The EU improves the availability of cross-border e-Government services

By | Sin categoría | No Comments

(Link to the original piece of news: https://ec.europa.eu/digital-single-market/en/news/new-study-egovernment-services-europe-improving-cross-border-availability-services).

The last eGovernment benchmark 2017 report shows a significant improvement in the cross-border availability of digital public services and the accessibility of public websites from mobile devices in the EU Member States. This study also indicates a need for improvement in the transparency of the provision of public services and the use of support technology such as eID or eDocuments.

The countries that have obtained the highest scores have been Malta, Denmark, Sweden, Estonia and Norway. These countries lead the way towards the creation of a Digital Single Market.

 

Country performance: How do individual countries perform

 

Performance is measured as an average of scores for four top-level benchmarks:

  • User centricity (how fast and easy to use public information and services online),
  • Transparency (of government authorities’ operations, service delivery procedures and the level of control users have over their personal data),
  • Cross-border mobility (the extent to which people can use public services outside their country),
  • Key enablers (the availability of eID, eDocuments and Authentic Sources, etc).

Europe appears to be getting closer to the 100%-landmark with regard to user-centricity.  However, it scores less well on the other three benchmarks, especially in terms of exploiting the potential of Key Enablers  for public services.

User Centricity

This is the most advanced dimension of online public services in Europe in 2016, emphasising the focus of governments to bring more public information and services online. Europe records a 12 p.p. increase in online availability of services.  The gap between worst and best performing countries is also closing.

Transparency of government organizations

The transparency of government organizations’ service processes and citizens’ control of personal data averages at 59% for the EU in 2016. The study shows that the transparency of service delivery processes (e.g. informing users on how long the process will take, response times, etc.) is insufficient for 1 in 2 people.

Cross-border service delivery

This dimension is essential for the Digital Single Market and records solid improvements over the years (+25% since 2012). Information and even services are becoming increasingly available to EU citizens when starting up a business or studying in another country.

Key technological enablers

The study reveals that the deployment of key technological enablers  (i.e. eID, eDocuments and Authentic Sources) has the most room for improvement (at 52%; EU28+). The authentic sources indicator which facilitates pre-filling of online forms, progressed slower than other indicators, with only a 3% growth since 2012.

Degree of implementation of eIDAS within the EU

By | Sin categoría | No Comments

Regulation (EU) No. 910/2014 of the European Parliament and of the Council of July 23, 2014, on electronic identification and trust services in electronic transactions in the internal market, which entered into force on the 1st of July 2016, has experienced an uneven implementation in the countries of the European Union.

We analyze the degree of implementation in the main countries of the EU:

 

  • France:

There is not a national law yet but there are different procedures and requirements based on ETSI regulations.

Supervisory Body: ANSSI (Agence nationale de la sécurité des systèmes d’information).

Link: www.ssi.gouv.fr

 

  • Germany:

There is not a national law yet, but there are different procedures and requirements based on ETSI regulations.

Supervisory Body: BSI (Federal Office for Information Security).

Link: www.bsi.bund.de

 

  • Belgium:

The national law is applied, without connection with the ETSI or CEN norms.

The Conformity Assessment Bodies are accredited according to ISO / IEC 17065 + ETSI EN 319 403.

Supervisory Body: Service Publique fédéral Economie, PME, Moyennes Classes and Energie.

Link: economie.fgov.be/fr

 

  • Spain:

National Law 39/2015 applies. There are no specific procedures for Trust Service Providers.

Supervisory Body: Ministry of Energy, Tourism and Digital Agenda (MINETUR).

Link: https://sede.minetur.gob.es/

 

  • Italy:

There is no national law, but a national accreditation system, based on EN 319 403, administered by ACCREDIA (2 CAB accredited – VERITAS and CSQA).

Supervisory Body: Agenzia per l’Italia Digitale.

Link: www.agid.gov.it/

 

  • Netherlands

There is no national law, but national procedures for notifications of non-compliance and accreditation of the CAB.

Supervisory Body: Authority for Consumers and Markets and Agentschap Telecom.

Links: https://www.acm.nl/en and https://www.agentschaptelecom.nl/

 

  • United Kingdom:

The national law for the eIDAS application defines the applicable procedures for each type of trust service.

Supervisory body: The Information Commissioner.

Link: https://ico.org.uk/

 

The complete chart can be found in the following link:

https://ec.europa.eu/futurium/en/system/files/ged/eidas_european_comparison_chart_2017-04-25_0.pdf

EIDAS celebrates its first anniversary

By | Sin categoría | No Comments

Regulation (EU) No 910/2014 (eIDAS), which came into force in July 2016, has recently completed its first year of life.

We analyze the main keys of a regulation that has revolutionized electronic transactions in the European Union:

 

  • The main novelty of this new Regulation is the harmonization of the requirements for the mutual recognition of electronic identification at EU level (and therefore, the repealing of the previous Directive 1999/93/EC and the respective national laws).

In this way, the EU Trust Service Providers can offer their services in any other EU country, eliminating previous barriers. Therefore, this harmonization particularly contributes to the creation of the “digital single market” which, according to EU forecasts, must be fully operational by 2020.

 

  • The Regulation has created the “EU trust mark”, which clearly distinguishes qualified trust services from other trusted services.

 

  • The Regulation has introduced the concept of Qualified Trust Services Providers and Electronic Trust Services.

In particular, it has created the following qualified services (those that meet the requirements applicable in Regulation (EU) No 910/2014): electronic signatures and electronic stamps. Electronic signatures are intended for individuals and electronic stamps to legal entities. In addition, it regulates other trusted services such as electronic time stamps, electronic documents, electronic delivery services and website authentication.

Qualified Trusted Service Providers obtain this status through a Conformity Assessment Report and must be audited at least every 24 months by a Supervisory Body.

 

  • New levels of electronic identification, low and substantial,are specified, improving identification mechanisms for different business and technological contexts, such as handwritten signatures on mobile devices or cloud signature solutions.

 

  • The Regulation has introduced the concept of Electronic Signature in three different levels:

Electronic Signature: The definition of electronic signature is not modified under eIDAS. The electronic signature has legal effects and is admissible as evidence in legal proceedings.

Advanced Electronic Signature: It allows the unique identification and authentication of the signer of a document and allows checking the integrity of the signed document. Normally, this authentication is usually achieved with the issuance of a digital certificate by a Certification Authority (CA).

Qualified Electronic Signature: They are the electronic equivalent of handwritten signatures. They are based on Qualified Certificates, which can only be issued by a CA accredited by the EU Member States and must meet the requirements of eIDAS. These are the only signatures that ensure the mutual recognition of their validity by all EU Member States.

 

  • Recognition of electronic signatures as evidence at trial within the EU.

This concept is reflected on Article 25 of eIDAS, which provides that legal effects and admissibility as evidence in court proceedings are not denied to an electronic signature by the mere fact of being an electronic signature or because it does not meet the requirements of qualified electronic signature. In fact, a qualified electronic signature has a legal effect equivalent to that of a handwritten signature.

In addition, a qualified electronic signature based on a qualified certificate issued in one Member State shall be recognized as a qualified electronic signature in all other Member States.

 

  • The regulation recognizes admissibility as evidence in a trial and its legal effect for electronic signatures even though it only equates qualified electronic signatures with handwritten signatures and qualified electronic seals gives them the presumption of integrity and correctness of the origin of the data to the seal it is bound to.

 

  • The Regulation creates the EU Trusted Lists, which reflects the Qualified Electronic Trust Services Providers and the services they offer. The TSPs and its services will be qualified if they appear on these lists.

 

  • Qualified signature creation devices are regulated. They must meet the requirements listed in Annex II of Regulation (EU) 910/2014. The European Commission shall establish, publish and maintain a list of qualified electronic signature/stamp devices with the information provided by the Member States.

 

  • Remote identification for electronic signature is enabled and, therefore, the on-site identification is no longer needed. To ensure the safety of the process, other identification means such as prior on-site identification, qualified electronic seals or qualified electronic signature certificates are used.

 

  • The Regulation establishes that Trust Service Providers shall be audited every 24 months by a Conformity Assessment Body. The purpose of the audit is to confirm that both Qualified Trust Service Providers and the electronic trust services they provide meet the requirements of Regulation (EU) 910/2014.

 

The introduction of the eIDAS Regulation was a necessity at EU level, since prior to its entry into force the identity documents of citizens form one Member State were not valid in other EU Member States.

Therefore, eIDAS facilitates the provision of cross-border services and allows companies to operate outside their borders. Ultimately, it benefits citizens, businesses and Public Administrations in tasks such as paying taxes, public tenders, signing online contracts, economic transactions through electronic banking and online health services, among others.

 

Source: European Commission

 

Some keys to Regulation No 910/2014 (EIDAS)

By | Evaluación de conformidad, Sin categoría | No Comments

I.- Use of cross-border identification and signature systems

The transposition of Directive 1999/93 was uneven and it has never seemed clear enough that electronic signature and identification certificates issued by Certification Service Providers in one Member State had to be accepted by the rest of the Member States. States, in particular in its eGovernment services.

Since July 1st 2016, the direct application of EU Regulation 910/2014 definitely clarifies this concept. We will see how it is assumed in the implementations.

II.-CSPs (Certification Services Providers) will be called ETSPs (Electronic Trust Services Providers)

They are now called Trust Services Providers (TSPs). And they can issue qualified certificates (equivalent to recognized certificates of Law 59/2003) or non-qualified certificates.

The issuance of natural person certificates is an specific type of trust service (which is compatible with the service provided in Law 59/2003) and, among them, there are qualified certificates (in the aforementioned law they were called “recognized”). In order to issue this kind of certificates, a notification of its intention together with a Conformity Assessment Report issued by a Conformity Assessment Body (in Spain, Entidad Nacional de Acreditación (ENAC)) shall be submitted to the Supervisory Body (in Spain, the State Secretariat for Telecommunications and Information Society). If it is granted with the possibility of issuing qualified certificates, it will be placed in a trusted list (which each Member State publishes with information of all qualified providers of Trust Services) and may use the trust tag “EU” to indicate the services it provides.

It should be noted that the control mechanisms on all service providers are increased (whether they issue qualified certificates or not), which will be audited every 24 months to confirm that they comply with the provisions of the Regulation.

III.- Liability of Service Providers

They remain liable for the damages caused deliberately or negligently to any person due to any breach of the obligations established in the Regulation. However, the limitations on the liability of Article 23 of Law 59/2003 are removed, being the burden of proof (i) of the person claiming the damage, when the Provider issues non-qualified certificates, or (ii) a service provider issuing qualified certificates, who must prove that the damages occurred without intention or negligence on his part.

IV.- Legal Person Certificates

The Regulation does not foresee the issuance of electronic signature certificates in favor of legal persons or entities without legal personality. This type of entities only have electronic stamps, which allow to prove the authenticity of the origin and the integrity of the sealed document.

V.- New regulated services

Apart from the electronic signature (defined in Law 59/2003, in 3 types, electronic signature, advanced and qualified), the Regulation also regulates the electronic seal (there are also 3 kinds), electronic timestamp, certified electronic delivery service, electronic document and website authentication. Recital 55 of the Regulation also opens the possibility of generating qualified electronic signatures such as the mobile signature or the cloud signature, which can greatly boost the market for electronic signatures.