The European Interoperability Framework (EIF) adopted in 2017 is the primary thrust in the EU’s effort to improve the efficiency of public service delivery across it’s member states.
The European Interoperability Framework (EIF) aims to bring interoperability in public services across all levels of government in the EU Single Market – from local and provincial to national and international. In order to achieve this, it makes full use of the existing directives in place which already provide interoperability in specific situations. For example, the PSI Directive provides guidelines on the re-use of public sector information while eIDAS provides for identification and trust services for private business as well as public service providers.
In this article, we explore the synergy between eIDAS and just a few of EIF’s 47 recommendations geared towards improving interoperability between various public service providers, administrators, businesses and citizens.
- Technological neutrality and data portability is a key component of the EIF conceptual model. eIDAS plays a key role here by providing the backbone of the identification and authentication process that enables this data portability. eIDAS not only makes the process secure, but it also ensures a much faster identification process which is necessary for a truly inter-operational and efficient service delivery system.
- eIDAS and EIF focus on user centricity and providing a single point of contact for all public service delivery across the EU. eIDAS plays a crucial role here by hiding the back-end complexity of authentication and identification from the user. This also means that the user does not have to bother as to which platform he should use to avail the services.
- Security and Privacy is perhaps the biggest component of EIF where eIDAS plays a key role. For quick service delivery, the creation of a secure digital environment is crucial. The eIDAS directives are designed with these specific scenarios in mind. The identification and authentication must appear seamless to the end user, while ensuring that all the relevant safety and data protection regulations are being fully complied with at the backend.
- EIF is geared towards reducing administrative burden and it hopes to achieve this primarily by adopting a digital-first and digital-by-default attitude towards service delivery. Such an approach is not possible without the guidelines that eIDAS provides for digital identification.
- One of the major hurdles to interoperability has been the legal differences between the various member states and their treatment of certain aspects required for service delivery.
eIDAS already provides for standardization for such cases while performing digital checks across all EU member states.
- Technical and semantic interoperability means that data blocks, technology systems and other critical components can work together seamlessly. eIDAS provides a platform and a technology-neutral base which public service providers can use to ensure safe and secure delivery of their services to the appropriate users.
Image source: europa.eu
The 2017 iteration of the EIF guidelines has been specifically designed to make the best use of new technology trends as well as the new guidelines that were adopted during the intervening period. By making full use of the identification and trust services enabled by eIDAS and other directives on data security and re-use, the new EIF guidelines offer a very realistic approach to achieve true public sector interoperability across the European Union.
References and Further Reading
- Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
- Selected articles on Authentication (2014-16), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more
- Selected articles on Electronic Signing and Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, Tricia Wittig and more
- REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council
Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council
- REGULATION (EU) No 910/2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission
DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council
- Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
- Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
- NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
- Security Controls Related to Internat Banking Services (2016), Hong Kong Monetary Authority