eidas & e-delivery CE Midsummer Conference "The role of policy decisions in the postal & delivery industry", Copenhagen (DK), 12 June 2017

Similar documents
NOBLE presentation of the project

edelivery Tutorial How can CEF help you set-up your edelivery infrastructure? November 2016

Live Webinar Electronic Registered Delivery Service (ERDS) and the eidas Regulation. 12 September 2016

Electronic registered delivery services (ERDS) in light of the eidas regulation. Warsaw Common Sign Conference 2015

eidas Regulation (EU) 910/2014 eidas implementation State of Play

Countdown to eidas. Date: 19/04/2016 Auteur: CTIE Révision: 1.0 Ref: EIDAS_CTIE_4 Page 1

eidas Regulation (EU) 910/2014 and the Connecting Europe Facility Boosting trust & security in the Digital Single Market

European Commission s proposal for a Regulation on Electronic identification and trust services for electronic transactions in the EU internal market

SAT for eid [EIRA extension]

eidas Regulation eid and assurance levels Outcome of eias study

Trust Services: building blocks for secondary legislation

CEF Telecom policy background. DG CONNECT, 12 September 2017

Digital Single Market Strategy for Europe

Security guidelines on the appropriate use of qualified electronic registered delivery services Guidance for users

Interoperability Infrastructure Services

15 November Introduction to Connecting Europe Facility. DIGIT Directorate-General for Informatics

e-sens Electronic Simple European Networked Services Klaus Vilstrup Pedersen WP6 Manager DIFI, Norway

e-sens Electronic Simple European Networked Services

CHAPTER 13 ELECTRONIC COMMERCE

CEF eid SMO The use of eid in ehealth. ehealth Network meeting 7 June 2016 Amsterdam

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

EUROPEAN COMMISSION. DIGIT DG CNECT Connecting Europe Facility. SML and SMP. Component Offering Description. CEF edelivery Building Block

eid building block Introduction to the Connecting Europe Facility DIGIT Directorate-General for Informatics

eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?

INSPIRE relevant policy developments in the EU's digital economy initiatives

ETSI TC ESI WORK ON ELECTRONIC REGISTERED DELIVERY SERVICES AND REGISTERED ELECTRONIC MAIL

Interoperability Challenge of Certified Communication Systems via Internet

FOR QTSPs BASED ON STANDARDS

Cross border eservices STORK 2.0

ILNAS/PSCQ/Pr004 Qualification of technical assessors

Technical guidelines implementing eidas

THE CONNECTING EUROPE FACILITY

Connecting public services across Europe: ambitions and results so far

eidas Workshop Return on Experience from Conformity Assessment Bodies - EY June 13, 2016 Contacts: Arvid Vermote

Barry Lowry Government CIO September Digitising Ireland the Government Chief Information Officer's Perspective

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

The CEF Building Blocks & #REUSE in the Twenty-First Century

ehealth action in the EU

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

UPDATE ON CEN & ETSI STANDARDISATION ON SIGNATURES

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

Connecting public services across Europe: ambition and results so far

Electronic signature framework

22 November Introduction to Connecting Europe Facility. DIGIT Directorate-General for Informatics

ETSI TR V1.1.1 ( )

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

eias Study on an electronic identification, authentication and signature policy SUPERVISION Presentation on status

Letter of Understanding (LoU) edelivery alignment between the European Commission and OpenPEPPOL

Draft ETSI EN V1.0.0 ( )

Connecting public services across Europe: ambition and results so far

Security guidelines on the appropriate use of qualified electronic seals Guidance for users

Security Aspects of Trust Services Providers

ETSI ESI and Signature Validation Services

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

TOOP Introducing The Once-Only Principle project

H2020-LEIT-ICT WP European Data Infrastructure ICT-13 Supporting the emergence of data markets and the data economy

e SENS Pilots of eid, esignatures and Trusted Services

Interoperability & Archives in the European Commission

Connecting Europe Facility Introducing CEF edelivery. Christian RASMUSSEN, DG DIGIT. DIGIT Directorate-General for Informatics

esignature Infrastructure Marketing Model

Sándor Szőke, Dr. Microsec Ltd. Migration of national PKI Services to eidas conformant Trust Services case study in Hungary

Agenda. 1. The LoU between EC-CEF and OpenPEPPOL about transition and migration to AS4 - Niels

Directive on security of network and information systems (NIS): State of Play

Promoting Digital Economy in the Eastern Partnership. Vassilis Kopanas European Commission, DG CONNECT

H2020 WP Cybersecurity PPP topics

Package of initiatives on Cybersecurity

ETSI Electronic Signatures and Infrastructures (ESI) TC

European Union Agency for Network and Information Security

Digital Signatures Act 1

Digital Austria = egov best practice in d Europe

eidas Interoperability Architecture Version November 2015

Internet of Things, A European Outlook Antonis Tzortzakakis, Treasurer ECTA

eidas-compliant signing of PDF

Digital Signatures: How Close Is Europe to Truly Interoperable Solutions?

CEN & ETSI standards & eidas Compliance

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

ENISA s Position on the NIS Directive

Krajowa Izba Rozliczeniowa S.A.

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Comparison of Electronic Signature between Europe and Japan: Possibiltiy of Mutual Recognition

THE LEGALITY OF THE ELECTRONIC SIGNATURE IN THE EUROPEAN UNION

IAS2. Electronic signatures & electronic seals Up-dates - feedbacks from :

DIGITIZING INDUSTRY, ICT STANDARDS TO

Interoperability and transparency The European context

CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Response to Public Consultation on the Revision of the European Interoperability Framework. June 2016

ehealth Network ehealth Network Governance model for the ehealth Digital Service Infrastructure during the CEF funding

Digitising European industry

Google Cloud & the General Data Protection Regulation (GDPR)

EUROPEAN ACCREDITATION LEGAL FRAMEWORK

Serviceable Luminaires in a Circular Economy - White Paper -

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Gateway Certification Authority pilot project

Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

GOV Framework. Transport Infrastructure Transport Infrastructure Agreement (TIA) Framework. Version: 1.10 Status: In use

EC (DG SANTE) The ehealth DSI , Solution Provider

Transcription:

eidas & e-delivery CE Midsummer Conference "The role of policy decisions in the postal & delivery industry", Copenhagen (DK), 12 June 2017 Andrea Servida DG CONNECT, European Commission Unit "egovernment & Trust" Andrea.servida@ec.europa.eu

Europe has worked hard to make physical borders transparent but digital borders still exist.

Benefits with an impact PROBLEM SOLUTION 10 TOP PRIORITIES OF THE EC Jobs, growth and investments Digital Single Market Energy Union and Climate Internal market A deeper and fairer economic and monetary union A balanced EU-US free trade agreement Justice and fundamental rights Migration A stronger global actor Democratic change Europeans often face barriers when using online tools and services At present, markets are largely domestic in terms of online services Only 7% of EU small- and medium-sized businesses sell cross-border This includes common EU data protection, copyright rules, boosting digital skills, accessible online content and Cross-border Digital Public services (CEF Digital) CONSEQUENCE Maximise economic potential, growth/jobs anticipated to be 415 billion to EU economy For more information see also the DSM page on the Europa webiste and the DSM roadmap

4 eidas: boosting trust & supporting businesses!

Timeline 2014 2015 2016 2017 2018 2019 eid 17.09.2014 Entry into force of the eidas Regulation 29.09.2015 Voluntary cross-border recognition 26.11.15 eid DSI v.1 eidas compliant 29.09.2018 Mandatory crossborder recognition Trust Services esignature Directive rules 1.07.2016 Date of application of eidas rules for trust services

eidas eid Electronic signatures Electronic seals Electronic time stamps Electronic registered delivery services Website authentication Electronic documents Validation Preservation eidas

eidas: Key principles for Trust services Transparency and accountability Technological neutrality Trust services Non-mandatory technical standards ensuring presumption of compliance Non-discrimination in Courts of ets vs paper equivalent Specific legal effects associated to qualified trust services Risk management approach The Regulation does not impose the use of Trust services

Definition of Trust Services & electronic documents art. 3(36) Electronic registered delivery service (art. 2(9) of Directive 97/67) Registered item 'electronic registered delivery service' means a service that makes it possible to transmit data between third parties by electronic means and provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data, and which protects transmitted data against the risk of loss, theft, damage or any unauthorised alterations 'registered item' means a service providing a flat-rate guarantee against risks of loss, theft or damage and supplying the sender, where appropriate upon request, with proof of the handing in of the postal item and/or of its delivery to the addressee

Key principles for e-registered delivery services Market oriented Technological neutrality Accountability Legal certainty

Non-qualified electronic registered delivery service providers (1) Obligations of non-qualified electronic registered delivery service providers Verify that requirements of the Regulation applicable to (all) TSPs are met: Data processing and protection (art.5) Liability and burden of proof, including limitation of use of the services (art.13) Access to person with disabilities (art.15) Risk management and security breach notification (art.19) Associated legal effect to the service Non-discrimination as evidence in court vis-à-vis paper equivalent

Qualified electronic registered delivery service (4) Associated legal effect to the qualified e-registered delivery service Non-discrimination as evidence in court vis-à-vis paper equivalent Data sent and received enjoy the presumption of: the integrity of the data, the sending of that data by the identified sender, the receipt of the data by the identified addressee the accuracy of the date and time of sending and receipt of the data.

Qualified electronic registered delivery service (2) E-registered delivery : requirements to be qualified Provided by one or more qualified trust service provider(s); Ensure with a high level of confidence the identification of the sender; Ensure the identification of the addressee before the delivery of the data; Sending and receiving of data is secured by an advanced electronic signature or an advanced electronic seal to preclude the possibility of the data being changed undetectably; any change of the data needed for the purpose of sending or receiving the data is clearly indicated to the sender and addressee of the data; the date and time of sending, receiving and any change of data are indicated by a qualified electronic time stamp. All TSPs involved in the transmission of data shall be qualified > Interoperability is key > Cef edelivery Acces Point (esens profile of AS4 tech.spec.)

eidas Supporting tools Trusted lists for QTSPs and QTSs (art.22 and ID (EU) 2015/1505) Ensure continuity with the existing TLs established under the Service Directive. Ensure legal certainty. Foster interoperability of qualified trust services by facilitating a.o. the validation of e-signatures and e-seals. Allow citizens, businesses and public administrations to easily get the status of a trust service. EU trust mark for qualified trust services (art.23 and (EU) 2015/806) Usage by QTSP after qualified status has been indicated in the TLs Trustmark indicates in a simple, recognisable, and clear manner the qualified status of a trust service Link to the relevant TL has to be ensured by the QTSP

How it started and where is it going? PILOTING SCALING UP SUSTAINING STORK REGULATORY PEPPOL EU Legislation e.g. eidas SPOCS epsos ecodex e-sens DEMAND CREATION CEF Work Programmes egovernment Action Plan DSM Catalogue of Standards 14 ecosystem SUPPLY CREATION Grants (subsidies) 2014 2020

CONTEXT: NOBLE (NO Barriers in edelivery) project OBJECTIVE Set-up an interoperability among Postal Services using CEF edelivery (AS4 according to the e-sens Profile) The edelivery infrastructure will support the cross-border exchange of electronic documents in different domains aligned with the requirements from eidas ERDS THE PROJECT NOBLE has started in October 2016 and will finish in September 2017 Project is co-founded by CEF via the 2015 CEF Telecom Call edelivery (2015-CEF-TC-2015-1) - 785,395 euro PARTICIPANTS 9 Partners from 4 Member States are involved in NOBLE, in particular: Germany DE-Email France LA POSTE LREL (Lettre recomandee en ligne) Greece Hellenic Post EATA Slovenia Slovene National e-delivery infrastructure SI-CeV Project is coordinated by Governikus GmbH & Co. KG 15

CHALLENGE: Cross-border exchange between ERDS providers LA POSTE LREL

SOLUTION: Implementation of CEF edelivery AS4 Access Points SML LA POSTE SMP / DE SMP / FR DE-MAIL LREL German connector AS4 Access Point CEF edelivery AS4 French connector AS4 Access Point Trusted List

Architecture: ERDS Requirements and edelivery's 4-Corner Model REQ1: Message Integrity REQ2: Message Confidentiality REQ5: Time Reference REQ6: Proof of Send/Receive C1 REQ3: Sender Identification C2 C3 REQ4: Recipient /Addressee Identification C4 ORIGINAL SENDER SUBMIT Party A NOTIFY Backend Internet Party B Backend DELIVER FINAL RECIPIENT 1 or several NOTIFY SML NOTIFY 1 or several SMP Connector Access Point SEND AS4 RECEIVE Access Point Connector SMP ACKNOWLEDGE Trusted List

Summary of ERDS requirements from the eidas regulation Requirement Description eidas reference REQ1 Message Integrity REQ2 Message Confidentiality REQ3 Sender Identification REQ4 Recipient / Addressee Identification REQ5 Time-Reference REQ6 Proof of Send/Receive Messages should be secured against any modification during transmission. Messages should be encrypted during transmission The identity of the sender should be verified. Recipient / addressee Identity should be verified before the delivery of the message. The date and time of sending and receiving a message should be indicated via a qualified electronic timestamp. Sender and receiver of the message should be provided with evidence of message recipient and deliver. Article 3 (36) Article 19 Article 24 Article 44, (d) the sending and receiving of data is secured by an advanced electronic signature or an advanced electronic seal of a qualified trust service provider in such a manner as to preclude the possibility of the data being changed undetectably; Article 5 Article 19 Article 24 Article 24 Article 44 (b) they ensure with a high level of confidence the identification of the sender; Article 24 Article 44 (c) they ensure the identification of the addressee before the delivery of the data; Article 44 (f) the date and time of sending, receiving and any change of data are indicated by a qualified electronic time stamp. Article 3 (36) provides evidence relating to the handling of the transmitted data, including proof of sending and receiving the data

4-Corner model in detail C1 C2 C3 C4 ORIGINAL SENDER Party A SUBMIT NOTIFY Backend Internet Backend Party B DELIVER FINAL RECIPIENT In the 4 corner model, national solutions don t exchange data directly with each other but do 1 or sev eral NOTIFY SML NOTIFY 1 or seve ral this through Access Points. These Access Points are conformant to the same technical specifications and therefore capable of communicating with each other. SMP Connector Access Point SEND AS4 ACKNOWLEDGE Trusted List RECEIVE Access Point Conne ctor SMP As a result, national solutions can easily and safely exchange data even if their IT systems were developed and evolve independently from each other. This is also known as the MESH topology PROS + No need to set up bilateral channels between participants Eliminates risk of single point of failure Eliminates risk of service provider lock-in Highly distributed and scalable Low interference with existing solutions CONS - Needs strong governance Global run-time monitoring

BACK TO NOBLE: 4-Corner model among ERDS providers Slovenian e-biz e- delivery gateway AP SMP SMP AP LA POSTE SI-CeV Slovene national e-delivery infrastructure SMP AP Transport AS4 Payload ETSI REM Dispatch/Evidence SMP AP SMP AP AP Others may join later

CONSULT the guidance document to know more about ERDS & CEF edelivery https://ec.europa.eu/cefdigital/wiki/x/uwvnag

For further information and feedback Web page on eidas http://ec.europa.eu/digitalagenda/en/trust-services-and-eid eidas Observatory https://ec.europa.eu/futurium/en/eida s-observatory Text of eidas Regulation in all languages http://europa.eu/!ux73kg Connecting Europe Facility Catalogue of Building Blocks https://ec.europa.eu/cefdigital eidas twitter account @EU_eIDAS Andrea Servida DG CONNECT, European Commission Unit "egovernment & Trust" Andrea.servida@ec.europa.eu 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback