A day-to-day example
In today’s world, businesses, governments and individuals carry out a substantial part of their day-to-day activities through digital means.
Most of us can genuinely say that for a lot of these activities and interactions, we don’t even remember how we used to do things before they went digital. To give you an idea, let us consider the following simple but undoubtedly familiar example:
John who lives in Belgium, needs to make a payment to his son Lucas who is studying in Italy, who needs the money to pay his rent. Lucas texts his bank account details to John who instantly opens his banking app, authenticates and inputs the account details into his smartphone to transfer the money to Lucas’ Italian bank account.
Nothing to it, right? You actually start to wonder, how we ever did these things in the past? Nowadays, EU citizens can easily transfer money from one European bank account to another while sitting behind their PC or by using their mobile banking app through the same defined standards across member states. (In this case SEPA – Single European Payments Act – has standardized Credit Transfers across EU). Until quite recently, the example described above wasn’t anywhere near as straightforward as it is today. Despite that novelty, it is already taken for granted. There is no doubt that today each EU citizen finds it only natural that in an internal market, (digital) payments between individuals and businesses must be facilitated through mutually recognized standards.
Let us now retrace our steps. In the scenario above, the cornerstone assumption is that Lucas is already in possession of an (in this case Italian) bank account. However, digitally opening such a bank account today as a non-resident citizen is practically impossible due to different eID standards and by scattered implementation of trust services such as e-signatures. There is operationally speaking no internal market for these services. Even worse, you don’t need to pass borders to find such limitations. In many member states, it is fair to say that digitally opening a bank account within your own resident country is most of the time a very difficult and strenuous process because each market participant uses slightly different means of e-Identification and trust services.
Certainly there are also other considerations such as KYC, AML(4), CDD and many other regulations and directives in play which partly explain why banks are reluctant to allow remote bank account openings. However, in the above scenario there are basically two fundamental conditions to make digital onboarding possible in practice:
- the ability to digitally identify the counterparty and;
- the use of trust services (such as e.g. e-signatures) to verify data, documents and the person associated with those data and documents
The above is where eIDAS will play a key role as a facilitator from 1st of July, 2016 onward.
About the eIDAS regulation
Regulation (EU) No 910/2014 (known as eIDAS) which will repeal the Directive 1999/93/EC, mainly exists out of two building blocks:
- Electronic Identification
- Trust Services
The first objective of eIDAS is to remove existing barriers to the cross-border use of electronic identification means used in member states for public services. Indeed, the focus of eID is on public services. However we are confident that positive spill-over effects will benefit the private sector along the way , as eIDAS encourages the private sector to voluntarily use electronic identification means for online services or electronic transactions. Since September 2015 Member States can voluntarily recognize eID means of other member states. From September 2018 this will become mandatory and eID schemes should be fully interoperable between member states.
The second objective of eIDAS is creating an internal market for Trust Services. These Trust Services consist of: e-signatures, e-seals, e-timestamps, e-registry delivery and website authentication means. It also introduces the concept of a Trust Service Provider (TSP), being a legal or natural person that provides one or more Trust Services. Under eIDAS there is special attention for Qualified Trust Service Providers (QTSPs) that need to fulfill certain additional criteria such as: ex-ante conformity assessments, maintain sufficient financial resources and show relevant expertise in the trust service they offer (non-exhaustive). In order to stimulate obtaining QTSP status a ‘quid pro quo’ arrangement applies. Being a QTSP allows the provider to be on the EU Trusted List which all member states consult and allows QTSPs to use the EU Trust mark for their services.
Why this time it is different
Some would argue that eID schemes have been around for quite some time. Trust services such as e-signatures have been around in EU legislation for more than 15 years (1999/93/EC). Both have only seen modest uptake in recent years. Why would it be any different with eIDAS? Well, we believe it will be truly different. Why? Because the surrounding conditions have dramatically changed. Businesses, Governments and Individuals have recently gone massively digital. Many of them prefer to interact digitally and perform digital transactions accordingly. The number of digital interactions has surged thanks to the use of smartphones, tablets and other e-wearables. As a result, e-identity and trust services are becoming essential in order to transform tasks that were once considered incredibly difficult, strenuous and expensive. The availability of the necessary identification and trust services for each participant of the (single) market has greatly simplified these complex processes. Having a harmonized framework will enable uptake of these e-identification and trust services to reduce complexity.
eIDAS as an enabler for new value propositions
Let’s return to our example of John and Lucas. Will eIDAS ensure that Lucas as a non-Italian resident will digitally open a bank account in Italy? Will John authenticate the payment through usage of his eID? The answer is: “Perhaps, but not necessarily”. There is still a lot of work that needs to be done. Although eIDAS provides the necessary common framework within the single market to make all the above possible, some sector or country specific additional laws, technical restrictions and or requirements will form a barrier for the cross border eID usage. It will thus only be used if the processes are more simple, more convenient and generally have a better user experience. Nevertheless, eIDAS takes away that first obstacle by providing a common framework and further harmonizing the digital single market, thus enabling new value propositions through digital services. This will ultimately benefit the end-user, being every single one of us.