“Our contribution is going to be based on our long-term experience in consulting the Estonian Government on public key infrastructure, ID cards, electronic signatures, seals and time stamps, digital identity credentials, electronic voting, and authentication protocols.”
Cybernetica, among five service providers, has signed a three-year framework contract with the European Union Agency for Cybersecurity (ENISA). Cybernetica will be providing a wide range of consultancy services regarding digital wallets and electronic identification related to the eIDAS regulation in the EU.
The purpose of this contract is to provide support for the ENISA work in the area of electronic identification, digital wallets and trust services, throughout the years 2023-2025. The actual projects to be covered will depend on the actual text of the eIDAS revision and the output of the ToolBox process for a coordinated approach towards a European Digital Identity Framework. Moreover, the interplay between NIS2 Directive and eIDAS revision will be included covering cybersecurity and governance requirements.
“eIDAS Regulation changes to support the EUDI Wallet and accompanying trust services are a major evolution in the EU electronic identity space. Our team’s success in being part of the European Union Agency for Cybersecurity framework contract and subsequent tender possibilities give Cybernetica yet another opportunity to provide input on the security and future developments of the overall industry direction. Cybernetica’s core value is privacy preservation and at a time of digital transformation for many member states and their citizens, this value is paramount,” commented Michael Buckland, Head of Digital Identity Technologies Department at Cybernetica. “Our contribution is going to be based on our long-term experience in consulting the Estonian Government on public key infrastructure, ID cards, electronic signatures, seals and time stamps, digital identity credentials, electronic voting, and authentication protocols. Moreover, Cybernetica has been actively engaged with the emerging topic of digital identity wallets, hence we aim provide further input based on our extensive knowledge in cryptographic algorithms and protocols, best practices in cybersecurity and public key infrastructure, and experience in standards, information security policies and certification,” Buckland continued.
The eIDAS regulation became effective in 2016 and it replaced the Electronic Signatures Directive 1999/93/EC. eIDAS addresses the problems of the 1999 Directive and expands its scope further. The regulation aims to facilitate the commerce in the EU through transparency, security, technical neutrality, cooperation and interoperability.
To enforce these values, eIDAS:
Standardises the use of electronic identification (eID);
Defines a new class of “electronic trust services” (eTS);
Clarifies and ensures the legal validity of electronic signatures;
Creates a European internal market within the EU for electronic trust services.
These standards apply within the EU member states as well as cross-border.
The eIDAS Regulation is now under review and ENISA will continue its work on supporting public and private bodies in implementing the regulation by addressing technological aspects and building blocks for trust services, electronic identities and digital wallets. The European Commission made a proposal on the 3rd of June 2021, amending the eIDAS Regulation (EU) No 910/2014. It aims at redefining the European landscape of electronic identities and trust services, enforcing even stricter integration. Moreover, it establishes a new framework for European Digital Identity Wallets and introduces three new Trust Services (provision of electronic archiving services, electronic ledgers, and management of remote electronic signature and seal creation devices). These amendments will enhance the market perspective and will have an impact on cybersecurity requirements.
Since 2013 ENISA has supported the implementation of the eIDAS Regulation by providing security recommendations for a correct implementation of trust services, mapping technical and regulatory requirements, promoting the deployment of qualified trust services in Europe, raising awareness for relying parties and end users to secure their electronic transactions using trust services.
Cybernetica has over 20 years of expertise in digital identity technologies, most notably having contributed to the creation of Estonian ID-card system. Today, Cybernetica is providing its customers worldwide with identity management, onboarding, and secure digital identification and electronic signature solutions. Cybernetica’s smart-phone based digital authentication and electronic signature solution SplitKey powers EU eIDAS compliant Smart-ID authentication and electronic signature service that has over 2 million end-users in the Baltics and is used by top Nordic banks, leading telcos, and e-commerce providers.