Digital identity trust, digital finance and government policy were overarching themes at this year’s TRUSTECH event, which took place in Paris.
Pascal Agosti, Associated Lawyer at Caprioli & Associes, was one of the speakers to take the mic and share his expertise around identity solutions for government, giving a speech in which he highlighted that service providers and the legal system ensuring trusted actors are not “bearing responsibility” and “endorsing” digital identity frameworks while the commercialism and usefulness of digital identity in the public sector has been accelerated in the last 15 years.
He identified that responsibility should fall on service providers, legal system endorsing trusted actors, tech providers and users, companies, associations who should all have trusted interactions and be aligned on trust, security and data privacy.
A key message from the presentation was the need to ensure certified service by certification, adequate technical specifications to oversee that all parties that leverage digital identity are abiding by a trusted approach, but there is a heavy price for certification and accreditation.
The establishment of standards is necessary, such as the Cyber Security Act 2014 and the eIDAS regulation, which was introduced to be the european recognition of means of electronic identification of the member states. Pascal said that the essence of standards should ensure the interoperability of means of identification, for example aFrance Connect+ or the digital identity scheme for the post office.
There are criticisms of eIDAS regulation because the French government is not using electronic identity and so accredited digital identity cases are not being frequently identified and notified. A potential solution that the speaker raised was the concept of a european digital identity portfolio to oversee the compliance of different use cases and solution providers.
The Cybersecurity Act is another standard which underpins certification and is applicable to e-wallets too, however reflecting on when a functioning certification framework would be available, he predicted a 6 month timeframe.
Trust services are vital to combat phishing, Pascal said.
The future of having trusted frameworks in place requires electronic archiving of certification documents and electronic attribute certificates.
What are the obligations on the trust services provider?
To advance trusted digital identity services, solution providers and legal entities in the trust chain must adhere to the digital market act, GDPR compliance, as well as european digital ID markets while an on-going european pilot is assessing market operability for 12 months. There are still question marks around how standards can maintain security and trust integrity concerning biometric solutions.
