Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (eidas)

Transcription

1 Proposal for a Regulation on Electronic identification and trust services for electronic transactions in the internal market (eidas) Progress of the legislative process Gérard GALLER gerard.galler@ec.europa.eu DG CONNECT, European Commission 1

2 Policy context EU legal framework only for e-signatures No comprehensive EU cross-border and cross-sector framework for e-identification, authentication, signatures and related trust services Commission s "eidas" legislative proposal on

3 Ambition of eidas Personal data = digital currency Digital identity "economic" drive USER ENABLEMENT eidas "trust-building" drive Trusted assertions/ credentials USER EMPOWERMENT Personal data = private asset 3

4 Large Scale Pilots (LSPs) Interoperable e- procurement 19 partners 11 countries Total Budget 30,8 M Electronic Identity Patient Summary / eprescribing Business mobility ejustice 32 partners 14 countries 47 partners 23 countries 33 partners 16 countries 17 partners 15 countries Total Budget 26 M Total Budget 23 M Total Budget 24 M Total Budget 14 M Electronic Identity Consolidation & extension of LSPs 60 partners 20 countries 22 partners 20 countries Total Budget 18,7 M Total Budget 27,4 M

5 Scope of eidas 1. Mutual recognition of electronic identification 2. Electronic trust services: Electronic signatures interoperability and usability Electronic seals interoperability and usability Cross-border dimension of: 1.Time stamping, 2.Electronic delivery service, 3.Electronic documents admissibility, 4.Website authentication. 5

6 eidas is on the top of EU political agenda European Council of : Called on the co-legislators to speed up the work on eidas proposal. Invites Council and Parliament to give the proposal the highest priority with a view to its adoption by the end of the current parliamentary cycle at the latest (= June 2014). European Council of : The rapid conclusion of the work is an essential priority, eidas is a key file

7 Legislative process: Lisbon Treaty art. 294 "Ordinary" legislative procedure (previously: "co-decision"): Article 294 TFEU: The Commission submits a legislative proposal to the European Parliament and Council Parliament and Council: 1 st readings At the 1 st reading, Parliament adopts its position. If Council approves Parliament's wording then the act is adopted. If not, Council adopts its own position and pass it back to Parliament with explanations. At the 2 nd reading, the act is adopted if Parliament approves the Council's text or fails to take a decision. Parliament may reject Council's text, leading to a failure of the proposal, or modify it and pass it back to Council. (source: adapted from wikipedia)

8 eidas State of Play - Council Council of the European Union, "TELECOM" Working Party Cypriot Presidency (2H2012): - Progress report to Telecom Council of Irish Presidency (1H2013): - Progress report to Telecom Council of Lithuanian Presidency (2H2013) Greek Presidency (1H2014)

9 eidas State of Play European Parliament EP internal rule 50: Procedure with associated committee JURI LIBE ITRE IMCO EP Plenary Committee votes on their amendments: JURI - Committee on Legal Affairs: opinion voted on 20 June 2013 LIBE - Committee on Civil Liberties, Justice and Home Affairs: 9 July 2013 IMCO - Committee on Internal Market and Consumer Protection: 9 July 2013 ITRE - Committee on Industry, Research and Energy: 14 October 2013 EP Plenary: Vote on 1st reading date to be defined

10 EP and Council focal points for discussion eid: Requirements on security level(s) of eid schemes to be notified Scope, interoperability, data protection, liability, Trust services (generic): Limitation on trust service providers liability Inclusion of non qualified providers and services Providers conformity assessment according to Regulation 765/2008 Prior authorisation Recognition of 3 rd country providers and services Delegated acts esignature and related services: esignature certificates: specific attributes, suspension, Certification of signature creation devices Scope width: eseals, edelivery, edocument, Website authentication

11 Support for eidas ENISA (European Agency for Network and Information Security): Report on the implementing eidas art. 15, Workshop on security aspects of trust service providers, Brussels, report (Oct. 2013) JRC / IPTS (Commission's Joint Research Centre / Institute for Prospective Technological Studies): eidas Compass: Commission's internal discussion platform on eidas

12 IAS Study Objectives and tasks: 1. Technical and legal building blocks Provide input for devising technical and legal building blocks needed for the preparatory work in the areas envisaged in the planned secondary legislation. Provide input for standardisation activities related to planned secondary legislation in the proposal for a Regulation 2. Market take-up of eid and trust services Monitor the take-up of electronic identification (eid), electronic authentication and electronic trust services (ets) and evaluate the impact of national and EU legislation. Build upon and further develop the results of the studies commissioned by the Commission on country profiles delivered in Complement and enhance the Impact Assessment report accompanying the proposal for a Regulation and the existing market studies, by collecting additional and updated data and by defining and measuring core progress indicators. 3. Communication and awareness Propose a communication strategy and outline an awareness raising campaign to promote the uptake of trusted services by EU citizens and SMEs. 4. Technical assistance Provide technical assistance to the Commission on eid, authentication and ets in particular by providing thematic technical reports, briefings and analysis. Study partners: Study details: 1.Study duration Start: January 2013 End: January Study deliverables Recommendations for implementing acts Monitoring ets and eid Enhancing ets market analysis follow-up of mandate m460 3.Study workshops September Q Commission reference: SMART 2012/0001

13 Standardisation mandate m460 by CEN and ETSI 6 Trusted Lists Providers List of TSP services approved (supervised) by National Bodies (e.g. Trusted Lists) Certificate Authority Time-stamping Signing Servers Validation Services TSPs supporting esignature 4 5 Trust Application Service Providers Registered Long term preservation Rules & procedures Formats Signature Creation / Validation Protection Profiles 1 Signature Creation & Validation XAdES (XML) CAdES (CMS) PAdES (PDF) AdES in Mobile envmts ASiC (containers) Common Criteria Protection profiles Smart Cards HSMs Signing services Signature Creation Devices 2 3 Cryptographic Suites Key generation Hash functions Signature algorithms Key lengths Public workshop:

14 eidas: Indicative process Legislative process Commission Proposal Parliament + Council adoption Standardisation mandate m460 Standards Secondary legislation Commission Decisions NB. Dates are indicative 14

15 Seminars on e-signature in the South Mediterranean Region Low regional integration of the South Mediterranean economies is a barrier to growth Cross-border business could increase if more e-business European Commission is organising two exploratory seminars to: Identify common business needs for regional e-transactions Find out how to leverage local e-signature resources at regional level Assess feasibility of regional cross-border e-signature interoperability 1 st seminar: Nov 2013, Amman, Jordan Hosted by TRC, Jordan s Regulator OPEN TO ANY INTERESTED PARTY Expected outcome: recommendations for further actions Possible recommendations: set-up a regional Trusted List, large regional project, approximation to EU e-signature legislation, enhance cooperation in international fora (UN, ISO, ITU, )

16 For furher information and feedback