Final Statement

EFPE 2019 Conference > Archives > 2016 > Final Statement

Final Statement

5 February 2018 | EFPE | 2016

EFPE 2016 FINAL STATEMENT ON NEW EUROPEAN UNION TRUST SERVICES IMPLEMENTATION

The European Forum on Electronic Signature is the largest international conference in Europe gathering of community professionals related to security, electronic trust services and electronic identification. This year, 16th edition of EFPE with the leading topic being “Electronic identification and trust services (eIDAS) – advantages of a single, cross-border digital market”, was held on 9-10 June 2016 in Szczecin (Poland).

EFPE 2016 was attended by over 130 participants from 21 countries. Among them were representatives of European Commission, ETSI, large institutions using trust services (including government offices and agencies), producers of software and/or hardware solutions and trust service providers related to electronic signature and electronic identification.

In addition to lectures, presentations and practical workshops, the special role have played discussions and polemics that have been conducted during two round tables with participation of representatives of government and business. These two round tables were focused on the following topics:

  1. Trust services and e-identification – accessibility or security? How to keep the right balance, having in mind the benefits for the end-user;
  2. Paperless Country – how will the eIDAS Regulation help us move to a paperless world?

The entry into force of eIDAS Regulation implies a new legal order in the area of trust services, which raises the need to adapt the national law of the Member States to the new conditions. This adaptation applies to those areas where eIDAS Regulation simply requires appropriate regulations in national law (e.g. an indication of the supervisory authority), or those ones where eIDAS Regulation is applied in an incomplete way, or for which the regulation leaves a discretion to the national legal systems. The solutions to be adopted in national legal regulations should undoubtedly have a positive impact on the transparency and consistency of the legal system and should also become more readable for the recipient.

This is particularly important in the context of the main message of eIDAS Regulation, i.e. removing existing barriers to the cross-border use of electronic identification and trust services for secure electronic interaction between citizens, businesses and public authorities, thereby increasing the effectiveness of public and private online services, electronic business and electronic commerce in the European Union.

The above is the reason why this year’s conference comes at a time when eIDAS Regulation issues will be the focused on the problems of a single, cross-border digital market. These problems were discussed by many conference participants and are presented below in the form of recommendations addressed to citizens, businesses and public authorities.

  • The conference participants pointed out that identification of users based on foreign eID is a severe challenge, regardless of the fact that the identity/identification is authenticated by use of an eID according to eIDAS, because:
    • even when both countries use national identifiers for their residents, identifiers cannot necessarily be (legally) used cross-border nor be reliably mapped between countries.
    • access to eGov services may require a specific, national identification that foreigners may not possess, and that cannot be derived from the identification provided.
    • there is a clear risk of establishing multiple identities for one person based on inconsistent identification, causing risks related to e.g. fraud.

    The above challenges can be solved by Member States countries if the governments decide to put priority on this.

  • During the conference it was indicated that it is important to identify not only many challenges in implementing eIDAS in certain EU Member States, but also to evaluate what is the impact of eIDAS outside the EU. This is important practical problem because the cross-border public services are low on the agenda (e.g. eGov strategies and the like) of governments.
  • The conference participants also stated that eIDAS Regulation ensures the conditions for European Trust Service market, so e-Signature stakeholders are called to do their part by assuring cross-country interoperability, proposing solutions easy for everyone and strongly integrated into digital processes/workflows. European bodies, especially European Commission, ETSI, CEN and ENISA, should support the deployment of these services in Europe.
  • China is now the European Union’s second trading partner behind the United States and the EU is China’s biggest trading partner. Hence, the conference participants are convinced that China licensed trust service providers and European qualified trust service providers should work together to provide trade contract eSign services for Europe and China traders, to save delivery cost and save time.
  • The participants got acquainted with the information on the experience of Kazakhstan in terms of building a public key infrastructure, and have taken note that the exchange of information between Kazakhstan and other countries can be implemented on the basis of the trusted third party services provided in Kazakhstan in accordance with the applicable law.
  • As a result of the discussion on the work carried out within the framework of the creation, operation and development of the Trans-boundary Trust Environment in various international fora (UNESCAP, UNCITRAL, UNCEFACT, EAEU and others) based on respect for the principle of digital sovereignty of all the participating states, the Conference participants noted the expediency of solutions elaborated in those international organizations as well as in the EU. Moreover, the harmonisation of regulations in normative acts, technical and organizational solutions applied by those international fora on the one hand, and in the EU in the part of creating trust service market on the other hand, should facilitate the development of interaction between the EU and the other international associations markets. Cooperation between authorized organisations and experts involved in these works is a necessary condition to achieve a positive result.
  • A qualified eSeal perfectly fulfills the Pareto-Principle: one can achieve 80% of the benefits of a qualified eSignature with only 20% of the effort. The eSeal based on eIDAS Regulation and CEN/ETSI-Standards is the ‘fast-forward’ to digitalization of eServices and the EU Digital Market with the potential of 500 million independent, self-determined users.
  • The conference participants pointed to the need for the cooperation between EU and non-member states of EU:
    • to facilitate cooperation on issues of legal and technical regulation in the field of electronic signatures and other trust services, and on issues of implementing the eIDAS Regulation, as well;
    • to conclude an international treaties on mutual recognition of third countries certificates and European certificates used in the provision of legally significant electronic services in the interaction among the various states;
    • to give technical assistance for the best understanding of notification procedures of electronic identification schemes according the new legislation base of Europe.
  • The market is very interested in the trust services and theirs implementation. At EFPE 2016 some companies announced theirs new solutions strongly oriented to Trust Services through a modern approach (based on server or mobile devices) to online e-signature and its validation, citizen’s strong authentication, authorization and identification.
  • Public administration that intends to provide trust services to the public should do it on the base of equal and competitive rules with commercial subjects. The conference participants reiterate the belief expressed many times in last years’ conferences that the public administration should increasingly rely on commercial solutions offered by service providers operating on the digital market.

This final document has been prepared by international experts and participants (among others by Jon Ølnes, Arno Fiedler, Sławomir Górniak, Sergey Kiryushkin, Yurii Kozlov, Alla Kryzhanovska, Jerzy Pejaś, Marco Scognamiglio, Assel Seifullina, Murat Seisenov, Artur Skrzeczanowski, Richard Wang) during the EFPE 2016. This document has been translated into English, Polish and Russian and presented for acceptance by participants of the conference. We kindly ask policy makers and lawmakers to consider this modest contribution to the European discussion in their future efforts.

 

D.Sc. Eng. Jerzy Pejaś
Chairman of EFPE 2016 Program Committee
West Pomeranian University of Technology in Szczecin
Poland

Dear User

Pursuant to Article 13(1) of the General Data Protection Regulation of 27 April 2016 (hereinafter referred to as the “Regulation”), please be informed that:

  • The administrator of your personal data is Asseco Data Systems S.A. with registered office in Gdynia, ul. Podolska 21, 81-321 Gdynia;
  • The Data Protection Officer at Asseco Data Systems S.A. can be contacted at e-mail address: IOD@assecods.pl, tel. +48 42 675 63 60.
  • Your personal data will be processed for the purpose of:
    1. preparing a response to your enquiry, pursuant to Art. 6(1)(b) of the Regulation
    2. sending marketing information by means of electronic communication and automation software on the basis of the Act on the provision of services by electronic means of 18 July 2002 and in connection with Article 172(1) of the Act “Telecommunications Law” of 16 July 2004 (alternative consent), pursuant to Article 6(1)(a) of the Regulation.
  • Your personal data will be stored for the time necessary to prepare a response to your enquiry and to respond it until you withdraw your consent for receipt of marketing information.
  • You have the right to access the contents of your data and the right to correct it, to have it removed/forgotten, to restrict its processing, to transfer it, to make an objection, to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of your consent prior to its withdrawal. All the above rights may be exercised through an application submitted at https://www.daneosobowe.assecods.pl
  • You have the right to lodge a complaint with the Regulator if you consider that the processing of your personal data is in breach of provisions of the Regulation.
  • Provision of personal data by you is necessary for the execution of your enquiry. You must provide it, and the consequence of not providing personal data will be that you will not be able to receive a response to your enquiry.
  • Your data will be processed automatically, also in the form of profiling. Automated decision making will be based on the principles of processing personal data supplied at the time of creating an Account and any supplemented data stored in it as well as data concerning activity on the Websites (in accordance with the Privacy Policy of Asseco Data Systems S.A. website Privacy Policy) and activity related to our communication with you through e-mail, and such processing will result in adjustment of marketing information concerning our products and services that may be of interest to you.
Privacy Police