|
[To Eurosmart members only]
eIDAS: MEPs exchanged views with the European Commission
On 30 November, MEPs from the ITRE Committee exchanged views with the European Commission on eIDAS. The ITRE Committee is the lead Committee on this file (for the distribution of competences, see the previous briefing here). Rapporteurs from other Committees also took part in the discussion.
It appears from the discussion that the security of the Wallet is a key topic for MEPs. It is worth noting that MEP Andrus Ansip advocated for technology neutrality while at the same time promoting a software-based solution using the Splitkey cryptographic technology. He argued that hardware-based solutions are much more challenging to manage.
Norbert Sagstetter, Head of Unit at the European Commission (DG CNECT), gave some insightful clarifications on the proposal. On technological neutrality, he explained that ātoday there is absolute technological neutralityā, which has led to poor results for eIDAS 1 in terms of uptake. The new system will be more harmonised and build on common standards. The standards can be those currently used in the private sector as long as those standards are adapted.
The future system will not replace the current one but will complement it; it will develop synergies. The system will not be built against national systems but in synergy with them.
Regarding the business model, Norbert Sagstetter believes that there is a business case. The Wallet will be time-saving. Service providers, even if charged 50 cents, will see a business case for the Wallet. The European Commission will provide a prototype Wallet to Member States, and they will be able to test the business model.
Regarding the toolbox, the legislative negotiations will not be prejudged by what happened in the toolbox. The toolbox will have to be adjusted to the negotiations. Nothing will be finalised before the legislative negotiations are concluded. Parliamentarians are invited to take part in the toolbox work.
MEP Romana Jerkovic (S&D, Croatia) is rapporteur for eIDAS in ITRE, meaning that she is essentially the leading MEP for the file. She underlined that there are stark differences among Member States when it comes to digitalisation. Some Member States are successfully bringing digitalisation to their citizens, others are not.
Romana Jerkovic is well aware of the multiple cybersecurity challenges: data mining, monetisation of certain data etc. She is in favour of the concept of data minimisation, and she supports the highest cybersecurity standards. The success of the Wallet will depend on trust.
Moreover, Romana Jerkovic insisted on the need to modernise education and training systems. People must be empowered. European values must be protected, such as privacy, which Europe has lost out to the big commercial interests.
MEP Riho Terras (EPP, Estonia), shadow rapporteur, mentioned the example of Estonia ā where eID has been used for almost 20 years. Unique and persistent identifier is a key building block. Riho Terras is aware that there is a lot of opposition on this particular topic. Riho Terras highlighted that the principle of technology neutrality should be respected.
MEP Dragos Pislaru (Renew, Romania), shadow rapporteur, underlined that the backbone of the proposal should be data protection. The user must be in complete control of the data. The proposal presents different terms, āattributeā, ācredentialā, ādataā, do all these terms fall under GDPR?
MEP Mikulas Peksa (Greens/Pirate, Czechia) pointed out that MEPs must discuss the architecture of the whole system. If implemented poorly, the system will instead present threats to privacy. Mikulas Peksa wants the system to be as much decentralised, as much open as possible. Would it be possible to have multiple identities? For instance, one for public services and one for private services? Is centralisation the only way? Mikulas Peksa asked whether it would not be better to have choice for the identity providers.
MEP Andrus Ansip (Renew, Estonia), rapporteur in IMCO, stated that trustworthiness and high security standards are essential. The Wallet needs to be secure and technology neutral. He stressed that a software-based wallet enables shorter supply chain and digital sovereignty, there is a cryptographically enabled solution (Splitkey). Hardware-based security is much more difficult to manage because of the long supply chain. Both hardware-based and software-based should be accepted.
Next steps:
The draft report could be finished by the end of March.
A vote in the ITRE Committee could take place in July 2022.
|
