What the European Interoperability Framework & eIDAS Means for You

The European Interoperability Framework (EIF) adopted in 2017 is the primary thrust in the EU’s effort to improve the efficiency of public service delivery across its member states.

The European Interoperability Framework (EIF) aims to bring interoperability in public services across all levels of government in the EU Single Market – from local and provincial to national and international. To achieve this, it fully uses the existing directives that already provide interoperability in specific situations. For example, the PSI Directive provides guidelines on re-use public sector information. In contrast, the eIDAS provide identification and trust services for private businesses and public service providers.

This article explores the synergy between eIDAS and just a few of EIF’s 47 recommendations aimed at improving interoperability between various public service providers, administrators, businesses, and citizens.

• Technological neutrality and data portability are key components of the EIF conceptual model. eIDAS plays a key role here by providing the backbone of the identification and authentication process that enables this data portability. eIDA makes the process secure and ensures a much faster identification process, which is necessary for a truly inter-operational and efficient service delivery system.
• eIDAS and EIF focus on user-centricity and providing a single point of contact for all public service delivery across the EU. eIDAS plays a crucial role here by hiding the back-end complexity of authentication and identification from the user. This also means that the users do not have to bother about which platform they should use to avail the services.
• Security and Privacy is perhaps the biggest component of EIF where eIDAS plays a key role. For quick service delivery, creating a secure digital environment is crucial. The eIDAS standards are designed with these specific scenarios in mind. The identification and authentication must appear seamless to the end user while ensuring that all the relevant safety and data protection regulations are being fully complied with at the backend.
• EIF is geared towards reducing administrative burden, and it hopes to achieve this primarily by adopting a digital-first and digital-by-default attitude towards service delivery. Such an approach is impossible without the guidelines that eIDAS provides for digital identification.
• One of the major hurdles to interoperability has been the legal differences between the various member states and their treatment of certain aspects required for service delivery.
  eIDAS already standardizes such cases while performing digital checks across all EU member states.
• Technical and semantic interoperability means that data blocks, technology systems, and other critical components can work together seamlessly. eIDAS provides a platform and a technology-neutral base that public service providers can use to ensure the safe and secure delivery of their services to the appropriate users.

Image source: europa.eu

The 2017 iteration of the EIF guidelines has been specifically designed to make the best use of new technology trends and the new guidelines adopted during the intervening period. By making full use of the identification and trust services enabled by eIDAS and other directives on data security and re-use, the new EIF guidelines offer a very realistic approach to achieving real-world public sector interoperability across the European Union.

References and Further Reading

• Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL amending Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing (2016), by the European Commission
• Selected articles on Authentication (2014-16), by Heather Walker, Luis Balbas, Guillaume Forget, Jan Kjaersgaard, Dawn M. Turner and more

• Selected articles on Electronic Signing and Digital Signatures (2014-16), by Ashiq JA, Guillaume Forget, Jan Kjaersgaard , Peter Landrock, Torben Pedersen, Dawn M. Turner, Tricia Wittig and more
• REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016), by the European Parliament and the European Council

• Proposal for a REGULATION concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications), (2017), by the European Parliament and the European Council

• REGULATION (EU) No 910/2014  on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (2014) by the European Parliament and the European Commission

• DIRECTIVE 2013/37/EU amending Directive 2003/98/EC on the re-use of public sector information (2013) by the European Parliament and the Council

• Recommendations for the Security of Internet Payments (Final Version) (2013), by the European Central Bank
• Draft NIST Special Publication 800-63-3: Digital Authentication Guideline (2016), by the National Institute of Standards and Technology, USA.
• NIST Special Publication 800-63-2: Electronic Authentication Guideline (2013), by the National Institute of Standards and Technology, USA.
• Security Controls Related to Internat Banking Services (2016), Hong Kong Monetary Authority

Image: motion gears -team force, courtesy of ralphbijker, Flickr (CC BY 2.0)