On 24 February 2021, the EIF organised a virtual debate on ‘Digital Identity: Digital Citizenship and e-Government’. The event, hosted by MEP and former Commissioner for the Digital Single Market Andrus Ansip, was moderated by EIF Director General Maria Rosa Gibellini and discussed the European Commission’s ambition to create a secure and interoperable European Digital Identity and its upcoming review of the 2014 eIDAS Regulation with the following policymakers and industry representatives:
- Lorena Boix Alonso, Director for Digital Society, Trust & Cybersecurity, DG CNECT, European Commission
- Oliver Väärtnõu, CEO of Cybernetica
- Philippe Lucas, Executive VP Customer Equipment & Partnership, Orange
- Patrick von Braunmühl, Senior Director Public Affairs, Bundesdruckerei
- Coty de Monteverde, Director, Blockchain Centre of Excellence, Santander
MEP Andrus Ansip set the scene by sharing the example of Estonia, where digital identities are based on smart ID cards and unified data exchange platforms in order to cross-use information from different databases. Despite taking Estonia 6 years to collect the first 1 million digital signatures, the implementation of the “once-only principle”, whereby the state has the right to ask for the same information only once, offering a boost to the use of digital IDSs and soon Estonians started signing digitally 1.3 billion times per week. Nowadays, people in Estonia use digital identities to submit tax declarations, change driver licenses, sign agreements, get covid test results or vote in elections. MEP Ansip highlighted the benefits of digital signatures, which in Estonia saved approximately 2% of GDP in a year, and called for enabling cross-border access to user-friendly digital services in Europe.
Lorena Boix Alonso explained the context in which the European Commission will come with a proposal, in order to understand the challenges and issues at stake. The starting point is the legal framework Europe has today, the eIDAS regulation, which established for the first time an interoperability framework and a trust model for national eID systems. However, there is room for improvement when it comes to eIDs, as only 14 Member States have implemented such a system, while only 7 are mobile-based.
Ms Boix Alonso seconded Mr Ansip in stating that the market has changed. On the demand side, some are asking for user-friendliness while others for security. On the supply side, we have government IDs, considered secure but mostly used for public services, and user-friendly solutions provided by social media. Other providers include banks, mobile network operators but also companies specialised in digital identity. Ms Boix Alonso concluded by stating that the European Commission has a political mandate to create a framework that allows citizens to exercise their citizenship rights cross-border, while also allowing them to stay in control of the data.
During his speech, Oliver Vaartnou touched upon three key issues: 1. the benefits of an electronic identity system; 2. Competition and landscape; 3. Technology and key characteristics that need to be addressed when deploying a secure digital identity system in Europe. Digital identity is at the core of digital services, as people need to be authenticated in the cyberspace in order to benefit from these services. Mr Vaartnou underlined the fact that a citizen, on average, interacts with a government 2-4 times a year but with the private sector even more, by accessing banking or telco systems, paying bills etc. It is therefore key to enable the private sector to be part of the formula. Competition is fierce and there is a huge push to use Facebook, Google, Microsoft or Adobe’s digital signature technologies, as they are widespread and convenient. On this front, Europe is lagging 5-10 years behind, but in digital identity, we have momentum and we should use it.
Oliver Vaartnou called for choosing and supporting one or two existing technologies in Europe, instead of inventing new ones. In his opinion, Europe has quite good ecosystems that have proven their reliability, it should learn from these and replicate them throughout the Union. A balance needs to be found between privacy, convenience, transparency, control and security.
Philippe Lucas shared Orange’s vision on their common global standard on digital identification called Secure Application for Mobile, being developed by the GSMA together with mobile operators. According to Mr Lucas, the future digital world needs a digital identity solution, in particular, a digital identities framework, public and private, to avoid fragmentation and dependence of Member States on identification systems not defined by the EU.
This open standard SAM is able to bring any digital identity solution into a smartphone to securely host sensitive data in the hardware element called “secure element”, like the SIM card. SAM aims at offering an interoperable and accessible solution to any accredited services provider, government or private, using only standardised open interfaces and secure digital certificates.
Patrick von Braunmühl presented the project Optimos 2.0, founded by the German government and aimed at developing an open, usable and secure identity eco-system for mobile services. Its strategic goals are (1) to supply technology for eID providers and enable them to offer mobile eID services at eIDAS level “substantial” or “high”, (2) to offer service providers a secure, privacy-friendly platform for mobile services and (3) to minimize barriers to entry for SMEs and start-ups. Optimos technology can be used for Self Sovereign Identities (SSI) where international standards already exist and in many EU countries, this approach is already in use.
Concerning the upcoming European framework, von Braunmühl believes that the National eIDs and the "secure element" on mobile devices can be used, correspondingly, as the foundation and the technical basis for a European digital identity. “Part of the proposal should also make sure that these eIDAS instruments and identities are accepted by global players when acting in the European market.”
Coty de Monteverde presented to the audience the ID standard created by Alastria, the first non-profit blockchain association with over 500 members from leading corporates, public institutions and SMEs. Alastria ID standard is a decentralised model based on the concept of self-sovereign identity: the user is the sole owner of his/her data and has full control over it through a mobile wallet. In this model, citizens can interact with issuers and service providers deciding how to share their credentials with and for how long.
In terms of standards and regulation, the Alastria ID model has inspired the European Commission in the design of ESSIF, the European digital identity model, and EBSI, the European blockchain services infrastructure.
The Dalion consortium, explained further Ms de Monteverde, is a collaborative project with the aim of putting into practice Alastria’s identity model by integrating it with business applications; the objective is to pilot it before summer.