eIDAS: A Game-Changer in Seamless Access to Services across Europe | NTT DATA

Wed, 26 September 2018

eIDAS: A Game-Changer in Seamless Access to Services across Europe

Introduced by the Regulation (EU) 910/2014 (popularly known as ‘eIDAS Regulation’) adopted in July 2014, the mutual recognition of electronic identity schemes (eIDs) among Member States should be a reality as of 29 September 2018. The aim of this mutual recognition of eIDs is to enhance the access by citizens and businesses to services offered in another EU country by using their eID. This is in line with one of the 10 priorities that the current Juncker’s Commission has in the pipeline: supporting a connected Digital Single Market by promoting better online access to digital goods and services to citizens. everis has conducted a study for the European Commission to support this vision.

A notification procedure to ensure interoperability of eIDs and build mutual trust

From 29 September 2018, Member States which are already offering access to public services to their citizens by means of an eID are expected to recognise and accept the notified eID schemes used by their counterparts, provided that these meet minimum levels of assurance. Member States have been asked to notify the eID scheme(s) that will be accepted for cross-border exchange to both the European Commission and the other Member States and to provide information about these schemes, including a description of the solution, information about the identity provider, and a description of the online authentication process. The aim of this notification procedure is to support interoperability of eID schemes and to build trust among Member States. This is enabled through the exchange of an agreed minimum set of person identification data that will be common in all notified eID schemes. This minimum dataset includes the basic data that can uniquely represent a natural or a legal person (i.e. first name, family name, first and family names at birth, date of birth, place of birth, gender and address).

Public authorities obliged to comply, private sector encouraged to do so

At the time of writing, nine Member States have either notified or pre-notified the electronic identity schemes they intend to connect to the eIDAS network. More are expected to follow and notify theirs until the end of the year. While the eIDAS Regulation only establishes (for now) an obligation for public authorities to grant access to their online services to citizens of another Member States who authenticate with an eID, the Regulation also encourages the private sector to make use of the potential that eIDAS will bring about for them, notably in terms of expanding their customer base and improving customer experience.

Exploring the potential of re-using eIDAS by the private sector

In this vein, the European Commission recently entrusted to everis a study to explore the possibility of re-using the eIDAS network beyond the public sector, and in particular by two pilot sectors: the education and the banking sector. The study has analysed in-depth the specificities of both domains through interviews with universities and banks in order to understand the type of online services they offer and the data that are relevant for them in order to grant access to those services. Based on the findings of this fieldwork, as well as on a thorough analysis of the applicable legislation, everis has identified a set of domain-specific attributes that should be added to enrich the minimum dataset already provided by the eIDAS network. As part of the study, everis has also put forward an architectural concept for the pieces that could be added to the eIDAS network and to national IT infrastructures so as to enable the exchange of these new datasets.

How can we help you

Get in touch