On June 29, Signaturit participated for the second consecutive year in the Trust Service Provider Forum (TSP Forum 2017) organized by ENISA, the European Agency on Network and Information Security.
Since the entry into force of the Regulation (EU) Nº 910/2014 on electronic identification and trust services for electronic transactions, the event has been organized as a demonstration of the commitment of the European Commission to develop an open forum to discuss this regulation.
The main goal was for the participants to discuss, share and exchange ideas for all European citizens, companies and public administrations to access online services and manage electronic transactions with complete freedom and legal security.
In this post we summarize the session and we compile its main conclusions, so that you are up to date on the news that this law has introduced.
This post is also available in Spanish.
Conclusions of the Trust Service Provider Forum (TSP Forum 2017)
The third edition of the TSP Forum 2017 has focused on the new trust services established by the Regulation. The goal has been to share the best practices and experiences in implementing these services by the providers. The event also aimed to reflect on the rules, implementation acts and technical guidelines that are derived from the Regulation.
This is the third time that the forum has been organized. Since its first edition in 2015, it has counted on the support of Andrea Servida, head of the working group that created the Regulation (EU) Nº 910/2014, known as the eIDAS.
The 2016 edition focused on the entry into force of said Regulation and the event counted on the participation of notable figures in the European Commission, such as its Vice President Andrus Ansip.
These annual meetings organized by ENISA count on the presence and participation of representatives of all parties involved: electronic trust service providers, conformity assessment bodies, supervisory authorities (Member States) and other private companies in the industry.
What stands out from the different sessions that took place in the TSP Forum 2017?
From the different sessions that took place, we’d like to highlight the following points:
Current situation: eIDAS, CEF and ENISA
At the beginning of the event, from the institutional point of view of the European Commission and ENISA, Gábor Bartha shared with the attendees the following information:
- The roadmap followed since the entry into force of the Regulation eIDAS in September 2014.
- The application of the new trust services following July 1, 2016
- The future obligation of mutual recognition of electronic identification mechanisms by the Member States, by mid 2018.
In order to meet the deadlines established, the Commission and ENISA have carried out a series of initiatives to establish a network of cooperation between Member States, to advance the implementation of said systems of electronic identification (eID).
In this last meeting, they shared the success case of Germany, the first country to notify of their identity national system scheme (with 40 million users).
Additionally, the European Commission promoted the adoption of the Regulation eIDAS in other sectors through initiatives such as the Better Regulation Toolbox.
On the other hand, cooperation was encouraged between the different Directorate-General Departments of the Commission, such as the Directorate-General JUST, who is responsible for implementing the new Directive regarding the Prevention of Money Laundering (AML4).
The TSP Forum 2017 took place in the city of Brussels, Belgium, in the historic Berlaymont building of the European Commission.
The point of view of the Conformity Assessment Bodies
Representatives of the Conformity Assessment Bodies were also present. These entities are the organizations responsible for objectively assessing conformity based on the technical and legislative standards established in the Regulation (EU) Nº 910/2014.
Romain Santini, representative of the ANSSI, the French supervisory authority, commented that they are in the review phase of all the evaluation conformity reports received. In France, they have been working together with the accreditation organism LTSI to better define the necessary requirements to comply with the regulations in a more clear and precise way.
The point of view of the Electronic Trust Service Providers
Lastly, from the point of view of the Electronic Trust Service Providers, we reflected on the need for the Regulation to clarify which are the requirements to remotely identify a person at the moment of obtaining a qualified certificate.
This request for clarification is shared by all parties involved, as there is a risk of divergence between the national legislations of the Member States, and this is a priority to resolve.
In short, we can say that the third edition of the TSP Forum has been a success again, as it has achieved the set objectives, and it has allowed all parties involved to share experiences and information regarding the adoption and compliance of the new Regulation eIDAS.
In this sense, with respect to the level of adoption of the new electronic trust services, the general perception is that the main barrier is the lack of information and knowledge on how to carry out an evaluation by the end users, meaning companies and consumers.
For this reason, we recommend to chose a solution that is most adapted to the local framework, both at a technical level as well as at a support level.
From Signaturit we will continue promoting electronic trust services in the European Union, offering solutions that combine the maximum legal requirements with the best user experience possible, with the aim to facilitate the adoption of these technologies.
This post is also available in Spanish.