DS-05-2015: Trust eservices. The policy context: eidas Regulation

Similar documents
ETSI SECURITY WEEK EIDAS Overview CEN/ETSI esignature Standardization including standards for TSP Compliance. ETSI All rights reserved

STANDARDISIERUNG FÜR EIDAS IM MANDATE/460

NIST-Workshop 10 & 11 April 2013

Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market

esignature building block Introduction to the Connecting Europe Facility DIGIT Directorate-General for Informatics

Rolling out eidas Regulation (EU) 910/2014. Boosting trust & security in the Digital Single Market

LEGAL FRAMEWORK FOR E-SIGNATURE IN LITHUANIA AND ENVISAGED CHANGES OF THE NEW EU REGULATION

CEF Building blocks. Informatics. Joao Rodrigues Frade DIGIT.B4. CEF Project and Architecture Office Directorate-General for Informatics

Qualified Time Stamping and eregistered Delivery Services Overall considerations

ROADMAP. A Pan-European framework for electronic identification, authentication and signature

Trusted e-id Infrastructures and services in EU

IAS2. ets Market analysis

COMMISSION OF THE EUROPEAN COMMUNITIES

Submitted to the EC on 03/06/2012. COMPETITIVENESS AND INNOVATION FRAMEWORK PROGRAMME ICT Policy Support Programme (ICT PSP) e-codex

ETSI TC ESI PRESENTATION TO CAB FORUM. ETSI All rights reserved

Introduc)on to STORK2.0 project

A7-0365/133

Prof. Udo Helmbrecht

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

eidas as blueprint for future eid projects cryptovision mindshare 2015 HJP Consulting Holger Funke

Regulation on electronic identification and trust services for electronic transactions in the internal market

Security framework. Guidelines for trust services providers Part 1. Version 1.0 December 2013

Agenda. The Digital Agenda for Europe Instruments to implement the vision EC actions to promote ehealth interoperability


Implementation of eidas through Member States Supervisory Bodies

ehealth in support of safety, quality and continuity of care within and across borders

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

Electronic signature and compliance assurance: what s new?

Making Digital Signatures Work across National Borders

January 2015 Copyright 2015 GSM Association

Digital signature and e-government: legal framework and opportunities. Raúl Rubio Baker & McKenzie

Digital Signature Verification using Historic Data

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA.

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

9360/15 FMA/AFG/cb 1 DG G 3 C

Securing Identities & Trust

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

How To Write An Article On The European Cyberspace Policy And Security Strategy

The Open PEPPOL e-id & e-signature

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

WORK PROGRAMME NOVEMBER 2012

Electronic public procurement in the EU

View from a European Trust Service Provider Server Signing: Return of experience and certification strategy

Volker Jacumeit, DIN e. V. ILNAS Workshop CSCG Presentation June 4, 2015

Study on Mutual Recognition of esignatures: update of Country Profiles Analysis & assessment report

ETSI TR V0.0.3 ( )

Mutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities

8970/15 FMA/AFG/cb 1 DG G 3 C

ISA Work Programme SECTION I

Mapping security services to authentication levels. Reflecting on STORK QAA levels

CEMR RESPONSE. Green Paper on e-procurement. Brussels, January 2011

Electronic Signatures in Norway Supervision and Legal Aspects

Landscape of eid in Europe in 2013

EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE. on a common framework for electronic signatures

EUROPEAN COMMISSION Enterprise and Industry DG

Horizon 2020 Secure Societies

Building the foundation for European wide eprocurement

Position Paper e-regulation

An Electronic Signature Service Infrastructure for the European Commission

Cloud and Critical Information Infrastructures

How To Help The European Single Market With Data And Information Technology

Council of the European Union Brussels, 4 July 2014 (OR. en) Mr Uwe CORSEPIUS, Secretary-General of the Council of the European Union

PKI - current and future

European Cloud Computing. Strategy. Cloud standards. Ken Ducatel DG CONNECT

Exploring ADSS Server Signing Services

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

COUNCIL OF THE EUROPEAN UNION. Brussels, 7 October 2003 (OR. en) 12858/03 RECH 152 OC 589

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

Standardisation Efforts in Electronic Invoicing

JA to support the ehealth Network

Smart Open Services for European Patients Open ehealth initiative for a European large scale pilot of patient summary and electronic prescription

SSLPost Electronic Document Signing

UNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures

Transcription:

DS-05-2015: Trust eservices The policy context: eidas Regulation Cybersecurity & Privacy Innovation Forum 2015 Brussels, 28 April 2015 Andrea SERVIDA DG CONNECT, European Commission Head of eidas Task Force andrea.servida@ec.europa.eu

The eidas Regulation (EU 910/2014) Strengthens EU Single Market by boosting trust and convenience in secure and seamless crossborder electronic transactions Mutual recognition of e-identification means Electronic trust services (e-signatures, e-seals, e-registered delivery services, time stamping, website authentication) Electronic documents 2

Why eidas targets cross-border dimension? Insufficient scope of the existing legal framework developed in 1999 (that only covered e-signatures) In the meantime: Electronic identification schemes and means were deployed and developed in Member States' public sector environment New trust services emerged in national markets (e-seals, time stamps, e-registered delivery) or international environment (website authentication) Such a situation created: Lack of cross-border technical interoperability Lack of common legal understanding National market silos As a consequence, no cross-border recognition of eids and difficulties in provisioning pan-european trust services 3

eidas cross-border dimension in the EU over 14 million EU citizens are resident in another Member State(1) 21,6 millions of SMEs(2) of which more than 40% have cross-border activities(3) (1) Memo of the European Commission of 25 November 2013 on "European Commission upholds free movement of people" (2) Annual report on European SMEs 2013/2014 (3) Proposal for a Directive on single-member private limited liability companies frequently asked questions

eidas vs digital identity Personal data = digital currency Digital identity "economic" drive USER ENABLEMENT eidas "trust-building" drive Trusted assertions/ credentials USER EMPOWERMENT Personal data = private asset 5

eidas Key principles The Regulation does not impose the use of eid and trust services Key principles on eid - Mandatory cross-border recognition only to access public services - Full autonomy for private sector - Principle of reciprocity relying on defined levels of assurance - Interoperability framework - Cooperation between Member States Key principles on trust services - Non-discrimination in Courts of electronic trust services vis-à-vis their paper equivalent - Specific legal effects associated to qualified trust services - Non-mandatory technical standards ensuring presumption of compliance Technological neutrality 6

eidas Mutual recognition of eids Mandatory recognition of electronic identification Voluntary notification of eid schemes "Cooperation and interoperability" mechanism Liability rules Assurance Levels: "high" and "substantial" (and "low") Interoperability framework Access to authentication capabilities: free of charge for public sector bodies & according to national rules for private sector relying parties 7

eidas Trust services 8

Timeline 2014 2015 2016 2017 2018 2019 17.09.2014 - Entry into force of the Regulation 18.09.2015 - Voluntary recognition eids 1.07.2016 - Date of application of rules for trust services: 18.09.2018 - Mandatory recognition of eids 9 9

Planning of Implementing Acts: Commission Implementing Decision (EU) 2015/296 of 24.02.2015 Procedural arrangements for MS cooperation on eid (art. 12.7) By 01.07.2015 EU Trustmark for QTS (art.23.3) - Positive opinion of eidas Committee on 8.4.2015 By 18.09.2015 Interoperability framework for eid (art. 12.8) eid levels of assurance (art. 8.3) Trusted lists for QTSP (art.22.5) Formats of esignatures (art. 27.4) Formats of eseals (art. 37.4) - Additional IAs may also be adopted when appropriate (e.g. circumstances formats and procedures for the notification of 10 eid - art. 9.5)

The eidas Expert Group The eidas informal expert group is composed of MS experts to help the Commission prepare secondary legislation. MS experts for eid and trust services 12 meetings so far next on 12-13.05.2015 eidas Technical sub-groups are convened on technical discussions related to operational aspects of CEF - DSI. Organised and led by DIGIT Voluntary participation 3 meetings on technical aspects related to interoperability and security of eid 1 meeting on trust services

The "e-mark U Trust" Competition 03.07.2014 Launch of e-mark U Trust Competition 15.09.2014 End of submission period 14.10.2014 Public online voting 14.11.2014 End of voting By 01.07.2015 Adoption of the implementing act 12

The "e-mark U Trust" Competition: the winner Watch the Award ceremony with VP Andrus ANSIP EU Safe 13

An eidas World REGULATORY TECHNICAL Implementi Expert ng & Comitology Group Delegated acts Promote CEF / DSI EU market solutions R&D & LSPs Standardis ation activities eidas Regulation Negotiation with 3rd countries Global industrial policy MARKET Communicati on tools Engagement events ENISA STAKEHOLDERS' ENGAGEMENT 14

Large Scale Pilots (LSPs) Interoperable e- procurement Electronic Identity 19 partners 11 countries 32 partners 14 countries Total Budget 30,8 M Total Budget 26 M Patient Summary / eprescribing 47 partners 23 countries Total Budget 23 M Business mobility 33 partners 16 countries Total Budget 24 M ejustice 17 partners 15 countries Total Budget 14 M Electronic Identity 60 partners 20 countries Total Budget 18,7 M Consolidation & extension of LSPs 22 partners 20 countries Total Budget 27,4 M Next: Connecting Europe Facility (CEF) Digital Service Infrastructures (DSIs) 15

Digital Service Infrastructures: Connecting Europe Facility (CEF) STORK I & II PEPPOL epsos CIP / LSPs Provide basic functionality: -e EID -esignature -edelivery e-codex SPOCS e-sens New LSP New LSP H2020 CEF/DSIs 16 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020

Standardisation mandate m460 by CEN and ETSI 6 Trusted Lists Providers List of TSP services approved (supervised) by National Bodies (e.g. Trusted Lists) Certificate Authority Time-stamping Signing Servers Validation Services TSPs supporting esignature 4 5 Trust Application Service Providers Rules & procedures Formats Signature Creation / Validation Protection Profiles 1 Signature Creation & Validation XAdES (XML) CAdES (CMS) PAdES (PDF) AdES in Mobile envmts ASiC (containers) Common Criteria Protection profiles Smart Cards HSMs Signing services Signature Creation Devices 2 3 Cryptographic Suites Key generation Hash functions Signature algorithms Key lengths... http://www.e-signatures-standards.eu 17

ENISA Support for eidas ENISA (European Agency for Network and Information Security): 2012 Report on the implementing eidas art. 15 2013 Guidelines for Trust Service Providers 2014 Common audit schemes for trust services providers in MS. Technical guidelines for independent auditing bodies and supervisory authorities 2015 focus on: Technical guidelines for Implementation of Art 19 ENISA Forum for trust service' stakeholders (1 st meeting 30/6/15) Evaluation of standards Introduction of qualified website authentication certificates Awareness raising - European Cyber Security Month (Oct 2015) 18

For further information on eidas Regulation: Web page on eidas http://ec.europa.eu/digital-agenda/en/trust-services-and-eid Impact assessment http://eur-lex.europa.eu/legal-content/en/txt/?uri=celex:52012sc0135 Text of eidas Regulation in all languages http://europa.eu/!ux73kg eidas functional mailbox CNECT-TF-eIDAS-LT@ec.europa.eu EU_eIDAS 19

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information