eIDAS - European Electronic Identification and Trust Services

7 minute read

eID

eid.as/home/ - Regulation with linked TOC Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

(2) This Regulation seeks to enhance trust in electronic transactions in the internal market by providing a common foundation for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the Union.

(3) Directive 1999/93/EC of the European Parliament and of the Council (3), dealt with electronic signatures without delivering a comprehensive cross-border and cross-sector framework for secure, trustworthy and easy-to-use electronic transactions. This Regulation enhances and expands the acquis of that Directive.

(11) This Regulation should be applied in full compliance with the principles relating to the protection of personal data provided for in Directive 95/46/EC of the European Parliament and of the Council (7). In this respect, having regard to the principle of mutual recognition established by this Regulation, authentication for an online service should concern processing of only those identification data that are adequate, relevant and not excessive to grant access to that service online. Furthermore, requirements under Directive 95/46/EC concerning confidentiality and security of processing should be respected by trust service providers and supervisory bodies.

(12) One of the objectives of this Regulation is to remove existing barriers to the cross-border use of electronic identification means used in the Member States to authenticate, for at least public services. This Regulation does not aim to intervene with regard to electronic identity management systems and related infrastructures established in Member States. The aim of this Regulation is to ensure that for access to cross-border online services offered by Member States, secure electronic identification and authentication is possible.

(14) Some conditions need to be set out in this Regulation with regard to which electronic identification means have to be recognised and how the electronic identification schemes should be notified. Those conditions should help Member States to build the necessary trust in each other’s electronic identification schemes and to mutually recognise electronic identification means falling under their notified schemes. The principle of mutual recognition should apply if the notifying Member State’s electronic identification scheme meets the conditions of notification and the notification was published in the Official Journal of the European Union. However, the principle of mutual recognition should only relate to authentication for an online service. The access to those online services and their final delivery to the applicant should be closely linked to the right to receive such services under the conditions set out in national legislation.

Trust Services and Electronic identification (eID)

  • ensures that people and businesses can use their own national electronic identification schemes (eIDs) to access public services in other EU eID are available.
  • creates an European internal market for eTS - namely electronic signatures, electronic seals, time stamp, electronic delivery service and website authentication - by ensuring that they will work across borders and have the same legal status as traditional paper based processes. Only by providing certainty on the legal validity of all these services, businesses and citizens will use the digital interactions as their natural way of interaction.

EU BLOCKCHAIN OBSERVATORY AND FORUM - e-Identity, Brussels, November 7, 2018 • eIDAS: Key Principles for Identity

  • Cooperation between Member States
  • Reciprocity relying on defined levels of assurance
  • Mandatory cross-border mutual recognition of identifiers
  • Sovereignty of Member states to use or introduce means for eID at their national level
  • Full autonomy to the private sector
  • Interoperability framework
  • Member States can use different means of identification, but with the same functionality
  • The problem is not the technology, but the legal framework, the distribution of liability, and the question to know whether what is enforceable in country A is also enforceable in country B (for instance in the court).

eIDAS as guideline for the development of a pan European eID framework in FutureID

Abstract: This paper addresses the Regulation on Electronic transactions in the internal market: electronic identification and trust services (eIDAS) and analyses this regulatory framework in relation to the pan European eID infrastructure being developed in the FutureID project. The aim of this paper is to identify if eIDAS sets forward any legal requirements that need to be implemented in the FutureID infrastructure. Even though the focus of this paper is on the development of the FutureID infrastructure, the description of eIDAS and the analysis of its main requirements for technical developers are in general relevant to the development of online identification and authentication schemes.

EU Blockchain Observatory and Forum Report Blockchain and Identity

Section 19: Decentralised identity and the European regulatory landscape

  • EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD

    Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.

eDIAS and Self Sovereign Identity

EIDAS SUPPORTED SELF-SOVEREIGN IDENTITY

  1. The DID / SSI approach to identity and Verifiable claims
  2. The eIDAS Regulation
  3. The need for verified identities
  4. Linking the DID with the identity provided by eIDAS
  5. Applying eIDAS to the Verifiable Claims lifecycle

The purpose of this document is to stimulate the discussion on how identity management solutions based on the Decentralised Identity / Self-Sovereign Identity (SSI) paradigms can benefit from the trust framework created by the eIDAS Regulation.

eIDAS and Self-Sovereign Identity - MyData 2018

Aligning SSI with European Union identity legislation (aka eIDAS Regulation)

Although electronic identification under eIDAS Regulation is today clearly aligned with SAML-based infraestructures (see Opinion No. 2/2016 of the Cooperation Network on version 1.1 of the eIDAS Technical specifications, available at https://ec.europa.eu/cefdigital/wiki/pages/viewpage.action?pageId=37750723 and eIDAS eID Profile, available https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+Profile), nothing in the eIDAS or its implementing acts should prevent the usage of a SSI system as an electronic identification means.

Thus, the second use case considers a DID as an eIDAS compliant electronic identification means, enabling - at least - transactions with Public Sector authorities and Public Administrations and, if so decided by the DID creator, also with private sector entities.

FutureTrust Welcomes Kantara Initiative as an Associate Project Partner

BRUSSELS, 29th APRIL 2019 – FutureTrust, a project supporting the practical implementation of eIDAS, today announced the Kantara Initiative as an Associate Project Partner. The Kantara Initiative is the only industry organisation focused on third party assessed digital identity and privacy assurance frameworks. It complements the talent of the existing FutureTrust partners, bringing a wealth of experience in operating trust frameworks.

go.eIDAS-Initiative launched across Europe and beyond

ESSIF - European Self Sovereign Identity Framework

European Self Sovereign identity framework

In European Blockchain Partnership NL-GER-BE started a initiative on European Self Sovereign Identity framework (eSSIF). ○ How to facilitate cross-border interaction with SSI. ○ How to make/keep national SSI projects interoperable. ○ How to integrate/align existing building blocks such as eIDAS, e-delivery, once-only with SSI. ○ How to conceptualize and build an identity layer in the new European Blockchain Services Infrastructure. ○ How to preserve European/democratic values in the implementation of Self Sovereign identity.

Self-Sovereign Identity Framework and Blockchain

The Techruption Blockchain Project is a public-private partnership project in the Netherlands, within which large corporates, small companies, startups and scientific institutions collectively create disruptive technological innovations around distributed ledger (blockchain) technologies (DLT). DLTs are particularly useful in business and governance situations that involve multiple parties that do not necessarily trust one another to negotiate and execute electronic business transactions. In many cases such transactions require the ability to establish and validate identities and identity attributes, or to check whether or not they have been revoked.

Seven participants of the project (Accenture, APG, Brightlands, Chamber of Commerce, De Volksbank, Rabobank, and TNO) are developing a self-sovereign identity framework (SSIF) for the creation, validation and revocation of such identities that can be used in conjunction with blockchain technologies and the (disruptive) applications that are enabled by such technologies. The goal is to specify, validate and ultimately build a trustworthy, open digital infrastructure for self-sovereign identities that is secure, decentralized, open source, supports privacy (e.g., GDPR compliance) in multiple roles, and lacks a single point of failure or large information honey-pot. We aim to follow well-established requirements for user-centric identity systems

EU PROJECT ESSIF-LAB, AIMED AT FASTER AND SAFER ELECTRONIC TRANSACTIONS VIA THE INTERNET AS WELL AS IN REAL LIFE, OPEN FOR START-UPS AND SMES

The project will award 62 subgrants in two types of open call: one infrastructure-oriented open call targeting technical enhancements and extensions of the SSI framework and two business-oriented open calls targeting SSI business and social innovations and applications. The infrastructure-oriented open call (open to any type of innovator) and the first business-oriented open call (limited to start-ups and SMEs) are expected to open in March 2020. The exact opening date as well as the terms of reference will be available around February 2020 at essif-lab.eu.

Undersatnding European Self Sovereign Identity framework

SSI-Meetup: Understanding the European Self-Sovereign Identity Framework (ESSIF) – Daniël Du Seuil and Carlos Pastor – Webinar 32

Daniël Du Seuil, Programm manager and blockchain architect with the Flemish public service, and Carlos Pastor, from BME in Spain, give an overview of the vision, objectives, and approach of the European Self-Sovereign Identity Framework (ESSIF).

Slideshare