The need-to-know info on European standards for digital ID and safe digital post

What is eIDAS?

eIDAS is an EU regulation governing electronic ID and related transactions - for example, digital signatures - within the European Union single market.

eIDAS makes it possible for both the sender and receiver to ensure that their counterpart's identity has been verified. Therefore, the level of transaction security is much higher than it is for unreliable types of communication, such as e-mail, phone or fax, which are all vulnerable to fraud.

eIDAS is part of the EU's internal digital market, which is intended to facilitate cross-border trade and to enhance the security and transparency of digital transactions.

What are CEF building blocks?

CEF building blocks are digital components developed by Connecting Europe Facility (CEF).

The building blocks are open framework tools, standards, and software components that can be implemented by service providers that want to develop solutions that allow cross-border data exchange throughout the EU.

So far, 10 building blocks have been developed, including eID (which makes it possible to identify users), eDelivery (which makes it possible to exchange secure mail), and eSignature (which makes it possible to verify digital signatures based on the guidelines by eIDAS).

e-Boks has chosen to build its solutions on CEF building blocks because it provides the best opportunities for organizations that operate internationally and exchange data across borders.

Why should organizations focus on services based on the EU standards such as eID and eDelivery?

The primary answer is mutual trust and recognition. Businesses and organizations across borders, domains, and sectors want to be able to confidently identify the recipients of their communications, whether they are dealing with citizens, organizations, or authorities.

Fundamental to many business processes is the ability of companies to verify their customers' identity, enabling the company to do the relevant background checks and more before the customers get onboarded.

Which industries should be particularly interested in the EU's eID?

Telecommunications and finance, including the banking, lender, and insurance industries, are just two of the sectors in which CEF's common European digital ID standards make it both easier to get new customers on board and to communicate with existing customers.

For organizations striving for transparency, compliance and the prevention of money laundering, KYC (know your customer) is an important concept. It represents the ability of organizations to identify the individual, organization or institution with which they are doing business.

Due to the importance of protecting personal data, the health sector is another well-matched sector.

What about contract signing when it comes to cross-border transactions?

The European eID supports a number of other services, such as digital signing. Once the ID solution is in place, it is possible to sign contracts and agreements digitally across borders.

Almost all the agreements a company makes today require signatures - thus a digital solution represents enormous potential for increasing efficiency.

How does a solution based on EU standards compare to proprietary solutions?

Both private and public actors - for example, tax authorities - are developing proprietary solutions today. These solutions work, but only as long as the transactions are conducted between the actor and a well-defined target group within their own country.

The challenge arises when, for example, a bank must obtain a signature from an international customer, or when you need to be able to identify the beneficial owner of a document. If the ID standards are not international, the solution will fall short. Therefore, open standards such as CEF eID are advantageous because they function across borders.

How far along is the EU with the implementation of eID and eDelivery?

In recent years, a variety of nodes have been linked, and several countries have implemented national ID solutions that support eID. This means that a number of obstacles have been cleared out of the way.

However, there is still some way to go before safe digital post based on eDelivery is available in all EU countries. The countries are different when it comes to digital readiness and the business model is very different from country to country. In the Nordic countries, for example, end users have free access to a safe postal solution, and the senders pay the costs.

Other countries - such as Italy - have chosen to pass the costs of a secure digital postbox on to the users.

Is it possible that the EU standards will become obligatory solutions for the member states?

In most EU countries, citizens are already given a digital ID today - either at birth or when they become 15 or 18 years old. But there are many countries waiting to take the next digital steps, such as making safe digital mail regulatory.

When the solutions are introduced voluntarily, it will typically take a number of years for most of the citizens to become users.

Will it be possible for countries and organizations outside the EU to implement CEF-based solutions?

The standards and technical tools are available to everyone, and a number of countries outside the EU have already chosen to implement solutions that are close to EU standards.

If you, as an organization outside the EU, want to trade with Europe, you must meet a number of compliance requirements - and, in this case, solutions based on European standards can be a useful shortcut.

Why should companies go with a secure digital mail solution rather than physical mail?

There are a number of general benefits to be had by using digital mail rather than physical mail - more often referred to now as "snail mail" - for example, apart from the obvious benefit of speed, you save money on internal and postage costs while simultaneously reducing your environmental impact.

In some geographical regions, it may be difficult to find the exact mailing address of an intended recipient, or many intended recipients may live at the same address. However, with safe digital mail, the sender has a guarantee that each of the documents sent will be received by the right person.

What advantages do you get by choosing a predeveloped solution for safe digital mail by e-Boks, compared to a solution which the company, organization or country has developed on its own?

If you are a bank or another type of financial institution, your core business is financial transactions, not digital communications. Therefore, the competence to develop a safe mail solution is rarely found in the organization and will thus likely have to be retrieved externally anyway. By choosing a predeveloped and well-tested solution, your organization can save both development time and resources.

You will benefit from continuous development and updates to the platform without having to expend resources on those expensive but vital processes.

Because the e-Boks postbox solution is based on EU standards such as CEF eID and CEF eDelivery, it supports mail to foreign customers - whether they are in another EU country or not.

Major challenges regarding GDPR compliance can occur, which a company must be able to honor when trading within the EU. If a customer ends their relationship with such a company, for example, the customer will usually no longer be able to access their digital documents if the documents were delivered using a proprietary solution.

If, on the other hand, the postbox solution is based on a generic engine linked to the digital ID of the customer, whether the customer is an individual or a company, the documents are stored in the customer's postbox for as long as he, she or it continues to exist.