Identità Digitale ed Ecosistema Industriale

Webinar ANIPLA, 23 Novembre 2020

Andrea SERVIDA

DG CONNECT

European Commission

SHAPING EUROPE’S DIGITAL FUTURE

Digital is very high on EU political agenda

“We must make this Europe’s Digital Decade.

…

But Europe must now lead the way on digital – or it will have to follow the way of others, who are setting these standards for us. This is why we must move fast. There are three areas on which I believe we need to focus. First, data.

…

And this is why we will invest 20% of NextGenerationEU on digital.”

(SOTEU - President Ursula von der Leyen, 16 September 2020)

EU Council on Digital

“The COVID-19 pandemic has further underlined the need to accelerate the digital transition in Europe. Seizing the opportunities of this transition is crucial to strengthening our economic base, ensuring our technological sovereignty, reinforcing our global competitiveness, facilitating the green transition, creating jobs and improving the lives of citizens. Building a truly digital Single Market will provide a home-based framework allowing European companies to grow and scale up.

…

To be digitally sovereign, the EU must build a truly digital single market, reinforce its ability to define its own rules, to make autonomous technological choices, and to develop and deploy strategic digital capacities and infrastructure.

…

At least 20% of the funds under the Recovery and Resilience Facility will be made available for the digital transition, including for SMEs.”

• (EC Conclusions, 1-2 October 2020)

eIDAS: The Regulation in a nutshell

AMLD5 – Directive (EU) 2018/843Published on OJEU on 19/06/2018

Payment Service Directive 2 – Directive (EU) 2015/2366 Commission Delegated Regulation (EU) 2018/389 – Regulatory Technical Standards for Strong Customer Authentication

Once-Only Principle cross-borderRegulation (EU) 2018/1724 on Single Digital Gateway

Digital on-boarding and portability of KYCEC Expert Group on eID and remote KYC jointly managed by CNECT, JUST and FISMA (final reports)

Company law DIRECTIVE (EU) 2019/1151 amending Directive (EU) 2017/1132 as regards the use of digital tools and processes in company law – consolidated text

Tackling online disinformation / Fighting fake newsCOM(2018) 236 final adopted on 26/04/2018

GDPR complianceData minimisation; use of trusted attributes, credentials and entitlements (such as age verification, proof of residence, etc.)

Audiovisual Media Service Directive Protection of minors / Age verification and parental consent…

Unlock the EU Single Market with eID & Trust Services

Overview of notified eID schemes under eIDASCountry eID scheme Publication

in OJCountry eID scheme Publication

in OJ

Germany National ID card 26.9.2017 UK GOV.UK Verify 2.5.2019

ItalySPID 10.9.2018

Czech Republic National eID card 13.9.2019National eID card 13.9.2019

Spain National ID card 7.11.2018 NetherlandseHerkenning 13.9.2019

DigiD 21.08.2020

LuxembourgLuxembourg eIDcard

7.11.2018 Slovakia National eID card 18.12.2019

EstoniaID card, Mobiil-ID, e-Residency

7.11.2018 LatviaeID karte, eParaksts

18.12.2019

CroatiaPersonal ID card (eOI)

7.11.2018 Denmark NemID 8.04.2020

Belgium

Citizen eCard 27.12.2018

Lithuania National eID card 21.08.2020FAS/itsme 18.12.2019

Portugal

National ID card 28.2.2019

CMD - mobile 8.04.2020

~60% of the EU population covered by notified eID schemes

STORK

SPOCS

epSOS

PEPPOL

eCODEX

PILOTING SCALING UP SUSTAINING

REGULATORY

• EU Legislation e.g. eIDAS

DEMAND CREATION

• CEF Work Programmes

• eGovernment Action Plan

• DSM Catalogue of Standards

SUPPLY CREATION

• Grants (subsidies)

20202014

How it started and where is it going?

e-SENS

ecosystem9

NODEOPERATORS

IDENTITY/ATTRIBUTE PROVIDERS

CITIZENS

Member States

Cross border authentication mutual recognition

SERVICE PROVIDERS

The eID ecosystem

An eID that “speaks for us and not about us”

11

eIDAS gives the opportunity to citizens to:

• control and selectively disclose identity data when accessing online services cross border

• limit the collection of their identity data to those strictly needed for a transaction while ensuring always full accountability.

It reinforces:

GDPR complianceData minimisation; use of trusted attributes, credentials and entitlements (such as age verification, proof of residence, etc.), requirements regarding parental consent for the processing of personal data of children below a certain age …

Audiovisual Media Service Directive Protection of minors / Age verification and parental consent / Extension to video-sharing platforms / Emphasis on co-regulatory and self-regulatory instruments …

OOPAccess to data based on “digital authentication” roaming / Consent / Proof of origin & integrity / …

CybersecurityeID&TS are preventative security measures (e.g. access to platforms) / going beyond encryption (eg QWCAS) / support “need2know” (eg KYC) / promote risk management culture (e.g. audit, certification, SBN, etc.) / bring greater transparency and accountability online (fight disinformation) …

The benefits of interoperable and recognised eID for the different actors

Citizen

Public administration

Identity/Attribute providers

Service providers

Ease of use Cost saving Increased assurance Use eID

Set up

Cost saving Compliance Increased assurance Financial support

Offer services using eID

New areas of application

Once only principle

Cost saving Legal compliance Increased security/assurance Increase potential user base

Provide identity/attributes

Cross-border online services

National eIDASNode

Hash of the previous block

How eIDAS Regulation is relevant to blockchain: Content of the blockchain as an electronic document

Article 3

Definitions

For the purposes of this Regulation, the following definitions apply:

(35) ‘electronic document’ means any content stored in electronic form, in particular text or sound, visual or audiovisual recording;

Article 46

Legal effects of electronic documents

An electronic document shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in electronic form.

13

Hash

Data

How eIDAS Regulation is relevant to blockchain: Inserting content in the blockchain

14

User decides to sendsome data to the

blockchain(transaction record,

DID, etc.)

Signed/sealed

data

Data sent to the network are grouped

into a block by validating nodes

The block is validated by the “validating nodes” of the

network using a consensus algorithm

The block is timestamped and added to the chain of blocks

(blockchain) which is accessible to all users

Timestampedblock

eIDAS Trust Service

eIDAS Trust Service

How eIDAS Regulation is relevant to blockchain: Blockchain for “identity”

15

User

Issuer

Issues signed attestation Presents third party

attestation

DID blockchain

eIDAS TSP

Ensures identity of the issuer:

trustworthiness of the attestation

eIDAS TSP

Ensures identity of the user: ownership of the attestation,

accountability for self-asserted data

eIDAS TSP

Ensures identity of the receiver: right to have access to the

attestations

Presents self-asserted data

Receiver

Issuer DID User DID Receiver DID

eIDAS Observatory post:

“SSI and eIDAS: a vision on

how they are connected”

Share your views!

• User Expectations - speed, security, protection of personal data

• 63% want a secure single digital ID for all online services that gives them control over the

use of their data

• 72% want to know how their data are used when they use social media accounts

• Market demands - versatile, secure and trustworthy identification

• Online services, telecom, finance, transport, etc.

• Platforms – Risk of further market dominance, user lock-in, loss of

control over data

• Current (public) eID system not fit for purpose • low uptake (~50% of EU population), only used in public sector, complex / fragmented

• Technological Change - mobile identification, distributed ID

systems,

Is all this enough? No, it isn’t. Why?

“This includes control over our personal data which still have far too rarely

today. Every time an App or website asks us to create a new digital identity or

to easily log on via a big platform, we have no idea what happens to our data in

reality. That is why the Commission will soon propose a secure European

e-identity. One that we trust and that any citizen can use anywhere in Europe

to do anything from paying your taxes to renting a bicycle. A technology where

we can control ourselves what data and how data is used.

(SOTEU - President Ursula von der Leyen, 16 September 2020)

Political Context 1/2

«The European Council calls for the development of an EU-wide framework

for secure public electronic identification (e-ID), including interoperable

digital signatures, to provide people with control over their online identity and

data as well as to enable access to public, private and cross-border digital

services. It invites the Commission to come forward with a proposal for a

ʻEuropean Digital Identification’ initiative by mid-2021. »

(EC Conclusions, 1-2 October 2020)

Political Context 2/2

• Universally Available – all EU citizens and businesses may use it

on a voluntary basis

• Universally Useable – legal obligation to recognise by private

and public service providers for all transactions that require

authentication (« EU single-sign-on »)

• Protecting Personal Data – users must be able to take control of

their identity and control the disclosure of personal data/attributes

Vision for a European Digital Identity

• Mobile Application – universally available, user-friendly, user-

controlled (app-based)

• Common Standards – universally useable and recognised, personal

data protection

• Exchange of Credentials (« proofs ») linked to Trusted Sources

– user-controlled, universally useable, personal data protection

Basic Features

TODAY TOMORROW

European Digital Identity in Practice

EUeID – Ecosystem

Identity / Credential Provider A

Identity / CredentialProvider B

Identity / CredentialProvider C

age, gender, owner of a driving

or fishing licence, engineer,

notary, doctor, architect,

student, teacher, auditor,

accountant, journalist, tax

residency…

ProvisionIssuance /

Access

Member State /

National Register

Tax Register

Professional

Roll

Access to eGov /

eHealth Application

Prove Professional /

Academic Qualification

Access to Platforms

Demonstrate Business

Role / Interests

Access to Financial

Services

Use Cases

Trusted sources Credentials

Control /

Release

[…]

A European Strategy for Data

80% of processing in cloud

20% of

processing

in IoT devices

80 % of processing

in IoT devices

20% of processing

in cloud

2018

2025

175 Zettabytes of

data produced

33 zettabytes of

data

produced• Data can transform all sectors of the

economy and is crucial for AI

• Personal and non-personal data can be

a source of innovation for new products

and services

• Data can contribute to tackle societal

challenges such as climate change,

health, mobility, etc.

• Data can make our lives and work

easier and better

Europe has everything to play for

European Strategy for Data

Data can flow within the

EU and across sectors

European rules and values

are fully respected

Rules for access and use of data are

fair, practical and clear & clear data

governance mechanisms are in place

A common European data space, a single market for data

Availability of high quality data

to create and innovate

What are the problems?

Lack of European data processing &

storage solutions

Not enough data available for reuse

• More public sector data can be made

available

• Low uptake of voluntary data sharing

among companies

• No clarity on the use of private sector

data for the common good

No real user empowerment

• imperfect data portability mechanisms

Fragmentation of the single market

Absence of comprehensive data

governance approaches

• To address legal and technical

barriers within and across sectors

(e.g. standardisation &

interoperability)

Skills shortage and low data

literacy

Deploying the strategy through 4 Pillars

Competences

Empowering individuals,

investing in digital skills &

data literacy and in

dedicated capacity building

for SMEs.

Enablers

Total investments of € 4-6

billion in a High Impact

Project on European data

spaces and federated cloud

infrastructures

Rollout of common

European data spaces

in crucial economic sectors and

domains of public interest,

looking at data governance and

practical arrangements.

A cross-sectoral governance

framework for data access

and use

including a legislative framework for the

governance of European data spaces

and other cross- sectoral measures for

data access and use

International Aspects

HealthIndustrial &

Manufacturing Agriculture Finance Mobility Green Deal Energy

Common European data spaces

Public Administration Skills

Personal data spaces

• Driven by stakeholders• Rich pool of data of varying degree of

openness

• Sectoral data governance (contracts, licenses, access rights, usage rights)

• Technical tools for data pooling and sharing

High Value Datasets

from public sector

Technical infrastructure for data spaces

Cloud Infrastructure &

Services

Edge Infrastructure &

Services

High-Performance

Computing

AI Testing and

Experimentation

Facilities

Legislative Framework

Data space Governance

• Secondary use of data held by the public sector

• Data Altruism

• Data Intermediaries

High Value Datasets

• List of datasets held by the public sector

• Machine readable

• API and standards

Data Act

• B2B co-generated data

• B2G data sharing

Q4 2020 Q1 2021 2021

European Cloud Alliance

Slow cloud uptake in Europe

1 in 4 businesses in Europe

1 in 5 SMEs in Europe

From below 10% to up to 65% across Member States

4 time lower in the public than in the private sector, on average

• Concentration in the Public cloud market

• 3 players = 65% global market (2018)

• Many EU cloud providers, no significant market shares

• Private cloud and hybrid cloud much less consolidated

• Market opportunities with edge-computing & energy-efficiency

Supply side trends

Memorandum of Understanding on Cloud Federation

Q3 2020Common European standards and requirements for the public procurement of cloud services

Data Spaces & European Federated Cloud infrastructures

Q1 2022EU Cloud Rulebook

Q2 2022

European Cloud Services Marketplaces

Q42022

Cloud Governance: access to

competitive, secure and fair cloud

services

Investment in EU cloud

computing capacities

Enablers: Cloud actions

FOSTER THE COMPUTING SUPPLY

• Build pan-European interconnections of cloud providers’ infrastructures

• Design cloud-to-edge competitive, secure, energy-efficient, cutting-edge services & marketplaces

• Make the EU a worldwide hub for data storage and processing activities; realise thecomputing continuum

RESPOND TO USERS’ NEEDS & STIMULATE CLOUD DEMAND

• Interconnect cloud infrastructures to enable a swift delivery of services of general interest

• Enhance a transparent access to and purchase of cloud-to-edge services for users

• Provision of tailored cloud-to-edge services offerings responding to specific sectorial needs

ENABLE DATA SPACES

• Facilitate hosting, storage and processing activities

• Support secure data access, exchange and usage

• Foster data and cloud enabled product and service innovation

European Cloud Alliance: objectives

European Data Spaces Standards & interoperability, data access tools, data quality and verification technologies,

advanced data processing at the core and edge, data governance (contracts, licenses)

Public High Value

Datasets

AgricultureManufacturing Mobility HealthEnvironmentFinance Energy

IaaS (Infrastructure as a Service)Servers, computing, OS, storage, network

PaaS (Platforms as a Service)Middleware, web services and databases

SaaS (Software as a Service)Software, ERP, CRM, data analytics

Marketplace for Cloud to Edge based ServicesCloud services meeting high requirements for data protection, security, portability, interoperability, energy efficiency

Public administration

Federation of Cloud

Infrastructure & ServicesCloud stack management and

multi-cloud / hybrid cloud, cloud

governance

(contract, rulebook)

Edge

Infrastructure

& Services

High-

Performance

Computing

European cloud alliance & data spacesPrivate sector Public interest

How?

2 Billion EU funding in

the period 2021-2027

Co-investmentfrom Industry

& Member States

NB: Pending EU budgetary negotiations

CEF2

• Rollout of cross-border secure and energy-efficient interconnections of cloud infrastructures across the EU territory

DEP

• Design and deploy cutting-edge, secure and energy friendly cloud-to-edge services and marketplaces to foster the emergence of a competitive computing industry in Europe

European cloud federation: How ?

With the Support of Invest EU programme + Recovery & Resilience

Facility

• Participants will be required to comply with:

• Data protection (GDPR)

• Security (EU cloud security certification scheme)

• BSI C5/ SecNum Cloud/Future

• Portability (SWIPO Codes of Conduct)

• Energy efficiency (e.g. EU Code of Conduct on energy-efficient data centres)

Future EU Rulebook & Common contractual clauses for public procurement

• Compliance with standards

• Interoperability

• Business continuity management

• Service Level Agreements

• Use of existing certification schemes & cloud labels

European cloud alliance: governance

Declaration - Building the next generation cloud for businesses and the public sector in the EU

https://ec.europa.eu/digital-single-market/en/news/towards-next-generation-cloud-europe

Thanks!

Questions?