Blockchain for Decentralized Identity — The EU
According to the Eurobarometer survey, 72% of EU users want to know how their data is processed when using social media, and 63% of EU citizens want a secure single digital ID for online services1. However, residents of the EU lack the flexibility to move from one country to the next seamlessly. Each time, they need to prove their identity, including cumbersome processes requiring the same identity data for multiple forms. Manual entry into forms is also error-prone. In addition, the process does not continuously regulate what data is shared with whom and how it is used.
The CEF (Connecting Europe Facility) includes six programs to promote growth across the EU, one of them being the electronic identity. The European Digital identity is for citizens, residents, and businesses to securely identify themselves or some claims about themselves. It is available online and offline across the public and private sectors. The eID is a mechanism for accessing public or private digital services adopted across member countries. Besides giving control to users regarding what data they share with third parties, they also keep track of it.
Regulations primarily drive the progress of digital identity following self-sovereign identity principles (explained in the first blog) in the EU. Here are some of them:
1. eIDAS 2.0 — is a crucial driver for cross-border transactions in the EU. First, it ensures that people and businesses can use and own their electronic identities (eIDs) for public services. Its goal is to ensure that secure identification and authentication are used o access cross-border services offered by member states. Finally, it creates trust in the ecosystem to move and transact.
2. GDPR (General Data Protection Regulation) — includes seven principles for protecting the data of its citizens — lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality (security) accountability. In addition, there are data handling obligations on organizations doing business within the EU.
3. NIS7 (Network and Information Systems) Directive — on the security of network and information systems. It was the first EU-wide legislation to provide measures to boost cybersecurity. NIS directive has three parts. First, it mandates specific national cybersecurity capabilities. Next, particular cross-border collaboration between EU countries and the national supervision of critical sectors.
4. The Digital Markets Act2 proposed in 2022 applies to large platform providers like social media platforms with a market capitalization of at least 75 billion euros or an annual turnover of 7.5 billion euros. The act promotes fair competition, more choice, and innovation on the internet. In addition, it requires secure interoperability for messaging platforms where data combination and cross-use will require consent from the user.
eIDAS 2.0 requires each EU member state to make a digital wallet (explained in the fourth blog) for their citizens that want one by September 2023. A group led by EU member states is forming a EUDI (European Union Digital Identity) Wallet Consortium to bid for $41.1 million for large-scale multi-country pilots. The wallet will deliver security and convenience for its citizens in managing everyday processes.
Some capabilities of the EUDI (European Union Digital Identity) wallet include:
1. Provision for online identification and electronic signatures. Support receiving credentials, storing them, and presenting them to verifiers (explained in the fifth blog).
2. It is acceptable across all EU member states
3. Provision to hold European Health Insurance Card
4. Enable zero-knowledge proofs with minimization (explained in the first blog)
5. Support multiple roles of a person; student, employee, citizen
With the proliferation of 5G across the continent, we expect the wallet to become integrated with the Internet of Things (IoT). In addition, the wallet in the future will support CBDCs (Central Bank Digital Currencies).
EBSI (European Blockchain Services Infrastructure)4 is a partnership with the EU Commission and the EU Blockchain Partnership (EBP)8. Its mission is to use blockchain (explained in the third blog) to accelerate cross-border services for the public and private sectors. Starting in 2020, the EBSI has deployed blockchain nodes across the EU to verify credentials for applications. In addition, it has put blockchain technology for public departments to verify identity information, thereby building trust in services. All the 27 EU countries and Norway and Liechtenstein support EBSI. The blockchain is a hybrid one. While the EU members manage the infrastructure as a consortium, the applications built on it are open to the public. All EU citizens will have a European Identity Wallet. In addition, the public, private sector, or a partnership can provide the applications. The release of EBSI v2.0.0-rc.13 in May 2022 allows EBSI to require the use of DIDs (explained in the third blog) for citizens while being fully GDPR compliant.
Five fundamental guiding principles lead the development of EBSI1:
1. Public good: EBSI must deliver benefits for EU citizens with services offered by the public and private sectors.
2. Governance: is provided by decisions reached by consensus amongst its stakeholders.
3. Harmonization: Technical and architectural components work cohesively to prevent the use of unwanted protocols.
4. Open source: is used when possible to allow security, auditing, and healthy competition among service providers and vendors.
5. EU regulatory compliance: will drive adherence with GDPR (General Data Protection Regulation ), eIDAS2.0, and others.
The architecture of EBSI includes the following three layers built as microservices with evolving capabilities:
1. Core Services Layer provides the interfaces for building applications and business processes.
2. Chain and Storage Layer: includes blockchain protocols and off-chain storage.
3. Infrastructure Layer: includes components to deploy an EBSI node.
The blockchain nodes across the EU
The ESSIF (European Self-Sovereign Identity Framework)3 is part of the European Blockchain service Infrastructure (EBSI). It aims to implement generic SSI (self-sovereign identity) capabilities that enable users to create, control, and use their identities across borders. In addition, an ecosystem of parties is working on technical and governance aspects for business processes utilizing self-sovereign identity (explained in the first blog).
Its objectives include:
1. Elimination of username/passwords
2. Efficiencies in filling out online forms
3. Reduction of identity theft
4. GDPR (General Data Protection Regulation) compliance
There are various Assurance Communities within ESSIF to create and manage governance. They provide processes, procedures, and administrative policies to ensure that standards, accredited schemes, etc., are adopted. ESSIF uses standards from W3C and Decentralized Identity Foundation (explained in the seventh blog).
Below are some use cases for the adoption of eID in the EU:
1. Diploma Management: Educational institutions automate the management of diplomas for their students with verification requests from potential employers. It includes the lifecycle of the students from admissions, study, and graduation.
2. The sharing of trusted data among residents. For example, citizens use the eID to accelerate filing taxes online. In addition, a record of past filings is readily available.
3. Notarization of documents is made simple with electronic signatures, time-stamped with an audit trail for authenticity.
4. Self-Sovereign Identity (ESSIF): citizens can create and control their identity across borders.
5. Travel is the most common use case for an eID. Moving across countries, using a common eID reduces friction at border crossings. It also helps make reservations for airlines, rental cars, hotels, and excursions (explained in the twelfth blog).
6. While opening a bank account, one needs to fill in several forms as part of the KYC (Know Your Customer) process. With an EU eID, an individual can do the same in a fraction of the time by using a QR code to provide the bank with their information. As a result, businesses open bank accounts and obtain loans more efficiently.
7. Public services delivered by a central portal, application, or digital wallet to all citizens are fast and efficient. These include Healthcare, birth and death certificates, and social services for the elderly.
8. Asylum Process Management: Movement and tracking of refugees across the EU is automated and tracked seamlessly with an electronic identity system (refer to the ninth blog).
The EU is collaborating with Canada for SSI interoperability. There are partnerships among countries in the EU to advance SSI implementation.
Some examples include:
1. Germany: The Digital Identities Ecosystem Project is a partnership with Spain
2. Netherlands: The Dutch Trust Network is coordinating with neighbouring countries. They have an ESSIF-Lab and are preparing for eIDAS2 implementation.
3. Finland: Jointly with Germany is exploring SSI and driving the development of SSI use cases, and promoting legislation.
The benefits of the EU’s eID include:
1. The eID is convenient for EU citizens and residents who want the flexibility to move and transact across the EU. All are accompanied by a digital signature used to sign documents, thereby streamlining processes electronically.
2. Most use cases utilize a digital wallet (explained in the fourth blog) to access, store and share identity information with trusted parties. The user controls what data to share with whom and when. In addition, they verify the authenticity of the person who requests their identity data before sharing it.
3. The solution builds trust in the ecosystem with alignment with Regulatory and Compliance laws. It reduces the chances of identity theft for businesses and helps build confidence in cross-border transactions.
4. It reduces friction in business processes and eliminates entering data in forms. Instead, a QR code is sufficient to deliver proof and move along. In addition, the simplified processes reduce costs.
5. The system provides electronic registered delivery of documents from public administrations, ranging from birth certificates for individuals to business contracts for organizations. It makes data authenticity easy and cost-efficient.
At first, the public sector leads the adoption of self-sovereign identity in the EU. Governance by the governments will be easier to implement. It provides a semblance of integrity to the identity documents provided to residents. Implementation per the regulations is also more straightforward. More business processes will become efficient as organizations get to trust the data from these documents. Overall it will enhance operations while reducing costs and increasing efficiencies. The implementation of SSI by governments will have a flywheel effect on the private sector. Automation of processes that require credentials will take on a new meaning with numerous possibilities. The creation of the International Association of Trusted Blockchain Applications5 (INATBA), a multistakeholder organization to promote trust and interoperability globally, has already triggered the phenomenon.
In the next post, I will cover Healthcare.
Again, I would suggest reading the posts in succession.
Glossary:
CEF (Connecting Europe Facility)
The Connecting Europe Facility is a funding instrument to promote growth, jobs, and competitiveness through infrastructure investment across the EU
Documentation Interoperability
The documents use the same definitions and glossary across the different layers
European Blockchain Partnership (EBP)
In 2018, 27 EU Member States, Norway, and Liechtenstein created a partnership to assist the European Commission to use blockchain for cross border digital services of public interest using EBSI
EBSI (European Blockchain Services Infrastructure)
A joint initiative with the EBP and the European Commission. It leverages the blockchain to create cross-border public services and promote trust within the ecosystem
Horizontal Interoperability:
The components of the SSI infrastructure work with other components
Vertical Interoperability:
The components of the SSI infrastructure can work with application software
References:
1. www.ec.europa.eu
2. Europe says yes to messaging interoperability as it agrees on a major new regime for Big Tech — Lomas, Natasha, Techcrunch March 2022
3. Essif-lab.github.io
4. https://ec.europa.eu/digital-building-blocks/wikis/display/EBSIDOC/Architecture
5. https://inatba.org/
6. Digital Identity — Leveraging the Self-Sovereign Identity Concept to Build Trust — ENISA (European Union Agency for Cybersecurity) Report
7. https://www.enisa.europa.eu/topics/nis-directive
Contact
Linkedin https://www.linkedin.com/in/anitarao/,
Twitter @anitaprao,
