|
[To Eurosmart members only]
ENISA-CEN-CENELEC Cybersecurity Standardisation Conference: takeaways
Every year, ENISA organises jointly with CEN-CENELEC and ETSI a Standardisation Conference. eIDAS was among the main topics of the 2022 edition, that took place on 15 March. The speakers also discussed the NIS Directive and the AI Act.
Please find below some key takeaways from this conference.
NIS Directive: According to Miguel Gonzalez-Sancho (European Commission), the negotiations on the revision of the NIS Directive are going quite smoothly.
Cloud: Andreas Mitrakas (ENISA) answered critics against the Cloud Service scheme. Firmer supervision of cloud service providers is needed. There is a public interest that is not duly represented in the earlier version of those services. Europe cannot be naïve anymore.
eID standardisation mandate: Åsa Barton (European Commission) explained that the Commission had not decided yet whether it would launch a standardisation mandate. First, there will be an assessment of what can be done with existing standards. In any case, the work done by the European Standardisation Organisations needs to be done in parallel to the toolbox process.
eIDAS ARF: Åsa Barton also underlined that the Architecture Reference Framework (ARF) would probably be a living document that will be updated, for instance, following the large-scale pilots.
Ledgers and eIDAS: According to Ignacio Alamillo (CEN-CLC/JTC19/WG1), there is nothing in the ARF outline on the interface to ledgers; hence the toolbox is not so neutral.
Certification of the eIDAS Wallet: Christoph Sutter (CEN TC224 WG17) explained that both protection profiles and standards are needed for the evaluation of the Wallet. The difficulty here is to define the Target of Evaluation. The toolbox should decide on the Target of Evaluation.
Remote QSCD: Nick Pope (ETSI TC ESI) underlined that remote QSCD is a practical solution to ensure control over the authentication keys -in the context of the eIDAS Wallet. It is possible to use a cloud for key storage or key storage in a smartcard connected via NFC.
Lack of standards for eID: Michał Tabor (Obserwatorium.biz) highlighted that there are no European standards for electronic identification. ETSI and CEN-CENELEC are trying to coordinate and try to develop new standards.
AI Act: Irina Orssich (European Commission) indicated that the European Parliament and the Council might have their position on the AI Act by this year.
|
