The adoption of a common eIDAS-based trust framework for Member State digital identity trust schemes

On the back of the eIDAS regulation entering into force on 29 September 2018, it became mandatory for Member States to enable cross-border recognition of eIDs, allowing citizens and businesses to share their identity data when necessary.

According to Commissioner Mariya Gabriel at the time:

To increase citizens’ trust, public authorities are not the only ones to play an active role. It is important that also the private sector benefits from eIDAS’ full potential, as this legislation holds the power to create a market for authentication, authorisation and attributed services worth more than 2.13 billion EUR by 2022.

At present, Member States are working individually to create their own digital identity ecosystems: most are developing systems based on public-private cooperation and interoperability, but in the majority of cases there is still some way to go. What is missing is an EU-level initiative to synchronise these efforts by individual Member States for the benefit of national and cross-border governmental and business transactions.

Several of the key areas in the work of CyberSec4Europe for which this development would be of benefit are:

  • Interoperable eKYC (electronic Know Your Customer): At present, adoption in this area is limited, with different standards and approaches being proposed and piloted in the EU and elsewhere. For banks and other financial institutions, the benefits are an increase in reliability, transparency and efficiency in the online onboarding of new customers, a win-win for both customers and banks, who generally have to rely on paper-based documents to complete identity verification. While this is a desired outcome across the financial community, it would also benefit the legal and accountancy professions, and others.
  • Higher education certificate exchange: Privacy-preserving identity credentials are required to ensure the secure and trustworthy exchange of these documents between organisations, including educational institutions, universities, state agencies and private sector organisations, so that graduates can easily, and in a verifiable way, share their certificates and prove their expertise.
  • Medical data exchange: In order to securely manage the exchange of patient data between healthcare institutions, such as hospitals, general practitioners and pharmacies, especially cross-border, having a privacy-preserving digital identity trust framework would be of considerable benefit.
  • Smart city citizen engagement: Emerging business and government models involving citizens and other city stakeholders, primarily the municipalities, can only be fully enabled by the secure and privacy-preserving exchange of user data: being able to easily and securely identify all citizens of – and visitors to – a smart city will eventually become a burning business problem.

Even if not apparent before, one of the impacts of the COVID-19 lockdown has been the recognition that many societal and business processes – including track-and-trace app development – are stalled without the availability of easily verifiable digital identity credentials.

Although there are numerous national and EC-funded projects and initiatives, it is our belief that a greater concerted effort should be made to build an identity ecosystem that works across all sectors and across borders. A first step would be to get the backing and support of Member States and key verticals.

For more detailed insights:

Target audience:

  • European Commission (DG CONNECT, DG SANTE, DG ECFIN)
  • European Banking Association