Eurosmart | The voice of the Digital Security Industry | Eurosmart’s position on the future European Digital Identity (EUid)

27 Jan 2021 Eurosmart’s position on the future European Digital Identity (EUid)

Posted at 11:45h in News, Position Papers byadmin8520

How to ensure that identity services in Europe are preserving Europe’s sovereignty?

Context

The European Commission will soon present a proposal for a European Digital Identity (EUid). Different options are currently envisaged. One of these options is to create a new trust service, pursuant to the eIDAS Regulation, for (private) electronic (or digital) identity providers. This paper highlights the position of Eurosmart on this topic. Eurosmart sees many potential pitfalls in this approach that should be carefully assessed by policymakers. Eurosmart drew recommendations to prevent these pitfalls.

Digital sovereignty as a guiding principle

Eurosmart’s recommendations aim to preserve Europe’s digital sovereignty, in a context where big tech is more and more involved in providing digital identities.

First, digital identity providers are too important to be ruled like any other trust services. Additional requirements should apply to ensure that EU values are respected. These requirements include non-discrimination, privacy-by-design and security-by-design.

Secondly, digital identity providers should be effectively governed by national and European laws. Eurosmart recommends introducing a condition of “Europeanity”, meaning that digital identity providers should be European registered companies or European public entities.

Thirdly, the European Commission should legislate on the security of identification and authentication means. This is particularly needed in the case of server signing (remote identification and authentication). There are currently no clear security requirements or criteria in the legislation to ensure the security of the local component performing the remote identification and authentication of the signatory.

Last but not least, Eurosmart believes that the Cybersecurity Act provides a relevant framework for the certification of digital identity solutions. An alignment between the Levels of Assurance of eIDAS and the Levels of Assurance of the Cybersecurity Act is needed.

Please see below the full position paper.

Eurosmart_position_eID_services_final_27012021

Print page

Eurosmart welcomes the recent adoption of the Cyber Resilience Act and the Artificial Intelligence Act by the European Parliament

Eurosmart Unveils Ground-breaking PP-0117 V2 Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile

Eurosmart Welcomes Adoption of the EUCC Scheme, Advocates Collaborative Approach for Sustainable Implementation

Eurosmart welcomes the recent adoption of the Cyber Resilience Act and the Artificial Intelligence Act by the European Parliament

Eurosmart Unveils Ground-breaking PP-0117 V2 Secure Sub-System in System-on-Chip (3S in SoC) Protection Profile

Eurosmart Welcomes Adoption of the EUCC Scheme, Advocates Collaborative Approach for Sustainable Implementation

Revision of the Cybersecurity Act (CSA) – The importance of maintaining efficient governance

Eurosmart’s priorities for the Cyber Resilience Act

Eurosmart’s Comments on the Cyber Resilience Act (CRA) proposal.

EU Common Criteria (EUCC) Certification Scheme

Revision of the Directive on Driving Licences – Eurosmart’s Answer to Public Consultation

European Digital Identity Wallet: Why do we need level “high” (eIDAS) & level “high” (Cybersecurity Act)?

Eurosmart’s position on the future European Digital Identity (EUid)

27 Jan 2021 Eurosmart’s position on the future European Digital Identity (EUid)

How to ensure that identity services in Europe are preserving Europe’s sovereignty?

Context

Digital sovereignty as a guiding principle

Recent news

Follow us on X