On 8th July, the International Association for Trusted Blockchain Applications (INATBA) organised a panel discussion on the topic of Industry views on solutions for eID in Europe as part of a hybrid event Blockchain: A key enabler to innovation in Europe and the world organised in Brussels by the EU Blockchain Observatory and Forum and hosted by DG CNECT.
Attended remotely and in-person by representatives of industry, governments and academia, the panel was introduced by a keynote presentation from Maya Madrid (DG CNECT H4, European Commission), presenting on the activities across 2021–2022 regarding the eIDAS regulation and providing the public sector perspective of the EU digital identity. She explained that eIDAS deals with two pillars: 1) electronic identification and 2) trust service. “This regulation seeks to enhance trust in electronic transactions in the market by providing a foundation to secure interaction between citizens,” said Ms Madrid. She continued to give an overview of the eIDAS regulation development, its history and the reasons behind the regulation as well as plans for large-scale pilots, emphasising the importance of the EU digital identity needing to be “universally usable as a way to identify users, universally available to any citizen and resident in the EU and also that it protects personal data, giving also full control to the users (…).”
The second presentation was given by Kai Wagner (Jolocom), a member of INATBA’s Board of Directors and the co-chair of the Identity Working Group. On a high level, he introduced the policy position that INATBA’s Identity and Privacy Working Groups created on the eIDAS regulation, welcoming in particular:
- The European Digital Identity Wallet (EUDIW) as the common foundation for improved user experience and interoperability;
- The privacy-first approach that aims to protect citizens’ freedoms online with digital sovereignty;
- The introduction of Qualified Electronic Attribute Attestations (QEAA) and Electronic Attribute Attestations (EAA) as a new means of digital credentials in line with the conceptual ideas of self-sovereign identity (SSI);
- The inclusion of private sector scenarios and general applicability of eIDAS trust services and IDs beyond the public sector;
- The perspective to make eIDAS-based privacy-preserving identification and authentication mandatory as an option at gatekeeper services.
Mr Wagner further focused on 7 key points relating to the eIDAS regulation, which INATBA’s Identity and Privacy Working Groups emphasise, namely:
#1: Support amendment 94 to amend the proposed Article 11, by removing the requirement for a persistent, unique identifier as a requirement for the minimum set of personal identification data. A unique identifier is not needed for enhanced data subject due diligence and should not be added to the minimum set of personal identification data. The risk of misuse outweighs the benefits.
#2: Introduce verifier safeguards into Article 6b to protect EUDIW users from fraudulent requests by relying parties. Relying parties must qualify for requests of Personal Identifiers (PID), EAA, and QEAA data via proof of eligibility to request the data based on clear identification of the purpose and intent behind the request.
#3: Retain the proposed Article 6a(1), which authorises the Member States to allow for Digital Identity Wallets issued by the private sector. The ability of private sector companies to issue certified Digital Identity Wallets should remain a fundamental principle in eIDAS to enable competition and improve adoption with more choice.
#4: Amend the proposed Article 45f, by removing the inclusion of qualified service providers issuing attestations while being the authentic source of the data from the list of providers. Qualified service providers who issue attestations, and are also the authentic source of the data, should be excluded, as they are already covered by article 45a(2).
#5: Amend the proposal by introducing a requirement for lifecycle management of the EUDIW that enables citizens to maintain control over their EUDIW over time. The EUDIW providers need to allow for secure and user-friendly approaches to back up and restore the wallet, as well as the transition of an EUDIW from one device to another when they move to a new phone.
#6: Amend the proposal, by adding empowerment to the European Commission to adopt delegated acts to further specify how permissionless public blockchains can be used within the eIDAS infrastructure. The European Commission should be empowered to adopt delegated acts which would set out how public permissionless blockchains can be evaluated within the context of the eIDAS infrastructure – potentially under an intermediate level of assurance recognised by potential DLT Trusted Lists.
#7: Proof-of-Inherence-based User Authentication requires further clarification. The European Commission should provide clarity on Proof of Inherence based, or biometrics-based, user authentication.
Mr Wagner further said that INATBA supports the idea of a unified toolbox for the EUDIW and its ecosystem, recommending considering the concept of SSI based on the W3C Verifiable Credential Data Model for this common toolbox. INATBA believes that:
- SSI is superior to alternatives in giving users as much control and ownership over their digital identity information as possible;
- SSI ensures privacy by design: the issuer of a particular attribute does not have visibility of where this identity attribute is subsequently used;
- The SSI approach is consent-based. This is important for this control and interaction such that only necessary credentials – and additional information – are shared with the third party requesting the ID attribute;
- It allows for credentials to be shared widely, without creating one centralised database, or multiple copies of a user’s attributes;
It is flexible since an SSI model can be implemented using either centralised technology, distributed ledger technologies (DLT) or a hybrid setup.
The keynote presentations were followed by a panel discussion, moderated by Christian Hauschildt (EUBOF, White Research), with speakers Daniel Bachenheimer (Accenture, Identity Working Group Co-Chair at INATBA), Paola Heudebert (Archipels, Privacy Working Group Co-Chair at INATBA), Maya Madrid and Kai Wagner. The questions included:
Will we see significant changes in the digital identity ecosystem for private sector use cases due to eIDAS 2.0?
Maya: The latest version [of the proposal] enhances what we used to have in the previous system. It was very limited in how citizens could co-identify. It was only by sharing attributes, with no capacity of sharing credentials of digital identity. It used to be more oriented toward public services as opposed to the private sector ones. One of the most important changes is that the private sector will play a key role in the implementation of the EU digital identity framework. We expect to have a well-developed trust service market that offers the citizens a variety of electronic attestation of attributes. The private sector is the key enabler of the new proposal.
What are the highlights of the new eIDAS 2.0 proposal?
Paola: The creation of novel trust services, including the trust services of electronic and decentralised ledgers, is a big step for the industry compared to eIDAS 1.0, even though there are still questions about public permissionless decentralised ledgers. It’s great news for the self-sovereign identity industry. It’s a real opportunity for the private sector to thrive on these new services and develop novel use cases.
Daniel: The proposal is novel for its online identity authentication. It’s no longer only about what I have (an ID card) and what I know (a pin code), a third biometric attribute has been added as an option. It allows the citizens to select data that they share and combine them. In the currently most common use case, the e-passport, we weren’t able to do what the new proposal is bringing, selectively disclose and combine attributes, because it is from one issuer. I have to either give everything or nothing. These are some of the key things the new legislation proposes to change.
Kai: When applying to a university, you need to present a diploma from your school, proof of your ability to pay for the semester and proof of address from your landlord allowing you to register in the city. All these can be entered into a form and a digital process in the same moment without having to move through different applications or folders on your computer, trying to find the digital certificate or a pdf scan. All this can finally be digitised and processed in an automated fashion with full trust. We’ve already seen the initial very good results from the eIDAS 1.0 resolution and we think the proposal as it stands today offers an incredible opportunity for the trust market to evolve in Europe.
Maya: Trust is the key point. Building trust in the system. We can have very good technology, and choose technology standards and protocols to be used, but in the end, we need to build an ecosystem, where the parties can trust that what they receive is reliable and cross-border. We need to build trust for the whole European Union.
How will the identity market change within the EU and globally with this new proposal, should it be in its current form?
Kai: Some change is already visible today. There is a lot of interest in the process from many actors in the digital identity market. Groups are applying for the support of large-scale pilots, there are different consortia to build the wallet, and while it’s a very well-funded project, it’s also a question of positioning yourself in the market. Many large vendors and consortia are setting themselves up to do so. We also see that eIDAS is a huge topic among standardisation groups around the globe. There is a huge interest in the idea of building a common toolbox and setting a European-wide “standard” for how digital identity wallets have to be built, what their specifications are and how exactly qualified attribute attestation has to be issued. From our perspective, those things will have a significant effect on how the rest of the world thinks about their digital identity systems. Potentially there will be a cascading effect towards other markets outside of the EU that will benefit from those new decisions in the European digital market.
Paola: eIDAS proposal, if well-adopted, will have an impact on the world and on how other countries will regulate digital identity. The proposal is privacy-safeguarding, preserving, and making sure that the wallet issuer cannot track data from its use. Additionally, we have a safeguard ensuring that electronic attestation of attributes issuer cannot track the user of these attestations. The proposal was very well drafted and like the GDPR was a precedent for privacy regulation worldwide, this proposal will be a precedent for identity-preserving privacy solutions in the world.
Daniel: I’d like to draw lessons learnt from the COVID-credential era. The most prevalent COVID credential was a bar code that had private health information and personally identifiable information on it in a clear. It was digitally signed but never encrypted. The COVID credential with all your health information and personally identifiable information was then supposed to be linked with a photo ID. Had we had this system in place before, it would have easily solved the COVID credential problem in a privacy-preserving way and with zero-knowledge proof, without providing all health information.
Maya: This project has created a lot of interest within the European Union and outside of our borders. We have many third-party countries that are interested in what we are doing. But we are still in the process, we don’t have the system in place, and the regulation is yet to be adopted. We only adopted the proposal, but not the regulation.
Will eIDAS 2.0 be utilised in the crypto industry and what is it useful for?
Daniel: Financial transactions have an identity component to them. I will stick to one aspect, Know Your Customer. Having verifiable attributes in my wallet cryptographically signed by various entities – for example, proof of employment history or residency – is going to make it a lot easier and more secure for me to open up a bank account or conduct a financial transaction.
Paola: With eIDAS 2.0 you can see that in every case when strong authentication is needed, which is the case of financial services, the EUID wallet will have to be used. So we can think of a world where some crypto platforms will require to use the EUID wallets.
Maya: The financial sector is very, very important. It will be required to use the wallet for strong user authentication. This is also linked to remote onboarding, which is something to be yet discussed among the Member States. With the digital identity wallet, it will be easier to fulfil the KYC and the customer due diligence required for anti-money laundering. But the European standards required for remote onboarding are not fully harmonised. The European banking authorities are working on guidelines for this. Additionally, we have the legislative proposal with the Commission that is under negotiation by the European Parliament and the Council and once they agree to a final text, we will have a new European anti-money laundering authority that shall be established. The new authority will provide harmonised standards not only for remote onboarding but also for the use of EUDIW and the process. In the end, this proposal is very linked to the financial sector and the handling of the identification with the European wallet.
What is your expectation for the regulatory process? How do we get from where we are to where we want to be?
Maya: We are in the middle of negotiations in the Council and the Parliament and there are some more topics still under discussions, like the unique identification or the fact that we require level assurance high. We hope that with the new presidency of the Czech Republic we can have a text that is agreed on by all the States participating.
Daniel: What could be the problem with remote onboarding is exemplified in the new Entry/Exit legislation (EES) that says you must take a photoy of sufficient qualit live in front of an official to register third country nationals. One needs to register live because the photo in the e-passport could be a) old or b) morphed or c) poor quality. This might be part of the controversy, what is good enough? Can we use a passport photo? What about driver’s licence pictures?
Kai: It relates to the question, where do we need coordination and where do the stakeholders need to come to an agreement? Focusing on the toolbox process, what we want to / will see is a unified ecosystem built on common and shared specifications. This looks like the most ambitious project I could imagine because we’re trying to maintain all of the existing Member State eID systems (almost every Member State has one and they are incredibly heterogeneous). They are supposed to find their way into the wallet. Each national wallet should represent the eID scheme plus the additional features of the EUID Wallet. It means there has to be a very clear vision for how to achieve it. There is the eIDAS Expert Group that is supposed to deliberate how exactly the toolbox should be specified. This process currently, from my perspective, seems to be a bit slower than expected. In parallel, we have the procurement processes (large-scale pilots, wallet procurement), and all of them should be informed by a very clear policy which is in place. For me, there are currently multiple lines set up to run in parallel, and as stakeholders, we need to keep in mind that it will be incredibly hard to keep these lines in parallel and at some point let them converge.
Maya: It’s not an easy process. We have set an ambitious timeline and it’s not easy to achieve. Member States are working hard toward the finalisation of the Architectural Framework. Even if we have an agreement about the Architectural Framework by October, most probably it would not be the final one. We need to run these processes in parallel because otherwise the timeline would be extended by years. We need to have our Architectural Framework outline for the large-scale pilot because they need to be based on that, we also need to have the Architectural Framework for the procurement because the wallet needs to be based on the specifications that are agreed upon among the Member States. The processes now run in parallel, but there are points when they need to converge. When we have the first wallet reference implementation, it will be based on the Architectural Framework. The large-scale pilot will be using the wallet reference implementation. It’s a cascade of events that needs to happen. It hasn’t been easy from the beginning, because we have a very challenging timeline in front of us. The goal is to have the wallet for the citizens as soon as possible.
What are the requirements for creating an ecosystem for the private sector so that it is used widely?
Paola: That’s the million-dollar question. It all comes down to incentivisation to join the new system. Many working groups, including INATBA, are working on the business model for SSI with this proposal. The good news is that the electronic attestation of attributes will have the same legal effect as regular attestation on a paper form. We will have a regulatory obligation to produce these new standards to join the ecosystem. This is a mechanism of incentivising the issuer to join the ecosystem. The wallet should be free for a natural person, but it doesn’t mean you cannot monetise service on top of the wallet. So you will have monetary incentivisation.
Daniel: The private sector issuer ecosystem will go hand in hand with the verifier ecosystem. It’s great that you can issue cryptographically verifiable credentials, but you need to have consumers. Establishing the trusted ecosystem and the corresponding governance model will get us the adoption. So it’s both on the issuer side and the verifier side.
Kai: There is a need for certain types of attribute attestations and their schematic representation to be clearly specified to allow for multiple issuers to decide to issue them and offer them on the market. There shouldn’t be a situation where different issuers of diplomas issue very different types of diploma credentials. Ideally, they should be looking the same, at least structured according to the same logic so that it can be understood by the relying party or receiving entity very easily. Those factors are not directly in the current regulation proposal, but for the market of electronic attribute attestations to emerge and have potential, we need to think about these topics as well. There needs to be a set of use cases and associated credentials that are being proposed, advertised and pushed into the market by actors, trying to make comparable products available in the market. Usually market works well when you have different products, trying to solve the same thing, comparing them against each other, and then you can compare them based on price. As soon as the receiving party has a hard time understanding that they are asking for the same thing, it looks four different ways from four different providers, it would be a huge hampering factor for the market. We should think about the different issuers of attestation attributes to go through different levels of effort to be able to issue them. Potentially make it different for Qualified Attribute Attestations and regular Attribute Attestations, or even introduce more levels that allow a very cost-effective entrance into the issuing market. Right now it could be that for many actors the stakes, the effort and the cost required up front are too high to consider entering the market, especially if they are the authentic resource just for one very simple thing to issue. It’s not their core business, having that valuable information should be easy to set up as a side business. That has a huge potential.
Maya: All these things are under discussion in the toolbox process. The formats that the wallet will support and the formats of the credentials that the relying parties will expect will all be defined in the toolbox process. This is part of the standardisation. From that part, it might be easier for the uptake. It doesn’t mean the wallet will be able to include any kind of attestation that is defined. Furthermore, the wallet requires interaction from the qualified trust service providers, but it could also include the non-qualified ones. These don’t need to fulfil the requirements that the qualified ones will need to. It will potentially be easier for some issuers to intervene in the ecosystem.
What should the EUIDW look like to meet user and market needs within the constraints that there are?
Paola: User experience is very important. You don’t want the wallet to be something unusable. If I lose my phone, I want to be able to restore my wallet very easily. The winner will be the one with a very good user experience, design process, and even more when you think about consent. GDPR will apply and people will need to consent to sharing attributes. If every ten minutes you are requested to give your consent, you will have the same situation as when you are online and you want to check an article or something. As INATBA’s Privacy Working Group, we are already thinking of the legal mechanisms of how to prevent this consent fatigue, but the user experience will be key.
Kai: What we will likely see is 27 wallets minimum. There will be one wallet per Member State. While they are all built on the toolbox specification, they will still vary to some extent. It might be that the national eID scheme that is implemented in the national wallet is requiring a different user experience from one Member State to the other. There are likely different ways of preserving attribute attestations and having people use remote signature services. The big potential lies in establishing a dialogue about agreed standards and best practices for the user experience of these wallets. What will help drive adoption, i.e. people using the wallet voluntarily and not because they are forced to file their taxes, is the allowance for the competition of different wallets. The wallet should be free for use for the user and there should be a clear separation between the data and the wallet and the potential business model that the wallet issuer might have in the offering of their solution to the market. There is a huge value in providing choice to the users because they have different demands against the wallet. There are different user behaviours from generational, language and regional contexts. There are differences in what people expect from different solutions and that should be represented in the market.
Daniel: In the US, Maryland and Arizona offer mDL within two different apps, they reside in the Apple Wallet, which is a container doing a very specific thing. But it’s the app that provides the user experience. That is what’s important. The container is subservient to that. The app will have all the bits specified in the legislation, the auditability and the informed consent. That is going to be key to making it user-friendly and useful for adoption.
Paola: We want to forget about blockchain and verifiable credentials. We want to have something that people can widely use without even knowing there is DLT behind it. They don’t even know what standards will be used. It’s important that the principle of SSI is implemented with a user-friendly and user-centric product.
Do you see risks in the current EUDIW proposal and debate that emerged that need counteracting and more awareness? Are we missing important safeguards somewhere? Do we approach the private sector in the right way?
Daniel: As was mentioned, it is a very aggressive timeline, so there is a risk of not meeting the timeline objectives and getting everything in place within the time allocated. The other risk is that these standards are emerging, Europe is definitely pushing the envelope on this. The mDL specification is out, but even issuing the mDL to get it from the issuer to the wallet is out of the scope for the specification. That’s a risk. If we’re going to say “Use the mDL specifications”, it’s not fully there yet. That’s the risk of getting too far out front.
Paola: One risk is the exclusion of one part of the industry. Public permissionless blockchains are also trusted ledgers, and the regulation, in general, applies to permissioned blockchains. We don’t want to forget this ecosystem as a whole. The ecosystem is brilliant and innovative and we don’t want to exclude it.
Kai: How to safeguard against verifiers and relying parties asking for a bit too much? Usually, citizens find themselves in a very problematic power position. As a user, you are standing at the gateway of that huge service asking you for everything in your wallet, every single credential, attribute attestation, PID on your European Digital Identity Wallet. It’s the worst-case scenario. You don’t want to provide your hotel booking provider with everything. You only want to provide your mDL to your cab driver, and your passport data to the particular hotel check counter and not to the platform itself because the platform in between doesn’t need it. There needs to be a system in place and there are already hints of that in the proposal. To us a clear safeguard structure isn’t yet developed enough that would set boundaries to what relying parties can request from the wallet, establishing a clear procedure on how to get the allowance to request certain things from the wallet. This has to be easy and cost-effective, otherwise, the relying parties will not enter into the ecosystem. A balance needs to be achieved. The need to safeguard users from those illegitimate requests will lead to adoption and will be one of the decisive factors of the wallet technology being trusted by the citizens. In Germany, we have had the system for 12 years. It allows for selective disclosure and has zero-knowledge proof about age. It’s very sophisticated technology and it’s been proven to be secure over and over, it hasn’t been hacked yet. And only 7 % of Germans use it. It’s not because the system is unusable, but the launch of the new technology was hit by a campaign of distrust, critique and exaggerated criticism that destroyed the starting chance for that technology in the German market completely. Until today, almost no private entity, which could accept this national eID and use it for strong authentication, uses it, just because the citizens and customers don’t trust it to be a simple solution. One of the main things for the EUDIW is to ensure it’s very much from the very first moment regarded as safe, privacy-preserving and easy-to-use technology. It should never end up in the sphere of it potentially being the European surveillance mechanism number one, the Orwell’s eye in my phone. It’s important to make sure communication and transparency are achieved.
Maya: The Commission and the Member States have pointed out these risks. We are trying to mitigate them, especially regarding the timeline. The discussions regarding the other ones are either on the toolbox process or the legislative process. It’s not something that is forgotten and is discussed with the Member States in the technical group or during the regulation discussions.
The speakers provided their final thoughts:
Daniel: These are exciting times. The EU is doing a lot to push this forward, they are out ahead and I am happy to contribute.
Kai: I’d like to invite everyone to engage with this topic, potentially at INATBA. We are planning to do a lot of advocacy and educational work on this topic in the next years. We are also extremely grateful to meet in this group today.
Paola: This is really an exciting time. Being a stakeholder in this proposal is an amazing process, although very complicated. Let’s stay hopeful for the timeline and hopefully have an amazing EU wallet soon.
Maya: Thank you for having me as a panellist. This has been quite a process, we still have very challenging months in the future but are thrilled about what will be coming out of this project.
Please feel free to reach out to the co-chairs of the Identity Working Group (firstname.lastname@example.org) and the Privacy Working Group (email@example.com) of INATBA for more information about the work on eID.