A notification procedure to ensure interoperability of eIDs and build mutual trust
From 29 September 2018, Member States which are already offering access to public services to their citizens by means of an eID are expected to recognise and accept the notified eID schemes used by their counterparts, provided that these meet minimum levels of assurance. Member States have been asked to notify the eID scheme(s) that will be accepted for cross-border exchange to both the European Commission and the other Member States and to provide information about these schemes, including a description of the solution, information about the identity provider, and a description of the online authentication process. The aim of this notification procedure is to support interoperability of eID schemes and to build trust among Member States. This is enabled through the exchange of an agreed minimum set of person identification data that will be common in all notified eID schemes. This minimum dataset includes the basic data that can uniquely represent a natural or a legal person (i.e. first name, family name, first and family names at birth, date of birth, place of birth, gender and address).
Public authorities obliged to comply, private sector encouraged to do so
At the time of writing, nine Member States have either notified or pre-notified the electronic identity schemes they intend to connect to the eIDAS network. More are expected to follow and notify theirs until the end of the year. While the eIDAS Regulation only establishes (for now) an obligation for public authorities to grant access to their online services to citizens of another Member States who authenticate with an eID, the Regulation also encourages the private sector to make use of the potential that eIDAS will bring about for them, notably in terms of expanding their customer base and improving customer experience.
Exploring the potential of re-using eIDAS by the private sector
In this vein, the European Commission recently entrusted to everis a study to explore the possibility of re-using the eIDAS network beyond the public sector, and in particular by two pilot sectors: the education and the banking sector. The study has analysed in-depth the specificities of both domains through interviews with universities and banks in order to understand the type of online services they offer and the data that are relevant for them in order to grant access to those services. Based on the findings of this fieldwork, as well as on a thorough analysis of the applicable legislation, everis has identified a set of domain-specific attributes that should be added to enrich the minimum dataset already provided by the eIDAS network. As part of the study, everis has also put forward an architectural concept for the pieces that could be added to the eIDAS network and to national IT infrastructures so as to enable the exchange of these new datasets.