eIDAS and the EU Digital Single Market

The "new economy" is the catch-all phrase encompassing all new mostly service based industries, especially the ones delivered on a digital platform.

It is the fastest growing segment in both advanced and developing economies and offers great job opportunities for working professionals while being free from the adverse effects of heavy manufacturing.

It should therefore come as no surprise that the European Union is treating this segment of new-age, digitally delivered services as the primary target of its policy push.

The EU policies for the digital market cover various aspects required for success:

• In order to be able to deliver digital services it is important to identify the user and protect her from malicious activities like identity theft. This is where eIDAS comes in - offering a standardized electronic identification solution across all participating member states of the EU single market. This means that a user in Country A can avail services in Country B with his local ID. His identity information is swapped between eIDAS nodes seamlessly, allowing for near instant service delivery

• The second aspect is data protection. This is being achieved through the General Data Protection Regulation (GDPR) that standardizes and unifies data protection practices within the EU and also when exporting such data outside the EU. It makes it easier for companies to comply with EU data protection regulations while also stipulating strict penalties in case of a failure to do so.

• The third aspect is a network and system security which is achieved via the Directive on Security of Network and Information Systems (the NIS Directive). The NIS Directive aims to increase the general level of cyber security for all entities in EU jurisdiction. The primary thrust of the directive is towards Digital Service Providers and Operators of Essential Services - as their operations are likely to be most affected by cyber attacks. There are various bodies which are to be created as part of this effort - including Single Points of Contacts for reporting cyber security breaches and Computer Security Incident Response Teams which will deal with such incidents.

• The fourth aspect is ensuring the right to privacy of citizens in the EU via the ePrivacy Regulation. The regulation aims to protect the private lives of citizens and ensuring that their personal data is secure while being electronically communicated as part of a digital service delivery.

These and other regulations aim to provide the basic framework necessary to implement a cross border digital market.

A practical example of such a system is the Electronic Simple European Networked Services or e-SENS for short. The project ran from 2013 to 2017 in 22 countries with over 100 participating bodies. Its aim was to create a cross-border digital market across the EU while using generic and re-usable technical components. It succeeded in its aim of creating the basic IT building blocks for delivering digital services securely across national borders.

The e-SENS framework. Source: https://www.esens.eu/

The graphic above illustrates the e-SENS framework with its focus on e-ID, e-Signatures, e-Documents and e-Delivery. The pilot was used to highlight the potential for cross border digital service delivery in sectors such as health, business, procurement, justice etc.

References and Further Reading

• Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
• Selected articles on Authentication (2014-16), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more

• Selected articles on Electronic Signing and Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, Tricia Wittig and more
• REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council

• Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council

• REGULATION (EU) No 910/2014  on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
• Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
• Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
• NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
• Security Controls Related to Internat Banking Services (2016), Hong Kong Monetary Authority

 Image: Europe, courtesy of Charles Clegg, Flickr (CC BY-SA 2.0)