The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day

The Voice of the Smart Security Industry EUROSMART is an international non-profit association located in Brussels, Belgium and representing the Smart Security Industry. Founded in 1995, the association advocates the use of Smart Secure Devices and smart security solutions to enhance the usability of digital services while protecting privacy and combatting fraud. 24 Member.

Smart security: an innovative and dynamic industry

Current eID status in Europe Digital Agenda for Europe addresses eGovernment, Single Market, Electronic Identification and Trusted Services. EU Commission is regulating on electronic identification and trust services for electronic transactions in the internal market (eIDAS) Beginning of 2015: in Europe 23 States were issuing eID-Cards. This is the highest number in one continent. 170 Million eIDs are in the field. This captures more than 30% of the total population of 500 Million citizens. Year 2020: More than 250 million eID-cards will be held by citizens and around 20 million e-Residence Permits by 3rd country nationals. EU Commission and Member States spent more than €100 Million for technical interoperability along eID, eHealth, eSignature and eServices

NSTIC – USA Trusted Identities in Cyberspace (USA) may create a set of industry standards FIDO - Fast Identity Online defines an open, scalable and interoperable set of mechanisms with the aim of reducing the use of passwords for the authentication of users Apple Pay - A payment system using only a single touch on devices in combination with the use of NFC technology. GSMA – Mobile Connect Using a SIM card as a secure vault for storing the electronic Identification and Authentication and the Mobile Operator Network to provide a trusted Digital Identity to e-services. Handset manufacturers have embraced the Near Field Communication (NFC) contactless technology for mobile payment, as well as for Digital Identity Management. What will be the future evolution of electronic identification, authentication and signatures? What will be the driving force or forces for Digital Identity? Other initiatives besides eIDAS

Eurosmart thinking Trusted Digital Identity is a Fundamental Right for all European Citizens and service providers. The future will create several Digital Identity companion concepts with different form factors and device supports, but the “Root of the Digital Identity” will remain the official electronic document issued by European Member states, as it is today with the Know Your Customer (KYC) regulation. The “Future Digital Identity Landscape in Europe” Eurosmart paper makes a status on current eID status, requirements, initiatives and concrete wishes for the success of eID in Europe. It may be downloaded from

Future requirements of Digital Identity Freedom to travel physically and on the web, Voluntary access and possibility to access to means providing security and warranties to the individuals acting as citizens, users, consumers and to service providers Personal Data and Privacy protection by default Pseudonymous authentication and signature shall be an option open to all User’s consent prior to internet footprint.

Eurosmart wishes on eIDAS 1/2 The differentiation of levels “Substantial” and “High” shall be clearly made in both technical requirements and liability effects. The level “High” shall not be restricted to very few cases, since it could lead to a lack of economic interest. The C.E.N. WG17 works on Protection Profile (local or remote) shall be the reference for the security evaluation and certification, at minimum, for the Qualified Signature Creation Device.

Eurosmart wishes 2/2 Privacy Impact Assessment and privacy by design duties shall be defined by means of favouring the user’s device rather than databases The device shall include embedded features allowing for: o data minimization o pseudonymous authentication and signature Be open to the use of future technologies, amongst them the physical authentication by biometrics, in full respect to privacy and ethics that can be ensured by use of a secure element

Conclusion The “Root of Digital Identity” is and will be provided by Member States and the eIDAS, and “Know Your Customer” Regulations are confirming this strategic aspect. The Root of Digital Identity may be coming from various eID documents: National eID, eDriving License or ePassport, depending on the Member States’ business processes. Europe has a strong Digital Identity strategy as per the Digital Single Market Strategy, and has to promote European values for the wealth of European citizens, Member States and the economy. The smart security industry is supporting this strategy by promoting the European Values in more than 120 countries.

THANK YOU FOR YOUR ATTENTION 14th of December, 2015 ACSIEL partners day