2015 - Final Statement

The European Forum on Electronic Signature (EFPE) is one of largest international conferences in Europe devoted to electronic signatures and PKI. This year, 15th edition of EFPE 2015 with the leading topic being “New legal and technological order in international electronic economy: eIDAS Regulation – from electronic signatures to trust services”, was held on 10-12 June 2015 in Międzyzdroje (Poland).

EFPE 2015 was attended by over 130 participants from 27 countries. Among them were representatives of European Commission, ETSI, large institutions using trust services (including government offices and agencies), producers of software or hardware solutions or trust service providers related to electronic signature and electronic identification.

The eIDAS Regulation on electronic identification and trusted services requires service providers and supervisors bodies to make meaningful efforts to adopt new requirements for solutions and IT systems existing on the market. According to Art. 52 eIDAS Regulation shall be applied (except some cases counted in Art. 52 (2)) from 1 July 2016. Furthermore, a certification-service-provider issuing before 1 July 2016 qualified certificates under Directive 1999/93/EC should submit a conformity assessment report to the national supervisory body not later than 1 July 2017. After this date such a certification-service-provider shall not be considered as qualified trust service provider under eIDAS Regulation. Hence, trust service providers and developers are essentially interested for publishing of implementation acts and standard documents that allow them to adopt existing and new trust services according with the requirements stated there.

  1. Participants to the Conference pointed to the need for a comprehensive approach to implementing legislative changes in national legal framework. eIDAS Regulation requires careful harmonization with national law, while preserving the letter and spirit of Regulation.
  2. Trust services legal effects defined in eIDAS Regulation must be explicit for users regardless of the fact where the EU member come from.
  3. Participants to the Conference pointed out that it is important to identify not only many challenges in implementing eIDAS in certain EU member States, but also to evaluate what is the impact of eIDAS outside the EU. This is important practical problem because there is no common legal ground between the EU and other countries, although legal systems may be similar and trust services can be provided under the same conditions. The participants stressed that at EU level would be good practice to determine the recommendation for implementation of Art. 14 concerning international aspects of electronic identification and trust services recognition that are provided to or by third parties (non-EU Member States).
  4. A large number of dedicated trust services would be too difficult to use for relying parties and will be not compatible with the postulate cited, for example in Preamble (57), which states that the validation of qualified electronic signature should be made easy and convenient for all parties at Union level. For this reason the trust services should be aggregated according to rules prepared by the normalization body (for example ETSI) as a standard on Trusted List (TL).
  5. Public administration that intends to provide trust services to the public should do it on equal and competitive rules with commercial subjects. Participants to the conference reiterate the belief expressed in last years’ conferences that the public administration should increasingly rely on commercial solutions offered by service providers operating on the digital market.
  6. In the internal instruments, it would be also worth recommending to include areas not covered directly by eIDAS regulation, for example trusted services and identification. International aspects of trust services and ID-escrow are examples of such challenges.

This final document has been prepared by international experts and participants during the EFPE 2015. This document has been translated into English, Polish and Russian and presented for acceptance by participants of the conference. We ask policy makers and lawmakers to consider this modest contribution to the European discussion in their future efforts.

Asseco Poland is the largest IT company in Poland and in the region of Central and Eastern Europe. For 30 years, it has been creating technologically advanced software for companies in key sectors of the economy. The company is present in 60 countries worldwide and employs 27,500 people. It is growing both organically and through acquisitions, of which it has made nearly 100 since 2004. Asseco companies are listed on the Warsaw Stock Exchange, NASDAQ, and the Tel Aviv Stock Exchange.

Obserwatorium.biz is an independent Polish consulting company, operating on the market since 2015, specializing in the creation and implementation of digital strategies in companies, mainly from the financial and public administration sector.

It supports clients in particular phases of strategic development – diagnosis of internal situation, market environment, it helps to formulate new goals and products, taking into account social and business trends resulting primarily from technological changes, it supports implementation and execution processes, including for IT suppliers. It carries out a number of educational activities such as trainings and conferences in order to spread the knowledge about digital transformation, its consequences and conditions for optimal implementation in a given enterprise.

We have been developing digital security at Certum for over 20 years. We specialize in certification services that validate online identity and provide solutions to ensure the trustworthiness and security of documents, electronic data and devices.

We are committed to ensuring that our clients' businesses can thrive while remaining fully resistant to cyber attacks and other external threats. Using modern technological advances, we create solutions that help our clients navigate more efficiently, comfortably and safely in the virtual world.

Certum consists of a competent and experienced team of more than 150 specialists who have been trusted by hundreds of thousands of companies and institutions all over the world. Many years of experience combined with specialist knowledge allows us to implement even the most complex and technically advanced projects. We place particular emphasis on the compliance of our services with current legal conditions and standards. More information available at www.certum.pl

The Cloud Signature Consortium is a global group of industry, government, and academic organizations committed to driving standardization of highly secure and compliant digital signatures in the cloud. Inspired by the rigorous requirements of the European Union’s Regulation on electronic Identification, Authentication and Trust Services (eIDAS), our open technical specification helps ease solution interoperability, streamline compliance with e-signature regulations, and pave the way for uniform adoption of cloud-based digital signatures around the world.

NASK is a National Research Institute whose mission is to develop and implement solutions which facilitate the development of information and communication networks in Poland, in addition to improving their effectiveness and security. We carry out research and development projects as well as projects aimed at improving the security of Polish civilian cyberspace. Another of our important activities is educating users and promoting the concept of an information society, primarily with the goal of protecting children and young people from hazards posed by new technologies.

ZIPSEE Digital Poland is an industry employers’ organization – it brings together the largest digital and high-tech companies in Poland, including manufacturers, importers and distributors. The main goal of the organization is to care for the development of this sector in Poland

The Association actively follows and is personally involved in works on any regulations that may directly or indirectly affect the high-tech industry in our country.

One of the main objectives of ZIPSEE Digital Poland is to support and build a digital economy by, among others, spreading the idea of e-services or digitization. At the same time, Digital Poland makes sure that the development of e-solutions will be accompanied by an increase in their cybersecurity, which is related to constant improvement of social awareness and competence both among entrepreneurs and public administration.

The Committee of the Council of Ministers for Digitization (KRMC) is an auxiliary body of the Council of Ministers and the Prime Minister, established in 2012 to ensure the coordination of the implementation of IT projects of the government administration and the preparation of government documents related to computerization. KRMC is responsible for ensuring the consistency of IT projects with the strategic activities of the State.

The European Signature Dialog is a platform of major European electronic signature providers. The first European Signature Dialog took place on the 1st and 2nd of June 2017 in the heart of Europe – Vienna, attended by organisations from eleven countries. On the initiative of A-Trust, a qualified trust service provider in Austria, a joint voice of leading European stakeholders was created to tackle the need for consistency between EU and national requirements and to transform Europe into a strong player in authentication and cybersecurity.

The Polish Information Processing Society, PIPS (Polskie Towarzystwo Informatyczne, PTI) was established in 1981 as professional organization representing people who work in the IT. From its beginning the PIPS fosters links between experts from industry, academia and business promoting education, knowledge sharing, codes of conduct and skills frameworks. It voices the Society’s members opinions, needs, interests, and rights in relations with the general public, local and central government and with other associations in Poland and abroad. In 1992 PIPS was the first organisation from the post-communist countries to become a member of the Council of European Professional Information Societies (CEPIS).

ETSI is a not-for-profit Institute with more than 900 member organizations worldwide, drawn from 65 countries and five continents. Our members comprise a diversified pool of large and small private companies, research entities, academia, government and public organizations.

Samsung Electronics inspires the world and shapes the future with transformative ideas and technologies that give people the power to discover new experiences. With a constant focus on innovation and discovery, we keep redefining the worlds of TVs, smartphones, wearable devices, tablets, digital appliances, network systems, and memory, system LSI, foundry and LED solutions.

Samsung Electronics is committed to improving the global community and delivering ground-breaking innovations that enhance people’s everyday lives.

ARIADNEXT is the leading European provider of digital identification services. By providing solutions based on Artificial Intelligence, ARIADNEXT offers companies the opportunity to instantly build trusting relationships with their consumers. These solutions enable them to meet regulatory challenges and anti-fraud requirements while focusing on customer experience and digital transformation.

Entrust keeps the world moving safely by enabling trusted identities, payments and data protection around the globe. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, or accessing corporate networks. With our unmatched breadth of digital security and credential issuance solutions, it’s no wonder the world’s most entrusted organizations trust us.

This website uses cookies to provide services at the highest level. By continuing to use the site, you agree to their use. If you do not agree to the use of cookies that are not necessary to use the website, you can change the settings in the browser you use

Subscribe to our newsletter