eIDAS Trust Services – Strengths and Challenges in Implementation

A study published in early 2018 by the European Union Agency for Network and Information Security (ENISA), revealed that 90% of the respondents believed eIDAS to be an opportunity to grow their business. It is no wonder then that recent adoption of the eIDAS framework has been gathering steam. However, there are still a number of barriers that exist when it comes to the implementation and uptake of Trust Services as defined in the eIDAS regulation. Here, we look at some of those barriers along with some key strengths of the trust services market.

Potential Challenges:

• Perhaps the biggest and most visible barrier is the lack of knowledge about what actually is “trust” and why it is important.
  
  It’s not just citizens and SMEs that suffer from this lack of knowledge but sometimes enterprises and organizations can be lacking too. Which is why information campaigns like go.eIDAS can go a long way in helping eIDAS succeed by creating awareness.

• Certain sectors might suffer from an oligopoly structure which can distort the market and make it difficult to innovate. The web browser market might be one example of such an oligopoly, among others.

• The trust services market might still be considered somewhat nascent, especially when compared to other more mature technologies.

• The number of providers offering qualified trust services is somewhat limited currently. This needs to grow significantly, considering the sheer size of the market opportunity. Many of the national level trust providers are also not eIDAS compliant currently, which can lead to further confusion and segmentation.

• The development of new solutions has not yet achieved the ideal pace yet that has been envisioned by the European Commission (EC).

Strengths:

• One of the biggest strengths of eIDAS is the legal certainty that it brings into the equation. This has enabled businesses and other organizations to be confident about digital service delivery.

• eIDAS plays well with many sector specific regulations like the Revised Payment Services Directive (PSD2), the Markets in Financial Instruments Directive and the General Data Protection Regulation (GDPR).

• The digital transformation happening across various industries has provided an additional impetus to adopt more secure and robust digital practices. eID and trusts services enabled by eIDAS are perfectly suited to play a big role here.

• Technological neutrality has been a hallmark of eIDAS and it allows for various approaches to achieve the same end result. This means that it is easier for service providers to create innovative solutions that differ in approach but are equally secure and fully compliant.

• Trusts services allow for certainty, integrity and speed in business processes. This is precisely the kind of environment that modern business processes need.

Conclusion

It’s still early days and the market is still trying to understand the full impact and consequences of the eIDAS Regulation. Lack of knowledge and information dissipation remains a key challenge and it’s a very positive signs that some of the more recent initiatives like go.eIDAS seek to specifically address that through its informational campaign. The potential for trusts services is certainly huge, and now it’s up to the market participants to seize that opportunity.

References and Further Reading

• Digital Trade and Trade Financing - Embracing and Shaping the Transformation (2018), by SWIFT & OPUS Advisory Services International Inc
• REGULATION (EU) No 1316/2013 establishing the Connecting Europe Facility, amending Regulation (EU) No 913/2010 and repealing Regulations (EC) No 680/2007 and (EC) No 67/2010(12/2013), by the European Parliament and the European Council

• Selected articles on Electronic Signing and Digital Signatures (2014-today), by Ashiq JA, Gaurav Sharma, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, and more

• Selected articles on Authentication (2014-today), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more

• eIDAS webinar 1: Using electronic Identification, Authentication and trust Services for Business (2018), by the European Commission
• The European Interoperability Framework - Implementation Strategy (2017), by the European Commission
• Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission

• REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council

• Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council

• Revised Directive 2015/2366 on Payment Services (commonly known as PSD2) (2015), by the European Parliament and the Council of the European Union
• REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission

• DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council