Rolling out eIDAS Regulation (EU) 910/2014

Boosting trust & security in the Digital Single Market

Trust in the Digital World 2016 Conference 15 June 2016 – The Hague (NL)

Andrea SERVIDADG CONNECT, European CommissionHead of eIDAS Task Forceandrea.servida@ec.europa.eu

eIDAS

eIDAS: boosting trust & supporting businesses!

TRUST CONVENIENCE

CROSS-BORDER SEAMLESS 2

3

The eIDAS Regulation provides for eID & TS:

Where does eIDAS have an impact?

UMM&DS - Uniform User Management and Digital SignatureseHGI - eHealth Governance InitiativeECI - European Citizens' InitiativeESSN - European Social Security Number

SUP - Directive on single-member private limited liability companies PSD2 – Revised Directive on Payment Services AML4 - 4th Anti-Money Laundering Directive 4

•

eIDAS transformative role: Opportunities for eServices

5

Countries with nationally supported eID schemes

Nearly all Member States (will) have a nationally supported eID scheme in place

Preliminary data from the ongoing CEF eIDStakeholder Analysis Report by Deloitte

•Countries with eID schemes:AT, BE, DE, DK, EE, ES, FI, HR, HU, IT, IS, LT, LU, LV, MT, NL, NO, PT, RO, SE, SK, TR, UK

•Countries setting-up national eID schemes: BG, CY, CZ, EL, FR, SI

•Countries to be confirmed:IE, PL

Information provided by MSs (as of 1 January 2016):eID cards in 15 MSs (6 planned), other eID means in 24 MSs

25 MSs having either an eID card or other eID means

Notification - expectations

7

• 23 MSs of the EU and EEA presented informally their intention (often still tentative ones) to notify their eIDs, as follows:• Notification by end of 2016: 7 MS;• Notification in 2017 or later: 6 MS;• Intention to notify, without date: 6 MS;• No decision yet: 4 MS.

2015 2016 2017 2018 2019

29/09/2015Voluntary cross-border recognition

1.07.2016Date of application of eIDAS rules for trust services

29/09/2018Mandatory cross-border recognition

Timeline

eID

17.09.2014Entry into

force of the eIDAS

Regulation

Trust services

eSignature Directive rules

8

26.11.15 - eID DSI v.1 eIDAS compliant

2014

CEF Call launchedCall for proposal under CEF (Connecting Europe Facility) toconnect services to the eIDAS interoperability framework for crossborder transactions• Primary focus on a few selected private sector areas presenting potential

high volume cross-border transactions (i.e banking, electronic/Internetpayment services, other financial services, insurance and aviation)

• Call launched: 12 May 2016• Call deadline: 15 September 2016, 17:00.00

(Brussels time)• Consortium composition: minimum of 4 entities from one

or more Member States• Co-financing: 75% of the eligible costs of the action• Indicative duration: 12 months

9

10

The EU Trust Mark for Qualified Trust Services – CIR (EU) 2015/806

Promoting eIDAS Regulatory fitness in other sector specific legislations

• Better Regulation Toolbox (Tool 23: ICT assessment, the digital economyand society) – explicit reference to eIDAS

• Close bilateral cooperation between the eIDAS-TF and other DGs on specificregulatory initiatives

Examples:• Cooperation with DG FISMA and the European Banking

Authority (EBA) on the role of notified eID to meet therequirements under the PSD2Discussion paper on strong customer authenticationand secure communication under PSD2 - eIDAS ispresented as a possible solutionGreen paper on retail financial services and related public consultation - eIDAS featured with respect to the cross border benefits of e-signature and eID.

• Cooperation with DG JUST on supporting the transpositionof the AMLD4 Directive at national level to ensureconsistency with eIDAS

11

EU e-Government Action Plan 2016-2020. Accelerating the digital transformation of government (COM(2016) 179 final)

Underlying principles:

References to eIDAS: Policy priority 1 ("Modernise public administration with ICT,using key digital enablers") - actions:

• "Further efforts by all administrations are needed to accelerate the take up ofelectronic identification and trust services for electronic transactions in the internalmarket [...] actions to accelerate cross-border and cross-sector use of eID(including mobile ID) in digitally enabled sectors (such as banking, finance,eCommerce and sharing economy) and in the public sector namely on the Europeane-Justice Portal. The Commission will also explore the need to facilitate the usageof remote identification and secure authentication in the retail financialservices"

• "The Commission will gradually introduce the 'digital by default' principle wheninteracting online with external stakeholders, using eIDAS services (in 2018),eInvoicing (in 2018) and eProcurement (in 2019)."

Digital by

Default

Once only

principle

Inclusivenessand

accessibility

Openness and

transparency

Cross-border by

default

Interoperability by

default

Trustworthiness and

Security

12

Communication on Priorities of ICT Standardisation for the Digital Single Market (COM(2016) 176 final)

Sets a comprehensive strategic and political approach to standardisation for 5priority ICT areas: 5G communications, cloud computing, the internet ofthings (IoT), (big) data technologies and cybersecurity.

Action in the area of Cybersecurity (section 3.1.4):

"The Commission will:• Invite ESOs and other SDOs and relevant stakeholders to develop standards

by the end of 2018 that support global interoperability and seamlesstrustworthy authentication across objects, devices and natural andlegal persons based on comparable trust models. This work should bebased on technical standards aligned with the eIDAS regulatoryframework."

13

Online Platforms and the Digital Single Market Opportunities and Challenges for Europe (COM(2016)288)

Reference to eIDAS:

IMPLEMENTING MAIN PRINCIPLES FOR PLATFORMDEVELOPMENT IN THE EU:

iii) Fostering trust, transparency and ensuring fairness

• "In order to empower consumers and to safeguard principles ofcompetition, consumer protection and data protection, theCommission will further promote interoperability actions,including through issuing principles and guidance on eIDinteroperability at the latest by 2017. The aim will be toencourage online platforms to recognise other eID means — inparticular those notified under the eIDAS Regulation — thatoffer the same reassurance as their own". 14

Stakeholder engagement - eIDAS ObservatoryPurpose• Help facilitate the use of cross-border electronic identification and trust

services• Foster transparency and accountability by identifying market hurdles

and good practices, promoting knowledge-sharing and developing initiativesfor innovation

• Contribute to the enhancement of trust and security of digitaltransactions thus to the building of the Digital Single Market

• Act as a virtual network of stakeholders to exchange ideas and goodpractices as well as recommend actions and initiatives to ease the uptake ofeID and trust services

Timeline• Setting up: first half of 2016• Launch: to be officially announced at the event with VP Ansip: "A new

leap in the eIDAS journey: new trust services for a Digital SingleMarket" (30 June 2016, Brussels) 15

EU the first and only region in the world to have:- Policy- Regulation - Rules- Technology- Interoperability infrastructure

In EU we have: World-class hardware,

software and service providers, and administrations at the forefront of eGovernment

25 MS have eID means (3 planned) – 15 MS have eID cards (6 planned)

Large Scale Pilot Projects to ensure interoperability

eIDASA world premiere!

Proposal of few EU Member States to UNCITRAL

Joint proposal of the governments of Austria, Belgium, France, Italy and Poland

On Legal issues related to identity management and trust services Building upon the principles stemming from the eIDAS Regulation 48th session of the Commission (29 June - 16 July 2015, Vienna) –

Interregional consensus on the importance of the topic Set up an informal group of experts:

To support the Secretariat in preparing legislative proposals in order to start discussions in the Working Group

Open to all delegations. If there is a need to collect additional information, possible organisation of a

symposium

UNCITRAL Colloquium on Identity Management and Trust Services, Vienna 21-22 April 2016 (see programme and presentations) 17

For further information and feedback

Web page on eIDAShttp://ec.europa.eu/digital-agenda/en/trust-services-and-eid

Online eIDAS Participatory Platformhttp://europa.eu/!qc98fX

Text of eIDAS Regulation in all languageshttp://europa.eu/!ux73KG

Connecting Europe Facility – Catalogue of Building Blockshttp://europa.eu/!DN99RQ

eIDAS functional mailbox & twitter accountCNECT-TF-eIDAS-LT@ec.europa.eu

@EU_eIDAS18