The EU’s new eIDAS regulation creates the legal framework for secured electronic identification and transaction services across the EU. A plea to use existing CEN postal standards to fill this framework regulation.
Largely unnoticed by the European public as a whole, in the last weeks the European Union has taken a fundamental step in establishing the laws and business conditions for enabling secure digital transactions within the European internal market.
With Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market, also known as eIDAS, and published in the Official Journal of the European Union L257 on 28 August 2014, the race to create EU-wide, cross-border trust services has begun.
The eIDAS framework regulation directly applies in every EU member state. It is designed to ensure the smooth running of the internal market by creating EU-wide secure electronic identification and trust services.
eIDAS has 3 major aspects:
The next step is to fill this framework regulation with secondary legislation, both technical and organisational. Work on this began a few years ago, not just at EU level.
Years ago, and again largely unnoticed by anyone outside the postal world, the Universal Postal Service (UPU), a special organization of the UN whose task it is to maintain and develop the global postal network, started to extend physical postal service provision into the digital world.
Unsurprisingly, both the EU and UPU share the goal of providing a secured basis for electronic communications.
Where they differ is in their current stage of development: whereas the EU now has a legal framework - effectively the shell - and needs to adopt secondary legislation, the UPU already has in place its own framework, plus the global technical standards for secure cross-border digital communications and transactions.
Figure 1: Comparison of standards adopted and in use by the Universal Postal Union (UPU) vs. European Union (EU)
More than 3 years ago, the technical committee of the European Committee for Standardization (CEN) for digital postal services, CEN/TC331 WG2, converted the UPU standards for secured electronic communication with electronic documents, electronic seals, electronic time stamps, and electronic registered delivery services.
All these standards are now available in CEN format, making them directly accessible to European stakeholders.
The obvious next step is to use these standards for the eIDAS.
Therefore the relevant CEN Working group (CEN/TC331 WG2) has issued an invitation to experts from business and administration, as well as all those impacted by the standards (e.g. consumer representatives), to join in this work, and have a say in making targeted improvements.
The focus of these efforts is to secure communications and protect the individual.
For an electronic document and its transfer to be trusted, the:
The same applies for electronic transactions, over and above the sending of e-documents and protecting personal data. In the case of e-transactions, applications increasingly need access to identity credentials within protected environments.
In order to fulfil these requirements, trust services will arise in the form of identity brokers (eID Provider).
At the request of the (legal and natural) person, they will supply the attributes and characteristics of the persons within a communication which are needed to carry out the transactions.
Figure 2: Graphic based on the UPU Standard 64, 'Postal identity management: General concepts, definition of related terms and common protocols'.
Consequently, as a reflection of our decentralized digital world, these trust services will create their own trust frameworks, offering various levels of security.
Cross-border electronic communication solutions will need federated clearing systems established by qualified trust service providers.
At the same time, these systems will offer the highest possible level of protection with the lowest possible level of complexity and greatest ease of use. One hardly needs to stress that global communication solutions such as these, both email as well as message and text applications, must (and do) offer uninterrupted connections.
Communication is the basis of our culture and society.
Thus it comes as no surprise that Europe is creating the legal, regulatory and technical foundations to secure our civilization's key achievements in the digital world. This requires qualified trust protection – the same principle that helped secure our key democratic principles, including freedom of expression, press freedom, privacy of correspondence and of the private sphere, with the development of a global postal network around 150 years ago.
When we talk about trusted electronic communications, protected chat services and all digital transaction services, we are talking about nothing more, and nothing less.
* Trust service means an electronic service normally provided for remuneration which consists of: a) The creation, verification and validation of electronic signatures, electronic seals or electronic time stamps, electronic registered delivery services and certificates related to those services; or b) The creation, verification and validation of certificates for website authentication; or c) The preservation of electronic signatures, seals or certificates related to those services.
Walter Trezek is Chairman of CEN/TC331 WG2 'Hybrid and secured electronic postal services'. You can contact him directly.