use cases of the DSS Framework and solutions based on it, such as Digidoc4J. DSS (Digital Signature Services) is a Java framework for the creation and validation of electronic signatures. DSS supports the creation and validation of interoperable and secure electronic signatures in accordance with European legislation, in particular the eIDAS Regulation, as well as IT standards like OASIS DSS. We are going to demonstrate how different documents and services can be signed and verified. Securing the data exchange using standards like DICOM, HL7 to OCSI or PSD2 and XS2A.
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemsSSIMeetup
https://ssimeetup.org/eidas-regulation-anchoring-trust-self-sovereign-identity-systems-ignacio-alamillo-webinar-49/
Ignacio Alamillo is a lawyer, PhD in eIDAS Regulation, CISA, CISM, and EU Commission legal expert for EBSI eSSIF and the EBSI eIDAS Bridge initiatives. Ignacio will introduce SSI solutions, using the Alastria ID reference model as an illustrative example, taking into account the need for trust management frameworks, and trust anchors. Secondly, he will introduce the eIDAS Regulation, currently the major electronic identification regulation in the European Union, supporting a pan-European identity federation system, and the legal framework for the so-called trust services.
The EU has developed some key proposals arising from the legal assessment of the EBSI ESSIF use case, oriented to extend the eIDAS Regulation to SSI solutions used with public sector bodies relationships and procedures. This results were publicly presented in the 2nd ESSIF Stakeholders Meeting that took place in Brussels mid-January 2020.
The objective of the ESSIF legal assessment is to evaluate the potential legal issues that are horizontal to an SSI solution, including:
DIDs: What is the legal nature and ownership of DIDs (asset vs a special kind of pseudonym), how should be DIDs managed in case of minors and incapable persons, if DID may be subject to seizure, when DIDs may be deactivated, what is the legal regime of keys and wallets, etc.
VCs: What are the duties and responsibilities of VCs issuers, holders and verifiers. How to model the contractual/non-contractual relations between issuers & verifiers, and set up liability models. We should pay special attention to the legal aspects of the VC lifecycle (issuance, suspension and revocation causes, etc).
Alignment of the SSI solution with the eIDAS Regulation: aligning VCs with eIDAS eID rules, but also linking VCs to eSeals or eSignatures.
Trust framework: legal input regarding LoAs, governance aspects, conformity, etc.
The use cases include:
Using eIDAS identification means (and qualified certificates?) to issue verifiable credentials.
Using qualified certificates to support verifiable claims (EBSI eIDAS bridge) and legal evidences with full legal value.
Using SSI VCs as an eIDAS identification means.
Using blockchain plus SSI as an electronic registered delivery service.
All content represent just the opinion of Ignacio Alamillo, and do not represent any official position from the EU Commission nor any of its officers
Demonstrating European Digital Identity WalletsLal Chandran
This is the presentation to OIX Identity Trust by David Goodman and Lal Chandran of iGrant.io
The presentation introduced EUDI Wallets and demonstrated the iGrant.io Digital Wallets with consented data sharing and exchange.
iGrant.io digital wallets are expertly engineered to align with eIDAS 2.0, adhering to the European Architecture and Reference Framework (ARF) via the OpenID4VC protocol. These wallets utilise JWT (JSON Web Tokens) and SD-JWT (Selective Disclosure JWTs) to enhance security and privacy, offering robust identity verification while empowering users to control the disclosure of their personal data. This approach aligns with modern EU standards for digital identity management, optimising user trust and compliance.
In the light of the rapid technological developments in our world , it has become necessary for states to keep pace with the technological revolution in order for them to become modern and advanced countries, or, at least , to be on the road to become so, by investing in modern technologies of communication of information, and through the development and investment in favor of public services.
There is no doubt that the tremendous revolution that took place in the world of communications has led to a change in the means and methods of business transactions and expressions of the will for what is called now “Electronic Data Interchange”. In lieu of paper documents seeking the legislation of modern developments and keeping up with the technological developments of the countries, Jordanian legislators took the lead among their Arab counterparts and issued the Interim Electronic Transactions Act No. 85 for the year 2011 on 11/12/2001. This legislation comprised of the first Jordanian law in the field of information technology , which was the second Arab law in the field of e-commerce after the Tunisian law making room for other Arab countries, out of which was Dubai which enacted the Act on electronic exchanges and Bahrain which passed the Bahraini law of e-commerce.
The Jordanian legislature came up with this law to put a legal framework that conforms with the international legislative framework in order to regulate the electronic transactions and to recognize all means of electronic data and electronic signatures in terms of their validity or invalidity. Moreover, the objective was the establishment of legal obligations on one side and the recognition electronic records on the other side.
The Electronic Transactions Act allowed the establishment of authorities of authentication and electronic signatures for giving evidence in a given argument.
Evolution of digital government services and trust services in the basque gov...PEGIP2020
"A big leap in the eIDAS journey: new trust services for a Digital Single Marke” jardunaldian Javier Bikandik erabilitako aurkezpena.
Presentación utilizada por Javier Bikandi en la jornada "A big leap in the eIDAS journey: new trust services for a Digital Single Marke”.
A view of Identity Management within the Moldovan Government. Presentation held by Mr. Iurie Turcanu, CTO at e-Government Center, within the first session of the FORUM „INFORMATION TECHNOLOGY IN GOVERNMENT”, dedicated to interoperability, held at Chisinau, January 16th 2012.
Digital Retail Africa 2023 hosted by IT News Africa - Carrie Peter speaks on Balancing User Experience and Security Compliance at Scale at the Digital Retail Africa 2023 conference. #retailtech #ecommerce #customerexperience #onlineshopping #securitycompliance
Estonia has evolved a remarkable digital society. Here we'll explore key aspects of the technical infrastructure behind Estonian digital governance and provide some theories as to why they have emerged.
Presentation given by Ukraine at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Moldova at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
More Related Content
Similar to PPT - SIGMA-GIZ Academies - Topic 2 - eID_Kask
Securing eHealth, eGovernment and eBanking with Java - DWX '21Werner Keil
The EU increases its cooperation on cyber defense to strengthen its resilience to cyber-attacks through the EU Cybersecurity Act and certification of products, services or applications. To be as well prepared as possible against hacker attacks or the distribution of "fake news", fake documents or transactions. Like a One Trillion Amazon refund or fake tax returns. The IT industry may use this mechanism to certify products like connected vehicles, government services or smart medical devices. Due to its platform independence, Java plays an important role, especially in web, cloud or enterprise environments. In addition the PSD2 regulation went into effect in 2019 to make payments more secure, boost innovation and help banking services adapt to new technologies.
This session shows use cases of the DSS Framework and solutions based on it, such as Digidoc4J. DSS (Digital Signature Services) is a Java framework for the creation and validation of electronic signatures. DSS supports the creation and validation of interoperable and secure electronic signatures in accordance with European legislation, in particular the eIDAS Regulation, as well as IT standards like OASIS DSS. We are going to demonstrate how different documents and services can be signed and verified. Securing the data exchange using standards like DICOM, HL7 to OCSI or PSD2 and XS2A.
eIDAS regulation: anchoring trust in Self-Sovereign Identity systemsSSIMeetup
https://ssimeetup.org/eidas-regulation-anchoring-trust-self-sovereign-identity-systems-ignacio-alamillo-webinar-49/
Ignacio Alamillo is a lawyer, PhD in eIDAS Regulation, CISA, CISM, and EU Commission legal expert for EBSI eSSIF and the EBSI eIDAS Bridge initiatives. Ignacio will introduce SSI solutions, using the Alastria ID reference model as an illustrative example, taking into account the need for trust management frameworks, and trust anchors. Secondly, he will introduce the eIDAS Regulation, currently the major electronic identification regulation in the European Union, supporting a pan-European identity federation system, and the legal framework for the so-called trust services.
The EU has developed some key proposals arising from the legal assessment of the EBSI ESSIF use case, oriented to extend the eIDAS Regulation to SSI solutions used with public sector bodies relationships and procedures. This results were publicly presented in the 2nd ESSIF Stakeholders Meeting that took place in Brussels mid-January 2020.
The objective of the ESSIF legal assessment is to evaluate the potential legal issues that are horizontal to an SSI solution, including:
DIDs: What is the legal nature and ownership of DIDs (asset vs a special kind of pseudonym), how should be DIDs managed in case of minors and incapable persons, if DID may be subject to seizure, when DIDs may be deactivated, what is the legal regime of keys and wallets, etc.
VCs: What are the duties and responsibilities of VCs issuers, holders and verifiers. How to model the contractual/non-contractual relations between issuers & verifiers, and set up liability models. We should pay special attention to the legal aspects of the VC lifecycle (issuance, suspension and revocation causes, etc).
Alignment of the SSI solution with the eIDAS Regulation: aligning VCs with eIDAS eID rules, but also linking VCs to eSeals or eSignatures.
Trust framework: legal input regarding LoAs, governance aspects, conformity, etc.
The use cases include:
Using eIDAS identification means (and qualified certificates?) to issue verifiable credentials.
Using qualified certificates to support verifiable claims (EBSI eIDAS bridge) and legal evidences with full legal value.
Using SSI VCs as an eIDAS identification means.
Using blockchain plus SSI as an electronic registered delivery service.
All content represent just the opinion of Ignacio Alamillo, and do not represent any official position from the EU Commission nor any of its officers
Demonstrating European Digital Identity WalletsLal Chandran
This is the presentation to OIX Identity Trust by David Goodman and Lal Chandran of iGrant.io
The presentation introduced EUDI Wallets and demonstrated the iGrant.io Digital Wallets with consented data sharing and exchange.
iGrant.io digital wallets are expertly engineered to align with eIDAS 2.0, adhering to the European Architecture and Reference Framework (ARF) via the OpenID4VC protocol. These wallets utilise JWT (JSON Web Tokens) and SD-JWT (Selective Disclosure JWTs) to enhance security and privacy, offering robust identity verification while empowering users to control the disclosure of their personal data. This approach aligns with modern EU standards for digital identity management, optimising user trust and compliance.
In the light of the rapid technological developments in our world , it has become necessary for states to keep pace with the technological revolution in order for them to become modern and advanced countries, or, at least , to be on the road to become so, by investing in modern technologies of communication of information, and through the development and investment in favor of public services.
There is no doubt that the tremendous revolution that took place in the world of communications has led to a change in the means and methods of business transactions and expressions of the will for what is called now “Electronic Data Interchange”. In lieu of paper documents seeking the legislation of modern developments and keeping up with the technological developments of the countries, Jordanian legislators took the lead among their Arab counterparts and issued the Interim Electronic Transactions Act No. 85 for the year 2011 on 11/12/2001. This legislation comprised of the first Jordanian law in the field of information technology , which was the second Arab law in the field of e-commerce after the Tunisian law making room for other Arab countries, out of which was Dubai which enacted the Act on electronic exchanges and Bahrain which passed the Bahraini law of e-commerce.
The Jordanian legislature came up with this law to put a legal framework that conforms with the international legislative framework in order to regulate the electronic transactions and to recognize all means of electronic data and electronic signatures in terms of their validity or invalidity. Moreover, the objective was the establishment of legal obligations on one side and the recognition electronic records on the other side.
The Electronic Transactions Act allowed the establishment of authorities of authentication and electronic signatures for giving evidence in a given argument.
Evolution of digital government services and trust services in the basque gov...PEGIP2020
"A big leap in the eIDAS journey: new trust services for a Digital Single Marke” jardunaldian Javier Bikandik erabilitako aurkezpena.
Presentación utilizada por Javier Bikandi en la jornada "A big leap in the eIDAS journey: new trust services for a Digital Single Marke”.
A view of Identity Management within the Moldovan Government. Presentation held by Mr. Iurie Turcanu, CTO at e-Government Center, within the first session of the FORUM „INFORMATION TECHNOLOGY IN GOVERNMENT”, dedicated to interoperability, held at Chisinau, January 16th 2012.
Digital Retail Africa 2023 hosted by IT News Africa - Carrie Peter speaks on Balancing User Experience and Security Compliance at Scale at the Digital Retail Africa 2023 conference. #retailtech #ecommerce #customerexperience #onlineshopping #securitycompliance
Estonia has evolved a remarkable digital society. Here we'll explore key aspects of the technical infrastructure behind Estonian digital governance and provide some theories as to why they have emerged.
Presentation given by Ukraine at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Moldova at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Armenia at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Montenegro at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by SIGMA at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Photo gallery from Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Montenegro at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Montenegro at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Georgia at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by SIGMA at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by the Republic of Slovenia Ministry of Higher Education at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by ReSPA at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Bosnia and Herzegovina at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Montenegro at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by the Republic of North Macedonia at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Ukraine at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given by Serbia at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Presentation given at Building a sustainable quality management approach - Academies for EaP countries organised by the SIGMA Programme and the GiZ Eastern Partnership Regional Fund. Stage 1: Building for excellence.
Omnichannel management, presentation given by Willem Pieterson. SIGMA Webinar series on service design and delivery in the Western Balkan region in 2023. Topic 3: Omni and Multi-channel service design and delivery.
Electronic services in the healtg system of Montenegro, presentation given by Vladimir Raickovic. SIGMA Webinar series on service design and delivery in the Western Balkan region in 2023. Topic 3: Omni and Multi-channel service design and delivery.
More from Support for Improvement in Governance and Management SIGMA (20)
Many ways to support street children.pptxSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
A process server is a authorized person for delivering legal documents, such as summons, complaints, subpoenas, and other court papers, to peoples involved in legal proceedings.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
Understanding the Challenges of Street ChildrenSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
3. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU. Table of contents
1 Introduction
2 Key Principles of Trusted eID
3 Building Blocks of Trusted eID
4 eID Transformation Process
5 eID organizational structure
6 European legal framework for eID and trust services
7
Estonian national framework for eID and trust services
What have been the challenges?
8 Cross-border implications of eID and trust services
4. A
joint
initiative
of
the
OECD
and
the
EU,
principally
financed
by
the
EU.
Laura Kask
• Former Chief Legal Officer for Government CIO,
Republic of Estonia
• CEO of Proud Engineers
• Visiting lecturer at Tartu University IT Law
Programme
• Obtaining PhD at Tartu University “eID and trust
services in national and cross-border transactions”
Proud Engineers: architects for a digital society
8. 2005 2006 2007 2008 2010
e-Estonia timeline
i-voting
e-police
system
e-notary
e-justice
mobile-id
company
registration
portal
e-health
system
keyless
signature
infrastructure
e-prescriptions
9. 2011 2012 2013 2014 2015
e-Estonia timeline
smart grid
visualised
business
register
ev quick
charging
network
public services
green paper
e-residency
e-service of the
Estonian Road
Administration
e-receipt
10. 2017 2018 2019 2020
e-Estonia timeline
reporting
3.0
AI strategy
kick-off:
proactive
government
crossborder
e-prescription
NIIS
X-Road®
consortium
data
embassy
2021
7 invisible
services
proactive family
benefits
e-notary for
remote verification
bürokratt
14. Breaking the
stalemate
The citizens will not take the ID or remember the PIN codes, when there are no
services. There will be no services built for no customers.
15. The eiD
must have a
legal
meaning
Without a legal framework, the eID is simply people doing complex math
17. Legal framework
• Population registry and its legal significance
• Regulation of trust services
• Electronic signature and its significance
• Dealing with legacy
• Education of legal practitioners
• Revamping regulations requiring paper-based processes
18. Capabilities
• Cybersecurity to
• drive requirements for eID and validate deliverables
• monitor the ecosystem
• execute incident response
• Cryptography to keep the ecosystem developing
• Legal to drive legal changes
• Architecture to define, manage and develop the technical ecosystem
19. Trust services
• Trust services create and operate services underpinning the trust in eID
• Certification Authority and Registration Authority
• Time Stamping Authority
• Signature creation and validation
• Trust must stem from audited, regulated and supervised adherence to standards
20. The ecosystem
• It is not possible for a
• single government authority to build eID due to the range of capabilities and
changes necessary
• single private sector organization to build eID due to the lack of critical mass in
terms of customers and services
• Create and manage an ecosystem of service providers, integrators, technology
providers, researchers, cybersecurity practitioners, trust service providers etc.
• Alternatively make sure to participate in one
30. Mandatory recognition of electronic identification for
Member States
1. May ‘notify’ the ‘national’ electronic identification scheme(s) used at for
access to its public services
2. Must recognise ‘notified’ eIDs of other Member States for cross-border
access to its online services when its national laws mandate e-identification
3. Must provide a free online authentication facility for its 'notified' eID(s).
4. May allow the private sector to use ‘notified’ eID
NB! No obligation to recognize eIDs outside EU
NB! Only EU level agreement between a third country is a possibility (there is now an option to
overcome the legal gap)
31. Trust Services
eIDAS creates an European internal market for electronic trust services by ensuring
that they will work across borders and have the same legal status as traditional paper
based processes.
32. Trust Services
When the public sector accepts a document being signed electronically, they must
accept documents signed electronically in the same format from the other member
states or with the service offered by the other service providers.
33. Trusted List
• Member states maintain and publish trusted lists where they have all the necessary
information about the qualified service providers acting inside the EU.
• Trust services provided by trust service providers established in third country shall
be recognised legally once there is an agreement between the EU and the third
country.
• Trust services provided services provided by trust service providers established in
third country shall be recognized when they are in the trusted list and audited in
the EU, provided by EU located service provider.
34. Principles of trust services
• Technological neutrality.
• Mutual recognition of «qualified» electronic trust services.
• Ensuring validity and legal certainty of cross-border electronic
transactions through the impossibility to reject a document on the grounds
that it is in electronic form.
35. Levels of e-signature (electronic signature)
• The simple e-signature has a low level of security and assurance. It cannot
guarantee that the person signing the document is who he pretends to be.
• It does not provide details on the signing event (such as time, date etc.) either. For
example, when ticking the “Accept terms & conditions” box of an online
transaction, using stylus etc.
36. Levels of e-signature (advanced e-signature)
• Advanced electronic signature – an electronic signature is considered advanced if it meets
certain requirements:
a. it is uniquely linked to the signatory;
b. it is capable of identifying the signatory;
c. it is created using electronic signature creation data that the signatory can, with
a high level of confidence, use under his sole control; and
d. it is linked to the data signed therewith in such a way that any subsequent
change in the data is detectable.
• Certificate for electronic signature – electronic proof that confirms the identity of the
signatory and links the electronic signature validation data to that person.
37. Levels of e-signature (qualified e-signature)
• Meets the requirements of advanced electronic signature and in addition, it is
created based on the use of a qualified signature creation device (QSCD) and relies
on a qualified certificate for electronic signatures.
• These two extra features ensure that the qualified e-signature is unique,
confidential and secure.
• Only electronic signature that is equal to handwritten signature (wet signature) and
there cannot be exceptions in national law
38. Legal consequences
• Qualified electronic signatures are equal to handwritten signatures (eIDAS article
25)
• Usage in private sector?
• Usage in public sector?
39. How to become a qualified trust service provider?
• Apply to a conformity assessment body assessing compliance against the
requirements for qualified trust service providers and qualified trust services.
• The conformity assessment body will produce a conformity assessment report,
demonstrating how the requirements have been met.
• Submitting the report to national supervisory authority who will grant you qualified
status if appropriate – service will be added to the national trusted list and will be
able to use the eIDAS EU trust mark.
• There is a requirement to undergo the conformity assessment process every two
years, at your own expense.
40. Conclusion
• The eIDAS Regulation:
• ensures that people and businesses can use their own national electronic identification schemes
(eIDs) to access public services in other EU eID are available;
• creates an European internal market for eTS - namely electronic signatures, electronic seals, time
stamp, electronic delivery service and website authentication - by ensuring that they will work
across borders and have the same legal status as traditional paper based processes;
• consists of regulation, implementing acts, standards (ETSI), national laws and implementing acts;
• sets rules for mutual recognition of eIDs and cooperation between the member states;
• regulates trust service providers and trust services to be recognized across EU.
42. 42
Do we actually know who
is behind the computer?
Peter Steiner
published by The New Yorker on July 5, 1993
Justification for amendments: about 60% of the EU
population in 14 Member States are able to use their
national eID cross-border.
Only 14% of key public service providers across all Member
States allow cross-border authentication with an e-Identity
system.
Aim of eIDAS 2.0: by 2030 80% of the EU population are
equipped with a digital wallet that will allow them to prove
their identity and authenticate themselves on public
services in all EU countries and the UK, regardless of their
nationality
*https://commission.europa.eu/strategy-and-policy/priorities-2019-
2024/europe-fit-digital-age/european-digital-identity_en
44. 44
Article 3 (42):
is a product and service that allows the user
to store identity data, credentials and
attributes linked to her/his identity, to
provide them to relying parties on request
and to use them for authentication, online
and offline; and to create qualified
electronic signatures and seals
What is an European
Digital Wallet?
45. Main challenges
45
+ The proposal offers no rationale how the obligation to issue and recognise the wallet helps to overcome the
shortcomings of the current eIDAS regulation. The obligation to accept the wallet also degrades the proven
value of existing electronic identity schemes and results in unfair competition.
+ Proposed 24 months` timeframe for implementation is complicated, as there is no solution that meets the
requirements of the wallet and wallet-like products have to be developed from the ground up, also there are
no technical standards and/or comprehensive technical descriptions that would correspond to the proposal.
+ Concept of unique and persistent identifier has been left aside and have been replaced with record matching.
46. 46
+ “The Digital Wallet will become a reliable, all-in-one identity
gateway that puts citizens in full control of their own data and gives
them the freedom to decide exactly what information to share, with
whom, and when. From social, financial, medical, and professional
data, to contacts and much more, it will make it possible to store
personal credentials within a single digital ID.”*
+ Although technically feasible, it puts even harder responsibility on
the human side for various fraud.
+ The concept of decentralized data collection is heavily influenced.
* eIDAS 2.0 rapporteur Romana Jerković (S&D, HR)
48. Mutual Recognition of trust services from third
countries*
https://ec.europa.eu/digital-building-
blocks/wikis/display/DIGITAL/2023/02/06/The+EC%27s+actions+on+international+compatibility+of+trust+services?preview=/640549582/661194677/Masterdeck_The%20Commission%27
s%20actions%20on%20international%20compatibility%20of%20trust%20services_Presentation.pdf
48
50. What will change with eIDAS 2.0?
+ Trade agreement or Implementing Act for recognition
+ Non- EU should meet requirements for qualified TS/TSP
+ Should follow trusted list MRA Cookbook
50
53. eID in Estonia
High level government provided identity
based on identity nr that is unique (eID,
mID).
• authentication
• electronic signing
• i-voting
• business, banking
• state and healthcare
• public transport
• loyalty card
High level private sector provided identity
based on identity nr that is unique (Smart
ID).
• authentication
• electronic signing
• business, banking
54. Two main legal principles in national law
• Electronic identification is as good as face-to-face identification
and
• electronic signature of certain level is equal to handwritten one.
NB! Although the framework exists there is no actual use of the concept of
professional certificate (e.g electronic seal)!
55. The hierarchy of norms
eIDAS Regulation
eIDAS implementing acts
National level laws on the
implementation of eIDAS regulation
National level
implementing acts
Standards
59. Nature of the security risk
The private key can be computed from the public key, which means that
theoretically:
• it was possible to digitally sign a document in the name of another person
• it was possible to enter e-services in the name of another person
• it was possible to steal a digital identity without having the physical card
• decrypt documents encrypted with the ID card
60.
61. Lessons learned
• eID is more important than we knew AND we cannot go back on paper
• Map cross-dependencies of critical services
• Certified does not mean secure
• Have alternatives – eID card and mobile-ID, private sector solution
• Pool of experts is limited – duplicate, if possible
• How to handle a non-incident?
• Nobody wants to go back to paper, even if they could
• This will not be the last such event
62. →In the rapid technological change the product standards and audits based on standards might not
give the guarantees for a liable product
→ 2 years for the audit period is too long period, BUT the audits are expensive and there are not
many auditors for the specific topics
→The notification system is too vague, but the only solution in those cases is tight cooperation
→The next crisis can be different, the legal framework in place enabled finding solution, but from
learnings we never know what the next crisis will look like
63. Identity thefts: suspension vs declaring invalid
• If the person who has stolen/found your card does not know your PIN and/or PUK
codes, they can only obtain information that is visually printed on the card (name,
personal identification code, validity period of the card), except your photo and
signature.
• If the person also has your PIN and/or PUK codes, they can use the card to access
e-services and give digital signatures if the owner has not suspended the
certificates.
64. Cases
• On September 22, a woman contacted a 64-year-old woman living by phone, informing them about the
maintenance work at Swedbank and the problems with her woman's Smart-ID.
• The woman was then called by a man who introduced himself as a maintenance technician, asked for the
applicant's personal identification number and Smart-ID PIN codes to check that the Smart-ID application
was working.
• After a few moments, the call was made again and the petitioner was asked to authenticate himself in
the Internet bank via Smart-ID, under the pretext of completing the maintenance work.
• Misled in this way, the applicant initiated authentication in the internet bank and entered the PIN1 and
PIN2 codes, during which an unknown person gained access to the woman's bank account and made
payments to five people for a total of EUR 12,184.23, of which the bank recovered EUR 609.00.
• What could be the solution in your country?
67. Barriers based on the example of NOBID countries
• Although authenticating a citizen (i.e. allowing a person to prove they are in control of a
particular national identifier) is technically possible, the semantic interoperability between
the identities is said to be lacking.
• On the EU level, there appears to be a stalemate where the services are not accepting
foreign electronic identities because there is no demand and the lack of demand is in turn
caused by the lack of services.
• There is no concept of shared physical identity between the NOBID countries and
therefore the sharing of electronic identity is hindered.
• The lack of technical and legal standards around the identity codes appears to be a barrier.
68. Barriers based on the example of NOBID countries
• Authentication services are significantly linked to interoperability services.
• Lack of cooperation in software and service development was seen to be a cross-border barrier.
• The vast majority of citizens currently do not need cross-border services.
• Difficulties in determining the level of trust in trust services and alternatives thereof is a barrier to their use
between NOBID countries.
• The extent of the cross-border demand, challenges or potential use is difficult to estimate since there is a lack
of statistics.
• Despite international standards being present, technical compatibility in terms of the ASiC-E signature
container compatibility between NOBID countries remains a challenge as countries differ in the precise way
standards are utilised
• Electronic services are dependent on a personal identification codes both in terms of technological solution as
well as service design.
• All countries, quite naturally, prioritise their national services and compliance over cross-border compliance
and services.
69. Potential use of cross-border trust services and alternatives
thereof
• There is strong preference among Nordic countries (clearly expressed by Finland, Sweden,
Norway and Denmark) to focus on authentication in the cross-border dimension and only
then on trust services. All people should be able to have strong authentication mean to
access e-services.
• Cross-border trust between eID schemes would be the most important element as more
than 90% of the population have the means available. Many interviewees pointed out that
the first step would be for each country to have their national eID notified - this would
raise confidence in the ability to issue national eIDs in the reliable way.
• A deliberate effort must be made to start trusting identification by other countries.
70. Other observations
• The COVID-19 pandemic was seen as a major driver of eID adoption and trust
services in general.
• Personal identity tends to be under tight control of national governments while
other trust services are commonly procured within an international context (e-
delivery, timestamping, web certificates).
• Different requirements for assurance level of eIDs create interoperability problems.
• Banking is a significant driver of eID use (Bank-initiated schemes in Sweden,
Norway, Finland; respective mentions in Latvia and Estonia, Bank-owned or
operated TSPs in the Baltics, Iceland and elsewhere).
71. Other observations
• Cooperation and cross-border use are to a very large extent driven by corporate strategy of a much
wider group of organisations than just trust service providers
• Large multinationals tend to utilise centrally developed solutions using a corporate trust network
rather than adopting the local one (Latvia, Estonia)
• Integrators, document management service providers and other parties operate internationally
and bring their international cooperation networks into local context (Latvia)
• Large Relying Parties often operate internationally and seek to unify solutions at least on a
regional basis (Telia, Swedbank, SEB in the Baltics but also in other NOBID countries)
• Trust service providers operate internationally and, seeking to minimise cost, will unify solutions
creating interoperability in the process (SK ID Solutions in the Baltics, Nets, Signicat and others in
the Nordics, Dokobit)