The EU continues to move towards its goal of not just digital ID, but digital wallet for all with its eIDAS project. Comments on a draft framework find pros and cons so far in implementation plans. Finland appears ready to move forward with its national digital identity, to be in line with the EU’s vision, while Switzerland – a non-EU island in a sea of ​​member states – is considering its own digital identity ecosystem.

Initial Notes for eIDAS Implementation

Businesses, digital identity specialists and academics provided feedback on the documentation created by the eIDAS expert group on how digital identity and wallets could be integrated and approved across the European Union . Comments on the draft Architecture and Terms of Reference (ARF) document were compiled by digital transition consultancy SGM Consultancy, as its president Stéphane Mouy announced in a LinkedIn post.

The assessments are broad and in-depth, ranging from recommendations to change single words or diagram arrows in the ARF project, to addressing fundamental issues for digital wallet deployment and asking questions such as who is going to verify the verifiers. As a collection of feedback, it may be useful beyond the EU’s eIDAS project for similar programs around the world, as well as future pilots of real use cases of digital wallets.

The sections on qualified electronic signatures, seal providers or qualified trust service providers and their interaction with non-qualified providers were particularly well received.

Evernym, whose full reviews and comments can be found on their site, believes it is a missed opportunity that there is not a single wallet certification system to operate across the block, which means that a wallet would only need to be certified once.

“To rely on the EUDI Wallet, relying parties should notify the Member State in which they are established and their intention to do so” proved controversial, with several experts asking whether this would prevent the private sector from participating.

Eric Verheul thinks the project’s suggested use of Trusted Execution Environments alludes to Apple’s Secure Enclave and Android hardware-based keystores. Still, there is no clarity on how the eIDAS strong authentication mechanism would work with this.

Nick Mothershaw of the Open Identity Exchange (OIX), himself trying to establish a global trust framework through GAIN, says the ARF does not cover the data standards that are needed for each attribute covered. Mastercard also hopes that EUDI will be fully interoperable with international standards.

In any field, experts providing opinions on the opinions of other experts can continue in perpetuity. However, the comments are constructive and highlight potential errors in the draft and certainly don’t leave loose threads or generalizations.

The expert community wants a lot more clarity, details, examples and ultimately more standardization at EU level rather than country level if 27 member states are going to harmonize their digital identity programs. Cybernetica also offered edits to the text to ensure that new technologies could be incorporated as they emerged.

Meanwhile, the community will also have to help explain the system to the European population, a whole other challenge.

Finnish CSC supports government proposals for national digital ID

The influential CSC, the Finnish Computing Center for Science, considers that the Finnish government’s proposals for national digital identity are generally justified and supportable, but users will need to understand the mechanisms for controlling the data they share and they must there should be clarity on who pays. transaction fees, according to a press release, a short summary of which is available in English.

The CSC warns that the plan must comply with national regulations and also comply with the EU eIDAS regulation.

The self-sovereign aspects of the digital identity scheme are welcome, but the organization warns that users will need help understanding this and making informed decisions about sharing their information.

Foreigners involved in transactions in Finland may be charged a fee to identify them. The CSC warns that in cases such as foreign researchers interacting with universities or prospective students going through the application process, they may be put off by the fees and the mobility of workers could be hampered. People could more generally become the sole billable entity in transactions processing their information, he warns.

The CSC also recommends that the authority which writes an identifier in the digital identity wallet ceases to be the data controller at the time of this writing, a mechanism which it believes should be adopted by the entire EUDI system. .

Switzerland is considering how it could launch an e-ID trust ecosystem

The Swiss Federal Council agreed in December 2021 to work on a draft regulation on decentralized digital identity that would grant citizens control of their data to be ready for consultation by summer 2022.

The digitalswitzerland collaborative development brought together government, private sector, civil society and academia to discuss and develop a strategy for transitioning to a digital credential ecosystem.

A report has been produced as a first look at the opportunities, challenges and how to introduce a global ecosystem and ensure a meaningful level of adoption and interaction. The report considers that the larger the ecosystem at launch, the more likely it is to be adopted. The government providing the Verifiable Data Registry as a public service will reduce costs for its users, also improving adoption.

The authors understand from systems created elsewhere that making adoption mandatory to access e-government services will dramatically increase enrollment, and that not making services available electronically with e-ID undermines trust in government. e-ID ecosystem.

They recommend launching not only with e-ID, but also with digital signatures backed by e-ID. Digital and mobile driving licenses are also coming, in a kind of parallel development. The government is testing both government-issued and third-party-issued verifiable credentials to access government services online.

Article topics

biometrics | certified | data protection | digital identity | digital wallet | eID | eIDAS | EU | Finland | interoperability | regulation | standards | Switzerland | Trust Frameworks