identità digitale ed ecosistema industriale
TRANSCRIPT
Identità Digitale ed Ecosistema Industriale
Webinar ANIPLA, 23 Novembre 2020
Andrea SERVIDA
DG CONNECT
European Commission
SHAPING EUROPE’S DIGITAL FUTURE
Digital is very high on EU political agenda
“We must make this Europe’s Digital Decade.
…
But Europe must now lead the way on digital – or it will have to follow the way of others, who are setting these standards for us. This is why we must move fast. There are three areas on which I believe we need to focus. First, data.
…
And this is why we will invest 20% of NextGenerationEU on digital.”
(SOTEU - President Ursula von der Leyen, 16 September 2020)
EU Council on Digital
“The COVID-19 pandemic has further underlined the need to accelerate the digital transition in Europe. Seizing the opportunities of this transition is crucial to strengthening our economic base, ensuring our technological sovereignty, reinforcing our global competitiveness, facilitating the green transition, creating jobs and improving the lives of citizens. Building a truly digital Single Market will provide a home-based framework allowing European companies to grow and scale up.
…
To be digitally sovereign, the EU must build a truly digital single market, reinforce its ability to define its own rules, to make autonomous technological choices, and to develop and deploy strategic digital capacities and infrastructure.
…
At least 20% of the funds under the Recovery and Resilience Facility will be made available for the digital transition, including for SMEs.”
• (EC Conclusions, 1-2 October 2020)
eIDAS: The Regulation in a nutshell
AMLD5 – Directive (EU) 2018/843Published on OJEU on 19/06/2018
Payment Service Directive 2 – Directive (EU) 2015/2366 Commission Delegated Regulation (EU) 2018/389 – Regulatory Technical Standards for Strong Customer Authentication
Once-Only Principle cross-borderRegulation (EU) 2018/1724 on Single Digital Gateway
Digital on-boarding and portability of KYCEC Expert Group on eID and remote KYC jointly managed by CNECT, JUST and FISMA (final reports)
Company law DIRECTIVE (EU) 2019/1151 amending Directive (EU) 2017/1132 as regards the use of digital tools and processes in company law – consolidated text
Tackling online disinformation / Fighting fake newsCOM(2018) 236 final adopted on 26/04/2018
GDPR complianceData minimisation; use of trusted attributes, credentials and entitlements (such as age verification, proof of residence, etc.)
Audiovisual Media Service Directive Protection of minors / Age verification and parental consent…
Unlock the EU Single Market with eID & Trust Services
Overview of notified eID schemes under eIDASCountry eID scheme Publication
in OJCountry eID scheme Publication
in OJ
Germany National ID card 26.9.2017 UK GOV.UK Verify 2.5.2019
ItalySPID 10.9.2018
Czech Republic National eID card 13.9.2019National eID card 13.9.2019
Spain National ID card 7.11.2018 NetherlandseHerkenning 13.9.2019
DigiD 21.08.2020
LuxembourgLuxembourg eIDcard
7.11.2018 Slovakia National eID card 18.12.2019
EstoniaID card, Mobiil-ID, e-Residency
7.11.2018 LatviaeID karte, eParaksts
18.12.2019
CroatiaPersonal ID card (eOI)
7.11.2018 Denmark NemID 8.04.2020
Belgium
Citizen eCard 27.12.2018
Lithuania National eID card 21.08.2020FAS/itsme 18.12.2019
Portugal
National ID card 28.2.2019
CMD - mobile 8.04.2020
~60% of the EU population covered by notified eID schemes
STORK
SPOCS
epSOS
PEPPOL
eCODEX
PILOTING SCALING UP SUSTAINING
REGULATORY
• EU Legislation e.g. eIDAS
DEMAND CREATION
• CEF Work Programmes
• eGovernment Action Plan
• DSM Catalogue of Standards
SUPPLY CREATION
• Grants (subsidies)
20202014
How it started and where is it going?
e-SENS
ecosystem9
NODEOPERATORS
IDENTITY/ATTRIBUTE PROVIDERS
CITIZENS
Member States
Cross border authentication mutual recognition
SERVICE PROVIDERS
The eID ecosystem
An eID that “speaks for us and not about us”
11
eIDAS gives the opportunity to citizens to:
• control and selectively disclose identity data when accessing online services cross border
• limit the collection of their identity data to those strictly needed for a transaction while ensuring always full accountability.
It reinforces:
GDPR complianceData minimisation; use of trusted attributes, credentials and entitlements (such as age verification, proof of residence, etc.), requirements regarding parental consent for the processing of personal data of children below a certain age …
Audiovisual Media Service Directive Protection of minors / Age verification and parental consent / Extension to video-sharing platforms / Emphasis on co-regulatory and self-regulatory instruments …
OOPAccess to data based on “digital authentication” roaming / Consent / Proof of origin & integrity / …
CybersecurityeID&TS are preventative security measures (e.g. access to platforms) / going beyond encryption (eg QWCAS) / support “need2know” (eg KYC) / promote risk management culture (e.g. audit, certification, SBN, etc.) / bring greater transparency and accountability online (fight disinformation) …
The benefits of interoperable and recognised eID for the different actors
Citizen
Public administration
Identity/Attribute providers
Service providers
Ease of use Cost saving Increased assurance Use eID
Set up
Cost saving Compliance Increased assurance Financial support
Offer services using eID
New areas of application
Once only principle
Cost saving Legal compliance Increased security/assurance Increase potential user base
Provide identity/attributes
Cross-border online services
National eIDASNode
Hash of the previous block
How eIDAS Regulation is relevant to blockchain: Content of the blockchain as an electronic document
Article 3
Definitions
For the purposes of this Regulation, the following definitions apply:
(35) ‘electronic document’ means any content stored in electronic form, in particular text or sound, visual or audiovisual recording;
Article 46
Legal effects of electronic documents
An electronic document shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form.
13
Hash
Data
How eIDAS Regulation is relevant to blockchain: Inserting content in the blockchain
14
User decides to sendsome data to the
blockchain(transaction record,
DID, etc.)
Signed/sealed
data
Data sent to the network are grouped
into a block by validating nodes
The block is validated by the “validating nodes” of the
network using a consensus algorithm
The block is timestamped and added to the chain of blocks
(blockchain) which is accessible to all users
Timestampedblock
eIDAS Trust Service
eIDAS Trust Service
How eIDAS Regulation is relevant to blockchain: Blockchain for “identity”
15
User
Issuer
Issues signed attestation Presents third party
attestation
DID blockchain
eIDAS TSP
Ensures identity of the issuer:
trustworthiness of the attestation
eIDAS TSP
Ensures identity of the user: ownership of the attestation,
accountability for self-asserted data
eIDAS TSP
Ensures identity of the receiver: right to have access to the
attestations
Presents self-asserted data
Receiver
Issuer DID User DID Receiver DID
eIDAS Observatory post:
“SSI and eIDAS: a vision on
how they are connected”
Share your views!
• User Expectations - speed, security, protection of personal data
• 63% want a secure single digital ID for all online services that gives them control over the
use of their data
• 72% want to know how their data are used when they use social media accounts
• Market demands - versatile, secure and trustworthy identification
• Online services, telecom, finance, transport, etc.
• Platforms – Risk of further market dominance, user lock-in, loss of
control over data
• Current (public) eID system not fit for purpose • low uptake (~50% of EU population), only used in public sector, complex / fragmented
• Technological Change - mobile identification, distributed ID
systems,
Is all this enough? No, it isn’t. Why?
“This includes control over our personal data which still have far too rarely
today. Every time an App or website asks us to create a new digital identity or
to easily log on via a big platform, we have no idea what happens to our data in
reality. That is why the Commission will soon propose a secure European
e-identity. One that we trust and that any citizen can use anywhere in Europe
to do anything from paying your taxes to renting a bicycle. A technology where
we can control ourselves what data and how data is used.
(SOTEU - President Ursula von der Leyen, 16 September 2020)
Political Context 1/2
«The European Council calls for the development of an EU-wide framework
for secure public electronic identification (e-ID), including interoperable
digital signatures, to provide people with control over their online identity and
data as well as to enable access to public, private and cross-border digital
services. It invites the Commission to come forward with a proposal for a
ʻEuropean Digital Identification’ initiative by mid-2021. »
(EC Conclusions, 1-2 October 2020)
Political Context 2/2
• Universally Available – all EU citizens and businesses may use it
on a voluntary basis
• Universally Useable – legal obligation to recognise by private
and public service providers for all transactions that require
authentication (« EU single-sign-on »)
• Protecting Personal Data – users must be able to take control of
their identity and control the disclosure of personal data/attributes
Vision for a European Digital Identity
• Mobile Application – universally available, user-friendly, user-
controlled (app-based)
• Common Standards – universally useable and recognised, personal
data protection
• Exchange of Credentials (« proofs ») linked to Trusted Sources
– user-controlled, universally useable, personal data protection
Basic Features
TODAY TOMORROW
European Digital Identity in Practice
EUeID – Ecosystem
Identity / Credential Provider A
Identity / CredentialProvider B
Identity / CredentialProvider C
age, gender, owner of a driving
or fishing licence, engineer,
notary, doctor, architect,
student, teacher, auditor,
accountant, journalist, tax
residency…
ProvisionIssuance /
Access
Member State /
National Register
Tax Register
Professional
Roll
Access to eGov /
eHealth Application
Prove Professional /
Academic Qualification
Access to Platforms
Demonstrate Business
Role / Interests
Access to Financial
Services
Use Cases
Trusted sources Credentials
Control /
Release
[…]
A European Strategy for Data
80% of processing in cloud
20% of
processing
in IoT devices
80 % of processing
in IoT devices
20% of processing
in cloud
2018
2025
175 Zettabytes of
data produced
33 zettabytes of
data
produced• Data can transform all sectors of the
economy and is crucial for AI
• Personal and non-personal data can be
a source of innovation for new products
and services
• Data can contribute to tackle societal
challenges such as climate change,
health, mobility, etc.
• Data can make our lives and work
easier and better
Europe has everything to play for
European Strategy for Data
Data can flow within the
EU and across sectors
European rules and values
are fully respected
Rules for access and use of data are
fair, practical and clear & clear data
governance mechanisms are in place
A common European data space, a single market for data
Availability of high quality data
to create and innovate
What are the problems?
Lack of European data processing &
storage solutions
Not enough data available for reuse
• More public sector data can be made
available
• Low uptake of voluntary data sharing
among companies
• No clarity on the use of private sector
data for the common good
No real user empowerment
• imperfect data portability mechanisms
Fragmentation of the single market
Absence of comprehensive data
governance approaches
• To address legal and technical
barriers within and across sectors
(e.g. standardisation &
interoperability)
Skills shortage and low data
literacy
Deploying the strategy through 4 Pillars
Competences
Empowering individuals,
investing in digital skills &
data literacy and in
dedicated capacity building
for SMEs.
Enablers
Total investments of € 4-6
billion in a High Impact
Project on European data
spaces and federated cloud
infrastructures
Rollout of common
European data spaces
in crucial economic sectors and
domains of public interest,
looking at data governance and
practical arrangements.
A cross-sectoral governance
framework for data access
and use
including a legislative framework for the
governance of European data spaces
and other cross- sectoral measures for
data access and use
International Aspects
HealthIndustrial &
Manufacturing Agriculture Finance Mobility Green Deal Energy
Common European data spaces
Public Administration Skills
Personal data spaces
• Driven by stakeholders• Rich pool of data of varying degree of
openness
• Sectoral data governance (contracts, licenses, access rights, usage rights)
• Technical tools for data pooling and sharing
High Value Datasets
from public sector
Technical infrastructure for data spaces
Cloud Infrastructure &
Services
Edge Infrastructure &
Services
High-Performance
Computing
AI Testing and
Experimentation
Facilities
Legislative Framework
Data space Governance
• Secondary use of data held by the public sector
• Data Altruism
• Data Intermediaries
High Value Datasets
• List of datasets held by the public sector
• Machine readable
• API and standards
Data Act
• B2B co-generated data
• B2G data sharing
Q4 2020 Q1 2021 2021
European Cloud Alliance
Slow cloud uptake in Europe
1 in 4 businesses in Europe
1 in 5 SMEs in Europe
From below 10% to up to 65% across Member States
4 time lower in the public than in the private sector, on average
• Concentration in the Public cloud market
• 3 players = 65% global market (2018)
• Many EU cloud providers, no significant market shares
• Private cloud and hybrid cloud much less consolidated
• Market opportunities with edge-computing & energy-efficiency
Supply side trends
Memorandum of Understanding on Cloud Federation
Q3 2020Common European standards and requirements for the public procurement of cloud services
Data Spaces & European Federated Cloud infrastructures
Q1 2022EU Cloud Rulebook
Q2 2022
European Cloud Services Marketplaces
Q42022
Cloud Governance: access to
competitive, secure and fair cloud
services
Investment in EU cloud
computing capacities
Enablers: Cloud actions
FOSTER THE COMPUTING SUPPLY
• Build pan-European interconnections of cloud providers’ infrastructures
• Design cloud-to-edge competitive, secure, energy-efficient, cutting-edge services & marketplaces
• Make the EU a worldwide hub for data storage and processing activities; realise thecomputing continuum
RESPOND TO USERS’ NEEDS & STIMULATE CLOUD DEMAND
• Interconnect cloud infrastructures to enable a swift delivery of services of general interest
• Enhance a transparent access to and purchase of cloud-to-edge services for users
• Provision of tailored cloud-to-edge services offerings responding to specific sectorial needs
ENABLE DATA SPACES
• Facilitate hosting, storage and processing activities
• Support secure data access, exchange and usage
• Foster data and cloud enabled product and service innovation
European Cloud Alliance: objectives
European Data Spaces Standards & interoperability, data access tools, data quality and verification technologies,
advanced data processing at the core and edge, data governance (contracts, licenses)
Public High Value
Datasets
AgricultureManufacturing Mobility HealthEnvironmentFinance Energy
IaaS (Infrastructure as a Service)Servers, computing, OS, storage, network
PaaS (Platforms as a Service)Middleware, web services and databases
SaaS (Software as a Service)Software, ERP, CRM, data analytics
Marketplace for Cloud to Edge based ServicesCloud services meeting high requirements for data protection, security, portability, interoperability, energy efficiency
Public administration
Federation of Cloud
Infrastructure & ServicesCloud stack management and
multi-cloud / hybrid cloud, cloud
governance
(contract, rulebook)
Edge
Infrastructure
& Services
High-
Performance
Computing
European cloud alliance & data spacesPrivate sector Public interest
How?
2 Billion EU funding in
the period 2021-2027
Co-investmentfrom Industry
& Member States
NB: Pending EU budgetary negotiations
CEF2
• Rollout of cross-border secure and energy-efficient interconnections of cloud infrastructures across the EU territory
DEP
• Design and deploy cutting-edge, secure and energy friendly cloud-to-edge services and marketplaces to foster the emergence of a competitive computing industry in Europe
European cloud federation: How ?
With the Support of Invest EU programme + Recovery & Resilience
Facility
• Participants will be required to comply with:
• Data protection (GDPR)
• Security (EU cloud security certification scheme)
• BSI C5/ SecNum Cloud/Future
• Portability (SWIPO Codes of Conduct)
• Energy efficiency (e.g. EU Code of Conduct on energy-efficient data centres)
Future EU Rulebook & Common contractual clauses for public procurement
• Compliance with standards
• Interoperability
• Business continuity management
• Service Level Agreements
• Use of existing certification schemes & cloud labels
European cloud alliance: governance
Declaration - Building the next generation cloud for businesses and the public sector in the EU
https://ec.europa.eu/digital-single-market/en/news/towards-next-generation-cloud-europe
Thanks!
Questions?