When it comes to advancing regulatory frameworks that champions technology to better serve compliance needs, the EU is on a roll. Some major updates include AMLD4, MiFID II, PSD2, GDPR and, coming this September, eIDAS (Electronic Identification, Authentication and Trust Services), the European regulation that aims to create one identity framework for the European Digital Single Market.
The goal is to create a modern identity framework that can perform electronic identification and trust services for digital transactions. As of September 29, “all organisations delivering public services via the internet must provide universal online access for European citizens and enterprises.” Having a standard way to identify and trust individuals and entities will facilitate cross-border operations, expand opportunities and help connect the different member states into a single digital market.
Identity is the cornerstone of trust; delivery of online services, especially public services, needs to efficiently and securely ensure that the system knows who they are dealing with. Or, as the European Commission states, “guarantee the unambiguous identification of a person and make it possible to get the service delivered to the person who is really entitled to it.”
After all, public services handle extremely sensitive data including health, tax, benefits, education, business records and even voting information. It’s crucial that this information remain confidential, access is strictly limited and that the data is used only as permissioned.
eIDAS in the Financial Sector
While eIDAS regulation specifically applies to public services, businesses can also make use of the improvements to the electronic identity framework. Perhaps the sector with the most to gain is financial services, as they face demanding Know Your Customer (KYC) requirements on a daily basis. On December 20, 2017, a political agreement to amend Anti-Money Laundering (AML) regulations includes a reference to allow electronic identification (eID) to fulfil KYC/customer due diligence requirements.
Simply put, this allows reporting entities to accept eID across EU borders and enables a fully digital on-boarding process.
Another major development eIDAS can facilitate in the EU financial sector is in compliance with PSD2, the payments directive requiring EU banks to open up access to customer accounts (open banking), allowing third-party providers to access that information via APIs (application program interface).
A key part in enabling access to customer banking information is strong customer authentication (SCA), an EU regulated technical standard (RTS) for remote payment transactions. As the RTS includes eIDAS as an option, the same eID schemes used for public services can also apply to PSD2:
To improve user confidence and ensure strong customer authentication, the use of electronic identification means and trust services as set out in Regulation (EU) No 910/2014 of the European Parliament and of the Council* should be taken into account, in particular with regard to notified electronic identification schemes
According to Trista Sun, HSBC global head of international and cross border, “currently, customers often have to produce a separate set of identification paperwork when they open a bank account in a new country. The use of recognized, trusted digital IDs across borders will revolutionize this process.”
Frameworks for Electronic Identification
AML/KYC and PSD2 compliance are just two examples that take advantage of a standardized eID framework to improve effectiveness and efficiency. Having digital identity solutions that are seamless, secure, and quick enables a whole new world of interactions, from transactions to shared content, distributed organizations to new financial structures. Of course, eiDAS is just one part of the digital trust ecosystem. As other nations develop their eID schemes, we’re on our way to empowering a global trust system that includes everyone, no matter where they live, what they do, or how they live.