Feasibility study on an electronic identification, authentication and signature policy (IAS) SMART 2010/0008 Final Study Report 18 January 2013 D4.2 (Version 1b-Final)
This study was commissioned by the European Commission's Information Society and Media Directorate-General, in response to the general invitation to tender of the Directorate-General Information Society and Media, n SMART N 2010/008. The study does not, however, express the Commission's official views. The views expressed and all recommendations made are those of the authors. Table of contents 1. SUMMARY OF THE STUDY GOALS AND SCOPE... III 1.1 Background of the Study... 1.2 Scope of the Study... 1.3 Role of this document in the Study... 2. APPENDICES...V 2.1 Deliverable D.1: IAS in the European policy context... 2.2 Deliverable D.2: IAS in Europe, an overview of the state of the art... 2.3 Deliverable D.3: Proposal for a European IAS policy framework... II
1. Summary of the Study goals and scope 1.1 Background of the Study The purpose of the present project, as described in the tender specifications, is to study the feasibility of a comprehensive EU legal framework that would apply to all electronic credentials needed to secure electronic transactions as well as the ancillary services needed to use them: electronic identification, authentication, signature, seals, certified delivery and a voluntary official email address. The perspective of the legal framework would be to facilitate the smooth working of electronic transactions in the internal market. In other words, it would be based on article 114 of the Treaty on the Functioning of EU (TFEU). The Digital Agenda confirms that "Electronic identity (eid) technologies and authentication services are essential for transactions on the internet both in the private and public sectors. Today the most common way to authenticate is the use of passwords. For many applications this may be sufficient, but more secure solutions are increasingly needed. As there will be many solutions, industry, supported by policy actions in particular egovernment services - should ensure interoperability based on standards and open development platforms." The Commission, therefore, will "In 2011 propose a revision of the esignature Directive with a view to provide a legal framework for cross-border recognition and interoperability of secure eauthentication systems". This Study aims to provide inputs for this action. 1.2 Scope of the Study The scope of this study is to determine if and how a comprehensive European IAS framework could be formed, including the legal, technical and trust components required for such a framework. Each of these components will be defined by the study team, in a way that will allow them to serve as building blocks and to be combined into a comprehensive policy framework covering IAS services and ancillary services. The study should culminate in a recommendation from the study team to the Commission on how a complete and functioning legal, technical and trust framework for IAS services could be constructed. This recommendation should build on consultations of selected experts through direct discussions and workshops, as well as the feedback received through the Commission's 2011 public consultation on electronic identification, authentication and signatures. III
In this way, the study team aims to provide an immediately usable proposal, while optimally allowing the Commission room to adapt to future policy discussions or changed policy preferences. 1.3 Role of this document in the Study Apart from a general on-going support task to the Commission, the present Study consists of three tasks that correspond to a logical phase in the study. The phases and tasks can be graphically summarized as follows: Phase 1: Defining IAS in the European policy context What are IAS services? What are the European IAS needs? How do currently EU policies address IAS? How could we move forward? Phase 2: IAS in Europe: an overview of the state of the art What are the available EU laws and standards? What are the main national laws and standards? What are the main international examples? What can EU projects/initiatives contribute? Phase 3: Implementing a comprehensive IAS policy What are the IAS policy goals? How should the key legal, technical and trust building blocks be defined? What are the policy options to achieve the goal? How can the preferred options be built from the defined building blocks? The current document corresponds to all phases in the overview above and contains the final versions of the deliverables produced during the three phases. This Final Study Report contains the following documents: Deliverable D.1.1.b: IAS in the European policy context Deliverable D.2.2.b: IAS in Europe, an overview of the state of the art Deliverable D.3.2.b: Proposal for a European IAS policy framework IV
2. Appendices 2.1 Deliverable D.1.1.b: IAS in the European policy context 2.2 Deliverable D.2.2.b: IAS in Europe, an overview of the state of the art 2.3 Deliverable D.3.2b: Proposal for a European IAS policy framework V