Global recognition of EU trust services for digital ID slowly moves forward
Five experts in the field of digital identity shared their opinions and ideas about global recognition of EU trust services at the recent Trust Services Forum, CA Day 2022.
The session saw the participation of Peter Rybár from the Regulation and Supervision Department, National Security Authority in Slovakia, Olivier Delos from Sealed, SK ID Solutions CEO Kalev Pihl, Dennis Jackson from Mozilla and Soshi Hamaguchi from Cosmos Corporation.
During the event, Rybár discussed examples of smart national solutions that are accessible in global standards.
Rybár mentioned, in particular, the ISO 14533-4:2019, a certification designed to enable proof of existence of data objects and digital signatures and the preservation of the validity status of digital signatures over a long period of time used in validation and adopted in Germany and Estonia.
The identity expert added that according to Article 17 of the EU Regulation No 910/2014, Member States might require the supervisory body to establish, maintain and update a trust infrastructure based on ISO 14533-4:2019 and other regulations per the conditions under national law.
Delos expanded on the points made by Rybár, listing several challenges and opportunities to recognize non-EU Trust services under the eIDAS regulation.
According to the Sealed executive, regardless of where they originated in the world, digital signatures that meet the requirements of advanced electronic signatures and seals should not be denied any legal effect in the EU.
Further, when they meet formats in commission implementing decision (CID) (EU) 2015/1506, these solutions should be recognized by the Member State requiring an advanced electronic signature to use an online service offered by, or on behalf of, a public sector body.
Pihl’s opinions were more polarized, with the SK ID Solutions CEO sustaining that the EU is attempting to define how global solutions should change to fit European applications.
The executive said that “cannot be a winning strategy” and called the EU to try and develop solutions that are at least European instead of focusing on individual member states. Pihl added that the EU should “appreciate capitalism and competition” and only regulate local solutions if there is no alternative.
Cosmos Corporation executive Hamaguchi first provided some context regarding digital ID and regulations in Japan, particularly concerning the elimination of carved hanko ink seals in the country. Hamaguchi also discussed the transition from what he called Society 4.0 to Society 5.0.
The transition, passing from hunting to agriculture, industrial, information, and eventually, 5.0, would lead to a “human-centred society that balances economic advancement with the resolution of social problems by a system that highly integrates cyberspace and physical space.”
This transformation is possible through several technologies, Hamaguchi explained, including autonomous vehicles, smart cities, open banking, artificial intelligence, robotics and edge computing.
Standardizing EU digital IDs
In the following session at CA Day 2022, another group of experts discussed the certification and standardization of European digital identities.
Regulating highly technical areas such as electronic identification and trust services requires a careful interaction between law and technology, according to Riccardo Genghini, chairman of ETSI ESI.
The executive said that while the directive 1999/93/EC and the regulation 2014/910/UE provided clear legal definitions for a series of fundamental features of the electronic signature and the trust services, the same cannot be said for the eIDAS2 legislation.
Genghini believes that the lack of proper functional and security requirements in eIDAS2 will significantly affect standardization, interoperability and the single market.
Michał Tabor, partner and board member at Obserwatorium.biz, also participated in the session, highlighting market trends connected with the upcoming European digital ID wallet.
Tabor believes that, in 2023, the digital ID wallet based on planned eIDAS 2.0 will rely on new services, including issuing electronic signatures and qualified attribution of attestation, to increase the popularity of trust services among the population. Further, the digital ID wallet may see the migration of electronic ID and trust services to the cloud.
The event also saw the participation of Stéfane Mouille, senior expert in digital identities and cybersecurity and CLR Labs director.
Mouille highlighted the evolution of the EU digital ID wallet over the last year and concluded that, while some progress was made, several issues still need to be addressed.
He explained that an efficient way to do so might be to follow the model set out by the International Civil Aviation Organization (ICAO), particularly in verifying the authenticity of data sources and confidentiality. The ICAO also provides worldwide interoperability, which could help the EU develop the digital ID wallet infrastructure beyond its borders.
Paloma Llaneza, eIDAS & eID Scheme Manager at CerteIDAS and Fabien Deboyser, security certification expert at NXP Semiconductors, also participated in the session.
Deboyser, in particular, said the EU digital ID wall should undergo strict testing and achieve certifications after reaching a high level of trust and security. The security expert added that offline verification should be considered (for both device and verifier) as well as additional technologies such as crypto and ultra-wideband (UWB).
Want more from CA Day 2022? Andrew Bud from iProov spoke about how biometrics can help secure ID checks from remote environments.