The era of “everything is connected”

With evermore of our daily lives spent online, it has become a growing challenge to prove who we are when we are accessing online services. Where once we had a passport to occasionally proof our identity at a border, we now face regular demands for digital authentication, through passwords, thumbprints, and facial recognition. This has increased demand for a secure and trusted online identification, especially with the aim to improve uptake of e-Government services.

The solution is an electronic identity or eID, a self-sovereign and protected proof of identity that can be carried around just like a passport, but also used online. It can be provided as means of identification and authentication, for purposes of registering or creating accounts online, to facilitate access to private sector services, or to use digital services of public administrations.

Such concepts could significantly contribute to Europe’s digital sovereignty, when looking at the private sector: Single-Sign-On solutions offered by GAFAs (Google, Apple, Facebook, Amazon) have become the de-facto standard to access online services based on a social login. Their activities lead to further market dominance, user lock-in and a loss of control over personal data in exchange for easy-to-use functionalities. Hence, there is an urgent need for neutral, trusted, and standardised alternatives that put citizens fully in control over their IDs and verified credentials.

On the public sector side, the concept isn’t new, but today’s European market for electronic identities remains fragmented. National eID schemes are so far only used by 14 Member States, aiming to facilitate administrative processes, e.g., offering access to public services (for example to file an online tax declaration). However, roughly 40% of the EU population has still no access to a national eID scheme – and the ones who do continue to face obstacles when trying to access public services in another country.

Most importantly, both public and private eID solutions still lack reach on the user side – and, as a consequence, they lack acceptance on the supplier side, i.e. service providers from the private sector, and with that they lack attractive use cases. Multiple dedicated eID wallets compete with each other and each one struggles to overcome the critical mass to scale.

Dial I for Interoperability

One particularly important ingredient is missing: the interoperability of eID schemes to overcome the illustrated chicken-egg-dilemma. Without interoperability, the list of possible cross-border and cross-sector use cases would remain widely unexplored: from secure online elections, university certificates and insurance cards to digital driving licenses, eCommerce accounts and information on property ownership or employment – potential future use-cases for digital identities are manifold. A first successful example guiding the way has been the launch of the EU digital COVID Certificate, which is used by different applications, but is fully interoperable across the EU.

The European Commission’s recent proposal for a harmonized European Digital Identity Framework is therefore a welcoming step that, if done right, could provide real value to European citizens, including scaling up public and private sector initiatives.

Citizens on-board

There is also a clear appetite for this, as revealed by the results of a Special Eurobarometer on attitudes towards digitalisation in the EU (December 2019) – in which 63% of respondents thought it would be useful to have a single, secure digital ID that could serve all online services.

The main challenge to ensure easy uptake by users however needs to be addressed: an electronic proof of identity must work on a smartphone and be just as easily available and secure as conventional documents and identity cards.

To effectively address the illustrated problems, the European legislator should now ensure that the final EU framework is based on the following building blocks: 

• Make users the focus of activities, by securely storing relevant IDs and credentials on smartphones in a digital wallet, e.g. by using the secure element of the smartphone;
• Ensure no loss of control over data: users should decide when and where they want to present their ID to which identified verifier;
• Create a user-friendly solution with a real value proposition for all ages and backgrounds, which means especially attractive use cases by the public and the private sector;
• Overcome fragmentation: create an open, EU-wide ID ecosystem based on interoperable standards to allow for cross-sector and cross-border use cases, with clear rules for mutual recognition;
• Guarantee secure identity management to avoid risks like identity theft, fraud and man-in-the-middle attacks;

 

Existing infrastructure and standards are essential. The European telecom industry will play an important role in the development of such an EU ecosystem, helping to set standards for secure authentication and identification, when users are carrying their digital identities with their smartphones. The Mobile Connect identity framework is a leading example: developed in a joint effort by the mobile industry and by several mobile operators across Europe and even worldwide, it enables effective provisioning of EU cross-border services in compliance with eID / eIDAS.

A harmonized EU ecosystem of digital identities will offer clear benefits to EU citizens: administrative efficiency, greater ease of free movement within the EU, better security and more control of their data, to name a few. In addition, it also has all the potential to become a success story for public administrations and the private sector alike, enabling various new use cases and easier customer interaction. With the accelerating speed of digital transformation, Europe needs to move fast to ensure others do not set the de-facto standard for use.