eIDAS & the European Interoperability Framework

The public sector accounts for a quarter of all employment and a fifth of the entire economic output of the European Union. Given the economic and social contributions of the public sector as well as it’s critical contributions as a regulator, it remains a key target for reform and a centrepiece for the push towards a Single Digital Market.

The new European Interoperability Framework (EIF), adopted in March 2017, provides guidelines to the public sector on setting up interoperable services while also streamlining existing processes for cross-border or inter-organizational cooperation.

The current public service delivery system, despite previous efforts, is still plagued by a vast diversity in the underlying technologies as well as differences in business/ legal/ organizational practices. Providing equally efficient public services to all EU citizens thus becomes a time and labour intensive process. The EIF is a significant step towards achieving interoperability between all the various public service providers and this in turn will go a long way towards achieving a truly single digital market. The new EIF aims to incorporate more recent EU regulations like eIDAS into its core while also accounting for new technological innovations like open data and cloud based computing and service delivery.

Why does the EIF matter?

The EU’s internal market guarantees the free movement of goods, services, capital and labour across all its member states. However, while doing so, individuals and companies might find themselves dealing with public service providers that operate differently and require a “fresh start”. The EIF’s intent is to remove these discrepancies and create a unified and standard public service delivery system where transitioning from one provider to another is nearly seamless for the end user.

For an EU citizen, the new interoperability framework will translate to a faster and seamless service experience across the EU Single Market. The EIF ensures that information sources, security policies, data management etc are integrated across organizations as well across borders. By utilizing the principles laid down in regulations like eIDAS, qualified trust services can ensure the integrity, authenticity and confidentiality of data.

For the public service providers, this means that they can save a significant amount of time and money that they currently spend on their back-end. The new guidelines aim to enhance openness, user-centricity, inclusiveness, transparency, data-portability, accessibility, security, privacy, efficiency and many other aspects of public service delivery through its 47 recommendations.

What does the EIF provide?

The EIF’s scope covers all points of interaction like A2A (Administration to Administration), A2B (Administration to Business) and A2C (Administration to Citizen). Its model covers the designing, planning, development, operations and maintenance of public services in the EU at every level of Government.

Image Source: Europa.eu

The framework is designed to address the legal, organizational, semantic and technical differences between service providers and create a system which essentially operates as one. The eIDAS directive acts as a key lynchpin here as it provides for secure and protected data exchange during the delivery of these public services. A secure and harmonized network will facilitate the exchange of information between all the parties involved – administrators, businesses and citizens.

References and Further Reading

• The European Interoperability Framework - Implementation Strategy (2017), by the European Commission
• Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
• Selected articles on Authentication (2014-18), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more

• Selected articles on Electronic Signing and Digital Signatures (2014-todays), by Ashiq JA, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, Tricia Wittig and more
• REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council

• Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council

• REGULATION (EU) No 910/2014  on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission

• DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council

• Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
• Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
• NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
• Security Controls Related to Internat Banking Services (2016), Hong Kong Monetary Authority

Image: sky puzzle, courtesy of Jared Tarbell, Flickr (CC BY 2.0)