News & Publications

Latest news

  • 18 April 2018 - Press releases

    Eurosmart welcomes the EC proposal to introduce a harmonized contactless electronic security feature on Member states ID cards

    On the 17th of April, The European Commission tabled a proposal for a regulation[1] to improve the security features of EU citizens' identity cards and residence cards with the aim at curbing document fraud.

    Eurosmart and its members are fully committed in achieving the highest level of trust and security in particular in the fields of physical and digital ID documents. The Digital Security Industry welcomes the European Commission’s proposal to set common security standards across the EU in the line with the ICAO requirements[2], and stresses the fact that facial and fingerprints data stored on a certified secure element, remains the best option to prevent bad uses and falsifications.

    “National ID cards and electronic passports are likewise used in Europe to travel, by embedding a harmonised contactless secure element storing the face and fingerprint biometrics will help to increase security within the Union” said Stefane Mouille Eurosmart ,President.

    The proposal will contribute to reduce the space in which terrorists and criminals are able to operate by creating an interoperability between the different national ID cards, so that all the EU citizens can exercise their free movement rights in a harmonized and highly secure way.

    “We are pleased to see European Commission promoting technologies that are certified under the SOGIS MRA scheme in a such highly sensible use case” complemented Mouille.

    The use of this secure technology opens the door to a wide spectrum of new features that could help both business and citizens in everyday life such as electronic identification, e-signature and trust services for electronic transactions in the internal market as set out by the 2014 eIDAS regulation[3].

     

    About us

    Eurosmart, the Voice of the Digital Security Industry, is an international non-profit association located in Brussels, representing the Digital Security Industry for multisector applications. Founded in 1995, the association is committed to expanding the world’s Digital secure devices market, developing smart security standards and continuously improving the quality of security applications.

    Our members

    Members are manufacturers of secure elements, semiconductors, smart cards, secure software, High Security Hardware and terminals, biometric technology providers, system integrators, application developers and issuers.

     

    Eurosmart members are companies (Fingerprint Cards, Gemalto, Giesecke & Devrient, GS TAG, Idema, Imprimerie Nationale, Infineon Technologies, Inside Secure, Internet of Trust, Linxens, Nedcard, NXP Semiconductors, +ID, Real Casa de la Moneda, Samsung, Sanoïa, STMicroelectronics, Toshiba, Trusted Objects, WISekey, Winbond), laboratories (CEA-LETI, Keolabs), research organisations (Fraunhofer AISEC), associations (SCS Innovation cluster, Smart Payment Association, Mobismart, Danish Biometrics).

     



    [1] EC Proposal for a regulation 2018/0104 (COD) on strengthening the security of identity cards of Union citizens and of residence documents issued to Union citizens and their family members exercising their right of free movement.

    [2] ICAO document 9303, part 3 (seventh edition, 2015) on machine readability.

    [3] Regulation eIDAS (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market

    Read more
  • 13 April 2018 - Press releases

    Eurosmart welcomes GlobalPlatform’s decision to set SCPO2 as a deprecated feature

    In early April 2018, GlobalPlatform announced in a Security Informative Note that the latest version of the Card Specification (v2.3.1) will set SCP02 as a deprecated feature.

    Eurosmart is committed in developing, promoting and maintaining the appropriate security level for its products, solutions and protocols and welcomes Global Platform’s initiative. Eurosmart specifies that, for a long time, the digital security industry has been added additional security measures to SCO02. The Eurosmart members are used to systematically pre-encrypting sensitive data or restricting the usage only to trusted environments.

    Stefane Mouille, President of Eurosmart explains: « Once again, the situation proves the good anticipation of our industry with regards to the security erosion of SCP02 and continues to favour a smooth transition to SCP03 ».

     

     

     

     

     

    About us

    Eurosmart, the Voice of the Digital Security Industry, is an international non-profit association located in Brussels, representing the Digital Security Industry for multisector applications. Founded in 1995, the association is committed to expanding the world’s Digital secure devices market, developing smart security standards and continuously improving the quality of security applications.

    Our members

    Members are manufacturers of secure element, semiconductors, smart cards, secure software, security evaluation laboratories, High Security Hardware, Biometric technology providers, terminals, system integrators, application developers and issuers who work in dedicated working groups (security, electronic identity, communication, Cybersecurity, marketing). Members are largely involved in research and development projects at European and international levels.

     

    Eurosmart members are companies (Fingerprint Cards, Gemalto, Giesecke & Devrient, GS TAG, Idema, Imprimerie Nationale, Infineon Technologies, Inside Secure, Linxens, Nedcard, NXP Semiconductors, +ID, Real Casa de la Moneda, Samsung, Sanoïa, STMicroelectronics, Toshiba, Trusted Objects, WISekey, Winbond), laboratories (CEA-LETI, Keolabs), research organisations (Fraunhofer AISEC), associations (SCS Innovation cluster, Smart Payment Association, Mobismart, Danish Biometrics).

     

    Contact:

    Pierre-Jean VERRANDO

    Director of operations

    pierrejean.verrando@eurosmart.com

    Mobile: +32 471 34 59 64

    Read more
  • 05 March 2018 - News

    Internship in European public affairs – Digital single market

    Download the job description

    Eurosmart, the Voice of the Digital Security Industry, is an international non-profit association located in Brussels, representing the Digital Security Industry for multisector applications. Founded in 1995, the association is committed to expanding the world’s Digital secure devices market, developing smart security standards and continuously improving the quality of security applications.

    Eurosmart is offering an internship in European affairs to support its Brussels’ office for a six-month period starting in April 2018.

    The Brussels Office coordinates the advocacy effort of the association and its members towards the European Institutions. Eurosmart aims at both securing, promoting and defending the interests of the digital security industry by creating a friendly policy and regulatory environment in the context of the development of the Digital Single Market Strategy with a strong focus on cybersecurity, the establishment of a EU single market for smart secure devices and the digitalisation of the economy and society.

    As a member of the Eurosmart’s Brussels team, you will be responsible to monitor European digital policies and related topics (Cybersecurity, IoT, Digital Identity, smart borders, biometrics, data economy, connected cars etc.) and to support the day-to-day activity of the association.

    Duties and responsibilities among others:

    • Support in policy monitoring and research, as well as advocacy work.
    • Participation in external meetings, conferences and seminars and drafting of reports and summaries.
    • Support in preparation of internal meetings and briefings; general administrative support and event management (e.g. assisting with preparing working group meeting).
    • Support in external and digital communication (website update and social networks management).

    Skills/Qualifications:

    • Master’s degree in political science / law / economy with specialisation in EU affairs or/and lobbying with good knowledge of EU legislative procedures. - Some previous relevant work experience welcomed.
    • Proficiency in English language; additional languages, such as French and/or German will be an asset.
    • Reliable and good team player with excellent communication skills and time management.
    • Ability to multi-task and a proactive self-starting “can-do” attitude are essential.
    • Any additional skills (PR drafting, digital communication, website management) could be an asset.

    What do we offer:

    • The internship is related to the conditions of the “Convention d`immersion professionelle”.
    • Remuneration between €1000 and €1200 according to the experience level.
    • luncheon vouchers.
    • Full time - 38h/week.
    • An exciting position in an office, right near the European Parliament, housing like-minded EU Affairs professionals.

    Application

    A CV (maximum of 2 pages) and motivation letter should be sent to Mr. Pierre-Jean Verrando, Director of Operations at pierrejean.verrando@eurosmart.com quoting "Eurosmart Intern EU Public Affairs" in the subject line.

    Please note that only short-listed candidates will be contacted for an interview which will be held at Eurosmart’s premises in Brussels.

     

     

     

    About us

    Eurosmart, the Voice of the Digital Security Industry, is an international non-profit association located in Brussels, representing the Digital Security Industry for multisector applications. Founded in 1995, the association is committed to expanding the world’s Digital secure devices market, developing smart security standards and continuously improving the quality of security applications.

    Our members

    Members are manufacturers of secure element, semiconductors, smart cards, secure software, High Security Hardware and terminals, biometric technology providers, system integrators, application developers and issuers.

    Eurosmart members are companies (Fingerprint Cards, Gemalto, Giesecke & Devrient, GSTAG, Idemia, Imprimerie Nationale, Infineon Technologies, Inside Secure, Linxens, Nedcard, NXP Semiconductors, +ID, Real Casa de la Moneda, Samsung, Sanoïa, STMicroelectronics, Toshiba, Trusted Objects, WISekey, Winbond), security evaluation laboratories (Bactech, CEA-LETI, Keolabs Internet of Trust), research organisations (Fraunhofer AISEC) and associations (SCS Innovation cluster, Smart Payment Association, Mobismart, Danish Biometrics).

     

     

    Read more

Latest publications

  • 07 February 2018- Position papers

    Cybersecurity Act: Five outcome-based principles from the digital security industry

    Download the whole position paper

    The proposal for a Cybersecurity Act is a matter of European industrial policy and economic growth as well as being of importance for European digital sovereignty and societal choices.

    The level of resistance to potential attacks on European encryption solutions will be key to the technical transposition of articles 7 and 8 of the European Union Charter of Fundamental Rights.

    The Cybersecurity Act is part of the new social contract for the digital age. Therefore, we will bear the responsibility for drawing up fair provisions which uphold the interests of European citizens, Member States, European industry, the European Institutions and the digital single market. We must make sure that the process of establishing confidence in products through a new ENISA-led certification framework is beneficial, first and foremost, to European citizens.

     

    With this vision in mind, Eurosmart invites both co-legislators to take 5 critical points into account when considering the initial proposal from the European Commission.

    · Firstly, clear legal definitions of essential terms referring to IT and security ecosystems (aka “cybersecurity”).

    · Secondly, fair and open European governance during the preparation phase of candidate European certification schemes.

    · Thirdly, a well-defined European certification objective that is apt for each level of certification. Above all, the co-legislators should ensure that the ‘substantial’ and ‘high’ levels require mandatory penetration testing (“pentest” or “ethical hacking”) of the product by Conformity Assessment bodies (CABs) whilst a product is being evaluated.

    · Fourthly, European standards must be the basisfor the preparation of a new candidate European certification scheme.

    · And finally ENISA’s “Intellectual Property Rights” (IPR policy) should be spelled out in the Cybersecurity act.

     

    Read more
  • 06 December 2017- Technical document

    Cybersecurity Package: Comments on the PwC Study

    Download
  • 06 November 2017- Technical document

    Radio Equipment directive and passive RFID products

    Radio Equipment Directive (RED) 2014/53/EU impacts the way in which the RFID products are placed on the European market. Eurosmart issued on 6th November a position paper to present its understanding of the Directive. Besides, in order to clarify the scope of the directive, Eurosmart addressed a list of questions and recommendations.

     

    Eurosmart position paper

    Radio Equipment Directive 2014/53/EU

    The Radio and Telecommunication Terminal Equipment (R&TTE) Directive 1999/5/EC establishes a regulatory framework for placing and putting into service radio and telecommunications terminal equipment on the free market. It was repealed by the Radio Equipment Directive (RED) 2014/53/EU that has been applicable since 13 June 2016. After a transitional period, equipment covered by the Radio Equipment Directive must be brought into conformity by 13 June 2017.

    The new RED guide issued by the European commission in 19 May 2017, specifies that “Non-radio products (e.g. passports, credit cards) which are tagged are not radio equipment and do not require CE marking and contact details for the purposes of RED.”

    Eurosmart’s understanding of the new Radio equipment directive 2014/53/EU

    1. As mentioned in the guide, credit cards, passports are examples of products that do not fall under the radio equipment directive;
    2. All passive RFID products are the same objects in the meaning of the Directive (see attachment). Such passive RFID products do not use any battery. Therefore, passive RFID products are not radio equipment and administrative provisions such as CE marking, class specification, serial number and identity of the manufacturer do not apply.
    3. However, administrative provisions of the directive 2014/53/EU apply to active RFID products using a battery or an active antenna.

    According to our understanding, the guide is not refined enough, therefore national authorities could interpret the provisions of the directive in several ways (see below).

    Eurosmart enjoins the European Commission to confirm the followings:

    1. Since passive RFID products do not fall under the RED, out of consistency reasons the respective supply parts shall not fall under the directive either.
    2. For active RFID products is the notion of “placeing on the market” in our view too vague. As stated by TCAM 20, the correct application of the RED must focus on the identification of the end user of the active RFID product when the product is placed on the market. Eurosmart recommends to precise (e.g. in the RED-Guide) at which stage in the value chain the product must be compliant and the conditions under which the product fall under the RED.
    3. As long as a new firmware does not change neither the behavior of the contactless interface nor the safety or security aspects of the product, it cannot be considered as a new product in the meaning of the directive.

    ANNEX I:

    Exemples of passive RFID products which do not fall under the Radio Equipment Directive (RED) 2014/53/EU

    1. Public sector cards

    2. Financial sector cards

    • Credit cards
    • Debit cards

    3. Private sector cards

    a) Commercial cards
    • Company cards
    • Loyalty cards
    • Ski pass
    b) Web Access cards
    • FIDO token
    c) Transport cards
    • Transport contactless tokens
    d) Building access cards
    Read more