2016 - Final Statement

EFPE 2016 FINAL STATEMENT ON NEW EUROPEAN UNION TRUST SERVICES IMPLEMENTATION

The European Forum on Electronic Signature is the largest international conference in Europe gathering of community professionals related to security, electronic trust services and electronic identification. This year, 16th edition of EFPE with the leading topic being “Electronic identification and trust services (eIDAS) – advantages of a single, cross-border digital market”, was held on 9-10 June 2016 in Szczecin (Poland).

EFPE 2016 was attended by over 130 participants from 21 countries. Among them were representatives of European Commission, ETSI, large institutions using trust services (including government offices and agencies), producers of software and/or hardware solutions and trust service providers related to electronic signature and electronic identification.

In addition to lectures, presentations and practical workshops, the special role have played discussions and polemics that have been conducted during two round tables with participation of representatives of government and business. These two round tables were focused on the following topics:

  1. Trust services and e-identification – accessibility or security? How to keep the right balance, having in mind the benefits for the end-user;
  2. Paperless Country – how will the eIDAS Regulation help us move to a paperless world?

The entry into force of eIDAS Regulation implies a new legal order in the area of trust services, which raises the need to adapt the national law of the Member States to the new conditions. This adaptation applies to those areas where eIDAS Regulation simply requires appropriate regulations in national law (e.g. an indication of the supervisory authority), or those ones where eIDAS Regulation is applied in an incomplete way, or for which the regulation leaves a discretion to the national legal systems. The solutions to be adopted in national legal regulations should undoubtedly have a positive impact on the transparency and consistency of the legal system and should also become more readable for the recipient.

This is particularly important in the context of the main message of eIDAS Regulation, i.e. removing existing barriers to the cross-border use of electronic identification and trust services for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the European Union.

The above is the reason why this year’s conference comes at a time when eIDAS Regulation issues will be the focused on the problems of a single, cross-border digital market. These problems were discussed by many conference participants and are presented below in the form of recommendations addressed to citizens, businesses and public authorities.

  • The conference participants pointed out that identification of users based on foreign eID is a severe challenge, regardless of the fact that the identity/identification is authenticated by use of an eID according to eIDAS, because:
    • even when both countries use national identifiers for their residents, identifiers cannot necessarily be (legally) used cross-border nor be reliably mapped between countries.
    • access to eGov services may require a specific, national identification that foreigners may not possess, and that cannot be derived from the identification provided.
    • there is a clear risk of establishing multiple identities for one person based on inconsistent identification, causing risks related to e.g. fraud.

    The above challenges can be solved by Member States countries if the governments decide to put priority on this.

  • During the conference it was indicated that it is important to identify not only many challenges in implementing eIDAS in certain EU Member States, but also to evaluate what is the impact of eIDAS outside the EU. This is important practical problem because the cross-border public services are low on the agenda (e.g. eGov strategies and the like) of governments.
  • The conference participants also stated that eIDAS Regulation ensures the conditions for European Trust Service market, so e-Signature stakeholders are called to do their part by assuring cross-country interoperability, proposing solutions easy for everyone and strongly integrated into digital processes/workflows. European bodies, especially European Commission, ETSI, CEN and ENISA, should support the deployment of these services in Europe.
  • China is now the European Union’s second trading partner behind the United States and the EU is China’s biggest trading partner. Hence, the conference participants are convinced that China licensed trust service providers and European qualified trust service providers should work together to provide trade contract eSign services for Europe and China traders, to save delivery cost and save time.
  • The participants got acquainted with the information on the experience of Kazakhstan in terms of building a public key infrastructure, and have taken note that the exchange of information between Kazakhstan and other countries can be implemented on the basis of the trusted third party services provided in Kazakhstan in accordance with the applicable law.
  • As a result of the discussion on the work carried out within the framework of the creation, operation and development of the Trans-boundary Trust Environment in various international fora (UNESCAP, UNCITRAL, UNCEFACT, EAEU and others) based on respect for the principle of digital sovereignty of all the participating states, the Conference participants noted the expediency of solutions elaborated in those international organizations as well as in the EU. Moreover, the harmonisation of regulations in normative acts, technical and organizational solutions applied by those international fora on the one hand, and in the EU in the part of creating trust service market on the other hand, should facilitate the development of interaction between the EU and the other international associations markets. Cooperation between authorized organisations and experts involved in these works is a necessary condition to achieve a positive result.
  • A qualified eSeal perfectly fulfills the Pareto-Principle: one can achieve 80% of the benefits of a qualified eSignature with only 20% of the effort. The eSeal based on eIDAS Regulation and CEN/ETSI-Standards is the ‘fast-forward’ to digitalization of eServices and the EU Digital Market with the potential of 500 million independent, self-determined users.
  • The conference participants pointed to the need for the cooperation between EU and non-member states of EU:
    • to facilitate cooperation on issues of legal and technical regulation in the field of electronic signatures and other trust services, and on issues of implementing the eIDAS Regulation, as well;
    • to conclude an international treaties on mutual recognition of third countries certificates and European certificates used in the provision of legally significant electronic services in the interaction among the various states;
    • to give technical assistance for the best understanding of notification procedures of electronic identification schemes according the new legislation base of Europe.
  • The market is very interested in the trust services and theirs implementation. At EFPE 2016 some companies announced theirs new solutions strongly oriented to Trust Services through a modern approach (based on server or mobile devices) to online e-signature and its validation, citizen’s strong authentication, authorization and identification.
  • Public administration that intends to provide trust services to the public should do it on the base of equal and competitive rules with commercial subjects. The conference participants reiterate the belief expressed many times in last years’ conferences that the public administration should increasingly rely on commercial solutions offered by service providers operating on the digital market.

This final document has been prepared by international experts and participants (among others by Jon Ølnes, Arno Fiedler, Sławomir Górniak, Sergey Kiryushkin, Yurii Kozlov, Alla Kryzhanovska, Jerzy Pejaś, Marco Scognamiglio, Assel Seifullina, Murat Seisenov, Artur Skrzeczanowski, Richard Wang) during the EFPE 2016. This document has been translated into English, Polish and Russian and presented for acceptance by participants of the conference. We kindly ask policy makers and lawmakers to consider this modest contribution to the European discussion in their future efforts.

 

D.Sc. Eng. Jerzy Pejaś
Chairman of EFPE 2016 Program Committee
West Pomeranian University of Technology in Szczecin
Poland

Asseco Poland is the largest IT company in Poland and in the region of Central and Eastern Europe. For 30 years, it has been creating technologically advanced software for companies in key sectors of the economy. The company is present in 60 countries worldwide and employs 27,500 people. It is growing both organically and through acquisitions, of which it has made nearly 100 since 2004. Asseco companies are listed on the Warsaw Stock Exchange, NASDAQ, and the Tel Aviv Stock Exchange.

Obserwatorium.biz is an independent Polish consulting company, operating on the market since 2015, specializing in the creation and implementation of digital strategies in companies, mainly from the financial and public administration sector.

It supports clients in particular phases of strategic development – diagnosis of internal situation, market environment, it helps to formulate new goals and products, taking into account social and business trends resulting primarily from technological changes, it supports implementation and execution processes, including for IT suppliers. It carries out a number of educational activities such as trainings and conferences in order to spread the knowledge about digital transformation, its consequences and conditions for optimal implementation in a given enterprise.

We have been developing digital security at Certum for over 20 years. We specialize in certification services that validate online identity and provide solutions to ensure the trustworthiness and security of documents, electronic data and devices.

We are committed to ensuring that our clients' businesses can thrive while remaining fully resistant to cyber attacks and other external threats. Using modern technological advances, we create solutions that help our clients navigate more efficiently, comfortably and safely in the virtual world.

Certum consists of a competent and experienced team of more than 150 specialists who have been trusted by hundreds of thousands of companies and institutions all over the world. Many years of experience combined with specialist knowledge allows us to implement even the most complex and technically advanced projects. We place particular emphasis on the compliance of our services with current legal conditions and standards. More information available at www.certum.pl

The Cloud Signature Consortium is a global group of industry, government, and academic organizations committed to driving standardization of highly secure and compliant digital signatures in the cloud. Inspired by the rigorous requirements of the European Union’s Regulation on electronic Identification, Authentication and Trust Services (eIDAS), our open technical specification helps ease solution interoperability, streamline compliance with e-signature regulations, and pave the way for uniform adoption of cloud-based digital signatures around the world.

NASK is a National Research Institute whose mission is to develop and implement solutions which facilitate the development of information and communication networks in Poland, in addition to improving their effectiveness and security. We carry out research and development projects as well as projects aimed at improving the security of Polish civilian cyberspace. Another of our important activities is educating users and promoting the concept of an information society, primarily with the goal of protecting children and young people from hazards posed by new technologies.

ZIPSEE Digital Poland is an industry employers’ organization – it brings together the largest digital and high-tech companies in Poland, including manufacturers, importers and distributors. The main goal of the organization is to care for the development of this sector in Poland

The Association actively follows and is personally involved in works on any regulations that may directly or indirectly affect the high-tech industry in our country.

One of the main objectives of ZIPSEE Digital Poland is to support and build a digital economy by, among others, spreading the idea of e-services or digitization. At the same time, Digital Poland makes sure that the development of e-solutions will be accompanied by an increase in their cybersecurity, which is related to constant improvement of social awareness and competence both among entrepreneurs and public administration.

The Committee of the Council of Ministers for Digitization (KRMC) is an auxiliary body of the Council of Ministers and the Prime Minister, established in 2012 to ensure the coordination of the implementation of IT projects of the government administration and the preparation of government documents related to computerization. KRMC is responsible for ensuring the consistency of IT projects with the strategic activities of the State.

The European Signature Dialog is a platform of major European electronic signature providers. The first European Signature Dialog took place on the 1st and 2nd of June 2017 in the heart of Europe – Vienna, attended by organisations from eleven countries. On the initiative of A-Trust, a qualified trust service provider in Austria, a joint voice of leading European stakeholders was created to tackle the need for consistency between EU and national requirements and to transform Europe into a strong player in authentication and cybersecurity.

The Polish Information Processing Society, PIPS (Polskie Towarzystwo Informatyczne, PTI) was established in 1981 as professional organization representing people who work in the IT. From its beginning the PIPS fosters links between experts from industry, academia and business promoting education, knowledge sharing, codes of conduct and skills frameworks. It voices the Society’s members opinions, needs, interests, and rights in relations with the general public, local and central government and with other associations in Poland and abroad. In 1992 PIPS was the first organisation from the post-communist countries to become a member of the Council of European Professional Information Societies (CEPIS).

ETSI is a not-for-profit Institute with more than 900 member organizations worldwide, drawn from 65 countries and five continents. Our members comprise a diversified pool of large and small private companies, research entities, academia, government and public organizations.
www.etsi.org

Samsung Electronics inspires the world and shapes the future with transformative ideas and technologies that give people the power to discover new experiences. With a constant focus on innovation and discovery, we keep redefining the worlds of TVs, smartphones, wearable devices, tablets, digital appliances, network systems, and memory, system LSI, foundry and LED solutions.

Samsung Electronics is committed to improving the global community and delivering ground-breaking innovations that enhance people’s everyday lives.

ARIADNEXT is the leading European provider of digital identification services. By providing solutions based on Artificial Intelligence, ARIADNEXT offers companies the opportunity to instantly build trusting relationships with their consumers. These solutions enable them to meet regulatory challenges and anti-fraud requirements while focusing on customer experience and digital transformation.

Entrust keeps the world moving safely by enabling trusted identities, payments and data protection around the globe. Today more than ever, people demand seamless, secure experiences, whether they’re crossing borders, making a purchase, or accessing corporate networks. With our unmatched breadth of digital security and credential issuance solutions, it’s no wonder the world’s most entrusted organizations trust us.

This website uses cookies to provide services at the highest level. By continuing to use the site, you agree to their use. If you do not agree to the use of cookies that are not necessary to use the website, you can change the settings in the browser you use

Subscribe to our newsletter