titolo diapositiva speakers: sottotitolotitolo diapositiva sottotitolo 3::: ,1)2&(57 ',*,7$...

TITOLO DIAPOSITIVASOTTOTITOLO

MODERATOR:

Jon Shamah - EEMA Chairman

SPEAKERS:

Andrea Servida - Head of Unit “eGovernment and Trust” at DG CONNECT, European Commission

Craig Le Clair - Vice President, Principal Analyst at Forrester Research

Carmine Auletta – Chief Innovation Officer at InfoCert

Q&A session at the end of presentation


MODERATOR

Jon Shamah is a graduate of Southampton University, specializing in Aeronautics & Astronautics.

Jon is a digital Identity & Trust Subject Matter Expert, specializing in maximizing the technology and operational value chain of very large scale eID schemes and national eID programmes.

He is a frequent public speaker on issues surrounding identity and Trust and facilitated the ministerial eID workshop in Poznan, Poland which directly led to the eIDAS, Trust Services regulations. Jon was a long-term consultant on eID issues to the Nordic Banking and Payments Consortium, NETS, and contributes to European Programs such as SSEDIC, STORK2.0, ATTPS, FutureID, FutureTrust and LIGHTest. Jon is former co-chairman of ITU-T, SG17, Joint Coordination for Identity and is a member of the Advisory Board of a number of European organizations and projects.


Speaker

He joined the European Commission in 1993 and since January 2006 he is Deputy Head of the Unit "Internet; Network and Information Security" in the Information Society and Media Directorate-General.

Besides co-managing the Unit, he is in charge of defining and implementing the strategies and policies on network and information security, critical information infrastructure protection and, last but not least, electronic signature. He also coordinates the team responsible for the European network and Information Agency (ENISA).

Until 2005, he worked in the Information Society Technologies Thematic Priority of FP6 with management responsibilities for the research activities on security and dependability technologies and applications.

The eIDAS Regulation

Andrea Servida

DG CONNECT, European Commission

Unit "eGovernment & Trust"

[email protected]

Webinar "The disruptive power of eIDAS"31 January2018

mailto:[email protected]

eIDAS: boosting trust & supporting businesses!

eIDAS

TRUST CONVENIENCE

CROSS-BORDER SEAMLESS

eIDAS – The Regulation in a nutshell

2 MAIN CHAPTERS SUBJECT TO DIFFERENT RULES AND REQUIREMENTS

Chapter II

Mutual recognition ofe-identification means

Chapter III

Electronic trust services

• Electronic signatures

• Electronic seals

• Time stamping

• Electronic registered delivery service

• Website authentication

Chapter IV

Electronic Documents

Timeline

2014 2015 2016 2017 2018 2019

17.09.2014Entry into force of the eIDASRegulation

eSignature Directive rules

1.07.2016Date of application of eIDAS rules for trust services

29.09.2015Voluntary cross-border recognition

29.09.2018Mandatory cross-border recognition

26.11.15

eID DSI v.1 eIDAS compliant

eID

Trust Services

eIDAS: Key principles for Trust services

The Regulation does not impose the use of Trust services

Trust services

Technological neutrality

Non-discrimination in Courts of eTS vs paper equivalent

Specific legal effects associated to qualified trust services

Non-mandatory technical standards ensuring presumption of compliance

Transparency and accountability

Risk managementapproach

• Liability regime for Q & non-QTSPs (art.13)

• Liability for damages caused intentionally or negligently

• Reversal of the burden of the proof only for QTSPs

• Possible limitations of liability for the use of the service by the TSP subject to clear information to customers

• Applicability of national rules on liability

• Recognition of 3rd countries TSPs (art.14)

• Only through international agreements between the Commission and a third country or international organisation

• Principle of reciprocity

• Accessibility for persons with disabilities (art.15)

9

eIDAS – General principles for trust services

• Minimum security requirements + notification of significant security breaches by all TSPs (art.19)

• Specific requirements to be met by QTSPs (art.24):

• staff,

• trustworthiness of their systems,

• liability insurance scheme,

• identification of the certificate owner,…

• Conformity assessment of QTSP (art. 20 & 21):

• Ex ante (prior authorisation scheme – art.21) SB may grant the qualified status in a given timeframe Inclusion in the Trusted Lists

• ex post (every 24 months & ad hoc – art. 19) May withdraw the qualified status

• building upon Regulation 765/2008 conformity assessment scheme

eIDAS – Obligations of TSPs

eIDAS – Supporting tools

Trusted lists for QTSPs and QTSs (art.22 and ID (EU) 2015/1505)

• Ensure continuity with the existing TLs established under the Service Directive.• Ensure legal certainty.• Foster interoperability of qualified trust services by facilitating a.o. the validation of e-signatures

and e-seals. • Allow citizens, businesses and public administrations to easily get the status of a trust service.

EU trust mark for qualified trust services (art.23 and (EU) 2015/806)

• Usage by QTSP after qualified status has been indicated in the TLs• Trustmark indicates in a simple, recognisable, and clear manner the

qualified status of a trust service• Link to the relevant TL has to be ensured by the QTSP

• Qualified trust service providers are qualified everywhere in the EU

• Qualified trust services are qualified everywhere in the EU

• Art 4 - internal market principle a qualified trust service based on a

qualified certificate issued in one Member State shall be recognised as a qualified trust service in all other Member States.

• Art 25.3 QeSig is a QeSig in all MS

• Art 35.3 QeSeal is a QeSeal in all MS

• Art 41.3 QtimeStamp is a QtimeStamp in all MS

12

eIDAS – QTS and QTSPs

Questions & Answers on Trust Services under eIDAS• Help understand the legal framework on trust services• Regularly updated

https://ec.europa.eu/digital-single-market/en/news/questions-answers-trust-services-under-eidas

eIDAS: Key principles for eID

13 *The Regulation does not impose the use of eID

Sovereignty of MS to use or introduce means for eID

Mandatory cross-border recognition only to access public services

Principle of reciprocity relying on defined levels of assurance

Interoperability framework

Cooperation between Member States

Full autonomy for private sector

eID

Where does eIDAS have an impact?

14

UMM&DSUniform User Management and Digital Signatures

eHGIeHealth Governance Initiative

ECIEuropean Citizens' Initiative

ESSNEuropean Social Security Number

SUPDirective on single-member private limited liability companies

PSD2Revised Directive on Payment Services

AML55th Anti-Money Laundering Directive

An exemple: the financial sector

• On 27 November adoption of Delegated Regulation on Regulatory Technical Standards (RTS) on strong

customer authentication and common and secure communication

• reference is made to both eIDAS notified eID means and trust services.

• eIDAS notified eID means possible solution for strong customer authentication

• Qualified electronic seals or qualified website authentication certificates mandatory for thecommunication between payment providers.

• On 14 December adoption of Commission Decision C(2017) 8405 final setting up the Commission expert

group on electronic identification and remote Know-Your-Customer processes

• Jointly managed by DG CNECT, DG FISMA and DG JUST

• composed of up to 36 members comprising regulators, supervisors, identity experts, financialinstitutions and consumer organisations Call for applications closed on 26.01

• explore how to facilitate the cross-border use of eID and KYC portability based on identification andauthentication tools under eIDAS to enable financial institutions to identify customers digitally for on-boarding purposes

• On 20 December political agreement on revised text of the Anti-Money Laundering Directive (AMLD5)

• explicit reference to eIDAS notified eID means as a possible way to fulfil Know-Your-Customer/Customer Due Diligence requirements for non-face-to-face interactions

https://ec.europa.eu/transparency/regdoc/rep/3/2017/EN/C-2017-7782-F1-EN-MAIN-PART-1.PDF

http://ec.europa.eu/transparency/regexpert/index.cfm?do=groupDetail.groupDetailDoc&id=36277&no=1

http://europa.eu/rapid/press-release_IP-17-1732_en.htm

eID schemes notified

Germany

National ID card

40.000.000 registered users

20.02.2017

• On 23 August 2017, DE eID formally notified –Published to OJEU on 26.9.2017!

• A milestone towards establishing eID and trust services in Europe achieved!

…. and ITALY pre-

notified its private-sector

led scheme SPID on

24.11.2017 !

16

For further information and feedback

Web page on eIDAShttp://ec.europa.eu/digital-agenda/en/trust-services-and-eid

eIDAS Observatoryhttps://ec.europa.eu/futurium/en/eidas-observatory

Text of eIDAS Regulation in all languageshttp://europa.eu/!ux73KG

Connecting Europe Facility –Catalogue of Building Blockshttps://ec.europa.eu/cefdigital

eIDAS twitter account@EU_eIDAS

Andrea ServidaDG CONNECT, European CommissionUnit "eGovernment & Trust"[email protected]

17

http://ec.europa.eu/digital-agenda/en/trust-services-and-eid

https://ec.europa.eu/futurium/en/eidas-observatory

http://europa.eu/!ux73KG

https://ec.europa.eu/cefdigital

http://twitter.com/EU_eIDAS

mailto:[email protected]


Speaker

Craig serves enterprise architecture and business process professionals. He is an internationally recognized expert in helping companies transform from manual and analog processes to the mobile, digital, and cognitive world.

His technology coverage areas include robotic process automation and the emerging digital workforce, AI solutions in financial services, and potential workforce disruption due to these technologies.

Prolific writer and speaker, Craig authored How To Succeed In The Enterprise Software Market and has been quoted in The Wall Street Journal, USA Today, Forbes, and many other publications and media outlets. Education Craig earned a B.S. in economics from Georgetown University and an MBA from George Washington University

© 2017 FORRESTER. REPRODUCTION PROHIBITED.

The Disruptive Power Of eIDAS

How the new EU Regulation accelerates digital transformation and creates opportunities

Craig Le Clair , VP & Principal Analyst, Forrester

January 30, 2018

21© 2017 FORRESTER. REPRODUCTION PROHIBITED.

Empowered Customers Open The Door For Disruption

Age of manufacturing

Mass manufacturing

makes industrial

powerhouses successful

•Ford

•Boeing

•GE

•RCA

Age of distribution

Global connections and

transportation systems

make distribution key

•Wal-Mart

•Toyota

•P&G

•UPS

Age of information

Connected PCs and supply

chains mean those that

control information flow

dominate

•Amazon

•Google

•Comcast

•Capital One

Age of the customer

Empowered buyers

demand a new level of

customer obsession

• acy’s

•Salesforce.com

•USAA

•Amazon


Digital Transformation Can Start Today With Available Technologies


Reviewed 25 E-Signature Production Implementations

›Digital Trends - Ease Of Implementation Drive E-signature Adoption

›Customer-facing Processes Remains Hot

› The European Market Shows Promise• Eidas Will Foster Use Of Electronic Signatures

Across Borders Within The EU.


SaaS Solutions Are Making Implementation Faster.

› More than 65% of Forrester inquiries on e-signature are from

enterprises that have opted for software-as-a-service (SaaS).

› Implementations range from an average of nine months for larger

enterprises, 5.5 for medium-sized, and 2.3 for small businesses.

› Browser incompatibility, integration with core systems, signature

pad support, diverse signing solutions, and user training were cited

as challenges.


Business Metrics Remain Strong, But Customer Experience Is A Key Success Criterion.

› Eighty percent error reduction, 85% productivity improvement, bank

accounts being opened in just eight minutes, and 22,000 staff hours saved

annually are some of the top business results

› A better audit process, reduced instances of fraud, and higher visibility into

what has been signed all added to the value received.

› But customer perception outweighs these efficiencies as a benefit in the

eyes of businesses.


E-Signature Workflow Has Many Touchpoints


E- signature Use Cases Have Different Characteristics

Global Energy

Global Bank


Digital Identity Verification For Online Banking And Fraud Prevention

• Bank located within the European Union with

many physical branches.

• Executives wanted to simplify the customer

experience for new accounts by providing a

100% digital experience.

• Posses excellent customer satisfaction

scores with high ratings from hundreds of

thousands of customers.

• Engaged with InfoCert for about two years

with the Trusted Onboarding Platform providing

the enabling technology for its digital channel.

Return on Investment:

174%

Net Present Value:

€11,6M

Payback Period:

0,6 months

Increase signed

customers: 30%

Case study analysis provided by Forrester on behalf of Infocert


Global And EU Trends Will Emphasize Authentication

› EU has in place the most advanced regulation in terms of digital

signatures and digital trust services.

› Banks can rely on regulated Qualified Trust Service Providers to

implement digital transformation projects.

› In this way enterprises can externalize part of its risk/liabilities i.e.

Make TSP liable for its activities

› The bank is not just adopting a technology but, is outsourcing part

of identificatifon, certificate issuing, signature, and preservation

exposure


Better Mobile Support And Real-Time Session Management Will Push The Market

› Most implementation cases offered mobile signing support.

› Real-time session management is becoming a requirement.

› Mobile solutions are improving (although mobile challenges

remain)


E-Signature Is Only One Component Of Digital E-Transaction

eSignature

Digital Components

eTransactionManagement

• Signature As

Component Of Digital

Platforms

• Functionality combined

with E-forms, workflow,

and CCM platforms

• Looks at end-to-end

business transaction

• Negotiable instruments-

Secondary market focus

• Requires deep expertise

in compliance • Applications that

execute electronic

signatures

• Has Move to SaaS

• Challenged by

Freeware

• Consolidation

Blockchain & Distributed Ledger Innovation-

• Efficient and lower-cost

payments

• Currency transfers and

securities settlement

• SSL certificate

issuance, Time-

stamping,

• Tamper-proof asset

ownership and tracking

(


Digital Transformation Platforms Form A Rich Ecosystem

RPA

InfoCert

DTM

DocuSign


Summary

› E-Signature Adoption Is Growing And A Component Of Digitizing Your Business

› Recognize That E-signature Solutions Require Changing Business Behavior.

› The Important Technologies Are Here Today

› eIDAS Reduces Uncertainty And Will Encourage Adoption

FORRESTER.COM

Thank you© 2017 FORRESTER. REPRODUCTION PROHIBITED.

Craig Le Clair

[email protected]


Speaker

Carmine is InfoCert’s Chief Innovation Officer where he is responsible, among other things, of Innovation, New Products Development, Strategic Planning and International development.

Prior to joining InfoCert, Carmine gained 12 years of work experience in the energy sector working for Terna where he covered the role of Chief Technology Officer and VP of Marketing and Innovation. While in Terna, Carmine was also designated Chairman of CASC Audit Committee, the European central auction office for cross-border energy transmission capacity with a Net Turnover of 1.8 bln€. Previously, Carmine gained 10 years of international work experience within Bain & Company and Accenture.

Carmine studied in Italy where he earned a Bachelor's degree in Computer Science and a Master's degree in Telecommunications; he completed his academic background in the USA with an MBA from the Kellogg Northwestern University. He has published several papers on Physical Review B and Physica C.

09/03/2018Cannes, Nov 29th 2017

The Disruptive Power of e-IDASWeb-Seminar, January 31st, 2018

Carmine AulettaInfoCert - Chief Innovation Officer


~ 4 MillionActive Qualified Digital IDs’in 2017

1,1

> 10 Countries

> 6 ~ 100 MillionDigital SignatureTransactions in 2017

> 2.000

InfoCert: the largest Certification Authority in Europe

EnterpriseCustomers

--

MillionTOP Digital Transactionsin 2017

Millione-commerce Customersin 2017

INFORMATION COPYRIGHT © INFOCERT 38

The role of Qualified Trust Service Providers (QTSPs)

INFORMATION COPYRIGHT © INFOCERT 38

Liability for the entire process

Identity of the parties

Strongcustomer

authentication

Willingness to

transact

Validation &

preservation

Non repudiableeDelivery

QTSP


39

InfoCert’s distinctive factors in enabling an effective digital transformation

1. EIDAS REGULATION EXPERTISE

2. EIDAS IN CONJUNCTION WITH INDUSTRY-SPECIFIC REGULATIONS

3. COMPLIANCE TRIGGERED INNOVATION


40

InfoCert: an innovation-driven Company

• 20% OF BUSINESS RESULTS FROMSOLUTIONS & PRODUCTS THAT DID NOTEXIST JUST 2 YEARS AGO

• 6% OF ANNUAL TURNOVER INVESTED INR&D

• #6 PROJECTS FUNDED BY EU RESEARCHFUNDS

• #14 REGISTRED PATENTS


41

TOP – Trusted Onboarding Platform™

InfoCert revolutionized the Financial Services Industry introducing TOP, our patented solution for remote customer identification and digital subscription of contracts.

Since its launch in 2013, we’ve completed more than 6 million onboarding on TOP, enabling our customers to reduce time, costs and frauds.


42

TOP – a never ending innovation

USERLiveID

WebID

AMLID eID

SignID

SelfID

From prospect to customer in less than 10 minutes. Now also through Self Identification.


43

TOP – a never ending innovation

A success story in Consumer Lending Market: the ING case

From an old fashioned lending process...

• Paper signature and documentation

• Big customer’s effort• Poor customer experience

… to a distinctive instant lending experience

• Fully Digital

• Real time scoring

• Instant disbursement

Time to Cash up to 13 days Time to Cash in 5 Minutes

• Conversion rate increased by 40%• Renounces rate dropped by 80%


44

GeoSign™ - Expand your proof of evidence

GeoSign™, another patented InfoCert’s solution, certifies the geographic location (GPS coordinates) of the signer’s hardened device and binds such data within the electronic signature. Thanks to the digital signature, georeferenced data gains integrity and enforceability to third parties.

Winner of Digital 360 Award* 2017 for Mobile Business Category

* Jury composed by 53 CIOs of the most important Italian companies


45

GDPR ready-solutions

SecureDrive is an encryptedcloud platform where it'spossible to store documentsand guarantee their privacy.The use of asymmetric keyalgorithms ensures the datasecrecy, making it fullcompliant with GDPRRegulation, the new EU Lawabout privacy coming intoforce in May 2018.

SecureDrive


46

GDPR ready-solutions

SecureStream

XXXSecureStream guarantees theintegrity and non-repudiation ofeach single frame in any streamof digital data (audio and or videosequence, log etc..).

Each frame is digitally signed byInfoCert and dynamically boundto all previous frames in order toguarantee the integrity of theentire stream as it gets created.


47

What’s about the future?

Trusted Blockchain

At the heart of Blockchain there is an algorithm which is“pure perfection” as long as it stays on paper. To be properlydeployed at a business level it must be part of a secureTrust chain and within a clear Liability Framework. And it’sat those areas where InfoCert is investing.

01

02

03

04

05

06

Identifiers

Keys Claims

DisclosuresConsent receipt

Pubblic and

permissioned

Cryptographic or non-cryptographic, they uniquely identify each subject. They

are saved on the ledger.

Record referring to identiry:

- Self asserted claim- Verifiable claim- Premium claim

It allows the user to use only data and information

useful for a particular identification

Public and private keys respectively used to

verify and sign a transaction

Sovrin is a distributed identity network based on asoftware Open Source. A Founding Steward, likeInfoCert, plays as a node of SOVRIN NETWORK: it isresponsible to validate transactions, while the user’sidentity verification is made through Claims, Keys andIdentifiers.

INFOCERT IS A FOUNDING STEWARD OF SOVRIN NETWORK


48

What’s about the future?

Trusted Internet of Things

iOT trends:

the volume of connected objects on the internet is estimated to be in the range of 20 and 50 billion in 2020

Hack of IOT systems is growing:• GPS spoofing • Computer cars remote hacking control• Power grid breaches• Healthcare data breaches

iOT needs of TRUST for:

• Proof of identity• Privacy • Liability framework

InfoCert is piloting the concept of a “Trusted IoT” ecosystem


Q&A SESSION


“Yes, this is possible. If a citizen is identified in accordance to the procedures listed in theCPS of the QTSP, and these procedures are recognized valid ones in the accreditationprocess by the national supervisory body, the citizen can receive a qualified certificate and,as provided in the eIDAS Regulation, this certificate is recognized as a qualified certificateanywhere in Europe. In this regard, Article 24 provides that QTSP shall verify the identity ofthe natural or legal person to whom the qualified certificate is issued in accordance to thenational law applicable in the Member State where the QTSP is accredited and from whereit may offer qualified services to clients everywhere in Europe.”

Andrea ServidaHead of Unit “eGovernment and Trust” at DG CONNECT, European Commission

Can a citizen of a Member State be identified by a QTSP accredited in a differentMember State in accordance with the identification methods listed in the CPS andreceive a qualified certificate? Can he use this certificate in his/her Member State withfull legal validity of the signed documents

Q&A Session


“The information that a Trust Service Provider is a QTSP is already stated in a validcertificate. In addition, to verify if this is trustworthy information, the authoritative sourcesto be used are the Trusted Lists (article 17) where the Qualified Trust Service Providers arelisted under the responsibility of the national supervisory body granting the status of QTSP.”


How and where can a user of a digitally signed document, for example a FiscalAuthority, verify if a Trust Service Provider is certified to provide trust services?

Q&A Session


“The answer is no. If a public authority is accepting at national level advanced electronicsignatures, under the eIDAS Regulation it is obliged (Article 27) to accept electronicsignature of the same or higher security level (i.e. up to qualified signatures), disregardingwhether such signatures are generated based on certificates or signature creation servicesprovided in another Member State. This is particularly true for qualified electronicsignatures. The Supervisory Body in the receiving Member States plays no role in thisregard.”


Does a public authority of a Member State, for example a Fiscal or AdministrativeAuthority, need an explicit consent from the local Supervisory Body to accept aqualified certificate issued by another Member State QTSP?

Q&A Session


“No, eIDAS Regulation defines the legal framework for qualified trust services and qualifiedtrust service providers. At the national level no legal act or administrative measure can beenacted or adopted to change the scope and validity of the provisions in eIDAS Regulation.If that will be the case, there will be incompatibility between the European primary law (i.e.eIDAS Regulation) and, as provided under the Treaties, the national law will be invalid.”


Can any Member State Supervisory Body or Parliament issue a law, a guideline or anyother measure which may affect a different Member State QTSP only because thelatter is issuing a qualified certificate in a cross-border situation?

Q&A Session


“eIDAS Regulation doesn’t forbid remote identification. Qualified trust service providers canidentify a person to whom they issue a certificate using a remote identification methods (forinstance based on eID means that meets the requirements of Article 8) as long as suchmethods and the related procedures are recognized at national level and complies with theeIDAS Regulation, i.e. they provide equivalent assurance (confirmed by a conformityassessment body) in terms of reliability to physical presence.”


Does eIDAS Regulation forbid remote identification to issue qualified trust services?Can a local Conformity Assessment Body or Supervisory Body approve it?

Q&A Session


“In accordance with article 24 of the Regulation, when issuing a qualified certificate, aqualified trust service provider shall verify, by appropriate means and in accordance withnational law, the identity of the person to whom the qualified certificate is issued. To thisend, Art 24.1(b) sets out that electronic identification mean notified under eIDAS can beused for remote verification provided that they meet the requirements set out in Article 8with regard to the ‘substantial’ or ‘high’ level.”


A QTSP can identify a citizen to issue a qualified certificate with a notified or pre-notified eID with a level of assurance substantial, or just the level high is allowed?

Q&A Session


“Annex II of the Regulation sets out the requirements for qualified electronic signaturecreation devices, including HSM, that may be used to create qualified electronic signatures.Point 3 of the Annex states that the generation or management of electronic signaturecreation data on behalf of the signatory may only be done by a qualified trust serviceprovider.”


Can a bank or another subject different from a QTSP keep the private keys associatedto the qualified certificates of their customers, in an HSM system installed on thebank’s premises?

Q&A Session


“Although I'm not sure that the question relates to one of the tasks of the supervisorybodies as set out in the eIDAS Regulation, it is definitely a question for the UK authority.”


Why do you think that the supervisory body in the UK has still not published theprocesses for CABs?

Q&A Session


“Member States remain free to decide which electronic means may be introduced orrecognized at national level for the purpose of electronic identification for accessing on linepublic services. It is their sole sovereign decision. However, when it comes to cross borderrecognition of eID means the provisions under eIDAS Regulation apply, in particular theeligibility criteria for notification as set in Article 7. ”


Given the global audience and interest for non-EU nation states with strong links to theEU, is it possible for the Regulation that non-EU schemes are notified by an EU MS?What advice would you give?

Q&A Session


“Once again, Member States are free to decide which electronic means may be used atnational level for the purpose of electronic identification for accessing on line publicservices. However, only eID schemes and associated means notified under eIDAS will berecognized (as of 29 September 2018) across borders in all Member States. Such notifiedeID schemes will be interoperable as, among others, they will comply with the criteria andrequirements of the interoperability framework set in the eIDAS Regulation and relatedImplementing Act.”


Spain normally accepts 5 different means of e-authentication: ID card, e-certificate,permanent password, temporary SMS password and STORK / eIDAS, using Cl@ve, amandatory common service for authentication. You quickly mentioned that the differentmeans of electronic ID acceptable for a transaction are defined by each member state. Thismeans that probably not all authentication methods will work across borders. How doesthis work in terms of interoperability and how does it affect the eIDAS objective of seamlessauthentication? What consequences may this have for member states that will need tosupport a growing number of authentication methods?

Q&A Session


“The main difference is simply that the US has settled upon a type of signature based onmultiple authentication aspects, not based on the certificate, even if in some of theelements could seem bound to the European concept of advanced signature. US signature isbased especially on knowledge-based authentication, and even biometrics is growing inimportance (voice printing, facial biometrics). This approach made possible a really rapidmarket progress, but is more focused on customer experience, and not much on trust.”

Craig Le ClairVice President, Principal Analyst at Forrester Research

Which are the main differences between European landscape and the rest of the world inthe area of digital trust?

Q&A Session


“Nowadays, there are more than 170 QTSP in Europe, most of them small-sized. This madesense before eIDAS, because each country had a specific regulation. I believe that themarket will be consolidated and in the end, will have a small number of big players,providing innovation and better solutions to the market.”

Carmine AulettaChief Innovation Officer at InfoCert

How do you see the future of QTSP market in Europe?

Q&A Session


“The most effective approach in a multi-sided contract environment is to decide whetherthe process has to be fully digital or analogic. It’s not recommended to mix digital and wetsignature, because the act of printing and scanning documents creates a discontinuity inthe trust chain that can impact on its formal validity as well as create vulnerabilities.In complex cases like the one described, the best approach would be to design the entiresigning process and validate it against legal, functional and organizational requirements.”

Carmine AulettaChief Innovation Officer at InfoCert

How should discontinuity be handled in a multi-sided contract environment? For example:three companies want to sign a contract, each company needs two signatures to validlysign, so we need six signatures. The first two use qualified electronic signature, the nextwants to sign by hand, and uploads the scanned document, the next signs electronically, thenext by hand... How can be generated a single document with all electronic signatures (stillable to validate electronically) and all manual signatures as well on it?

Q&A Session