Landscape of eid in Europe in 2013

Similar documents
Statewatch Briefing ID Cards in the EU: Current state of play

E-Identification and Authentication practices for ehealth in the EU Member States

European Electronic Identity Practices Country Update of Portugal

ISO/IEC for secure mobile web applications

The European Commission s strategy on Corporate Social Responsibility (CSR) : achievements, shortcomings and future challenges

Global eid Developments. Detlef Eckert Chief Security Advisor Microsoft Europe, Middle East, and Africa

Implementation of biometrics, issues to be solved

Proposed Framework for an Interoperable Electronic Identity Management System

Electronic Citizen Identities and Strong Authentication

1. Perception of the Bancruptcy System Perception of In-court Reorganisation... 4

Preventing fraud in epassports and eids

ERASMUS+ MASTER LOANS

INTERNATIONAL TRACKED POSTAGE SERVICE

Crystal Clear Contract Services Limited Application Form CIS/Sole Trader

FEDERATION EUROPEENNE DE LA MANUTENTION Product Group. industrial trucks. A brief guide for identification of noncompliant. - Exhaust Emission -

Synergy between Registered Traveler Programs and Visa-Processing for frequent travelers

ERASMUS+ MASTER LOANS

Electricity, Gas and Water: The European Market Report 2014

EN ISO Safety of machinery Risk assessment. Sicherheit von Maschinen Risikobeurteilung Teil 1: Leitsätze (ISO :2007)

ARE THE POINTS OF SINGLE CONTACT TRULY MAKING THINGS EASIER FOR EUROPEAN COMPANIES?

Notes to help you apply for VAT registration checklist where to send your application Glossary About Corporate body the business

Public consultation on the contractual public-private partnership on cybersecurity and possible accompanying measures

ERASMUS+ MASTER LOANS

SEPA - Frequently Asked Questions

Single Euro Payments Area

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

EUROPEAN YOUTH: PARTICIPATION IN DEMOCRATIC LIFE

Applying for a Schengen visa

The Austrian Citizen Card

EUROPEAN AREA OF SKILLS AND QUALIFICATIONS

The innovation value chain:

I have asked for asylum in the EU which country will handle my claim?

Implementing the cooperation mechanisms of the RES directive current status and open questions

International Compliance

EUREKA Funding Schema in Turkey. Hüseyin GÖREN EUREKA National Project Coordinator

NEW PASSENGER CAR REGISTRATIONS BY ALTERNATIVE FUEL TYPE IN THE EUROPEAN UNION 1 Quarter

Rolling out eidas Regulation (EU) 910/2014. Boosting trust & security in the Digital Single Market

SURVEY ON THE TRAINING OF GENERAL CARE NURSES IN THE EUROPEAN UNION. The current minimum training requirements for general care nurses

SEPA. Frequently Asked Questions

Achieving Global Cyber Security Through Collaboration

Wind energy scenarios for A report by the European Wind Energy Association - July Wind energy scenarios for 2020

INNOBAROMETER THE INNOVATION TRENDS AT EU ENTERPRISES

Alcohol Consumption in Ireland A Report for the Health Service Executive

Students: undergraduate and graduate students who are currently enrolled in universities

Energy prices in the EU Household electricity prices in the EU rose by 2.9% in 2014 Gas prices up by 2.0% in the EU

Planned Healthcare in Europe for Lothian residents

Basic banking services

How To Study The Small Ruminant Population In The European Land Animals

Ownership transfer Critical Tax Issues. Johan Fall, Anders Ydstedt March, 2010

There is help on form VAT1 itself but these notes provide extra help with some of the questions.

E-Signatures and E-Procurement

Equity Release Schemes in the European Union

Cash machine withdrawal in the EU (+Norway and Iceland)

Employee eligibility to work in the UK

Keeping European Consumers safe Rapid Alert System for dangerous non-food products 2014

DRAFT AMENDING BUDGET N 6 TO THE GENERAL BUDGET 2014 GENERAL STATEMENT OF REVENUE

2. Is registration with PARAFES free? Yes.

ÖNORM EN The European Standard EN has the status of an Austrian Standard. Edition: Standards group B

4. We understand this to mean that each provider state will need to ensure indemnity arrangements are in place to cover healthcare provided in that

COMMUNICATION FROM THE COMMISSION

Labour Force Survey 2014 Almost 10 million part-time workers in the EU would have preferred to work more Two-thirds were women

ANALYSIS OF THE STAKEHOLDER CONSULTATION ON

Fostering Entrepreneurship among young people through education: a EU perspective. Simone Baldassarri Unit Entrepreneurship

The Community Innovation Survey 2010 (CIS 2010)

How To Understand Factoring

Computing our Future Computer programming and coding in schools in Europe. Anja Balanskat, Senior Manager European Schoolnet

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Preventing fraud and corruption in public procurement

THE ROLE OF PUBLIC SUPPORT IN THE COMMERCIALISATION OF INNOVATIONS

Panel: How broadband policy can contribute to deploy secured and universal broadband access. Presentation:

EUF STATISTICS. 31 December 2013

Microsoft Dynamics NAV. SEPA Credit Transfers and Direct Debits

- Assessment of the application by Member States of European Union VAT provisions with particular relevance to the Mini One Stop Shop (MOSS) -

Family benefits Information about health insurance country. Udbetaling Danmark Kongens Vænge Hillerød. A. Personal data

SEPA. Changes in the Payment System Implementation of the European SEPA Regulations for Kuna and Euro Payments

ARE YOU A EUROPEAN CITIZEN LIVING IN BELGIUM? Come and vote for the European Parliament on 25 May 2014!

IT Service Continuity Management

CENTRAL BANK OF CYPRUS

European Electronic Identity Practices

EUROPE 2020 TARGET: TERTIARY EDUCATION ATTAINMENT

International ACH: Payment Gateway to Europe

Automatic Recognition of Full Degrees. Erasmus Student Network AISBL *1. Emanuel Alfranseder #2. February 2014

The coordination of healthcare in Europe

168/ November At risk of poverty or social exclusion 2 rate in the EU28, (% of total population)

This document is a preview generated by EVS

ERMInE Database. Presentation by Nils Flatabø SINTEF Energy Research. ERMInE Workshop 2 - Northern Europe Oslo, 1. November 2006

187/ December EU28, euro area and United States GDP growth rates % change over the previous quarter

99/ June EU28, euro area and United States GDP growth rates % change over the previous quarter

User language preferences online. Analytical report

Transcription:

Landscape of eid in Europe in 2013 July 2013 Eurosmart White Paper

Contents Executive Summary 3 1. Purpose of the document 3 2. EU regulation 3 3. EU Member States identification policies 4 3.1. National ID cards 4 3.3. Photo printed on the card 4 3.4. Travel function with the card 4 3.5. Biometric data stored in the card 5 3.6. Card lifetime 5 3.7. Card fee 5 3.8. e-services with the card (in the public and private domain) 6 3.9. Mobile application and service 6 3.10. e-signature 6 3.11. Technology platform 6 4. EU Digital Identity 7 5. National profiles on eias 7 Landscape of eid in Europe in 2013 2

Executive Summary In 1998, the first electronic ID document in the public domain was launched in Europe. In 2010, the EU Commission published the roadmap of the Digital Agenda for Europe and the roadmap for a single market, which should be in place by 2015. In June 2012, the European Commission published the proposal for a regulation on electronic identification as a cornerstone for the creation of the European single market. This white paper reviews all 16 existing electronic identity programs based on two factor authentication and analyses mainstream ideas in electronic identification, authentication and signature and the related services. A position paper with the forecast should be available by 2nd half of 2013. 1. Purpose of the document In March 2011, EUROSMART published a position paper on Generic ID in Europe. The document gave a high level overview on programs regarding electronic ID-documents from the European Commission, as well as from Member States of the EU. On 4 June 2012, the European Commission published a draft regulation on electronic identification and trusted services for electronic transactions in the EU internal market, called the eidas regulation. Beside electronic identification and electronic signature, this regulation also covers electronic seals, electronic documents, electronic time stamps and electronic transactions. This regulation is a key pillar to create an EU single market by 2015. This document aims to give an overview of 16 electronic identification programs in Europe, based on 2-factor authentication with a secure token. As in many cases in the EU, this electronic identification is based on the support of an electronic document, and the summary also compares them in terms of some of their basic criteria. This overview should be helpful for members of the EU Council, the European Commission and the European Parliament. EUROSMART will prepare a position paper on this EU regulation in an additional document in the second half of 2013. 2. EU regulation Three years ago, on 3 March 2010, the European Commission published the strategy for intelligent, sustainable and inclusive growth in Europe (COM(2010)2020) to overcome the economic crisis. On 19 May 2010, the European Commission displayed the milestone plan for the EU internal market in 2015 (COM (2010)245). At this time, the first information of the upcoming EU regulation on electronic identification and trusted services for the electronic transactions was written. On 15 December 2010, the European Commission presented its egovernment action plan 2011 2015 (COM(2010)743) to the Council. An additional notice on the upcoming regulation on electronic identification and trusted services for the electronic transactions was named. On 13 April 2011, the European Commission published 12 levers to boost growth and trust in Europe. The upcoming regulation on electronic identification and trusted services for the electronic transactions was part of this document. On 12 October 2011, the Commission outlined the roadmap for stability and growth in the document COM(2011)669. An additional remark was written on the new regulation on electronic identification and trusted services for electronic transactions. On 4 June 2012, the European Commission published the draft regulation on electronic identification and trusted services for electronic transactions. Since June 2012, three EU Council working groups have been working on the published draft namely working group 9 (eid/e-signature), working group 14 (ehealth) and working group 29 (data protection of personal data). Landscape of eid in Europe in 2013 3

3. EU Member States identification policies 3.1. National ID cards Five kinds of national policies are known on ID documents, i.e.: - Member states with no ID document in the public domain in use; example UK, since 1951. - Member states with ID documents as visible documents in the public domain in use as a vol untary document; example France. - Member states with ID documents as visible documents in the public domain in use as a mandatory document, example Italy. - Member states with ID documents as electronic documents in the public domain in use as a voluntary document, example Sweden, since 2005. - Member states with ID documents as electronic documents in the public domain in use as a mandatory document, example Belgium, since 2004. Conclusion: EU Member States have a broad range of policies on ID documents. ID documents are mandatory in 8 EU Member States. 3.2. Minimum age of the citizens who can get ID documents Different policies are in place regarding the minimum age limit to get an ID card. Examples are - Germany: from 16 years - Belgium: from 14 years - Austria: below 12 years Conclusion: Member States have different policies on the minimum age to get an ID document. 3.3. Photo printed on the card Most states that issue ID cards use printed photos on the card. Italy and Austria are the only states to use ID without a photo of the cardholder. Conclusion: Having a photo of the cardholder printed on the ID card is a mainstream policy in Europe. 3.4. Travel function with the card Three kinds of policy are in use in EU Member States, i.e.: - ID card printed with neither MRZ and nor ICAO biometric data embedded in a contactless chip; example Italy, CIE, since 2006. - ID card printed with MRZ but no ICAO biometric data embedded in a contactless chip; example: Portugal, since 2007. Landscape of eid in Europe in 2013 4

- ID card printed with both MRZ and ICAO biometric data embedded in a contactless chip; example Sweden, since 2005. Conclusion: EU Member States follow different policies along travel function on ID documents. Comment: There is a trend towards contactless ICAO-compatible functionality for ID documents. 3.5. Biometric data stored in the card Six kinds of policy are in use in EU Member States, i.e.: - No biometric data is stored on ID card; example: Austria. - Face photo is stored in a chip embedded in the card; example: Sweden, since 2005. - Face photo and two rolled fingerprints are stored in a chip embedded in the card; example: Spain, since 2006. - Face photo and two finger images are stored in a chip embedded in the card; example The Netherlands, since 2009. - Face photo and two finger prints templates are stored in a chip embedded in the card; example: Portugal, since 2007. - Face photo and ten finger prints images are stored in a chip (partial) and on a laser strip; example: Italy, CIE, since 2006. Conclusion: EU Member States have a broad range of policies on biometric data in ID documents. 3.6. Card lifetime Three kinds of policies on card lifetimes are in force, i.e.: - Validity of the ID document can be more than 10 years; validity can be extended with a stamp in the application office of the city hall; example: Italy, paper ID document. - Validity is limited to 10 years; example: Germany, Spain, Portugal, Belgium, Sweden, Netherlands, Estonia etc. - Validity is limited to 5 years; example: Belgium. Conclusion: A typical ID card lifetime is defined for 10 years. 3.7. Card fee Two kinds of policies on the fee for the ID-card are in force, i.e.: - ID document is free of charge; example: Poland - ID document is available for a fee; example: Germany, 28,80. Comment: The amount of the card fee can vary over a broad range, from free of charge up to 29 for the FINID in Finland. Conclusion: EU Member States follow different policies on the fee for ID documents. Landscape of eid in Europe in 2013 5

3.8. e-services with the card (in the public and private domain) Four policies on e-services are in use in EU Member States, i.e.: - e-service with 2-factor authentication based on secure token is not in use ; example: UK - e-service with 2-factor authentication based on secure token is in use, but only in dedicated government domains; example: Portugal, since 2007. - e-service with 2-factor authentication based on secure token is in use for all kind of government services but not for non-public services; example: Belgium, since 2004. - e-service with 2-factor authentication based on secure token is in us for all kind of public and non-public services; example: Germany, since CY2010. Conclusion: EU Member States follow different policies on e-services. 3.9. Mobile application and service Two kinds of policies on mobile application and services are in use in EU Member States, namely: - Mobile services for electronic identification in use; example: Estonia, since 2003. - Mobile services for electronic identification not in use; example: Belgium, since 2004. Conclusion: Most of the existing national eid programs do not use a mobile application. 3.10. e-signature Two kinds of policies on electronic signature are in use, namely: - ID document supports e-signature service; citizen can decide to use and pay for it; Example: Finland, since 1998. - ID document has a mandatory e-signature on the card; Example: Estonia, since 2002. Conclusion: The mainstream policy in Europe is to offer e-signature service with a secure token on a voluntary basis. 3.11. Technology platform All national ID cards issued in EU Member States are based on secure elements, which are security ICs with dedicated software, to store citizen data including biometric data and cryptographic keys. In addition to this, only 3 EU Member States (Austria, Estonia and Sweden) offer supplemental and optional internet-based & softwarebased identification schemes for limited usage scenarios, e.g. digital signature. As yet, no EU Member States have implemented a purely internet-based & software-based identification system for its citizens. Conclusion: It is a mainstream policy in Europe to mandate secure elements as an electronic technology platform for national ID cards. Landscape of eid in Europe in 2013 6

4. EU Digital Identity As shown in chapter 3, Member States have built their digital identification solution on the use of an electronic ID document. This principle is rejected in some countries. Others consider that the ID documents shall not be the sole support of digital identities. There is a sustained growth of the digital economy, despite the lack of secured digital identities, but the growth of fraud is increasing 3 times faster. The future Eurosmart position paper that will be published in the second half of this year will take into consideration the need to better protect digital identity, personal data and privacy. We will also analyse the various market opportunities in the light of the future eidas regulation. 5. National profiles on eias Landscape of eid in Europe in 2013 7

AUSTRIA Started issuing: 2004 Issued volume (end of 2012): 9 Million Population: 9 Million Biometric data: no e-services: egov-service, ehealth, ebusiness e-signature: yes, voluntary Mobile ID : yes, optional Travel function: no Card interface: contact-based NVM size: 32k EEPROM (Native OS) Comments: All citizens from the age of 16 and older have this card; Fee 10; 10 year lifetime; no face photo; 2nd generation of this document was tendered in 2013 Landscape of eid in Europe in 2013 8

BELGIUM Started issuing: 2003 Issued volume (end of 2012): 10 million Population: 11 million Biometric data: no e-services: egov-service, ehealth-service, e-business e-signature: yes; voluntary Travel function: no Card interface: contact-based NVM size: 32k EEPROM (Java) Comments: all citizens from the age of 14 and older have this card; Fee 10; 10 year lifetime Landscape of eid in Europe in 2013 9

CZECH REPUBLIC Started issuing: 2012 Issued volume (end of 2012): < 1 Million Population: 11 Million Biometric data: yes (ICAO Face) e-services: egov-service; eid-card is voluntary e-signature: yes, voluntary Travel function: no Card interface: contact-base NVM size: 32k EEPROM (Native OS, Java) Comments: 10 year lifetime, One application standard: European Citizen Card (CEN TC 224) and travel document (ICAO 9303) Landscape of eid in Europe in 2013 10

Estonia Started issuing: 2003 Issued volume (end of 2012): 1,3 Million Population: 1,3 Million Biometric data: no e-services: egov-service, ebusiness e-signature: yes; mandatory Mobile ID : in use Travel function: no Card interface: contact-based NVM size: 32k EEPROM (Java) Comments: Estonia is the only state in Europe with mandatory e-signature; Fee EEK 150; 10 year lifetime Landscape of eid in Europe in 2013 11

Finland Started issuing: 1st generation 1998, 2nd generation 2002 Issued volume (end of 2012): 2.5 million Population: 5 million Biometric data: face data e-services: egov-service, e-signature-service, ebanking-service e-signature: yes; voluntary Travel function: no Card interface: contact-based NVM size: 32k EEPROM (Native OS) Comments: eid Card is voluntary; Fee: 29, 10 year lifetime, no application standards Landscape of eid in Europe in 2013 12

Germany Started issuing: 2010 Issued volume (end of 2012): 20 million Population: 80 million Biometric data: yes (Face, ICAO, mandatory; 2 Fingerprints, ICAO, voluntary) e-services: egov-service, ebusiness-service e-signature: yes, voluntary Mobile ID : in test phase Travel function: (not ICAO compliant) Card interface: contactless NVM size: 128k EEPROM (Native OS) Comments: 10 year lifetime; Fee 28.80 Application standard: European Citizen Card (CEN TC 224), Middleware (ISO 24727); Landscape of eid in Europe in 2013 13

Ireland Start issuing: 2011 (March) Issued volume (end of 2011): < 1 million Population: 6 million Biometric data: no e-services: egov-service, esocial, epension, etax e-signature: yes, voluntary Travel function: no Card interface: contact-based NVM size: 32k EEPROM (Native OS) Comments: 10 years lifetime, Landscape of eid in Europe in 2013 14

Italy Started issuing: 2006 Issued volume (end of 2011): 20 million (CNS); 2 million (CIE) Population: 60 million Biometric data: yes, face and 10 Fingerprints (national eid-card: CIE) e-services: egov-service, ehealth, eticketing (e-service Card: CNS) e-signature: yes, voluntary (e-service Card: CNS) Travel function: no Card interface: contact-based NVM-Size: 32k EEPROM (Native OS) Comments: Italy have the largest program in use in 2012; 2 different cards: CIE and CNS; Fee 20 : CIE and 25 : CNS; 10 year lifetime CIE, 5 year lifetime CNS; Biometric data are stored on chip (face photo) and on laser strip (face, 10 fingerprints); Since 2012 the 2G CNS is available; 2G covers the ticketing function; Landscape of eid in Europe in 2013 15

Latvia Started issuing: 2012 Issued volume (end of 2012): 105 000 Population: 2.04 million (2012) Biometric data: yes (face, 2 fingerprints) e-services: egov-service, ebusiness (can be used by any application for client authentication and e-signature) e-signature: Yes, keys and qualified certificate included, activation optional. Travel function: yes, ICAO/EU EAC+SAC Card interface: contact-based and contactless (hybrid) NVM size: 80k EEPROM (Java) Comments: Fee 14; 5 year lifetime. Landscape of eid in Europe in 2013 16

Lithuania Start issuing: 2009 Issued volume (end of 2012): 1 million Population: 3.2 million Biometric data: yes (Face, ICAO) e-services: egov-service e-signature: yes, voluntary Travel function: yes (ICAO BAC) Card interface: contact-base, contactless (hybrid) NVM size: 2 x 32k EEPROM (Native OS, Java) Comments: 10 year lifetime Two application standards: European Citizen Card (CEN TC 224), travel document (ICAO 9303) Landscape of eid in Europe in 2013 17

Monaco Started issuing: 2009 Issued volume (end of 2012): <100.000 Population: 35.000 Biometric Data: yes (Face, ICAO) e-services: egov-service e-signature: yes, voluntary Travel function: yes (ICAO BAC) Card interface: contact-based, contactless (hybrid) NVM size: 2 x 32k EEPROM (Native OS, Java) Comments: 10 year lifetime Two application standards: European Citizen Card (CEN TC 224), travel document (ICAO 9303) Landscape of eid in Europe in 2013 18

Portugal Started issuing: 2007 Issued volume (end of 2012): 7 million Population: 11 million Biometric data: yes (Fingerprint, minutiae) e-services: egov-service, ehealth, esocial, etax, epension e-signature: yes, voluntary Travel function: no Card interface: contact-based NVM size: 64k EEPROM (Java) Comments: eid Card is voluntary; 10 year lifetime One application standard: European Citizen Card Landscape of eid in Europe in 2013 19

Spain Started issuing: 2006 Issued volume (end of 2012): 34 million Population: 46 million Biometric data: yes, face and 2 fingerprints (rolled finger) e-services: egov-service, ebanking Service e-signature: yes, voluntary Travel Function: no Card interface: contact-based NVM size: 32k EEPROM (Native OS) Comments: 10 year lifetime DNI, Fee 10.40 (2013) Landscape of eid in Europe in 2013 20

Serbia Started issuing: 2007 Issued volume (end of 2012): 2.5 million Population: 7 million Biometric data: no e-services: egov-service e-signature: yes, voluntary Travel function: no Card interface: contact-based NVM size: 32k EEPROM (Native OS, Java) Comments: eid Card is voluntary; 10 year lifetime Landscape of eid in Europe in 2013 21

Sweden Started issuing: 2005 Issued volume (end of 2012): 1.5 million Population: 10 million Biometric data: yes (ICAO, Face) e-services: egov-service, ebusiness e-signature: yes, voluntary Travel function: yes (ICAO, BAC) Card interface: contact-based, contactless (hybrid) NVM size: 2 x 32k EEPROM (Native OS, Java) Comments: : ID/eID card is voluntary; Fee SKR 400; 10 year lifetime; Two application standards: European Citizen Card (CEN TC 224), travel document (ICAO 9303) Landscape of eid in Europe in 2013 22

The Netherlands Started issuing: 2006 Issued volume (end of 2012): 4 million Population: 17 million Biometric data: yes (Face, ICAO, since 2006; 2 fingerprints, ICAO, since 2009) e-services: no e-signature: no Travel function: yes (ICAO BAC and ICAO EAC) Card interface: contactless NVM-Size: 1G=32k, 2G=64k EEPROM (Java) Comments: 10 year lifetime One application standard: Travel Document (ICAO) Landscape of eid in Europe in 2013 23

5. Glossary 2G BAC CEN TC CIE CNS CY DNIe EAC EC eias/eidas eid EU FINID IAS ICAO ID ISO MRZ MS NVM OS SKR 2nd Generation Basic Access Control Comité Européen de Normalisation Technical Committee Carta Identita Electronica Carta Nationale Servici Calendar Year Documento Nacional de Identidad, electronic Extended Access Control European Commission electronic Identification, Authentication, Signature electronic Identity European Union Finland ID Identification, Authentication, Signature International Civil Aviation Organization Identity International Standardization Organization Machine Readable Zone Member States Non Volatile Memory Operation System Swedish Krones EOF Landscape of eid in Europe in 2013 24

Eurosmart is an international non-profit organisation located in Brussels which represents the Smart Security Industry for multi-sector applications. Since it was established in 1995, the association has been committed to expanding the world s Smart Secure Devices market, promoting Smart Security standards and continuously improving quality security applications and services. Eurosmart members are suppliers and manufacturers of smart cards, semiconductors, terminals, equipment and technology for Smart Secure Devices, system integrators, application developers, issuers, associations, laboratories and independent experts. They work in dedicated working groups (communication, marketing, security, electronic identity, new form factors, and prospect emerging markets). Eurosmart is acknowledged as representing the Voice of the Smart Security Industry and is largely involved in political and technical initiatives as well as research and development projects on European and international levels. For more information, please visit www.eurosmart.com Contact us! EUROSMART Rue du Luxembourg 19-21 B-1000 Brussels Tel. (+32) 2 506 88 38 Fax. (+32) 2 506 88 25 Email : eurosmart@eurosmart.com Visit our website! www.eurosmart.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information