eIDAS or the reason we communicate in a more simple manner in the EU| Technological blog
2022-06-30
Apart from responsibilities, project management in the IT sphere also brings opportunities to be part of the creation of interesting solutions. In today’s blog we’ll talk with Ján Hrúza, ANASOFT project manager, who is responsible for the eIDAS project. The goal of this project is to enable EU citizens to identify themselves with electronic identification cards while communicating with institutions of other EU member states.
Def.: eIDAS is an abbreviation for Regulation No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market.
Hi Jano! I’m glad that you accepted the invitation for this interview. I’m really looking forward to talking about this topic.
We’ve been members of the EU for many moons but it’s not common for people to talk about practical issues in this context. In layman’s terms, I imagine the eIDAS project as an opportunity to use electronic ID cards throughout the European Union. Is that correct?
Yes, that’s quite correct.
And how did the project come to be?
It started based on the eIDAS regulation of the European Commission, which was then transferred into Slovak law. This regulation addresses areas such as electronic signatures, stamps for electronic documents but also that EU countries ought to mutually accept electronic means of identification, the eID cards. And this part is what we at ANASOFT are working on regarding the eIDAS project.
How does something like that work in reality? What needs to happen until, for example, I, as a Slovak citizen, can use the electronic services of public offices in another EU member state through the electronic identification card?
The process has several steps. First of all, each country needs to go through a notification process, when it technically and from the point of view of security describes the means of identification that it uses. When this process is formally finished, a time period of 12 months begins to elapse, during which other member states should implement the solution that accepts the means of identification of the given country.
Which was the first country to do this? And where does Slovakia stand?
Germany was the first country. We finished the notification process in late 2020, based on which member states accepted our electronic means of identification.
Does this mean that our citizens can use the electronic services of all EU member states through their electronic identification cards?
It was the first step to something like this. But we need to realize that building a global electronic ecosystem throughout the entire EU is a marathon, not a sprint. Individual countries have various means of identification and various levels of e-government implementation.
It will definitely take a couple of years until a set of minimal electronic services that EU countries can offer to each other will be defined. It’s important to create a concept of identity verification of EU citizens and that’s what’s happening right now. It’s basically the fundamental step, when individual countries are creating the so-called eIDAS nodes, on which other functions can be built.
Slovaks log in to foreign European institutions with Slovak documents more than 3,800 times a month. Most log-ins are done through Czech portals, followed by the portals of Austria, Italy and Belgium.
So, the point of this step is to be able to log in in every EU member state?
The main point is that I need to be able to log in in an EU state without needing a different identification card apart from the one that I have from Slovakia. My electronic Slovak identification card should be enough.
That’s interesting. But I guess it’s not that easy from both a processing point of view as well as from a technical one?
It has its challenges which we need to face. For example, it includes the merging of people’s identification or the question of accepting the electronic identification card. There are various scenarios such as the new ID card or the expiration of its validity.
What needs to be done so that a citizen of a different member state can log in to a Slovak portal such as the services of the slovensko.sk portal?
Apart from the verification of the identity of the given citizen, it’s necessary to deal with the question of receiving messages through the identification card of their home country. Any service in a given country needs a mechanism that informs the party of the outcomes of the proceedings. This also needs to happen for people from other member states. In reality, this could mean that this citizen from a different EU member state will activate a mailbox for slovensko.sk; in some cases, this can be solved using hybrid mail. This means that electronically sent communication will then be mailed to them in paper form to their address in their home country.
What does this entail from an IT point of view?
During the project we created our gate into the world of eIDAS, the Slovak eIDAS node. It was created on the slovensko.sk infrastructure and of course, it is closely knit to the world of slovensko.sk. That means it’s possible to offer identity verification of Slovak citizens for other member states, as well as mailboxes for delivery to citizens from other member states.
Was it necessary to build the eIDAS node from nothing?
I think that the European Commission supports the useful principle of repeatable building blocks. Something along the lines of the basic skeleton of the eIDAS node exists, which we then modified for use in our conditions.
How did you deal with so many countries? Isn’t it hard to organize?
The individual steps are gradually spread out over time, so it’s manageable. Of course, we have a sort of work package for each country, in which we monitor the entire overview process from beginning to testing, so we have some order in it. It’s normal that some countries are better prepared, and they deal with the process in a more responsible manner than others. Each country is special in its own way. For example, Italy doesn’t give address details in a structured form like street, city, state, but only as one chain, which can of course create complications when sending mail.
Thank you for this interview
Interview processed by Boris Rybár / Team manager of software development
What are the current challenges that the Slovak eIDAS team at ANASOFT are dealing with?
The service of the complete solution is more complex and difficult with the gradual adding of connected countries and services. We’re trying to continuously evaluate critical points, gradually improve operating processes and to automatize and make them as effective as possible. At the same time, however, the technological development of the eIDAS node continues, from new versions of the technical specifications to new generation versions of the common block.
As the number of services supporting log-ins of foreigners is increasing, so are the new requirements that face restrictions of the current solution. For example, it’s the problem of the merging of identification. If a foreigner logs in through various authentication means or for example if they receive a new eID card, they suddenly operate with new identification data and they are considered as a new identity with a new mailbox. And if they are present in various registers in Slovakia, for example in the commercial register as a representative of a company, there are no mechanisms that would merge these identities.
Another topic is that the log-in support of legal entities and the representation of natural persons by legal entities is dealt with in the framework of the Slovak e-government, but on the European level they are still searching for common and reliable solutions.
At the same time, new activities such as the unified digital gate, the Once is Enough principle, the digital ID wallet and other sector activities on the level of eJustice and eHealth are coming from the European Commission. These are built on the given solution but also expect new requirements from it.