Secure digital ID and online trust - Europe's moment is almost here

Source: A. (Andrus) Ansip i, published on Monday, September 24 2018.

For those who follow my blogs, you know that I have written a few times already about the importance of trust in the online environment.

As a principle, it applies across the digital world; without that trust, people will simply not get the best out of the opportunities offered by digital tools and online networks.

As Europe moves from a patchwork of national online markets to an integrated Digital Single Market (DSM), everyone - people as well as companies - need to be confident that e-services are reliable, safe and secure. Otherwise they will hesitate to use them, or not use them at all.

That defeats the object of having a DSM in the first place - and it is a good reason for the EU to design the eIDAS regulation.

This law provides the legal environment for people to shop online safely and conveniently, use online financial and public services, set up a business. All beyond their own countries.

It promotes and improves trust, security and convenience online in the form of a single set of rules on electronic identification and trust services - electronic signatures, seals, time stamping, delivery services and website authentication.

This means that companies and individuals can use their own national e-identities (eIDs) when they do business or reside in another EU country.

It cuts red tape, it saves money. It just makes everyone's lives easier.

Why I am explaining this again?

Very soon, on September 29, the eIDAS regulation will come fully into force across the EU. This will be the culmination of a week of e-government events to be held across EU countries, starting today.

One highlight will be the high-level conference on digital and e-government hosted by Austria's EU Presidency on September 26. It is a good opportunity to take stock, one year further on, of where Europe stands with the Tallinn Declaration on e-government.

This was when EU ministers in charge of e-government policy and coordination agreed to increase uptake of national eID schemes and to enable the private sector to make use of them.

From September 29, other countries will be legally obliged to recognise national systems which are already notified - and comply with eIDAS.

The key word is 'notified'.

For national eID to make a real difference to people's lives, eIDAS requires a government to notify its eID system to other EU countries which must then work together to review it. I will come back to this.

Life becomes easier with secure digital identities

When eIDAS is fully in force, it will affect innumerable sectors and daily activities.

Banking and financial services, corporate and financial services, domestic utilities.

Registering a company, filing tax returns online, accessing electronic medical records, enrolling at university.

Another example: using trusted eIDs under the eIDAS system can verify someone's age as a prior step to access social media or to protect minors when going online. It makes trusted and legally enforceable proof of age available without disclosing the user's identity.

Using eIDs across and between countries will cut red tape thanks to the 'once only' principle, one of the main elements of the EU's Single Digital Gateway. This will mean that people could save more than 855,000 hours and businesses more than €11 billion - every year.

That said, I would like to see SMEs in particular make more use of eID and electronic signatures, to streamline their activities and reduce costs. They could be helping themselves more, which is why the European Commission launched a dedicated website to raise awareness and assist them in this area.

In fact, there is scope for the private sector in general: eID is not just for public administrations.

While it is encouraging to see more EU countries look at flexible and convenient mobile eID options, it would be good to have more incentives to encourage private sector businesses - as well as online intermediaries and platforms - to allow eID to be used for secure and trusted online electronic identification and authentication.

There is a huge opportunity here for everybody.

Of course, technical compatibility is vital - and the European Commission is now working on a set of principles and guidelines on eID interoperability.

Time to speed up

To return to eID notifications in the EU, this is where we stand so far:

Germany and Italy are the two EU countries that have completed their notification procedure - as published in the Official Journal (OJ) of the European Union.

Croatia, Estonia, Luxembourg and Spain have just presented official notification of their eIDs, among which there are also mobile eIDs (soon to be published in the OJ). More recently, Belgium, Portugal and the UK initiated the pre-notification procedure.

In early August, Italy notified the first private sector led eID scheme under eIDAS. This is very welcome: it shows that both private and public sectors have an important role to play in building a secure EU-wide environment for eID, one whose national systems are mutually recognised.

In short, we are doing well in this area - but not yet well enough. Europe needs to speed up on eID.

The sooner that the remaining EU countries notify, the quicker it will help Europeans - people and companies, as well as the public sector - to access and use online services conveniently, reliably and responsibly, everywhere in Europe.

I cannot underline enough how important this is for building the wider DSM.

You can read more about eIDAS and eID here. Another blog soon.