DS : Trust eservices. The policy context: eidas Regulation

Transcription

1 DS : Trust eservices The policy context: eidas Regulation Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28 April 2015 Andrea SERVIDA DG CONNECT, European Commission Head of eidas Task Force

2 The eidas Regulation (EU 910/2014) Strengthens EU Single Market by boosting trust and convenience in secure and seamless crossborder electronic transactions Mutual recognition of e-identification means Electronic trust services (e-signatures, e-seals, e-registered delivery services, time stamping, website authentication) Electronic documents 2

3 Why eidas targets cross-border dimension? Insufficient scope of the existing legal framework developed in 1999 (that only covered e-signatures) In the meantime: Electronic identification schemes and means were deployed and developed in Member States' public sector environment New trust services emerged in national markets (e-seals, time stamps, e-registered delivery) or international environment (website authentication) Such a situation created: Lack of cross-border technical interoperability Lack of common legal understanding National market silos As a consequence, no cross-border recognition of eids and difficulties in provisioning pan-european trust services 3

4 eidas cross-border dimension in the EU over 14 million EU citizens are resident in another Member State(1) 21,6 millions of SMEs(2) of which more than 40% have cross-border activities(3) (1) Memo of the European Commission of 25 November 2013 on "European Commission upholds free movement of people" (2) Annual report on European SMEs 2013/2014 (3) Proposal for a Directive on single-member private limited liability companies frequently asked questions

5 eidas vs digital identity Personal data = digital currency Digital identity "economic" drive USER ENABLEMENT eidas "trust-building" drive Trusted assertions/ credentials USER EMPOWERMENT Personal data = private asset 5

6 eidas Key principles The Regulation does not impose the use of eid and trust services Key principles on eid - Mandatory cross-border recognition only to access public services - Full autonomy for private sector - Principle of reciprocity relying on defined levels of assurance - Interoperability framework - Cooperation between Member States Key principles on trust services - Non-discrimination in Courts of electronic trust services vis-à-vis their paper equivalent - Specific legal effects associated to qualified trust services - Non-mandatory technical standards ensuring presumption of compliance Technological neutrality 6

7 eidas Mutual recognition of eids Mandatory recognition of electronic identification Voluntary notification of eid schemes "Cooperation and interoperability" mechanism Liability rules Assurance Levels: "high" and "substantial" (and "low") Interoperability framework Access to authentication capabilities: free of charge for public sector bodies & according to national rules for private sector relying parties 7

8 eidas Trust services 8

9 Timeline Entry into force of the Regulation Voluntary recognition eids Date of application of rules for trust services: Mandatory recognition of eids 9 9

10 Planning of Implementing Acts: Commission Implementing Decision (EU) 2015/296 of Procedural arrangements for MS cooperation on eid (art. 12.7) By EU Trustmark for QTS (art.23.3) - Positive opinion of eidas Committee on By Interoperability framework for eid (art. 12.8) eid levels of assurance (art. 8.3) Trusted lists for QTSP (art.22.5) Formats of esignatures (art. 27.4) Formats of eseals (art. 37.4) - Additional IAs may also be adopted when appropriate (e.g. circumstances formats and procedures for the notification of 10 eid - art. 9.5)

11 The eidas Expert Group The eidas informal expert group is composed of MS experts to help the Commission prepare secondary legislation. MS experts for eid and trust services 12 meetings so far next on eidas Technical sub-groups are convened on technical discussions related to operational aspects of CEF - DSI. Organised and led by DIGIT Voluntary participation 3 meetings on technical aspects related to interoperability and security of eid 1 meeting on trust services

12 The "e-mark U Trust" Competition Launch of e-mark U Trust Competition End of submission period Public online voting End of voting By Adoption of the implementing act 12

13 The "e-mark U Trust" Competition: the winner Watch the Award ceremony with VP Andrus ANSIP EU Safe 13

14 An eidas World REGULATORY TECHNICAL Implementi Expert ng & Comitology Group Delegated acts Promote CEF / DSI EU market solutions R&D & LSPs Standardis ation activities eidas Regulation Negotiation with 3rd countries Global industrial policy MARKET Communicati on tools Engagement events ENISA STAKEHOLDERS' ENGAGEMENT 14

15 Large Scale Pilots (LSPs) Interoperable e- procurement Electronic Identity 19 partners 11 countries 32 partners 14 countries Total Budget 30,8 M Total Budget 26 M Patient Summary / eprescribing 47 partners 23 countries Total Budget 23 M Business mobility 33 partners 16 countries Total Budget 24 M ejustice 17 partners 15 countries Total Budget 14 M Electronic Identity 60 partners 20 countries Total Budget 18,7 M Consolidation & extension of LSPs 22 partners 20 countries Total Budget 27,4 M Next: Connecting Europe Facility (CEF) Digital Service Infrastructures (DSIs) 15

16 Digital Service Infrastructures: Connecting Europe Facility (CEF) STORK I & II PEPPOL epsos CIP / LSPs Provide basic functionality: -e EID -esignature -edelivery e-codex SPOCS e-sens New LSP New LSP H2020 CEF/DSIs

17 Standardisation mandate m460 by CEN and ETSI 6 Trusted Lists Providers List of TSP services approved (supervised) by National Bodies (e.g. Trusted Lists) Certificate Authority Time-stamping Signing Servers Validation Services TSPs supporting esignature 4 5 Trust Application Service Providers Rules & procedures Formats Signature Creation / Validation Protection Profiles 1 Signature Creation & Validation XAdES (XML) CAdES (CMS) PAdES (PDF) AdES in Mobile envmts ASiC (containers) Common Criteria Protection profiles Smart Cards HSMs Signing services Signature Creation Devices 2 3 Cryptographic Suites Key generation Hash functions Signature algorithms Key lengths

18 ENISA Support for eidas ENISA (European Agency for Network and Information Security): 2012 Report on the implementing eidas art Guidelines for Trust Service Providers 2014 Common audit schemes for trust services providers in MS. Technical guidelines for independent auditing bodies and supervisory authorities 2015 focus on: Technical guidelines for Implementation of Art 19 ENISA Forum for trust service' stakeholders (1 st meeting 30/6/15) Evaluation of standards Introduction of qualified website authentication certificates Awareness raising - European Cyber Security Month (Oct 2015) 18

19 For further information on eidas Regulation: Web page on eidas Impact assessment Text of eidas Regulation in all languages eidas functional mailbox EU_eIDAS 19