Asking to be trusted is a funny thing. Despite being a big ask, trust is often extended simply on…well…trust.
Much of the time that will work. But sometimes it doesn’t and that is always damaging. When the stakes are high – or regulated – a much securer method than faith (or even a legal contract) is required.
But when trust can be guaranteed from the start, great things can happen. Certainty of trust is a game changing enabler.
My starting thought for this piece was eIDAS 2.0 and eID coming to Europe next year. However, this is not an article about digital identity in itself. Or, thoughts on how issuers can gain citizens' trust that they aren’t Big Brother.
This year, I have been having a crash course in trust frameworks. These are the cornerstone to establishing that all–important trust. I believed I knew what these were. I’ve since learnt that most people – including myself – don’t. Or don’t really...
Trust frameworks create schemes where the rules of engagement are clear, understood, controlled, and enforced. Credit cards are an easily relatable example of a trust framework in day–to–day life. A customer has confidence to use their credit card as a payment method (with the convenience and protections it provides) and a merchant has confidence that accepting it means they will receive payment. In this example, the trust framework is a set of rules which establish trust in a process, in order to fulfil a transaction.
Broader schemes – such as Open Finance – also benefit from a trust platform as part of the framework. I believe this is also the key to cross-border ecosystems, such as European-wide eID.
So let’s dial it back a moment and I’ll explain.
A trust framework is a governance layer. An ecosystem controller (often a regulator in a national scheme; the owner or administrator in a private one) sets the standards, rules, roles, and permissions of participants that form the trust framework. A common trust is established between all of these B2B entities, removing the need for inefficient and costly bilateral agreements. Replacing bilateral agreements also removes barriers to scale, and significant risks of inconsistencies that naturally occur in a multi–party scheme.
So, the rules of engagement are valuable, but they are not easily or centrally actionable without a technical means of doing so…
A trust platform is the physical manifestation of the trust framework. It provides the technical means for managing all participants in one virtual place. Helping them to find the APIs they need and providing the means of connecting to them (security certificate keystores (PKI)).
This technical directory delivers certainty on who is sharing and accessing data, what data is being accessed and how it is shared. All without data being held on the platform or even touching it, sharing is point-to-point only.
The presence of a trust platform at the core of a data sharing ecosystem is the reason why the UK and Brazil are considered the blueprints for Open Finance implementation globally.
So, what has this got to do with eIDAS 2.0?
The eIDAS regulation has been aiming (since 2014) to enable individuals to use their own national electronic identifications (eIDs) to access public services in other EU countries. This requires interoperability.
But, limitations in the original design, implementation, and uptake have meant that ‘only about 60% of the EU population in 14 member states are able to use their national eIDs cross-border, and only 14% of key public service providers across all member states allow cross-border authentication with an eID system. Moreover, the eIDAS regulation does not cover other types of online services, such as private or commercial ones, nor does it provide a common framework for the verification and exchange of personal attributes, such as age, residence, or qualifications,’ according to the European Commission.
To address these issues and to create a more secure and user-friendly digital environment, the EU has proposed a revision of the eIDAS regulation, known as eIDAS 2.0, which is expected to come into force in 2024. The eIDAS 2.0 regulation introduces several innovations and enhancements, such as:
The European Digital Identity (EUDI), a digital wallet that lets EU people show their IDs and other things, like driving licence, diplomas, bank account, and more. The EUDI will work for online and offline services in the EU, and lets users choose how much they want to share with each service.
Electronic trust services – ways of verifying attributes and credentials – will come into scope and be held to the highest security standards, with supervision.
‘The establishment of a common toolbox for the interoperability and mutual recognition of the EUDI and the electronic trust services, which will include technical specifications, standards, guidelines, and best practices. The toolbox will be developed by the member states in cooperation with the European Commission and other stakeholders,’ according to the EC.
This would be a big step forward to the free movement of trade and people across the EU, with citizens able to enjoy the same rights and opportunities anywhere in the single union.
What we will see here is the emergence of interoperable federated data-sharing ecosystems. And while the membership model of the EU is a significant enabler to this cross–border scheme, trust frameworks – certified to the OpenID Federation standard which means that they can easily and securely talk to each other – will be key to realising the full potential of this ambitious scheme.
Technically, cross-border – and cross-sector – data sharing has already been proven possible. The global opportunity for us all is huge.
2024 is going to be very interesting.
This editorial piece was first published in the Open Finance Report 2023. We encourage you to download the report and find out the latest trends and developments in the world of Open Banking and Open Finance, as the road to Open Data continues.
Marie helps regulators and enterprises with opportunities in the data economy through her role as Raidiam’s Open Futurist; and as module author for Cambridge’s Open Banking & Open Finance course. Her open-conversations.org is an independent source of discerning information on progress.
Raidiam is at the forefront of data-sharing technologies that are changing the world. We work from the centre to deliver and support the most trusted and secure data-sharing ecosystems for businesses and regulators.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now